================
libvirt releases
================
This is the list of official releases for libvirt, along with an overview of
the changes introduced by each of them.
For a more fine-grained view, use the `git log`_.
v9.4.0 (unreleased)
===================
* **Security**
* **Removed features**
* **New features**
* **Improvements**
* **Bug fixes**
v9.3.0 (2023-05-02)
===================
* **New features**
* qemu: Introduce support for ``igb`` network interface model
``igb`` is a successor to the ``e1000e`` network device using PCIe interface.
It was introduced in QEMU 8.0
* qemu: Improve handling of maximum physical address configuration
* **Improvements**
* qemu: Change default machine type for ARM and RISC-V
ARM and RISC-V architectures now use the ``virt`` machine type by default.
The previous defaults were nearly unusable and had to be overridden in most
cases.
* Improve translatable strings format substitutions
All translatable error messages with substitution strings were converted to
use positional modifiers to allow translators to shuffle around words in
the translation. The translations in Weblate were also updated to match.
* qemu: Improve validation of ``watchdog`` devices
Certain invalid configurations of ``watchdog`` device are now properly
detected:
- hotplug of always-present platform watchdogs is forbidden
- ``iTCO`` watchdog can be configured only once
- ``ib700`` watchdog is allowed only on ``i440fx`` machines
* Improved output of ``virt-host-validate`` on ARM
Our validation tool now parses the ``IORT`` data on ARM to properly detect
presence of SMMU and other features.
* **Bug fixes**
* qemu: Fix inactive internal snapshots of VM with UEFI firmware
Recent changes to UEFI firmware handling resulted into breaking support
for inactive internal snapshots of VMs with UEFI which historically worked.
(Although the intention was to disallow them together with active ones, but
the check did not work properly.)
Preserve existing functionality by allowing such snapshots explicitly.
* qemu: Properly configure locked memory limit for VMs with ```` in the domain XML.
* **Improvements**
* qemu: Make firmware selection persistent
Up until now, firmware autoselection has been performed at domain startup
time: as a result, changes to the JSON firmware descriptors present on the
system could have translated to a different firmware being chosen for
subsequent startups of the same domain, potentially rendering it unbootable
or lowering the security guarantees. Firmware selection now happens once,
when the domain is defined, and its results are stored in the domain XML
to be reused, unchanged, for all subsequent boots.
* qemu: passt now works when SELinux/AppArmor is enabled
In the case of SELinux, this requires passt-specific support code to be
present in the host policy, so it might only work with upcoming operating
systems and not with existing ones.
* xen: Support custom UEFI firmware paths
The Xen libxl driver now supports specifying a custom UEFI firmware path.
Previously the Xen default was used in all cases.
* **Bug fixes**
* qemu: Fix validation of the HPET timer
Due to a logic bug introduced in libvirt 9.0.0, VM configurations
explicitly enabling the HPET timer were rejected.
* qemu: Fix thread-context .host-nodes generation
With new enough QEMU, libvirt instructs QEMU to set affinity of memory
allocation threads. But this may have resulted in QEMU being unable to do
so, as affinity to NUMA nodes inaccessible to emulator thread might have
been requested.
* rpc: fix typo in admin code generation
Fix the bug in the remote ``virt-admin`` code generator, that resulted
in a crash. Introduced in libvirt 9.1.0.
* qemu: relax shared memory check for vhostuser daemons
Fix hotplug of virtiofs ``filesystem`` after restarting libvirtd.
Before, libvirtd would incorrectly complain about missing shared
memory.
v9.1.0 (2023-03-01)
===================
* **Removed features**
* vbox: removed support for version 5.2 and 6.0 APIs
Libvirt no longer supports use of VirtualBox 5.2 and 6.0 since these
versions reached their end of life on 2020/07.
* **New features**
* vbox: added support for version 7.0 API
Libvirt can now support use of the VirtualBox 7.0, This is compile tested
only, so we are looking for feedback from users on how well it works in
practice.
* qemu: Support crypto device
Support crypto device(virtio crypto only), also add support for QEMU with
backend ``builtin`` and ``lkcf``.
* qemu: added support for pvpanic-pci device
A pvpanic device can be now defined as a PCI device (the original is an ISA
device) with ````.
* qemu: support automatic restart of inadvertently terminated passt process
If the passt process that is serving as the backend of a -netdev
stream is terminated unexpectedly, libvirt now listens to QEMU's
notification of this, and starts up a new passt instance, thus
preserving network connectivity.
* **Improvements**
* RPM packaging changes
The ``libvirt-daemon`` subpackage is split into several new subpackages,
allowing installation of a modular daemon configuration without the
traditional monolithic libvirtd.
* **Bug fixes**
* QEMU: iTCO watchdog made operational
The watchdog was always included when q35 machine type was used, but needed
an extra bit of configuration in order to be operational. This is now done
by default when running a QEMU domain with q35 machine type. This is not a
change in the guest ABI, but it is a guest visible behavior change since the
watchdog that did not fire before will now fire once used. To switch to the
previous behavior the watchdog action must be set to ``none``.
* QEMU: fix deleting memory snapshot when deleting external snapshots
When external snapshot deletion was introduced it did not remove memory
snapshot when it existed. In addition when external memory only snapshot
was created libvirt failed without producing any error.
* QEMU: properly report passt startup errors
Due to how the child passt process was started, the initial
support for passt (added in 9.0.0) would not see errors
encountered during startup, so libvirt would continue to setup and
start the guest; this led to a running guest with no network
connectivity.
(NB: On systems that use them, it is still necessary to disable
SELinux/AppArmor to start passt. This is a temporary limitation,
and use of the feature in production is strongly discouraged
until it has been lifted.)
* qemu: Fix error when attempting to change media in a CDROM drive
Due to a logic bug introduced in libvirt-9.0 attempts to change media in a
CDROM would previously fail with an error stating that the tray isn't open.
* qemu: Properly handle block job transitions
Starting with libvirt-9.0 the block job state machine improperly handled
some job transitions, which resulted into some block jobs not being
properly terminated. This could cause problems such as errors when
detaching a disk after snapshot.
* virsh: Make domif-setlink work more than once
There was a bug introduced in the previous release which made ``virsh
domif-setlink`` work exactly once over given domain. The bug was fixed and
now the command can be run multiple times.
* qemu: Make domain startup fail if NIC already exists
When starting a domain with an ```` that's supposed to be
managed by libvirt (``managed='yes'``) but corresponding TAP device already
exists, report an error and make the startup process fail.
* qemu: Deal with nested mounts when umount()-ing /dev
When setting up private ``/dev`` for a domain (also known as ``namespaces``
in ``qemu.conf``), libvirt preserves mount points nested under ``/dev``
(e.g. ``/dev/shm``, ``/dev/pts`` and so on). But there was a bug which
resulted in inability to construct the namespace when there were two or
more filesystems mounted on the same path. This is common scenario with
containers and thus the bug was fixed.
* remote: Pass ``mode`` and ``socket`` URI parameters to virt-ssh-helper
When connecting to a remote host using SSH transport, ``?mode=`` and
``?socket=`` URI parameters were ignored. This prevented users from
connecting to a monolithic daemon running on a remote host.
* qemu: Various ``swtpm`` related fixes
There are more cleanups and small bug fixes with regards to emulated
````. For instance with migration when the ``swtpm`` state is on a
shared volume, or seclabel setting/restoring.
v9.0.0 (2023-01-16)
===================
* **New features**
* QEMU: implement external snapshot deletion
External snapshot deletion is now possible using the existing API
``virDomainSnapshotDelete()``. Flags that allow deleting children
or children only are not supported.
* QEMU: support passt (https://passt.top)
passt can be used to connect an emulated network device to the
host's network without requiring libvirt to have any sort of
elevated privileges. This is configured with::
...
* QEMU: add external backend for swtpm
Connecting the VM to a swtpm daemon started outside of libvirt
is now possible.
* QEMU: Support for passing FDs instead of opening files for ``
A new API `virDomainFDAssociate` gives the users the option to pass FDs
to libvirt and then use them when starting a VM. Currently the FDs can
be used instead of directly opening files as `` backend.
* **Improvements**
* qemu: Prefer PNG for domain screenshots
With sufficiently new QEMU (v7.1.0) screenshots change format from PPM to PNG.
* tools: Fix install_mode for some scripts
Scripts from the following list were installed with group write bit set:
virt-xml-validate, virt-pki-validate, virt-sanlock-cleanup,
libvirt-guests.sh. This was changed so that only the owner is able to write
them.
* qemu: Allow multiple nodes for preferred policy
Due to restrictions of old kernels and libnuma APIs, the preferred NUMA
policy accepted just a single host NUMA node. With recent enough kernel
(v5.15.0) and libnuma (v2.0.15) it's possible to set multiple nodes.
* secret: Inhibit shutdown of daemon for ephemeral secrets
When an ephemeral secret is defined then automatic shutdown of virtsecretd
is inhibited. This is to avoid ephemeral secrets disappearing shortly
before their use.
* qemu: Report Hyper-V Enlightenments in domcapabilities
The supported Hyper-V Enlightenments are now reported in domain
capabilities XML.
* **Bug fixes**
* Fix NULL-pointer dereference `virXMLPropStringRequired`
Fix a bug where when parsing a XML property which is required to be present
by using `virXMLPropStringRequired` the parser will crash instead of
reporting an error.
* qemu: Init ext devices paths on reconnect
Paths for external devices are not stored in the status XML. Therefore,
when the daemon restarted and was reconnecting to a running domain, these
paths were left blank which led to the daemon crash.
* qemu: Validate arguments passed to `virConnectGetDomainCapabilities`
There was a code path in which insufficient validation of input arguments
of `virConnectGetDomainCapabilities` API was possible which led to the
daemon crash. This path is now fixed.
v8.10.0 (2022-12-01)
====================
* **New features**
* Tool for validating SEV firmware boot measurement of QEMU VMs
The ``virt-qemu-sev-validate`` program will compare a reported SEV/SEV-ES
domain launch measurement, to a computed launch measurement. This
determines whether the domain has been tampered with during launch.
* Support for SGX EPC (enclave page cache)
Users can add a ```` device to launch a VM with
``Intel Software Guard Extensions``.
* Support migration of vTPM state of QEMU vms on shared storage
Pass ``--migration`` option if appropriate in order for ``swtpm`` to
properly migrate on shared storage.
* **Improvements**
* Mark close callback (un-)register API as high priority
High priority APIs use a separate thread pool thus can help in eliminating
problems with stuck VMs. Marking the close callback API as high priority
allows ``virsh`` to properly connect to the daemon in case the normal
priority workers are stuck allowing other high priority API usage.
* Updated x86 CPU features
The following features for the x86 platform were added:
``v-vmsave-vmload``, ``vgif``, ``avx512-vp2intersect``, ``avx512-fp16``,
``serialize``, ``tsx-ldtrk``, ``arch-lbr``, ``xfd``, ``intel-pt-lip``,
``avic``, ``sgx``, ``sgxlc``, ``sgx-exinfo``, ``sgx1``, ``sgx2``,
``sgx-debug``, ``sgx-mode64``, ``sgx-provisionkey``, ``sgx-tokenkey``,
``sgx-kss``, ``bus-lock-detect``, ``pks``, ``amx``.
* Add support for ``hv-avic`` Hyper-V enlightenment
``qemu-6.2`` introduced support for the ``hv-avic`` enlightenment which
allows to use Hyper-V SynIC with hardware APICv/AVIC enabled.
* qemu: Run memory preallocation with numa-pinned threads
Run the thread allocating memory in the proper NUMA node to reduce overhead.
* RPM packaging changes
- add optional dependency of ``libvirt-daemon`` on ``libvirt-client``
The ``libvirt-guests.`` tool requires the ``virsh`` client to work
properly, but we don't want to require the installation of the daemon
if the tool is not used.
- relax required ``python3-libvirt`` version for ``libvirt-client-qemu``
The ``virt-qemu-qmp-proxy`` tool requires python but doesn't strictly
need the newest version. Remove the strict versioning requirement in
order to prevent cyclic dependency when building.
* **Bug fixes**
* Skip initialization of ``cache`` capabilities if host doesn't support them
Hypervisor drivers would fail to initialize on ``aarch64`` hosts with
following error ::
virStateInitialize:657 : Initialisation of cloud-hypervisor state driver failed: no error
which prevented the startup of the daemon.
* Allow incoming connections to guests on routed networks w/firewalld
A change in handling of implicit rules in ``firewalld 1.0.0`` broke
incoming connections to VMs when using ``routed`` network. This is fixed
by adding a new ``libvirt-routed`` zone configured to once again allow
incoming sessions to guests on routed networks.
* Fix infinite loop in nodedev driver
Certain udev entries might be of a size that makes libudev emit EINVAL
which caused a busy loop burning CPU. Fix it by ignoring the return code.
v8.9.0 (2022-11-01)
===================
* **New features**
* Add ``virt-qemu-qmp-proxy`` for emulating a QMP socket for libvirt managed VMs
``virt-qemu-qmp-proxy`` tool provides a way to expose an emulated QMP server
socket for a VM managed by libvirt. This allows existing QMP-only clients
to work with libvirt managed VMs.
**Note:** libvirt is not interpreting the communication between the tool
using the proxy and qemu itself, so any state-changing commands may
desynchronize libvirt. Use at your own risk.
* qemu: Core Scheduling support
To avoid side channel attacks, the Linux kernel allows creating groups of
processes that trust each other and thus can be scheduled to run on
hyperthreads of a CPU core at the same time. This is now implemented for
QEMU domains too (see ``sched_core`` knob in qemu.conf), although not
enabled by default, just yet.
* **Improvements**
* qemu: Add hypervisor-specific statistics to ``virConnectGetAllDomainStats``
The new stats group ``VIR_DOMAIN_STATS_VM`` of
``virConnectGetAllDomainStats``, also exposed as ``virsh domstats --vm``,
returns hypervisor-specific stats fields for given VM.
* Add ``vendor`` attribute for CPU models in domain capabilities
Users can now see the vendor of each CPU model in domain capabilities and
use it, e.g., for filtering usable CPU models based on host CPU vendor.
* virsh: Add ``--model`` option for ``hypervisor-cpu-baseline``
This is a shortcut for calling ``hypervisor-cpu-baseline`` with a single
CPU model and no additional features. It can be used for determining which
features block a particular CPU model from being usable.
* Improved documentation of CPU ``usable`` attribute in domain capabilities
* Report ``channel`` and ``redirdev`` devices in domain capabilities
The channel and redirect devices supported by the hypervisor are now
reported in domain capabilities.
* meson: Bump minimal required meson version
Newer meson versions deprecate some functions used. These were replaced
with their newer counterparts and the minimal required mesion version was
bumped to 0.56.0.
* qemu: Add flags to keep or remove TPM state for ``virDomainUndefineFlags``
``VIR_DOMAIN_UNDEFINE_TPM`` and ``VIR_DOMAIN_UNDEFINE_KEEP_TPM`` specify
accordingly to delete or keep a TPM's persistent state directory structure
and files when undefining a domain. In virsh the flags are exposed as
``--tpm`` and ``--keep-tpm`` for the sub-command ``undefine``.
* **Bug fixes**
* qemu: Disable all blocker features in CPU baseline
Three years ago QEMU renamed some CPU features (mostly those containing
an underscore). When such renamed feature was reported by QEMU as blocking
usability of a CPU model, we would fail to explicitly disable it when
creating a baseline CPU definition using this model. This bug did not have
any functional impact when the default ``check='partial'`` attribute was
used for guest CPU definition in domain XML, but it could have caused
failures to start a domain with ``check='full'`` in some cases.
* qemu: Do not crash after restart with active migration
In 8.8.0 release libvirt daemon would crash after it was restarted during
an active outgoing migration.
* qemu: Refresh state after restore from a save image
When a domain is restored from a saved image, libvirt now queries QEMU for
those parts of runtime information that were not part of the save image.
For instance: MAC address of a macvtap NICs, tray state of CD-ROMs,
allocated size of virtio-mem, and others.
v8.8.0 (2022-10-03)
===================
* **Removed features**
* storage: Remove 'sheepdog' storage driver backend
The 'sheepdog' project is no longer maintained and upstream bug reports
are unaddressed. Libvirt thus removed the support for the sheepdog storage
driver backend, following qemu's removal of sheepdog support in qemu-6.1.
* **Improvements**
* qemu: Implement VIR_DOMAIN_STATS_CPU_TOTAL for qemu:///session
Users can now query VIR_DOMAIN_STATS_CPU_TOTAL (also known as cpu.time)
statistics for session domains.
* **Bug fixes**
* qemu: Fix non-shared storage migration setup
This release fixes a bug in setup of a migration with non-shared storage
( ``virsh migrate --copy-storage-all``) which was broken by a refactor of
the code in libvirt-8.7.
* selinux: Don't ignore NVMe disks when setting image label
Libvirt did not set any SELinux label on NVMe disks and relied only on the
default SELinux policy. This turned out to cause problem when using
namespace or altered policy and thus is fixed now.
* qemu: Fix a deadlock when setting up namespace
When starting a domain, libvirt creates a mount namespace and manages
private /dev with only a handful nodes exposed. But when creating those a
deadlock inside glib might have occurred. The code was changed so that
libvirt does not tickle the glib bug.
* qemu: Don't build memory paths on daemon restart
When the daemon is restarted it tried to create domain private paths for
each mounted hugetlbfs. When this failed, the corresponding domain was
killed. This operation is now performed during domain startup and memory
hotplug and no longer leads to sudden kill of the domain.
v8.7.0 (2022-09-01)
===================
* **Removed features**
* qemu: Remove support for QEMU < 4.2
In accordance with our platform support policy, the oldest supported QEMU
version is now bumped from 3.1 to 4.2.
* **New features**
* qemu: Add support for specifying vCPU physical address size in bits
Users can now specify the number of vCPU physical address bits with
the `` subelement of the `` element.
* **Improvements**
* esx: Domain XMLs can now be dumped for VMs with two new interface types
One is when the interface is not connected anywhere `type='null'` and one
when it is connected to VMWare Distributed Switch `type='vds'`.
* **Bug fixes**
* qemu: increase memlock limit for a domain with multiple vfio/vdpa devices
When multiple vfio or vdpa devices are assigned to a domain, the locked
memory limit could be too low to map memory for all devices. The memlock
limit has been increased to be proportional to the number of vdpa/vfio
devices.
v8.6.0 (2022-08-01)
===================
* **Improvements**
* conf: Improved firmware autoselection
The firmware autoselection feature now behaves more intuitively, reports
better error messages on failure and comes with high-level documentation.
v8.5.0 (2022-07-01)
===================
* **New features**
* qemu: Introduce support for network backed NVRAM
Users can now use remote store NVRAM image by specifying newly introduced
attribute `type='network'` with `` element.
* qemu: Add support for post-copy migration recovery
A new ``VIR_MIGRATE_POSTCOPY_RESUME`` flag (``virsh migrate --postcopy-resume``)
was introduced for recovering from a failed post-copy migration.
* qemu: Add support for zero-copy migration
With QEMU 7.1.0, libvirt can enable zerocopy for parallel migration. This
is implemented by adding a new ``VIR_MIGRATE_ZEROCOPY`` flag(``virsh migrate
--zerocopy``).
* Introduce thread_pool_min and thread_pool_max attributes to IOThread
New attributes ``thread_pool_min`` and ``thread_pool_max`` were introduced
to ```` as well as new ```` element with the
same attributes. This way it's possible to instruct QEMU to spawn enough
worker threads for an IOThread upfront, resulting in predictable time
needed to process an I/O request.
* **Improvements**
* Define a TFTP server without a DHCP server in network configuration
It's now possible to define a network with no DHCP server but with a TFTP
server. This may be useful when DHCP service is provided by other entity on
the network than libvirt spawned dnsmasq.
* **Bug fixes**
* qemu: Restore label to temp file in qemuDomainScreenshot()
When virDomainScreenshot() is called, libvirt instructs QEMU to save the
screenshot into a temporary file. This file needs to be labelled correctly,
so that QEMU can access it. And since the file is temporary (it's deleted
after the screenshot was taken) the corresponding label restore was
missing. This proven to be problematic for profile based models, like
AppArmor, where the temporary files were added into the profile but never
removed, which resulted in longer profile recalculation times.
* qemuBuildInterfaceConnect: Initialize @tapfd array
Due to an uninitialized array, unsuccessful attempt to start a guest with
an ```` might have resulted in closing of a random FD and thus
sudden disconnect of a client or other random failures.
* qemu: Fix hotplug of network interfaces
A logic bug introduced in a recent refactor was fixed. The bug caused a
problem when hot-adding a network interface, which failed with the
following error::
error: internal error: unable to execute QEMU command 'netdev_add': File descriptor named '(null)' has not been found
* Fix ``startupPolicy`` validation for ``block`` disks
Setting of ``startupPolicy`` for a block disk would result in an error due
to a logic bug in a recent refactor.
* qemu: Fix crash when overriding device properties via ```` element
Adding an override for a device property would result in a crash of the qemu
driver.
v8.4.0 (2022-06-01)
===================
* **New features**
* qemu: D-Bus display
Libvirt is now able to setup a D-Bus display export, either with a private
bus or in p2p mode. This display is available in QEMU 7.0.0.
* qemu: ppc64 Power10 processor support
Support for the recently released IBM Power10 processor was added.
* qemu: Introduce ``absolute`` clock offset
The ``absolute`` clock offset type allows to set the guest clock to an
arbitrary epoch timestamp at each start. This is useful if some VM needs
to be kept set to an arbitrary time for e.g. testing or working around
broken software.
* qemu: add qemu-vdagent channel
This paravirtualized qemu vdagent channel can enable copy and paste between
a guest and a VNC client. It is available in QEMU 6.1.0.
* api: Add new APIs ``virDomainSaveParams`` and ``virDomainRestoreParams``
* ``virDomainSaveParams``: An alternative domain saving API, extends
``virDomainSaveFlags`` by adding parameters.
* ``virDomainRestoreParams``: An alternative domain restoring API, extends
``virDomainRestoreFlags`` by adding parameters.
* **Bug fixes**
* Improve heuristics for computing baseline CPU models
Both ``virConnectBaselineHypervisorCPU`` and ``virConnectBaselineCPU`` were
in some cases computing the result using a CPU model which was newer than
some of the input models. For example, ``Cascadelake-Server`` was used as a
baseline for ``Skylake-Server-IBRS`` and ``Cascadelake-Server``. The CPU
model selection heuristics was improved to choose a more appropriate model.
v8.3.0 (2022-05-02)
===================
* **Removed features**
* qemu: Remove support for QEMU < 3.1
In accordance with our platform support policy, the oldest supported QEMU
version is now bumped from 2.11 to 3.1.
* **New features**
* qemu: Introduce support for virtio-iommu
This IOMMU device can be used with both Q35 and ARM virt guests.
* qemu: Introduce attributes rss and rss_hash_report for net interface
They can enable in-qemu/ebpf RSS and in-qemu RSS hash report for virtio NIC.
Require QEMU >= 5.1.
v8.2.0 (2022-04-01)
===================
* **New features**
* qemu: Introduce ``manual`` disk snapshot mode
This new mode allows users to synchronize libvirt snapshots with snapshots
which need to be done outside of libvirt e.g. when 'vhost-user-blk' is used
to back the disk.
* Introduce memory allocation threads
When starting a QEMU guest, libvirt can now instruct QEMU to allocate
guest's memory in parallel. This may be handy when guest has large amounts
of memory.
* **Improvements**
* qemu: ``VIR_MIGRATE_PARAM_TLS_DESTINATION`` now works with non-shared storage migration
The setting now also applies to the NBD connections for non-shared storage
migration allowing migration to proceed even when the user expects certificate
name not to match.
* qemu: Allow overrides of device properties via the qemu namespace
Users wishing to override or modify properties of devices configured by
libvirt can use the ```` QEMU namespace element to
specify the overrides instead of relying on the argv passthrough of the
``-set`` qemu commandline option which no longer works with new qemu.
* qemu: Allow passing file descriptors to ``virsh qemu-monitor-command``
Passing FDs allows users wanting to experiment with qemu driven by libvirt
use commands like ``add-fd`` properly.
* libxl: Turn on user aliases
Users can now use so called user aliases for XEN domains.
* Implement support for FUSE3
The LXC driver uses fuse to overwrite some lines in ``/proc/meminfo``
inside containers so that they see correct amount of memory given to them.
The code was changed so that both ``fuse`` and ``fuse3`` are supported.
* Improve domain save/restore throughput
Code that's handling save or restore of QEMU domains was changed resulting
in better performance of I/O and thus shortening time needed for the operation.
* **Bug fixes**
* Both build and tests should now pass on Alpine Linux or any other
distribution with musl libc.
* virsh: Fix integer overflow in allocpages
On hosts which support hugepages larger than 1GiB ``virsh allocpages``
failed to accept them because of an integer overflow. This is now fixed.
* qemu: Fix segmentation fault in virDomainUndefineFlags
When a domain without any ```` was being undefined, libvirt has
crashed. This is now fixed.
* lxc: Fix unaligned reads of /proc/meminfo within a container
When /proc/meminfo was read in chunks smaller than the entire file, libvirt
would produce mangled output. While porting the code to FUSE3 this area was
reworked and the file can now be read with any granularity.
* qemu: Be less aggressive around cgroup_device_acl
A basic set of devices common to every domain can be set in ``qemu.conf``
via cgroup_device_acl knob. Devices from this set are allowed in CGroup and
created in domain private namespace for every domain. However, upon device
hotunplug it may have had happened that libvirt mistakenly denied a device
from this set and/or removed it from the namespace. For instance,
/dev/urandom was removed and denied in CGroup on RNG hotunplug.
* nodedev: trigger mdev device definition update on udev add and remove
When nodedev objects are added and removed mdev device definitions are
updated to report correct associated parent.
v8.1.0 (2022-03-01)
===================
* **New features**
* qemu: Add hvf domain type for Hypervisor.framework
It works on Intel machines as well as recent machines powered by Apple
Silicon. QEMU 6.2.0 is needed for Apple Silicon support.
* qemu: Support mode option for dirtyrate calculation
Introduce ``virDomainDirtyRateCalcFlags`` as parameter of
``virDomainStartDirtyRateCalc``, which is used to specify the mode of
dirty page rate calculation.
Add ``--mode`` option to ``virsh domdirtyrate-calc``, which can be
either of the following 3 options:
``page-sampling, dirty-bitmap, dirty-ring``.
Add ``calc_mode`` field for dirtyrate statistics returned by
``virsh domstats --dirtyrate``, also add ``vCPU dirtyrate`` if
``dirty-ring`` mode was used in last measurement.
* **Improvements**
* packaging: sysconfig files no longer installed
libvirt used to provide defaults in various /etc/sysconfig/ files, such
as /etc/sysconfig/libvirtd. Since these files are owned by the admin, this
made it difficult to change built-in defaults in case such file was
modified by the admin. The built-in defaults are now part of the provided
systemd unit files, such as libvirtd.service. These unit files continue
to parse sysconfig files, in case they are created by the admin and filled
with the desired key=value pairs.
* virnetdev: Ignore EPERM on implicit clearing of VF VLAN ID
Libvirt will now ignore EPERM errors on attempts to implicitly clear a
VLAN ID (when a VLAN is not explicitly provided via an interface XML
using a 0 or a non-zero value) as SmartNIC DPUs do not expose VLAN
programming capabilities to the hypervisor host. This allows Libvirt
clients to avoid specifying a VLAN and expect VF configuration to work
since Libvirt tries to clear a VLAN in the same operation
as setting a MAC address for VIR_DOMAIN_NET_TYPE_HOSTDEV devices which
is now split into two distinct operations. EPERM errors received while
trying to program a non-zero VLAN ID or explicitly program a VLAN ID 0
will still cause errors as before so there is no change in behavior
in those cases.
* **Bug fixes**
* Remove unix sockets from filesystem when disabling a '.socket' systemd unit
The presence of the socket files is used by our remote driver to determine
which service to access. Since neither systemd nor the daemons clean up the
socket file clients were running into problems when a modular deployment was
switched to monolithic ``libvirtd``.
* qemu: Fixes of fd passing during hotplug and hotunplug of chardevs
FDs used as chardev backing are now properly removed when hot-unplugging
a chardev from qemu and hotplugged chardevs now properly use ``virtlogd``
to handle the input and output from qemu.
* RPM: Run pre/post-install steps on ``daemon-driver-storage-core``
Previously the pre/post-install code was part of the meta-package which
installed all storage driver sub-packages thus a minimalistic install
of the storage driver didn't behave correctly.
v8.0.0 (2022-01-14)
===================
* **Security**
* libxl: Fix potential deadlock and crash (CVE-2021-4147)
A rogue guest could continuously reboot itself and cause libvirtd on the
host to deadlock or crash, resulting in a denial of service condition.
* **Removed features**
* qemu: Explicitly forbid live changing nodeset for strict numatune
For ``strict`` mode of it can't be guaranteed that memory is
moved completely onto new set of nodes (e.g. QEMU might have locked pieces
of its memory) thus breaking the strict promise. If live migration of QEMU
memory between NUMA nodes is desired, users are advised to use
``restrictive`` mode instead.
* **New features**
* qemu: Synchronous write mode for disk copy operations
The ``blockdev-mirror`` block job supports a mode where writes from the VM
are synchronously propagated to the destination of the copy. This ensures
that the job will converge under heavy I/O.
Implement the mode for the copy blockjob as
``VIR_DOMAIN_BLOCK_COPY_SYNCHRONOUS_WRITES`` flag exposed via
``virsh blockcopy --synchronous-writes`` and for non-shared storage migration
as ``VIR_MIGRATE_NON_SHARED_SYNCHRONOUS_WRITES`` exposed via
``virsh migrate --copy-storage-synchronous-writes``.
* Introduce TCG domain features
Libvirt is now able to set the size of translation block cache size
(tb-size) for TCG domains.
* qemu: Add new API to inject a launch secret in a domain
New API ``virDomainSetLaunchSecurityState()`` and virsh command
``domsetlaunchsecstate`` are added to support injecting a launch secret
in a domain's memory.
* **Improvements**
* libxl: Implement the virDomainGetMessages API
* qemu: Preserve qcow2 sub-cluster allocation state after external snapshots and block-copy
The new image which is installed as an overlay on top of the current chain
when taking an external snapshot, or the target of a block copy operation
now enables sub-cluster allocation (``extended_l2``) if the original
image has the option enabled.
* **Bug fixes**
* qemu: Fix device hot-unplug with ``libvirt-7.9`` or ``libvirt-7.10`` used with ``qemu-6.2``
An internal change to the configuration format used by the above libvirt
versions triggers a bug in ``qemu-6.2`` where qemu no longer emits the
event notifying that the device was unplugged successfully and thus libvirt
never removes the device from the definition.
This impacts only devices which were present at startup of the VM, hotplugged
devices behave correctly.
This is fixed in ``libvirt-8.0`` by reverting to the old configuration
approach until qemu is fixed.
As a workaround for ``libvirt-7.9`` and ``libvirt-7.10`` the old configuration
approach can be forced by:
Option 1, global ``qemu.conf``::
capability_filters = [ "device.json" ]
Option 2, per VM XML override::
[...]
* Fix sparse streams with split daemon
In split daemon scenario, a client connected to a hypervisor driver and
using sparse streams (e.g. ``virsh vol-download --sparse``) would make the
hypervisor daemon enter an infinite loop without any data transfer. This is
now fixed.
* Build no longer requires RPC library
Code and its cross dependencies were fixed so that build without remote
driver and thus an RPC library (like ``tirpc``) fails no more.
* virnetdevopenvswitch: Fix 'burst' value passed to ovs-vsctl
When a ```` was defined for a TAP device that's plugged into an
OvS bridge values passed to the OvS were incorrectly recalculated resulting
in slightly different limits being applied.
v7.10.0 (2021-12-01)
====================
* **New features**
* Added virt-pki-query-dn binary
This binary helps users figure out the format of Distinguished Name
from a certificate file the way that libvirt expects it in
tls_allowed_dn_list option of libvirtd.conf configuration file
* **Improvements**
* qemu: Report guest interface information in ``virDomainGetGuestInfo``
Libvirt is now able to report interface information from the guest's
perspective (using guest agent).
* qemu: detect guest side errors during device removal
Libvirt is now able to detect guest side errors during device removal by
using the DEVICE_UNPLUG_GUEST_ERROR event, available in QEMU 6.2.0.
* Minimum SSF setting
The libvirtd.conf option tcp_min_ssf can be used to override the minimum
permitted security strength factor for non-TLS remote connections.
The current hardcoded minimum is 56 (single-DES) and will be raised to 112
in the future. Setting a minimum lower than 112 is not supported.
* qemu: Report stats also for block copy destination and backup job scratch
images
The statistics are available via the bulk domain stats API.
* **Bug fixes**
* qemu: Don't format 'ramfb' attribute when disabled
Fix a regression caused by the conversion to JSON -device arguments where
'ramfb' would be put on the commandline of 'vfio-pci' which doesn't have it,
thus breaking VMs with a mediated host device.
* qemu: Fix block copy and backup to encrypted storage
An oversight in last release lead to a spurious error being reported when
encrypted storage was requested for disk images which are not directly
backing the disk, which is now fixed.
v7.9.0 (2021-11-01)
===================
* **New features**
* Introduce virtio-mem ```` model
New virtio-mem model is introduced for ```` device which is a
paravirtualized mechanism of adding/removing memory to/from a VM. Use
``virDomainUpdateDeviceFlags()`` API to adjust amount of memory or ``virsh
update-memory-device`` for convenience.
* qemu: support disabling hotplug of devices on the pci-root controller
the option is now supported for the
pci-root controller on i440fx-based (x86 "pc") machinetypes. This
can be used to disable hotplug/unplug of devices from this
controller. The default behavior is unchanged (hotplug is
allowed).
* Support hotplug and hotunplug for virtiofs
Filesystems backed by virtiofsd can now be hotplugged and hotunplugged.
* virpcivpd: Add a PCI VPD parser
A parser for the standard PCI/PCIe VPD ("I.3. VPD Definitions" in PCI 2.2+
and an equivalent definition in "6.28.1 VPD Format" PCIe 4.0) was added
along with relevant types to represent PCI VPD in memory. This
functionality got added for Linux only at this point (kernels above
v2.6.26 have support for exposing VPD via sysfs).
* virpci: Add PCI VPD-related helper functions to virpci
In order to utilize the PCI VPD parser, a couple of helper functions got
introduced to check for the presence of a VPD file in the sysfs tree and
to invoke the PCI VPD parser to get a list of resources representing PCI
VPD contents in memory.
* nodedev: Add PCI VPD capability support
Support for serializing and deserializing PCI VPD data structures is added
following the addition of the PCI VPD parser. A new PCI device capability
called "vpd" is introduced holding string resources and keyword resources
found in PCI VPD.
* qemu: Support page_per_vq for driver element
This optional virtio attribute ``page_per_vq`` controls the layout of the
notification capabilities exposed to the guest. It is recommended for the
vDPA devices.
* qemu: Support librbd encryption
Add an encryption engine ``librbd``. It will provides the image-level
encryption of librbd. It requires QEMU >= 6.1.0 and librbd >= 16.1.0.
* **Improvements**
* Use of JSON syntax with ``-device`` with upcoming QEMU-6.2
Libvirt started using JSON directly with the ``-device`` commandline
parameter as it's considered the preferred stable syntax for further QEMU
releases. If any problems with the conversion are encountered please
report them as soon as possible.
* **Bug fixes**
* qemu: Fix problems on ``virsh domstats`` with qemu <5.2.0
Libvirt v7.2.0 and later called query-dirty-rate, which was introduced in
qemu-5.2.0, regardless of qemu version and failed in qemu-5.1.0. This
release fixes the bug.
* Don't enter endless loop when unable to accept new clients
If libvirtd (or any other daemon) hit the ulimit for maximum number of open
files but there are still client connections pending then libvirtd (or
corresponding split daemon) would enter an endless loop from which it would
never recover. This behaviour is now fixed.
* qemu: Run secondary driver hooks in split daemon mode
Because of a bug in implementation it may happen that hooks from secondary
drivers were not called in all cases, for instance a network hook wasn't
called upon removal of interface after domain shut off itself. With this
release the bug is fixed.
v7.8.0 (2021-10-01)
===================
* **New features**
* nodedev: Add ability to automatically start mediated devices
The autostart status of a persistent mediated devices can be managed with
the new APIs ``virNodeDeviceSetAutostart()`` and
``virNodeDeviceGetAutostart()``. The corresponding virsh command is
``nodedev-autostart``. In addition, two new APIs were added to get
additional information about node devices: ``virNodeDeviceIsPersistent()``
checks whether the device is persistently defined, and
``virNodeDeviceIsActive()`` checks whether the node device is currently
active. This information can also be retrieved with the new virsh command
``nodedev-info``.
* qemu: Add attribute ``queue_size`` for virtio-blk devices
* **Improvements**
* api: Add XML validation for creating of: networkport, nwfilter-binding,
network
* Add flag ``VIR_NETWORK_PORT_CREATE_VALIDATE`` to validate network port
input xml of network-port creating.
* Add flag ``VIR_NETWORK_CREATE_VALIDATE`` to validate network input xml of
network creating.
* Add flag ``VIR_NWFILTER_BINDING_CREATE_VALIDATE`` to validate
nwfilter-binding input xml of nwfilter-binding creating.
v7.7.0 (2021-09-01)
===================
* **New features**
* Add support for Fibre Channel VMID
New VM element ```` was added to allow users to set
their ``appid`` for each VM which will be used by kernel to create Fibre
Channel VMID. This allows various QoS levels, access control or collecting
telemetry data per VM.
* **Improvements**
* virsh: Allow XML validation for define of: storage pool, network, secret,
nwfilter, interface
* Add flag ``VIR_STORAGE_POOL_DEFINE_VALIDATE`` to validate storage pool
input xml. For virsh, users can use it as ``virsh pool-define --validate``.
* Add flag ``VIR_NETWORK_DEFINE_VALIDATE`` to validate network input xml. For
virsh, users can use it as ``net-define --validate``.
* Add flag ``VIR_SECRET_DEFINE_VALIDATE`` to validate secret input xml. For
virsh, users can use it as ``secret-define --validate``.
* Add flag ``VIR_NWFILTER_DEFINE_VALIDATE`` to validate nwfilter input xml.
For virsh, users can use it as ``nwfilter-define --validate``.
* Add flag ``VIR_INTERFACE_DEFINE_VALIDATE`` to validate interface input xml.
For virsh, users can use it as ``iface-define --validate``.
* Add SecurityManager APIs for labeling network devices
New ``virSecurityManagerSetNetdevLabel`` and ``virSecurityManagerSetNetdevLabel``
APIs are introduced and implemented in the Apparmor security driver.
The qemu driver uses the APIs to label vhostuser ports on hotplug and
restore labeling on unplug.
* vmx: Parse vm.genid and support super wide SCSI bus
The genid attribute is now reported for VMX guests. Libvirt can now
properly process super wide SCSI bus (64 units).
* qemu: Lifecycle action (``on_poweroff``/``on_reboot``) handling improvements
The handling of lifecycle actions was fixed and improved in multiple ways:
- ``restart-rename`` action was forbidden
The action was never properly implemented in the qemu driver and didn't
actually result in a restart of the VM but rather termination. The qemu
driver now rejects such configurations.
- ``preserve`` action was forbidden
Similarly to the previous case this never worked as the intended semantics
of the actions dictate. It's better to not allow it at all until there's a
proper implementation
- ``reboot`` action of ``on_poweroff`` now actually works
The guest OS is now rebooted instead of terminating the VM when the
``reboot`` action is used and the guest OS powers down. Note that it's
incompatible with ``on_reboot`` set to ``destroy``.
- Changes in action action of ``on_reboot`` are now updated with qemu
Libvirtd can now properly update the ``on_reboot`` action in qemu which
allows proper handling when changing between ``reboot`` and ``destroy``
actions. In addition, switching from ``reboot`` to ``destroy`` was
forbidden for older qemus which don't support the update API as the guest
could still reboot and execute some instructions until it was terminated.
* virsh: Support vhostuser in attach-interface
* **Bug fixes**
* qemu: Open chardev logfile on behalf of QEMU
Guests with a logfile configured for their chardevs are now able to start
even when no virtlogd is configured.
* virhostmem: Handle numactl-less build in hugepages allocation/reporting
Some architectures don't have notion of NUMA (e.g. s390x) but do support
hugepages. Libvirt silently ignored requests to allocate/report hugepage
pool when built without numactl. This is now fixed and the pool can be
allocated/reported on properly.
* qemu: Record proper ``backing`` format for overlays of qcow2+luks images
Libvirt would record ``luks`` instead of ``qcow2`` into the metadata. In
practice this is a problem only when inspecting images manually via
``qemu-img`` as with libvirt users must use full specification of the
backing chain in the domain XML which supersedes information recorded in
the image metadata.
v7.6.0 (2021-08-02)
===================
* **Security**
* storage: Unlock pool objects on ACL check failures in ``storagePoolLookupByTargetPath`` (CVE-2021-3667)
A logic bug in ``storagePoolLookupByTargetPath`` where the storage pool
object was left locked after a failure of the ACL check could potentially
deprive legitimate users access to a storage pool object by users who don't
have access.
* **New features**
* qemu: Incremental backup support via ``virDomainBackupBegin``
libvirt-7.6 along with the unreleased qemu-6.1 will fully support the change
block tracking features (block-dirty-bitmaps) to be able to do incremental
backups and management of the checkpoint states via the appropriate APIs.
* qemu: Add support for launch security type s390-pv
Specifying s390-pv as launch security type in an s390 domain prepares for
running the guest in protected virtualization secure mode, also known as
IBM Secure Execution. This simplifies the definition and reduces the risk
of an incorrect definition, e.g. by forgetting to specify ``iommu=on`` on
all virtio devices.
* domstats: Add haltpolling time statistic interface
Domstats now provide the data of cpu haltpolling time. This feature relies
on statistics available after kernel version 5.8. This will allow the user
to get more accurate CPU usage information if needed.
* **Bug fixes**
* qemu: Fix migration with ``VIR_MIGRATE_NON_SHARED_INC``
libvirt 7.3.0 introduced a bug where ``VIR_MIGRATE_NON_SHARED_INC`` would
not actually migrate the contents of the disk due to broken logic and at
the same time could trigger migration of storage when
``VIR_MIGRATE_TUNNELLED`` is requested. This release fixes the bug.
* qemu: Don't emit ``VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD`` twice when registered with index
When registering the threshold event with the index notation (e.g.
``vda[3]``) libvirt would emit the event also for ``vda`` if the image is
in the top layer. The intention was to emit two events only when the
original registration was done without the index.
* qemu: Pass discard requests for disks with ``copy_on_read='on'``
When a disk using the ``copy_on_read='on'`` option is configured also with
``discard='unmap'`` the discard requests will now be passed to the
underlying image freeing up the space.
v7.5.0 (2021-07-01)
===================
* **Security**
* svirt: fix MCS label generation (CVE-2021-3631)
A flaw in the way MCS labels were generated could result in a VM's
resource not being fully protected from access by another VM were
it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153
* **Removed features**
* xen: Remove support for Xen < 4.9
In accordance with our platform support policy, the oldest supported Xen
version is now bumped from 4.6 to 4.9.
* **Improvements**
* docs: Document disk serial truncation status quo
Disk ```` is being truncated by QEMU before passed to the guest.
Since it's impossible to fix it without running into further regressions
the documentation was improved to document the intricacies.
* **Bug fixes**
* qemu: Fixed validation of disk ``iothread`` configuration
The validation of ``iothread`` config was previously moved to a place where
it caused bogus errors when address wasn't allocated when hotplugging a
disk. The check is now removed as it wasn't actually necessary at all.
v7.4.0 (2021-06-01)
===================
* **Removed features**
* qemu: Remove support for QEMU < 2.11
In accordance with our platform support policy, the oldest supported QEMU
version is now bumped from 1.5 to 2.11.
* **New features**
* qemu: Add support for hotplugging ```` disks
The disk hotplug code in the qemu driver now can handle hotplug of disks
with automatically added overlay.
* qemu: Add support for sharing base image of ```` disks
Users can use ```` to tell the qemu driver to
never open the base image in write mode thus multiple VMs can share the
same image. Note that the disk will be hotplugged during startup.
* **Improvements**
* Add win-dmp crashdump format
New ``win-dmp`` format for ``virDomainCoreDumpWithFormat`` API and/or virsh
``dump --format`` was introduced.
* **Bug fixes**
* Allow 0 offset in XML schema for ````
Having a 0 offset so that the size of the image can be limited is a
valid configuration so it was allowed in the XML schema.
v7.3.0 (2021-05-03)
===================
* **New features**
* xen: Support domains with more than 4TB
The xen driver now supports domains with more than 4TB of memory with
xen >= 4.13.
* qemu: add socket for virtiofs filesystems
Libvirt now supports ``filesystem`` devices that connect to
a ``virtiofsd`` daemon launched outside of libvirtd, via the
``socket`` attribute of the ``source`` element.
* nodedev: Add ability to manage persistent mediated devices
Persistent mediated devices can now be managed with libvirt.
``virNodeDeviceDefineXML()`` defines a new device,
``virNodeDeviceUndefine()`` removes an existing definition, and
``virNodeDeviceCreate()`` starts a device definition that is currently
inactive. Corresponding virsh commands ``nodedev-define``,
``nodedev-undefine``, and ``nodedev-start`` were also added.
``nodedev-list`` only lists active devices by default. Inactive device
definitions can be shown with the new ``--inactive`` and ``--all`` flags.
* qemu: Allow use of qemu's ``-compat`` option
Curious developers or testers now can enable certain ``-compat`` modes which
allow to notice use of deprecated commands and options as qemu will use the
selected method to notify the user. The new behaviour can be requested using
either the ``deprecation_behavior`` option in ``qemu.conf`` for all VMs or
using ```` in the VM XML.
* **Improvements**
* virsh: Improve errors with ``virsh snapshot-create-as``
The XML document constructed by virsh was forced through XML schema
validation which yielded unintelligible error messages in cases such as
when the path to the new image did not start with a slash. XML documents
are no longer validated as the XML parser actually has better error
messages which allow users to figure the problem out quickly.
* qemu: Terminate backing store when doing a full-chain block pull
When pulling everything into the overlay image the chain can be terminated
since we know that it won't depend on any backing image and thus can prevent
attempts to probe the backing chain.
* qemu: Expose disk serial in virDomainGetGuestInfo()
The ``virDomainGetGuestInfo()`` reports disk serial number among with other
disk information.
* **Bug fixes**
* qemu: Fix crash of libvirt on full block pull of a disk
When the persistent definition contains a compatible disk (meaning the
definition of the running and persistent config match) a block pull job
would leave a dangling pointer in the config definition which resulted
in a crash.
* qemu: Use proper job cancelling command
Libvirt's API contract for aborting a block copy job in 'ready' state
declares that the destination image of the copy will contain a consistent
image of the disk from the time when the block job was aborted. This
requires that libvirt uses the proper cancelling qemu command to ensure
that the data is consistent which was not the case.
* qemu: Don't attempt storage migration when there are no migratable disks
Due to a logic bug introduced in the previous release libvirt would attempt
to migrate disks in case when no disks are selected/eligible for migration.
* qemu: Fix very rare race when two block job 'ready' events are delivered
In certain high-load scenarios, qemu might deliver the 'ready' event twice
and if it's delivered when pivoting to the destination during a block copy
job, libvirt would get confused and execute the code as if the job were
aborted.
* lxc: Fix container destroy with CGroupsV2
When an LXC container was started and the host used CGroupsV2 it might have
had created nested controllers under the container's scope. Libvirt was
unaware and thus destroying the container failed with a cryptic error:
``failed to get cgroup backend for 'pathOfController'``. The CGroup removal
code was reworked and is now capable of dealing with such scenario.
* bash-completion: Fix argument passing to $1
Due to a bug in bash completion script, the auto completion did not work
properly when a connection URI or read only flag were specified on
``virsh`` or ``virt-admin`` command line.
v7.2.0 (2021-04-01)
===================
* **New features**
* qemu: Implement domain memory dirty rate calculation API
New API ``virDomainStartDirtyRateCalc()`` and virsh command
``domdirtyrate-calc`` are added to start calculating a live domain's
memory dirty rate.
* qemu: Support reporting memory dirty rate stats
The memory dirty rate stats can be obtained through ``virsh domstats
--dirtyrate`` via the virConnectGetAllDomainStats API.
* qemu: Full disk backups via ``virDomainBackupBegin``
The qemu hypervisor driver now allows taking full disk backups via the
``virDomainBackupBegin`` API and the corresponding virsh wrapper.
In future releases the feature will be extended to also support incremental
backups (where only the difference since the last backup is copied) when
qemu adds the required functionality.
* Add support for audio backend specific settings
With this release a new ```` element is introduced that allows
users to configure audio output for their guests.
* **Improvements**
* qemu: Compatibility with QEMU 6.0 for certain hot-(un)-plug operations
Libvirt 7.2.0 is required for compatibility with the upcoming QEMU 6.0
release for hotplug and hotunplug of certain devices and helpers, such as
iothreads, chardevs, RNG devices, disks with secret, ...
* qemu: Various improvements to embedded mode
Embedded mode for the QEMU driver, as well as the ``virt-qemu-run`` tool
saw improvements in handling of domain life cycle, temporary directories
creation (important when using disk secrets) and other minor fixes.
* Documentation of split daemon related config files
Split daemons read configuration files upon their start. These were never
documented though.
* **Bug fixes**
* Check host CPU for forbidden features
CPU feature policy did not work as expected with ``host-passthrough`` and
features supported by physical host. CPU features were not filtered out
when ``@check`` was set to ``full``.
* Fix virNetworkUpdate() to work with split daemons
Due to a bug in our code, virNetworkUpdate() did not work with split daemon
unless management application connected to virtnetworkd directly.
* qemu: increase locked memory limit when a vDPA device is present
Just like VFIO devices, vDPA devices may need to have all guest memory
pages locked/pinned in order to operate properly. These devices are now
included when calculating the limit for memory lock.
* Don't log error if SRIOV PF has no associated netdev
Some SRIOV PFs don't have a netdev associated with them in which case
libvirtd reported an error and refused to start. This is now fixed.
* qemu: Only raise memlock limit if necessary
Attempting to set the memlock limit might fail if we're running
in a containerized environment where ``CAP_SYS_RESOURCE`` is not
available, and if the limit is already high enough there's no
point in trying to raise it anyway.
* Restore security context of swtpm.log
If a guest with emulated TPM was started and the daemon was restarted
afterwards, the security context of the per-domain ``swtpm.log`` file was
not restored on domain shutdown leaving it unable to be started again.
* virtlogd|virtlockd: Fixed crash when upgrading the daemons in-place
A bug preventing the in-place upgrade of ``virtlogd`` and ``virtlockd``
daemons was fixed, so they can again be upgraded without dropping the log
file descriptors or locks on files.
v7.1.0 (2021-03-01)
===================
* **Portability**
* Implement Apple Silicon support
libvirt now runs on the ARM-based Apple Silicon Macs.
* **New features**
* Introduce virtio-pmem ```` model
The virtio-pmem is a virtio variant of NVDIMM and just like NVDIMM
virtio-pmem also allows accessing host pages bypassing guest page cache.
* Introduce ```` for ````
Booting is possible from virtiofs filesystems. Introduce an option
to control the boot order, like we do for other bootable devices.
* hyperv: implement new APIs
The ``virDomainUndefine()``, ``virDomainUndefineFlags()``,
``virDomainDefineXML()``, ``virDomainAttachDevice()``, and
``virDomainAttachDeviceFlags()``, ``virConnectListAllNetworks()``,
``virConnectNumOfNetworks()``, ``virNetworkLookupByName()``,
``virNetworkLookupByUUID()``, ``virConnectNumOfDefinedNetworks()``,
``virConnectListDefinedNetworks()``, ``virNetworkGetAutostart()``,
``virNetworkIsActive()``, ``virNetworkIsPersistent()``,
``virNetworkGetXMLDesc()``, and ``virDomainScreenshot()``, APIs have been
implemented in the Hyper-V driver.
* Support element in plain devices
This is useful when libvirt doesn't have the privileges necessary
to set the hostdev device's MAC address (which is a necessary
part of the alternate ).
* Introduce ```` support
Introduces support for QEMU vhost-user-blk device that can be used
to access storage exported via the vhost-user protocol by daemons such
as the ``qemu-storage-daemon``.
* **Bug fixes**
* qemu: Fix disk quiescing rollback when creating external snapshots
If the qemu guest agent call to freeze filesystems failed when creating
an external snapshot with ``VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE`` flag the
filesystems would be unconditionally thawed. This could cause problems when
the filesystems were frozen by an explicit call to ``virDomainFSFreeze``
since the guest agent then rejects any further freeze attempts once are
filesystems frozen, an explicit freeze followed by a quiesced snapshot
would fail and thaw filesystems.
Users are also encouraged to use ``virDomainFSFreeze/Thaw`` manually instead
of relying on ``VIR_DOMAIN_SNAPSHOT_CREATE_QUIESCE`` if they need finer
grained control.
* cgroups: Fix how we setup and configure cgroups on hosts with systemd
When libvirt is running on host with systemd we register every VM with
machined which creates the VM root cgroup for us as well. Before this fix
we were directly modifying files in the VM root cgroup which was incorrect
because all the files are managed by systemd. The implication was that any
change done by libvirt to cgroup attributes supported by systemd could be
removed which happens for example by running ``systemctl daemon-reload``.
To fix the issue libvirt now uses DBus calls for some of the cgroup
attributes that distribute the resources proportionally to the cgroup
siblings and for the rest we have a new sub-cgroup that libvirt can
managed directly.
For more details why this is necessary see
`systemd cgroup `_ documentation.
* qemu: Fix swtpm device with aarch64
The TPM TIS device name for x86 is ``tpm-tis``, whereas for aarch64 it is
``tpm-tis-device``. Fix the use of TPM TIS device with aarch64 by using
the proper device name when building the QEMU command line.
* libxl: Fix domain shutdown
Commit fa30ee04a2 introduced the possibility of a race between the
shutdown and death threads used to process domain shutdown and death
events from libxl. On normal domain shutdown the shutdown thread handles
all aspects of shutting down and cleaning up the domain. The death
thread is only used to handle out-of-band domain destruction and is
inhibited when domain shutdown is under libvirt's control. The race is
avoided by also inhibiting the death thread when libvirt starts the
shutdown thread.
v7.0.0 (2021-01-15)
===================
* **Project governance**
* Formal handover of release tarball signing
Starting from libvirt-6.6 the release tarballs are signed by Jiřà Denemark.
Releases starting with 7.0 contain a note from the previous maintainer
Daniel Veillard officially handing over the signing of packages so that the
transition can be verified.
* **New features**
* nodedev: Add node device driver support for AP devices
Add support for detecting and listing Adjunct Processor(AP) cards, AP
queues and AP matrix devices (which are capable of MDEV) of a KVM host
system in libvirt node device driver with correct object relationships.
* qemu: Allow control of ``qcow2`` metadata cache
In specific usecases such as when massive storage images are used it's
possible to achieve better performance by increasing the metadata cache
size. The new knob allows advanced users setting the size according to
qemu's documentation to suit their image.
* conf: Add support for keeping TPM emulator state
Currently, swtpm TPM state file is removed when a transient domain is
powered off or undefined. Add per-TPM emulator option ``persistent_state``
for keeping TPM state.
* cpu_map: Add Snowridge CPU model
It's supported in QEMU 4.1 and newer.
* qemu: Add support for NFS disk protocol
Implement support for the 'nfs' native protocol driver in the qemu driver.
* **Improvements**
* qemu: Discourage users from polling ``virDomainGetBlockJobInfo`` for block
job completion
Document that waiting for events is a more robust solution.
* secret: Relax XML schema for the ``usage`` name of a ``secret``
Various bits of documentation of how to use libvirt with RBD volumes used
an usage name which would not pass the XML validation. Relax the requirement
to make such XMLs valid.
* virnetdevopenvswitch: Various improvements
The code that handles ```` was given various
improvements. So far, libvirt assumed vhostuser interfaces are handled
exclusively by OpenVSwitch and refused to start a guest if it was not so.
Now a guest can be started successfully even if the interface is created by
some other tool (e.g. ``dpdk-testpmd``). Also, the code that detects the
interface name was adapted to new versions of OpenVSwitch and thus can
detect name more reliably.
* qemu: Report guest disks information in ``virDomainGetGuestInfo``
Libvirt is now able to report disks and filesystems from the guest's
perspective (using guest agent). And with sufficiently new guest agent
(5.3.0 or newer) the API also handles disks on CCW bus.
* **Bug fixes**
* qemu: Fix logic bug in inactive snapshot deletion
This release fixes a bug introduced in libvirt-6.9 where libvirt's
snapshot metadata would not be deleted on successful snapshot deletion.
* qemu: Fix VMs with ```` on an empty cdrom
Specifying ```` for an empty cdrom would prevent the VM from
starting as qemu doesn't accept the tuning for an empty drive. We now
postpone setting the parameters until a new media is inserted.
* Avoid taking extra host memory when launching pSeries guests
Under certain conditions, pSeries guests were being launched with more
RAM than it was specified in the domain XML by the user. New pSeries
domains created with libvirt 7.0.0 will always launch with the right
amount of initial memory. Existing guests that migrate from an older
libvirt version to 7.0.0 will not be affected by this change.
* qemu: Don't cache NUMA caps
``virsh capabilities`` contains ```` section which reports NUMA
topology among with amount of free hugepages per each NUMA node. However,
these amounts were not updated between calls.
* networkGetDHCPLeases: Handle leases with infinite expiry time
Since libvirt-6.3.0 it is possible to configure expiry time for DHCP
leases. If the expiry time was infinite then ``virsh net-dhcp-leases``
and NSS plugins refused to work.
* qemu: Don't prealloc mem for real NVDIMMs
If a real life NVDIMM is assigned to a guest via ````
then QEMU is no longer instructed to preallocate memory
for it. This prevents unnecessary wear on the NVDIMM.
* network: Introduce mutex for bridge name generation
When new libvirt network is defined or created and the input XML does not
contain any bridge name, libvirt generates one. However, it might have
happened that the same name would be generated for different networks if
two or more networks were defined/created at once.
v6.10.0 (2020-12-01)
====================
* **Security**
* qemu: Enable client TLS certificate validation by default for ``chardev``,
``migration``, and ``backup`` servers.
The default value if qemu.conf options ``chardev_tls_x509_verify``,
``migrate_tls_x509_verify``, or ``backup_tls_x509_verify`` are not specified
explicitly in the config file and also the ``default_tls_x509_verify`` config
option is missing are now '1'. This ensures that only legitimate clients
access servers, which don't have any additional form of authentication.
* qemu: Introduce "migrate_tls_force" qemu.conf option
The ``migrate_tls_force`` configuration option allows administrators to
always force connections used for migration to be TLS secured as if the
``VIR_MIGRATE_TLS`` flag had been used.
* **New features**
* qemu: Implement OpenSSH authorized key file management APIs
New APIs (``virDomainAuthorizedSSHKeysGet()`` and
``virDomainAuthorizedSSHKeysSet()``) and virsh commands
(``get-user-sshkeys`` and ``set-user-sshkeys``) are added to manage
authorized_keys SSH file for user.
* hyperv: implement new APIs
The ``virDomainGetMaxMemory()``, ``virDomainSetMaxMemory()``,
``virDomainGetSchedulerType()``, ``virDomainGetSchedulerParameters()``,
``virDomainGetSchedulerParametersFlags()``, ``virDomainGetVcpus()``,
``virDomainGetVcpusFlags()``, ``virDomainGetMaxVcpus()``,
``virDomainSetVcpus()``, and ``virDomainSetVcpusFlags()`` APIs have been
implemented in the Hyper-V driver.
* qemu: Add 'fmode' and 'dmode' options for 9pfs
Expose QEMU's 9pfs 'fmode' and 'dmode' options via attributes on the
'filesystem' node in the domain XML. These options control the creation
mode of files and directories, respectively, when using accessmode=mapped.
It requires QEMU 2.10 or above.
* qemu: support kvm-poll-control performance hint
Implement the new KVM feature 'poll-control' to set this performance hint
for KVM guests. It requires QEMU 4.2 or above.
* **Improvements**
* virsh: Support network disks in ``virsh attach-disk``
The ``virsh attach-disk`` helper command which simplifies attaching of disks
without the need for the user to formulate the disk XML manually now
supports network-backed images. Users can specify the protocol and host
specification with new command line arguments. Please refer to the man
page of virsh for further information.
* **Bug fixes**
* remote: fixed performance regression in SSH tunnelling
The ``virt-ssh-helper`` binary introduced in 6.8.0 had very
poor scalability which impacted libvirt tunnelled migration
and storage volume upload/download in particular. It has been
updated and now has performance on par with netcat.
* **Removed features**
* hyperv: removed support for the Hyper-V V1 WMI API
This drops support for Windows Server 2008R2 and 2012.
The earliest supported version is now Windows 2012R2.
v6.9.0 (2020-11-02)
===================
* **New features**
* nodedev: Add support for channel subsystem (CSS) devices on S390
A CSS device is represented as a parent device of a CCW device.
This support allows to create vfio-ccw mediated devices with
``virNodeDeviceCreateXML()``.
* qemu: Implement memory failure event
New event is implemented that is emitted whenever a guest encounters a
memory failure.
* qemu: Implement support for ```` disks
VMs based on the QEMU hypervisor now can use ```` option for
local file-backed disks to configure a disk which discards changes made to
it while the VM was active.
* hyperv: implement new APIs
The ``virConnectGetCapabilities()``, ``virConnectGetMaxVcpus()``,
``virConnectGetVersion()``, ``virDomainGetAutostart()``,
``virDomainSetAutostart()``, ``virNodeGetFreeMemory()``,
``virDomainReboot()``, ``virDomainReset()``, ``virDomainShutdown()``, and
``virDomainShutdownFlags()`` APIs have been implemented in the Hyper-V
driver.
* bhyve: implement virtio-9p filesystem support
Implement virito-9p shared filesystem using the ```` element.
* qemu: Add support for vDPA network devices.
VMs using the QEMU hypervisor can now specify vDPA network devices
using ````. The node device APIs also now
list and provide XML descriptions for vDPA devices.
* cpu_map: Add EPYC-Rome CPU model
It's supported in QEMU 5.0.0 and newer.
* cpu: Add a flag for XML validation in CPU comparison
The ``virConnectCompareCPU`` and ``virConnectCompareHypervisorCPU`` API
now support the ``VIR_CONNECT_COMPARE_CPU_VALIDATE_XML`` flag, which
enables XML validation. For virsh, this feature is enabled by passing
the ``--validate`` option to the ``cpu-compare`` and
``hypervisor-cpu-compare`` subcommands.
* qemu: Introduce virtio-balloon free page reporting feature
Introduce the optional attribute ``free-page-reporting`` for virtio
memballoon device. It enables/disables the ability of the QEMU virtio
memory balloon to return unused pages back to the hypervisor. QEMU 5.1
and newer support this feature.
* **Improvements**
* qemu: Make 'cbitpos' & 'reducedPhysBits' attrs optional
Libvirt probes the underlying platform in order to fill in these SEV
attributes automatically before launching a guest.
* util: support device stats collection for SR-IOV VF hostdev
For SR-IOV VF hostdevs, libvirt now supports retrieving device traffic
stats via the ``virDomainInterfaceStats`` API and ``virsh domifstat``.
* logging: Allow disabling log rollover
Set ``max_len=0`` in ``virtlogd.conf`` to disable log rollover.
* qemu: Set noqueue qdisc for TAP devices
Set ``noqueue`` instead of the former ``pfifo_fast`` queue discipline
for TAP devices. It will avoid needless cost of host CPU cycles and
thus improve performance.
* qemu: virtiofs can be used without NUMA nodes
Virtiofs is supported for the VM without NUMA nodes but configured with
shared memory.
* **Bug fixes**
* hyperv: ensure WQL queries work in all locales
Relying on the "Description" field caused queries to fail on non-"en-US"
systems. The queries have been updated to avoid using localized strings.
* rpc: Fix ``virt-ssh-helper`` detection
libvirt 6.8.0 failed to correctly detect the availability of the new
``virt-ssh-helper`` command on the remote host, and thus always used the
fallback instead; this has now been fixed.
v6.8.0 (2020-10-01)
===================
* **Security**
* qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c
Clients connecting to the read-write socket with limited ACL permissions
may be able to crash the libvirt daemon, resulting in a denial of service,
or potentially escalate their privileges on the system. CVE-2020-25637.
* **New features**
* xen: Add ``writeFiltering`` attribute for PCI devices
By default Xen filters guest writes to the PCI configuration space of a
PCI hostdev, which may cause problems for some devices. The ``writeFiltering``
attribute of the device's ```` element can be used to disable the
filtering and allow all guest writes to the configuration space.
* bhyve: Support setting the framebuffer resolution
Libvirt can now set the framebuffer's "w" and "h" parameters
using the ``resolution`` element.
* bhyve: Support VNC password authentication
Libvirt can now probe whether the bhyve binary supports
VNC password authentication. In case it does, a VNC password
can now be passed using the ``passwd`` attribute on
the ```` element.
* remote: ``virt-ssh-helper`` replaces ``nc`` for SSH tunnelling
Libvirt now provides a ``virt-ssh-helper`` binary on the server
side. The libvirt remote client will use this binary for setting
up an SSH tunnelled connection to hosts. If not present, it will
transparently fallback to the traditional ``nc`` tunnel. The new
binary makes it possible for libvirt to transparently connect
across hosts even if libvirt is built with a different installation
prefix on the client vs server. It also enables remote access to
the unprivileged per-user libvirt daemons (e.g. using a URI such as
``qemu+ssh://hostname/session``). The only requirement is that
``virt-ssh-helper`` is present in ``$PATH`` of the remote host.
* esx: implement few APIs
The ``virConnectListAllNetworks()``, ``virDomainGetHostname()``, and
``virDomainInterfaceAddresses()`` (only for
``VIR_DOMAIN_INTERFACE_ADDRESSES_SRC_AGENT`` source) APIs were implemented
in the esx driver.
* **Improvements**
* qemu: Allow migration over UNIX sockets
QEMU migration can now be performed completely over UNIX sockets. This is
useful for containerised scenarios and can be used in both peer2peer and
direct migrations.
* dbus: Use GLib implementation instead of libdbus
Adopting GLib DBus implementation simplifies our code as libdbus provides
low-level APIs where we had to have a lot of helper functions. With this
change we also remove dependency on libdbus and possibly fix all the DBus
related libvirtd crashes seen over the time.
* Re-introduce NVDIMM auto-alignment for pSeries Guests
The auto-alignment logic was removed in v6.7.0 in favor of requiring the
size provided by the user to be already aligned; however, this had the
unintended consequence of breaking some existing guests. v6.8.0 restores
the previous behavior with an improvement: it also reflects the auto-aligned
value in the domain XML.
* qemu: Preserve qcow2 cluster size after external snapshots
The new overlay image which is installed on top of the current chain when
taking an external snapshot now preserves the cluster size of the original
top image to preserve any performance tuning done on the original image.
* **Bug fixes**
* qemu: Various (i)SCSI backed hostdev fixes
(i)SCSI backed hostdevs now work again with an arbitrarily long
user-specified device alias and also honor the 'readonly' property after a
recent rewrite.
* **Removed features**
* node_device: Remove HAL node device backend
HAL is deprecated on all supported OS so there is no need to keep it
in libvirt. udev backend is used on Linux OSes and devd can be eventually
implemented as replacement for FreeBSD.
v6.7.0 (2020-09-01)
===================
* **Packaging changes**
* Libvirt switch to Meson build system
Libvirt abandoned autotools and switched to Meson build system.
* **New features**
* qemu: Add support for initiator IQN configuration for iSCSI hostdevs
Similarly to iSCSI ```` users can use an ```` element
inside ```` with the same format to configure the ``IQN`` value
used by the qemu initiator when connecting to an iSCSI target.
* xen: Add support for device model command-line passthrough
Xen supports passing arbitrary arguments to the QEMU device model using
the ``device_model_args`` setting in xl.cfg(5). The libvirt xen driver now
supports this using ```` XML extensions.
* shmem: Add support for shmem-{plain, doorbell} ``role`` option
The ``role`` attribute controls how the domain behaves on migration. With
``role=master``, the guest will copy the shared memory on migration to
the destination host. With ``role=peer``, the migration is disabled.
* bhyve: Sound device support
This feature allows to configure guest sound device using
the ```` element, and map it to the host sound device using
the ``