================ libvirt releases ================ This is the list of official releases for libvirt, along with an overview of the changes introduced by each of them. For a more fine-grained view, use the `git log`_. v8.8.0 (unreleased) =================== * **Security** * **Removed features** * storage: Remove 'sheepdog' storage driver backend The 'sheepdog' project is no longer maintained and upstream bug reports are unaddressed. Libvirt thus removed the support for the sheepdog storage driver backend, following qemu's removal of sheepdog support in qemu-6.1. * **New features** * **Improvements** * **Bug fixes** * qemu: Fix non-shared storage migration setup This release fixes a bug in setup of a migration with non-shared storage ( ``virsh migrate --copy-storage-all``) which was broken by a refactor of the code in libvirt-8.7. v8.7.0 (2022-09-01) =================== * **Removed features** * qemu: Remove support for QEMU < 4.2 In accordance with our platform support policy, the oldest supported QEMU version is now bumped from 3.1 to 4.2. * **New features** * qemu: Add support for specifying vCPU physical address size in bits Users can now specify the number of vCPU physical address bits with the `` subelement of the `` element. * **Improvements** * esx: Domain XMLs can now be dumped for VMs with two new interface types One is when the interface is not connected anywhere `type='null'` and one when it is connected to VMWare Distributed Switch `type='vds'`. * **Bug fixes** * qemu: increase memlock limit for a domain with multiple vfio/vdpa devices When multiple vfio or vdpa devices are assigned to a domain, the locked memory limit could be too low to map memory for all devices. The memlock limit has been increased to be proportional to the number of vdpa/vfio devices. v8.6.0 (2022-08-01) =================== * **Improvements** * conf: Improved firmware autoselection The firmware autoselection feature now behaves more intuitively, reports better error messages on failure and comes with high-level documentation. v8.5.0 (2022-07-01) =================== * **New features** * qemu: Introduce support for network backed NVRAM Users can now use remote store NVRAM image by specifying newly introduced attribute `type='network'` with `` element. * qemu: Add support for post-copy migration recovery A new ``VIR_MIGRATE_POSTCOPY_RESUME`` flag (``virsh migrate --postcopy-resume``) was introduced for recovering from a failed post-copy migration. * qemu: Add support for zero-copy migration With QEMU 7.1.0, libvirt can enable zerocopy for parallel migration. This is implmented by adding a new ``VIR_MIGRATE_ZEROCOPY`` flag(``virsh migrate --zerocopy``). * Introduce thread_pool_min and thread_pool_max attributes to IOThread New attributes ``thread_pool_min`` and ``thread_pool_max`` were introduced to ```` as well as new ```` element with the same attributes. This way it's possible to instruct QEMU to spawn enough worker threads for an IOThread upfront, resulting in predictable time needed to process an I/O request. * **Improvements** * Define a TFTP server without a DHCP server in network configuration It's now possible to define a network with no DHCP server but with a TFTP server. This may be useful when DHCP service is provided by other entity on the network than libvirt spawned dnsmasq. * **Bug fixes** * qemu: Restore label to temp file in qemuDomainScreenshot() When virDomainScreenshot() is called, libvirt instructs QEMU to save the screenshot into a temporary file. This file needs to be labelled correctly, so that QEMU can access it. And since the file is temporary (it's deleted after the screenshot was taken) the corresponding label restore was missing. This proven to be problematic for profile based models, like AppArmor, where the temporary files were added into the profile but never removed, which resulted in longer profile recalculation times. * qemuBuildInterfaceConnect: Initialize @tapfd array Due to an uninitialized array, unsuccessful attempt to start a guest with an ```` might have resulted in closing of a random FD and thus sudden disconnect of a client or other random failures. * qemu: Fix hotplug of network interfaces A logic bug introduced in a recent refactor was fixed. The bug caused a problem when hot-adding a network interface, which failed with the following error:: error: internal error: unable to execute QEMU command 'netdev_add': File descriptor named '(null)' has not been found * Fix ``startupPolicy`` validation for ``block`` disks Setting of ``startupPolicy`` for a block disk would result in an error due to a logic bug in a recent refactor. * qemu: Fix crash when overriding device properties via ```` element Adding an override for a device property would result in a crash of the qemu driver. v8.4.0 (2022-06-01) =================== * **New features** * qemu: D-Bus display Libvirt is now able to setup a D-Bus display export, either with a private bus or in p2p mode. This display is available in QEMU 7.0.0. * qemu: ppc64 Power10 processor support Support for the recently released IBM Power10 processor was added. * qemu: Introduce ``absolute`` clock offset The ``absolute`` clock offset type allows to set the guest clock to an arbitrary epoch timestamp at each start. This is useful if some VM needs to be kept set to an arbitrary time for e.g. testing or working around broken software. * qemu: add qemu-vdagent channel This paravirtualized qemu vdagent channel can enable copy and paste between a guest and a VNC client. It is available in QEMU 6.1.0. * api: Add new APIs ``virDomainSaveParams`` and ``virDomainRestoreParams`` * ``virDomainSaveParams``: An alternative domain saving API, extends ``virDomainSaveFlags`` by adding parameters. * ``virDomainRestoreParams``: An alternative domain restoring API, extends ``virDomainRestoreFlags`` by adding parameters. * **Bug fixes** * Improve heuristics for computing baseline CPU models Both ``virConnectBaselineHypervisorCPU`` and ``virConnectBaselineCPU`` were in some cases computing the result using a CPU model which was newer than some of the input models. For example, ``Cascadelake-Server`` was used as a baseline for ``Skylake-Server-IBRS`` and ``Cascadelake-Server``. The CPU model selection heuristics was improved to choose a more appropriate model. v8.3.0 (2022-05-02) =================== * **Removed features** * qemu: Remove support for QEMU < 3.1 In accordance with our platform support policy, the oldest supported QEMU version is now bumped from 2.11 to 3.1. * **New features** * qemu: Introduce support for virtio-iommu This IOMMU device can be used with both Q35 and ARM virt guests. * qemu: Introduce attributes rss and rss_hash_report for net interface They can enable in-qemu/ebpf RSS and in-qemu RSS hash report for virtio NIC. Require QEMU >= 5.1. v8.2.0 (2022-04-01) =================== * **New features** * qemu: Introduce ``manual`` disk snapshot mode This new mode allows users to synchronize libvirt snapshots with snapshots which need to be done outside of libvirt e.g. when 'vhost-user-blk' is used to back the disk. * Introduce memory allocation threads When starting a QEMU guest, libvirt can now instruct QEMU to allocate guest's memory in parallel. This may be handy when guest has large amounts of memory. * **Improvements** * qemu: ``VIR_MIGRATE_PARAM_TLS_DESTINATION`` now works with non-shared storage migration The setting now also applies to the NBD connections for non-shared storage migration allowing migration to proceed even when the user expects certificate name not to match. * qemu: Allow overrides of device properties via the qemu namespace Users wishing to override or modify properties of devices configured by libvirt can use the ```` QEMU namespace element to specify the overrides instead of relying on the argv passthrough of the ``-set`` qemu commandline option which no longer works with new qemu. * qemu: Allow passing file descriptors to ``virsh qemu-monitor-command`` Passing FDs allows users wanting to experiment with qemu driven by libvirt use commands like ``add-fd`` properly. * libxl: Turn on user aliases Users can now use so called user aliases for XEN domains. * Implement support for FUSE3 The LXC driver uses fuse to overwrite some lines in ``/proc/meminfo`` inside containers so that they see correct amount of memory given to them. The code was changed so that both ``fuse`` and ``fuse3`` are supported. * Improve domain save/restore throughput Code that's handling save or restore of QEMU domains was changed resulting in better performance of I/O and thus shortening time needed for the operation. * **Bug fixes** * Both build and tests should now pass on Alpine Linux or any other distribution with musl libc. * virsh: Fix integer overflow in allocpages On hosts which support hugepages larger than 1GiB ``virsh allocpages`` failed to accept them because of an integer overflow. This is now fixed. * qemu: Fix segmentation fault in virDomainUndefineFlags When a domain without any ```` was being undefined, libvirt has crashed. This is now fixed. * lxc: Fix unaligned reads of /proc/meminfo within a container When /proc/meminfo was read in chunks smaller than the entire file, libvirt would produce mangled output. While porting the code to FUSE3 this area was reworked and the file can now be read with any granularity. * qemu: Be less aggressive around cgroup_device_acl A basic set of devices common to every domain can be set in ``qemu.conf`` via cgroup_device_acl knob. Devices from this set are allowed in CGroup and created in domain private namespace for every domain. However, upon device hotunplug it may have had happened that libvirt mistakenly denied a device from this set and/or removed it from the namespace. For instance, /dev/urandom was removed and denied in CGroup on RNG hotunplug. * nodedev: trigger mdev device definition update on udev add and remove When nodedev objects are added and removed mdev device definitions are updated to report correct associated parent. v8.1.0 (2022-03-01) =================== * **New features** * qemu: Add hvf domain type for Hypervisor.framework It works on Intel machines as well as recent machines powered by Apple Silicon. QEMU 6.2.0 is needed for Apple Silicon support. * qemu: Support mode option for dirtyrate calculation Introduce ``virDomainDirtyRateCalcFlags`` as parameter of ``virDomainStartDirtyRateCalc``, which is used to specify the mode of dirty page rate calculation. Add ``--mode`` option to ``virsh domdirtyrate-calc``, which can be either of the following 3 options: ``page-sampling, dirty-bitmap, dirty-ring``. Add ``calc_mode`` field for dirtyrate statistics returned by ``virsh domstats --dirtyrate``, also add ``vCPU dirtyrate`` if ``dirty-ring`` mode was used in last measurement. * **Improvements** * packaging: sysconfig files no longer installed libvirt used to provide defaults in various /etc/sysconfig/ files, such as /etc/sysconfig/libvirtd. Since these files are owned by the admin, this made it difficult to change built-in defaults in case such file was modified by the admin. The built-in defaults are now part of the provided systemd unit files, such as libvirtd.service. These unit files continue to parse sysconfig files, in case they are created by the admin and filled with the desired key=value pairs. * virnetdev: Ignore EPERM on implicit clearing of VF VLAN ID Libvirt will now ignore EPERM errors on attempts to implicitly clear a VLAN ID (when a VLAN is not explicitly provided via an interface XML using a 0 or a non-zero value) as SmartNIC DPUs do not expose VLAN programming capabilities to the hypervisor host. This allows Libvirt clients to avoid specifying a VLAN and expect VF configuration to work since Libvirt tries to clear a VLAN in the same operation as setting a MAC address for VIR_DOMAIN_NET_TYPE_HOSTDEV devices which is now split into two distinct operations. EPERM errors received while trying to program a non-zero VLAN ID or explicitly program a VLAN ID 0 will still cause errors as before so there is no change in behavior in those cases. * **Bug fixes** * Remove unix sockets from filesystem when disabling a '.socket' systemd unit The presence of the socket files is used by our remote driver to determine which service to access. Since neither systemd nor the daemons clean up the socket file clients were running into problems when a modular deployment was switched to monolithic ``libvirtd``. * qemu: Fixes of fd passing during hotplug and hotunplug of chardevs FDs used as chardev backing are now properly removed when hot-unplugging a chardev from qemu and hotplugged chardevs now properly use ``virtlogd`` to handle the input and output from qemu. * RPM: Run pre/post-install steps on ``daemon-driver-storage-core`` Previously the pre/post-install code was part of the meta-package which installed all storage driver sub-packages thus a minimalistic install of the storage driver didn't behave correctly. v8.0.0 (2022-01-14) =================== * **Security** * libxl: Fix potential deadlock and crash (CVE-2021-4147) A rogue guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. * **Removed features** * qemu: Explicitly forbid live changing nodeset for strict numatune For ``strict`` mode of it can't be guaranteed that memory is moved completely onto new set of nodes (e.g. QEMU might have locked pieces of its memory) thus breaking the strict promise. If live migration of QEMU memory between NUMA nodes is desired, users are advised to use ``restrictive`` mode instead. * **New features** * qemu: Synchronous write mode for disk copy operations The ``blockdev-mirror`` block job supports a mode where writes from the VM are synchronously propagated to the destination of the copy. This ensures that the job will converge under heavy I/O. Implement the mode for the copy blockjob as ``VIR_DOMAIN_BLOCK_COPY_SYNCHRONOUS_WRITES`` flag exposed via ``virsh blockcopy --synchronous-writes`` and for non-shared storage migration as ``VIR_MIGRATE_NON_SHARED_SYNCHRONOUS_WRITES`` exposed via ``virsh migrate --copy-storage-synchronous-writes``. * Introduce TCG domain features Libvirt is now able to set the size of translation block cache size (tb-size) for TCG domains. * qemu: Add new API to inject a launch secret in a domain New API ``virDomainSetLaunchSecurityState()`` and virsh command ``domsetlaunchsecstate`` are added to support injecting a launch secret in a domain's memory. * **Improvements** * libxl: Implement the virDomainGetMessages API * qemu: Preserve qcow2 sub-cluster allocation state after external snapshots and block-copy The new image which is installed as an overlay on top of the current chain when taking an external snapshot, or the target of a block copy operation now enables sub-cluster allocation (``extended_l2``) if the original image has the option enabled. * **Bug fixes** * qemu: Fix device hot-unplug with ``libvirt-7.9`` or ``libvirt-7.10`` used with ``qemu-6.2`` An internal change to the configuration format used by the above libvirt versions triggers a bug in ``qemu-6.2`` where qemu no longer emits the event notifying that the device was unplugged successfully and thus libvirt never removes the device from the definition. This impacts only devices which were present at startup of the VM, hotplugged devices behave correctly. This is fixed in ``libvirt-8.0`` by reverting to the old configuration approach until qemu is fixed. As a workaround for ``libvirt-7.9`` and ``libvirt-7.10`` the old configuration approach can be forced by: Option 1, global ``qemu.conf``:: capability_filters = [ "device.json" ] Option 2, per VM XML override:: [...] * Fix sparse streams with split daemon In split daemon scenario, a client connected to a hypervisor driver and using sparse streams (e.g. ``virsh vol-download --sparse``) would make the hypervisor daemon enter an infinite loop without any data transfer. This is now fixed. * Build no longer requires RPC library Code and its cross dependencies were fixed so that build without remote driver and thus an RPC library (like ``tirpc``) fails no more. * virnetdevopenvswitch: Fix 'burst' value passed to ovs-vsctl When a ```` was defined for a TAP device that's plugged into an OvS bridge values passed to the OvS were incorrectly recalculated resulting in slightly different limits being applied. v7.10.0 (2021-12-01) ==================== * **New features** * Added virt-pki-query-dn binary This binary helps users figure out the format of Distinguished Name from a certificate file the way that libvirt expects it in tls_allowed_dn_list option of libvirtd.conf configuration file * **Improvements** * qemu: Report guest interface information in ``virDomainGetGuestInfo`` Libvirt is now able to report interface information from the guest's perspective (using guest agent). * qemu: detect guest side errors during device removal Libvirt is now able to detect guest side errors during device removal by using the DEVICE_UNPLUG_GUEST_ERROR event, available in QEMU 6.2.0. * Minimum SSF setting The libvirtd.conf option tcp_min_ssf can be used to override the minimum permitted security strength factor for non-TLS remote connections. The current hardcoded minimum is 56 (single-DES) and will be raised to 112 in the future. Setting a minimum lower than 112 is not supported. * qemu: Report stats also for block copy destination and backup job scratch images The statistics are available via the bulk domain stats API. * **Bug fixes** * qemu: Don't format 'ramfb' attribute when disabled Fix a regression caused by the conversion to JSON -device arguments where 'ramfb' would be put on the commandline of 'vfio-pci' which doesn't have it, thus breaking VMs with a mediated host device. * qemu: Fix block copy and backup to encrypted storage An oversight in last release lead to a spurious error being reported when encrypted storage was requested for disk images which are not directly backing the disk, which is now fixed. v7.9.0 (2021-11-01) =================== * **New features** * Introduce virtio-mem ```` model New virtio-mem model is introduced for ```` device which is a paravirtualized mechanism of adding/removing memory to/from a VM. Use ``virDomainUpdateDeviceFlags()`` API to adjust amount of memory or ``virsh update-memory-device`` for convenience. * qemu: support disabling hotplug of devices on the pci-root controller the option is now supported for the pci-root controller on i440fx-based (x86 "pc") machinetypes. This can be used to disable hotplug/unplug of devices from this controller. The default behavior is unchanged (hotplug is allowed). * Support hotplug and hotunplug for virtiofs Filesystems backed by virtiofsd can now be hotplugged and hotunplugged. * virpcivpd: Add a PCI VPD parser A parser for the standard PCI/PCIe VPD ("I.3. VPD Definitions" in PCI 2.2+ and an equivalent definition in "6.28.1 VPD Format" PCIe 4.0) was added along with relevant types to represent PCI VPD in memory. This functionality got added for Linux only at this point (kernels above v2.6.26 have support for exposing VPD via sysfs). * virpci: Add PCI VPD-related helper functions to virpci In order to utilize the PCI VPD parser, a couple of helper functions got introduced to check for the presence of a VPD file in the sysfs tree and to invoke the PCI VPD parser to get a list of resources representing PCI VPD contents in memory. * nodedev: Add PCI VPD capability support Support for serializing and deserializing PCI VPD data structures is added following the addition of the PCI VPD parser. A new PCI device capability called "vpd" is introduced holding string resources and keyword resources found in PCI VPD. * qemu: Support page_per_vq for driver element This optional virtio attribute ``page_per_vq`` controls the layout of the notification capabilities exposed to the guest. It is recommended for the vDPA devices. * qemu: Support librbd encryption Add an encryption engine ``librbd``. It will provides the image-level encryption of librbd. It requires QEMU >= 6.1.0 and librbd >= 16.1.0. * **Improvements** * Use of JSON syntax with ``-device`` with upcoming QEMU-6.2 Libvirt started using JSON directly with the ``-device`` commandline parameter as it's considered the preferred stable syntax for further QEMU releases. If any problems with the conversion are encountered please report them as soon as possible. * **Bug fixes** * qemu: Fix problems on ``virsh domstats`` with qemu <5.2.0 Libvirt v7.2.0 and later called query-dirty-rate, which was introduced in qemu-5.2.0, regardless of qemu version and failed in qemu-5.1.0. This release fixes the bug. * Don't enter endless loop when unable to accept new clients If libvirtd (or any other daemon) hit the ulimit for maximum number of open files but there are still client connections pending then libvirtd (or corresponding split daemon) would enter an endless loop from which it would never recover. This behaviour is now fixed. * qemu: Run secondary driver hooks in split daemon mode Because of a bug in implementation it may happen that hooks from secondary drivers were not called in all cases, for instance a network hook wasn't called upon removal of interface after domain shut off itself. With this release the bug is fixed. v7.8.0 (2021-10-01) =================== * **New features** * nodedev: Add ability to automatically start mediated devices The autostart status of a persistent mediated devices can be managed with the new APIs ``virNodeDeviceSetAutostart()`` and ``virNodeDeviceGetAutostart()``. The corresponding virsh command is ``nodedev-autostart``. In addition, two new APIs were added to get additional information about node devices: ``virNodeDeviceIsPersistent()`` checks whether the device is persistently defined, and ``virNodeDeviceIsActive()`` checks whether the node device is currently active. This information can also be retrieved with the new virsh command ``nodedev-info``. * qemu: Add attribute ``queue_size`` for virtio-blk devices * **Improvements** * api: Add XML validation for creating of: networkport, nwfilter-binding, network * Add flag ``VIR_NETWORK_PORT_CREATE_VALIDATE`` to validate network port input xml of network-port creating. * Add flag ``VIR_NETWORK_CREATE_VALIDATE`` to validate network input xml of network creating. * Add flag ``VIR_NWFILTER_BINDING_CREATE_VALIDATE`` to validate nwfilter-binding input xml of nwfilter-binding creating. v7.7.0 (2021-09-01) =================== * **New features** * Add support for Fibre Channel VMID New VM element ```` was added to allow users to set their ``appid`` for each VM which will be used by kernel to create Fibre Channel VMID. This allows various QoS levels, access control or collecting telemetry data per VM. * **Improvements** * virsh: Allow XML validation for define of: storage pool, network, secret, nwfilter, interface * Add flag ``VIR_STORAGE_POOL_DEFINE_VALIDATE`` to validate storage pool input xml. For virsh, users can use it as ``virsh pool-define --validate``. * Add flag ``VIR_NETWORK_DEFINE_VALIDATE`` to validate network input xml. For virsh, users can use it as ``net-define --validate``. * Add flag ``VIR_SECRET_DEFINE_VALIDATE`` to validate secret input xml. For virsh, users can use it as ``secret-define --validate``. * Add flag ``VIR_NWFILTER_DEFINE_VALIDATE`` to validate nwfilter input xml. For virsh, users can use it as ``nwfilter-define --validate``. * Add flag ``VIR_INTERFACE_DEFINE_VALIDATE`` to validate interface input xml. For virsh, users can use it as ``iface-define --validate``. * Add SecurityManager APIs for labeling network devices New ``virSecurityManagerSetNetdevLabel`` and ``virSecurityManagerSetNetdevLabel`` APIs are introduced and implemented in the Apparmor security driver. The qemu driver uses the APIs to label vhostuser ports on hotplug and restore labeling on unplug. * vmx: Parse vm.genid and support super wide SCSI bus The genid attribute is now reported for VMX guests. Libvirt can now properly process super wide SCSI bus (64 units). * qemu: Lifecycle action (``on_poweroff``/``on_reboot``) handling improvements The handling of lifecycle actions was fixed and improved in multiple ways: - ``restart-rename`` action was forbidden The action was never properly implemented in the qemu driver and didn't actually result in a restart of the VM but rather termination. The qemu driver now rejects such configurations. - ``preserve`` action was forbidden Similarly to the previous case this never worked as the intended semantics of the actions dictate. It's better to not allow it at all until there's a proper implementation - ``reboot`` action of ``on_poweroff`` now actually works The guest OS is now rebooted instead of terminating the VM when the ``reboot`` action is used and the guest OS powers down. Note that it's incompatible with ``on_reboot`` set to ``destroy``. - Changes in action action of ``on_reboot`` are now updated with qemu Libvirtd can now properly update the ``on_reboot`` action in qemu which allows proper handling when changing between ``reboot`` and ``destroy`` actions. In addition, switching from ``reboot`` to ``destroy`` was forbidden for older qemus which don't support the update API as the guest could still reboot and execute some instructions until it was terminated. * virsh: Support vhostuser in attach-interface * **Bug fixes** * qemu: Open chardev logfile on behalf of QEMU Guests with a logfile configured for their chardevs are now able to start even when no virtlogd is configured. * virhostmem: Handle numactl-less build in hugepages allocation/reporting Some architectures don't have notion of NUMA (e.g. s390x) but do support hugepages. Libvirt silently ignored requests to allocate/report hugepage pool when built without numactl. This is now fixed and the pool can be allocated/reported on properly. * qemu: Record proper ``backing`` format for overlays of qcow2+luks images Libvirt would record ``luks`` instead of ``qcow2`` into the metadata. In practice this is a problem only when inspecting images manually via ``qemu-img`` as with libvirt users must use full specification of the backing chain in the domain XML which supersedes information recorded in the image metadata. v7.6.0 (2021-08-02) =================== * **Security** * storage: Unlock pool objects on ACL check failures in ``storagePoolLookupByTargetPath`` (CVE-2021-3667) A logic bug in ``storagePoolLookupByTargetPath`` where the storage pool object was left locked after a failure of the ACL check could potentially deprive legitimate users access to a storage pool object by users who don't have access. * **New features** * qemu: Incremental backup support via ``virDomainBackupBegin`` libvirt-7.6 along with the unreleased qemu-6.1 will fully support the change block tracking features (block-dirty-bitmaps) to be able to do incremental backups and management of the checkpoint states via the appropriate APIs. * qemu: Add support for launch security type s390-pv Specifying s390-pv as launch security type in an s390 domain prepares for running the guest in protected virtualization secure mode, also known as IBM Secure Execution. This simplifies the definition and reduces the risk of an incorrect definition, e.g. by forgetting to specify ``iommu=on`` on all virtio devices. * domstats: Add haltpolling time statistic interface Domstats now provide the data of cpu haltpolling time. This feature relies on statistics available after kernel version 5.8. This will allow the user to get more accurate CPU usage information if needed. * **Bug fixes** * qemu: Fix migration with ``VIR_MIGRATE_NON_SHARED_INC`` libvirt 7.3.0 introduced a bug where ``VIR_MIGRATE_NON_SHARED_INC`` would not actually migrate the contents of the disk due to broken logic and at the same time could trigger migration of storage when ``VIR_MIGRATE_TUNNELLED`` is requested. This release fixes the bug. * qemu: Don't emit ``VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD`` twice when registered with index When registering the threshold event with the index notation (e.g. ``vda[3]``) libvirt would emit the event also for ``vda`` if the image is in the top layer. The intention was to emit two events only when the original registration was done without the index. * qemu: Pass discard requests for disks with ``copy_on_read='on'`` When a disk using the ``copy_on_read='on'`` option is configured also with ``discard='unmap'`` the discard requests will now be passed to the underlying image freeing up the space. v7.5.0 (2021-07-01) =================== * **Security** * svirt: fix MCS label generation (CVE-2021-3631) A flaw in the way MCS labels were generated could result in a VM's resource not being fully protected from access by another VM were it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153 * **Removed features** * xen: Remove support for Xen < 4.9 In accordance with our platform support policy, the oldest supported Xen version is now bumped from 4.6 to 4.9. * **Improvements** * docs: Document disk serial truncation status quo Disk ```` is being truncated by QEMU before passed to the guest. Since it's impossible to fix it without running into further regressions the documentation was improved to document the intricacies. * **Bug fixes** * qemu: Fixed validation of disk ``iothread`` configuration The validation of ``iothread`` config was previously moved to a place where it caused bogus errors when address wasn't allocated when hotplugging a disk. The check is now removed as it wasn't actually necessary at all. v7.4.0 (2021-06-01) =================== * **Removed features** * qemu: Remove support for QEMU < 2.11 In accordance with our platform support policy, the oldest supported QEMU version is now bumped from 1.5 to 2.11. * **New features** * qemu: Add support for hotplugging ```` disks The disk hotplug code in the qemu driver now can handle hotplug of disks with automatically added overlay. * qemu: Add support for sharing base image of ```` disks Users can use ```` to tell the qemu driver to never open the base image in write mode thus multiple VMs can share the same image. Note that the disk will be hotplugged during startup. * **Improvements** * Add win-dmp crashdump format New ``win-dmp`` format for ``virDomainCoreDumpWithFormat`` API and/or virsh ``dump --format`` was introduced. * **Bug fixes** * Allow 0 offset in XML schema for ```` Having a 0 offset so that the size of the image can be limited is a valid configuration so it was allowed in the XML schema. v7.3.0 (2021-05-03) =================== * **New features** * xen: Support domains with more than 4TB The xen driver now supports domains with more than 4TB of memory with xen >= 4.13. * qemu: add socket for virtiofs filesystems Libvirt now supports ``filesystem`` devices that connect to a ``virtiofsd`` daemon launched outside of libvirtd, via the ``socket`` attribute of the ``source`` element. * nodedev: Add ability to manage persistent mediated devices Persistent mediated devices can now be managed with libvirt. ``virNodeDeviceDefineXML()`` defines a new device, ``virNodeDeviceUndefine()`` removes an existing definition, and ``virNodeDeviceCreate()`` starts a device definition that is currently inactive. Corresponding virsh commands ``nodedev-define``, ``nodedev-undefine``, and ``nodedev-start`` were also added. ``nodedev-list`` only lists active devices by default. Inactive device definitions can be shown with the new ``--inactive`` and ``--all`` flags. * qemu: Allow use of qemu's ``-compat`` option Curious developers or testers now can enable certain ``-compat`` modes which allow to notice use of deprecated commands and options as qemu will use the selected method to notify the user. The new behaviour can be requested using either the ``deprecation_behavior`` option in ``qemu.conf`` for all VMs or using ```` in the VM XML. * **Improvements** * virsh: Improve errors with ``virsh snapshot-create-as`` The XML document constructed by virsh was forced through XML schema validation which yielded unintelligible error messages in cases such as when the path to the new image did not start with a slash. XML documents are no longer validated as the XML parser actually has better error messages which allow users to figure the problem out quickly. * qemu: Terminate backing store when doing a full-chain block pull When pulling everything into the overlay image the chain can be terminated since we know that it won't depend on any backing image and thus can prevent attempts to probe the backing chain. * qemu: Expose disk serial in virDomainGetGuestInfo() The ``virDomainGetGuestInfo()`` reports disk serial number among with other disk information. * **Bug fixes** * qemu: Fix crash of libvirt on full block pull of a disk When the persistent definition contains a compatible disk (meaning the definition of the running and persistent config match) a block pull job would leave a dangling pointer in the config definition which resulted in a crash. * qemu: Use proper job cancelling command Libvirt's API contract for aborting a block copy job in 'ready' state declares that the destination image of the copy will contain a consistent image of the disk from the time when the block job was aborted. This requires that libvirt uses the proper cancelling qemu command to ensure that the data is consistent which was not the case. * qemu: Don't attempt storage migration when there are no migratable disks Due to a logic bug introduced in the previous release libvirt would attempt to migrate disks in case when no disks are selected/eligible for migration. * qemu: Fix very rare race when two block job 'ready' events are delivered In certain high-load scenarios, qemu might deliver the 'ready' event twice and if it's delivered when pivoting to the destination during a block copy job, libvirt would get confused and execute the code as if the job were aborted. * lxc: Fix container destroy with CGroupsV2 When an LXC container was started and the host used CGroupsV2 it might have had created nested controllers under the container's scope. Libvirt was unaware and thus destroying the container failed with a cryptic error: ``failed to get cgroup backend for 'pathOfController'``. The CGroup removal code was reworked and is now capable of dealing with such scenario. * bash-completion: Fix argument passing to $1 Due to a bug in bash completion script, the auto completion did not work properly when a connection URI or read only flag were specified on ``virsh`` or ``virt-admin`` command line. v7.2.0 (2021-04-01) =================== * **New features** * qemu: Implement domain memory dirty rate calculation API New API ``virDomainStartDirtyRateCalc()`` and virsh command ``domdirtyrate-calc`` are added to start calculating a live domain's memory dirty rate. * qemu: Support reporting memory dirty rate stats The memory dirty rate stats can be obtained through ``virsh domstats --dirtyrate`` via the virConnectGetAllDomainStats API. * qemu: Full disk backups via ``virDomainBackupBegin`` The qemu hypervisor driver now allows taking full disk backups via the ``virDomainBackupBegin`` API and the corresponding virsh wrapper. In future releases the feature will be extended to also support incremental backups (where only the difference since the last backup is copied) when qemu adds the required functionality. * Add support for audio backend specific settings With this release a new ``