================ libvirt releases ================ This is the list of official releases for libvirt, along with an overview of the changes introduced by each of them. For a more fine-grained view, use the `git log`_. v8.1.0 (unreleased) =================== * **Security** * **Removed features** * **New features** * qemu: Add hvf domain type for Hypervisor.framework It works on Intel machines as well as recent machines powered by Apple Silicon. QEMU 6.2.0 is needed for Apple Silicon support. * **Improvements** * packaging: sysconfig files no longer installed libvirt used to provide defaults in various /etc/sysconfig/ files, such as /etc/sysconfig/libvirtd. Since these files are owned by the admin, this made it difficult to change built-in defaults in case such file was modified by the admin. The built-in defaults are now part of the provided systemd unit files, such as libvirtd.service. These unit files continue to parse sysconfig files, in case they are created by the admin and filled with the desired key=value pairs. * virnetdev: Ignore EPERM on implicit clearing of VF VLAN ID Libvirt will now ignore EPERM errors on attempts to implicitly clear a VLAN ID (when a VLAN is not explicitly provided via an interface XML using a 0 or a non-zero value) as SmartNIC DPUs do not expose VLAN programming capabilities to the hypervisor host. This allows Libvirt clients to avoid specifying a VLAN and expect VF configuration to work since Libvirt tries to clear a VLAN in the same operation as setting a MAC address for VIR_DOMAIN_NET_TYPE_HOSTDEV devices which is now split into two distinct operations. EPERM errors received while trying to program a non-zero VLAN ID or explicitly program a VLAN ID 0 will still cause errors as before so there is no change in behavior in those cases. * **Bug fixes** v8.0.0 (2022-01-14) =================== * **Security** * libxl: Fix potential deadlock and crash (CVE-2021-4147) A rogue guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition. * **Removed features** * qemu: Explicitly forbid live changing nodeset for strict numatune For ``strict`` mode of it can't be guaranteed that memory is moved completely onto new set of nodes (e.g. QEMU might have locked pieces of its memory) thus breaking the strict promise. If live migration of QEMU memory between NUMA nodes is desired, users are advised to use ``restrictive`` mode instead. * **New features** * qemu: Synchronous write mode for disk copy operations The ``blockdev-mirror`` block job supports a mode where writes from the VM are synchronously propagated to the destination of the copy. This ensures that the job will converge under heavy I/O. Implement the mode for the copy blockjob as ``VIR_DOMAIN_BLOCK_COPY_SYNCHRONOUS_WRITES`` flag exposed via ``virsh blockcopy --synchronous-writes`` and for non-shared storage migration as ``VIR_MIGRATE_NON_SHARED_SYNCHRONOUS_WRITES`` exposed via ``virsh migrate --copy-storage-synchronous-writes``. * Introduce TCG domain features Libvirt is now able to set the size of translation block cache size (tb-size) for TCG domains. * qemu: Add new API to inject a launch secret in a domain New API ``virDomainSetLaunchSecurityState()`` and virsh command ``domsetlaunchsecstate`` are added to support injecting a launch secret in a domain's memory. * **Improvements** * libxl: Implement the virDomainGetMessages API * qemu: Preserve qcow2 sub-cluster allocation state after external snapshots and block-copy The new image which is installed as an overlay on top of the current chain when taking an external snapshot, or the target of a block copy operation now enables sub-cluster allocation (``extended_l2``) if the original image has the option enabled. * **Bug fixes** * qemu: Fix device hot-unplug with ``libvirt-7.9`` or ``libvirt-7.10`` used with ``qemu-6.2`` An internal change to the configuration format used by the above libvirt versions triggers a bug in ``qemu-6.2`` where qemu no longer emits the event notifying that the device was unplugged successfully and thus libvirt never removes the device from the definition. This impacts only devices which were present at startup of the VM, hotplugged devices behave correctly. This is fixed in ``libvirt-8.0`` by reverting to the old configuration approach until qemu is fixed. As a workaround for ``libvirt-7.9`` and ``libvirt-7.10`` the old configuration approach can be forced by: Option 1, global ``qemu.conf``:: capability_filters = [ "device.json" ] Option 2, per VM XML override:: [...] * Fix sparse streams with split daemon In split daemon scenario, a client connected to a hypervisor driver and using sparse streams (e.g. ``virsh vol-download --sparse``) would make the hypervisor daemon enter an infinite loop without any data transfer. This is now fixed. * Build no longer requires RPC library Code and its cross dependencies were fixed so that build without remote driver and thus an RPC library (like ``tirpc``) fails no more. * virnetdevopenvswitch: Fix 'burst' value passed to ovs-vsctl When a ```` was defined for a TAP device that's plugged into an OvS bridge values passed to the OvS were incorrectly recalculated resulting in slightly different limits being applied. v7.10.0 (2021-12-01) ==================== * **New features** * Added virt-pki-query-dn binary This binary helps users figure out the format of Distinguished Name from a certificate file the way that libvirt expects it in tls_allowed_dn_list option of libvirtd.conf configuration file * **Improvements** * qemu: Report guest interface information in ``virDomainGetGuestInfo`` Libvirt is now able to report interface information from the guest's perspective (using guest agent). * qemu: detect guest side errors during device removal Libvirt is now able to detect guest side errors during device removal by using the DEVICE_UNPLUG_GUEST_ERROR event, available in QEMU 6.2.0. * Minimum SSF setting The libvirtd.conf option tcp_min_ssf can be used to override the minimum permitted security strength factor for non-TLS remote connections. The current hardcoded minimum is 56 (single-DES) and will be raised to 112 in the future. Setting a minimum lower than 112 is not supported. * qemu: Report stats also for block copy destination and backup job scratch images The statistics are available via the bulk domain stats API. * **Bug fixes** * qemu: Don't format 'ramfb' attribute when disabled Fix a regression caused by the conversion to JSON -device arguments where 'ramfb' would be put on the commandline of 'vfio-pci' which doesn't have it, thus breaking VMs with a mediated host device. * qemu: Fix block copy and backup to encrypted storage An oversight in last release lead to a spurious error being reported when encrypted storage was requested for disk images which are not directly backing the disk, which is now fixed. v7.9.0 (2021-11-01) =================== * **New features** * Introduce virtio-mem ```` model New virtio-mem model is introduced for ```` device which is a paravirtualized mechanism of adding/removing memory to/from a VM. Use ``virDomainUpdateDeviceFlags()`` API to adjust amount of memory or ``virsh update-memory-device`` for convenience. * qemu: support disabling hotplug of devices on the pci-root controller the option is now supported for the pci-root controller on i440fx-based (x86 "pc") machinetypes. This can be used to disable hotplug/unplug of devices from this controller. The default behavior is unchanged (hotplug is allowed). * Support hotplug and hotunplug for virtiofs Filesystems backed by virtiofsd can now be hotplugged and hotunplugged. * virpcivpd: Add a PCI VPD parser A parser for the standard PCI/PCIe VPD ("I.3. VPD Definitions" in PCI 2.2+ and an equivalent definition in "6.28.1 VPD Format" PCIe 4.0) was added along with relevant types to represent PCI VPD in memory. This functionality got added for Linux only at this point (kernels above v2.6.26 have support for exposing VPD via sysfs). * virpci: Add PCI VPD-related helper functions to virpci In order to utilize the PCI VPD parser, a couple of helper functions got introduced to check for the presence of a VPD file in the sysfs tree and to invoke the PCI VPD parser to get a list of resources representing PCI VPD contents in memory. * nodedev: Add PCI VPD capability support Support for serializing and deserializing PCI VPD data structures is added following the addition of the PCI VPD parser. A new PCI device capability called "vpd" is introduced holding string resources and keyword resources found in PCI VPD. * qemu: Support page_per_vq for driver element This optional virtio attribute ``page_per_vq`` controls the layout of the notification capabilities exposed to the guest. It is recommended for the vDPA devices. * qemu: Support librbd encryption Add an encryption engine ``librbd``. It will provides the image-level encryption of librbd. It requires QEMU >= 6.1.0 and librbd >= 16.1.0. * **Improvements** * Use of JSON syntax with ``-device`` with upcoming QEMU-6.2 Libvirt started using JSON directly with the ``-device`` commandline parameter as it's considered the preferred stable syntax for further QEMU releases. If any problems with the conversion are encountered please report them as soon as possible. * **Bug fixes** * qemu: Fix problems on ``virsh domstats`` with qemu <5.2.0 Libvirt v7.2.0 and later called query-dirty-rate, which was introduced in qemu-5.2.0, regardless of qemu version and failed in qemu-5.1.0. This release fixes the bug. * Don't enter endless loop when unable to accept new clients If libvirtd (or any other daemon) hit the ulimit for maximum number of open files but there are still client connections pending then libvirtd (or corresponding split daemon) would enter an endless loop from which it would never recover. This behaviour is now fixed. * qemu: Run secondary driver hooks in split daemon mode Because of a bug in implementation it may happen that hooks from secondary drivers were not called in all cases, for instance a network hook wasn't called upon removal of interface after domain shut off itself. With this release the bug is fixed. v7.8.0 (2021-10-01) =================== * **New features** * nodedev: Add ability to automatically start mediated devices The autostart status of a persistent mediated devices can be managed with the new APIs ``virNodeDeviceSetAutostart()`` and ``virNodeDeviceGetAutostart()``. The corresponding virsh command is ``nodedev-autostart``. In addition, two new APIs were added to get additional information about node devices: ``virNodeDeviceIsPersistent()`` checks whether the device is persistently defined, and ``virNodeDeviceIsActive()`` checks whether the node device is currently active. This information can also be retrieved with the new virsh command ``nodedev-info``. v7.7.0 (2021-09-01) =================== * **New features** * Add support for Fibre Channel VMID New VM element ```` was added to allow users to set their ``appid`` for each VM which will be used by kernel to create Fibre Channel VMID. This allows various QoS levels, access control or collecting telemetry data per VM. * **Improvements** * virsh: Allow XML validation for define of: storage pool, network, secret, nwfilter, interface * Add flag ``VIR_STORAGE_POOL_DEFINE_VALIDATE`` to validate storage pool input xml. For virsh, users can use it as ``virsh pool-define --validate``. * Add flag ``VIR_NETWORK_DEFINE_VALIDATE`` to validate network input xml. For virsh, users can use it as ``net-define --validate``. * Add flag ``VIR_SECRET_DEFINE_VALIDATE`` to validate secret input xml. For virsh, users can use it as ``secret-define --validate``. * Add flag ``VIR_NWFILTER_DEFINE_VALIDATE`` to validate nwfilter input xml. For virsh, users can use it as ``nwfilter-define --validate``. * Add flag ``VIR_INTERFACE_DEFINE_VALIDATE`` to validate interface input xml. For virsh, users can use it as ``iface-define --validate``. * Add SecurityManager APIs for labeling network devices New ``virSecurityManagerSetNetdevLabel`` and ``virSecurityManagerSetNetdevLabel`` APIs are introduced and implemented in the Apparmor security driver. The qemu driver uses the APIs to label vhostuser ports on hotplug and restore labeling on unplug. * vmx: Parse vm.genid and support super wide SCSI bus The genid attribute is now reported for VMX guests. Libvirt can now properly process super wide SCSI bus (64 units). * qemu: Lifecycle action (``on_poweroff``/``on_reboot``) handling improvements The handling of lifecycle actions was fixed and improved in multiple ways: - ``restart-rename`` action was forbidden The action was never properly implemented in the qemu driver and didn't actually result in a restart of the VM but rather termination. The qemu driver now rejects such configurations. - ``preserve`` action was forbidden Similarly to the previous case this never worked as the intended semantics of the actions dictate. It's better to not allow it at all until there's a proper implementation - ``reboot`` action of ``on_poweroff`` now actually works The guest OS is now rebooted instead of terminating the VM when the ``reboot`` action is used and the guest OS powers down. Note that it's incompatible with ``on_reboot`` set to ``destroy``. - Changes in action action of ``on_reboot`` are now updated with qemu Libvirtd can now properly update the ``on_reboot`` action in qemu which allows proper handling when changing between ``reboot`` and ``destroy`` actions. In addition, switching from ``reboot`` to ``destroy`` was forbidden for older qemus which don't support the update API as the guest could still reboot and execute some instructions until it was terminated. * **Bug fixes** * qemu: Open chardev logfile on behalf of QEMU Guests with a logfile configured for their chardevs are now able to start even when no virtlogd is configured. * virhostmem: Handle numactl-less build in hugepages allocation/reporting Some architectures don't have notion of NUMA (e.g. s390x) but do support hugepages. Libvirt silently ignored requests to allocate/report hugepage pool when built without numactl. This is now fixed and the pool can be allocated/reported on properly. * qemu: Record proper ``backing`` format for overlays of qcow2+luks images Libvirt would record ``luks`` instead of ``qcow2`` into the metadata. In practice this is a problem only when inspecting images manually via ``qemu-img`` as with libvirt users must use full specification of the backing chain in the domain XML which supersedes information recorded in the image metadata. v7.6.0 (2021-08-02) =================== * **Security** * storage: Unlock pool objects on ACL check failures in ``storagePoolLookupByTargetPath`` (CVE-2021-3667) A logic bug in ``storagePoolLookupByTargetPath`` where the storage pool object was left locked after a failure of the ACL check could potentially deprive legitimate users access to a storage pool object by users who don't have access. * **New features** * qemu: Incremental backup support via ``virDomainBackupBegin`` libvirt-7.6 along with the unreleased qemu-6.1 will fully support the change block tracking features (block-dirty-bitmaps) to be able to do incremental backups and management of the checkpoint states via the appropriate APIs. * qemu: Add support for launch security type s390-pv Specifying s390-pv as launch security type in an s390 domain prepares for running the guest in protected virtualization secure mode, also known as IBM Secure Execution. This simplifies the definition and reduces the risk of an incorrect definition, e.g. by forgetting to specify ``iommu=on`` on all virtio devices. * domstats: Add haltpolling time statistic interface Domstats now provide the data of cpu haltpolling time. This feature relies on statistics available after kernel version 5.8. This will allow the user to get more accurate CPU usage information if needed. * **Bug fixes** * qemu: Fix migration with ``VIR_MIGRATE_NON_SHARED_INC`` libvirt 7.3.0 introduced a bug where ``VIR_MIGRATE_NON_SHARED_INC`` would not actually migrate the contents of the disk due to broken logic and at the same time could trigger migration of storage when ``VIR_MIGRATE_TUNNELLED`` is requested. This release fixes the bug. * qemu: Don't emit ``VIR_DOMAIN_EVENT_ID_BLOCK_THRESHOLD`` twice when registered with index When registering the threshold event with the index notation (e.g. ``vda[3]``) libvirt would emit the event also for ``vda`` if the image is in the top layer. The intention was to emit two events only when the original registration was done without the index. * qemu: Pass discard requests for disks with ``copy_on_read='on'`` When a disk using the ``copy_on_read='on'`` option is configured also with ``discard='unmap'`` the discard requests will now be passed to the underlying image freeing up the space. v7.5.0 (2021-07-01) =================== * **Security** * svirt: fix MCS label generation (CVE-2021-3631) A flaw in the way MCS labels were generated could result in a VM's resource not being fully protected from access by another VM were it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153 * **Removed features** * xen: Remove support for Xen < 4.9 In accordance with our platform support policy, the oldest supported Xen version is now bumped from 4.6 to 4.9. * **Improvements** * docs: Document disk serial truncation status quo Disk ```` is being truncated by QEMU before passed to the guest. Since it's impossible to fix it without running into further regressions the documentation was improved to document the intricacies. * **Bug fixes** * qemu: Fixed validation of disk ``iothread`` configuration The validation of ``iothread`` config was previously moved to a place where it caused bogus errors when address wasn't allocated when hotplugging a disk. The check is now removed as it wasn't actually necessary at all. v7.4.0 (2021-06-01) =================== * **Removed features** * qemu: Remove support for QEMU < 2.11 In accordance with our platform support policy, the oldest supported QEMU version is now bumped from 1.5 to 2.11. * **New features** * qemu: Add support for hotplugging ```` disks The disk hotplug code in the qemu driver now can handle hotplug of disks with automatically added overlay. * qemu: Add support for sharing base image of ```` disks Users can use ```` to tell the qemu driver to never open the base image in write mode thus multiple VMs can share the same image. Note that the disk will be hotplugged during startup. * **Improvements** * Add win-dmp crashdump format New ``win-dmp`` format for ``virDomainCoreDumpWithFormat`` API and/or virsh ``dump --format`` was introduced. * **Bug fixes** * Allow 0 offset in XML schema for ```` Having a 0 offset so that the size of the image can be limited is a valid configuration so it was allowed in the XML schema. v7.3.0 (2021-05-03) =================== * **New features** * xen: Support domains with more than 4TB The xen driver now supports domains with more than 4TB of memory with xen >= 4.13. * qemu: add socket for virtiofs filesystems Libvirt now supports ``filesystem`` devices that connect to a ``virtiofsd`` daemon launched outside of libvirtd, via the ``socket`` attribute of the ``source`` element. * nodedev: Add ability to manage persistent mediated devices Persistent mediated devices can now be managed with libvirt. ``virNodeDeviceDefineXML()`` defines a new device, ``virNodeDeviceUndefine()`` removes an existing definition, and ``virNodeDeviceCreate()`` starts a device definition that is currently inactive. Corresponding virsh commands ``nodedev-define``, ``nodedev-undefine``, and ``nodedev-start`` were also added. ``nodedev-list`` only lists active devices by default. Inactive device definitions can be shown with the new ``--inactive`` and ``--all`` flags. * qemu: Allow use of qemu's ``-compat`` option Curious developers or testers now can enable certain ``-compat`` modes which allow to notice use of deprecated commands and options as qemu will use the selected method to notify the user. The new behaviour can be requested using either the ``deprecation_behavior`` option in ``qemu.conf`` for all VMs or using ```` in the VM XML. * **Improvements** * virsh: Improve errors with ``virsh snapshot-create-as`` The XML document constructed by virsh was forced through XML schema validation which yielded unintelligible error messages in cases such as when the path to the new image did not start with a slash. XML documents are no longer validated as the XML parser actually has better error messages which allow users to figure the problem out quickly. * qemu: Terminate backing store when doing a full-chain block pull When pulling everything into the overlay image the chain can be terminated since we know that it won't depend on any backing image and thus can prevent attempts to probe the backing chain. * qemu: Expose disk serial in virDomainGetGuestInfo() The ``virDomainGetGuestInfo()`` reports disk serial number among with other disk information. * **Bug fixes** * qemu: Fix crash of libvirt on full block pull of a disk When the persistent definition contains a compatible disk (meaning the definition of the running and persistent config match) a block pull job would leave a dangling pointer in the config definition which resulted in a crash. * qemu: Use proper job cancelling command Libvirt's API contract for aborting a block copy job in 'ready' state declares that the destination image of the copy will contain a consistent image of the disk from the time when the block job was aborted. This requires that libvirt uses the proper cancelling qemu command to ensure that the data is consistent which was not the case. * qemu: Don't attempt storage migration when there are no migratable disks Due to a logic bug introduced in the previous release libvirt would attempt to migrate disks in case when no disks are selected/eligible for migration. * qemu: Fix very rare race when two block job 'ready' events are delivered In certain high-load scenarios, qemu might deliver the 'ready' event twice and if it's delivered when pivoting to the destination during a block copy job, libvirt would get confused and execute the code as if the job were aborted. * lxc: Fix container destroy with CGroupsV2 When an LXC container was started and the host used CGroupsV2 it might have had created nested controllers under the container's scope. Libvirt was unaware and thus destroying the container failed with a cryptic error: ``failed to get cgroup backend for 'pathOfController'``. The CGroup removal code was reworked and is now capable of dealing with such scenario. * bash-completion: Fix argument passing to $1 Due to a bug in bash completion script, the auto completion did not work properly when a connection URI or read only flag were specified on ``virsh`` or ``virt-admin`` command line. v7.2.0 (2021-04-01) =================== * **New features** * qemu: Implement domain memory dirty rate calculation API New API ``virDomainStartDirtyRateCalc()`` and virsh command ``domdirtyrate-calc`` are added to start calculating a live domain's memory dirty rate. * qemu: Support reporting memory dirty rate stats The memory dirty rate stats can be obtained through ``virsh domstats --dirtyrate`` via the virConnectGetAllDomainStats API. * qemu: Full disk backups via ``virDomainBackupBegin`` The qemu hypervisor driver now allows taking full disk backups via the ``virDomainBackupBegin`` API and the corresponding virsh wrapper. In future releases the feature will be extended to also support incremental backups (where only the difference since the last backup is copied) when qemu adds the required functionality. * Add support for audio backend specific settings With this release a new ``