517b8c12b9
When we are about to spawn QEMU, we validate the domain definition against qemuCaps. Except when domain is/was already running before (i.e. on incoming migration, snapshots, resume from a file). However, especially on incoming migration it may happen that the destination QEMU is different to the source QEMU, e.g. the destination QEMU may have some devices disabled. And we have a function that validates devices/features requested in domain XML against the desired QEMU capabilities (aka qemuCaps) - it's virDomainDefValidate() which calls qemuValidateDomainDef() and qemuValidateDomainDeviceDef() subsequently. But the problem here is that the validation function is explicitly skipped over in specific scenarios (like incoming migration, restore from a snapshot or previously saved file). This in turn means that we may spawn QEMU and request device/features it doesn't support. When that happens QEMU fails to load migration stream: qemu-kvm: ... 'virtio-mem-pci' is not a valid device model name (NB, while the example shows one particular device, the problem is paramount) This problem is easier to run into since we are slowly moving validation from qemu_command.c into said validation functions. The solution is simple: do the validation in all cases. And while it may happen that users would be unable to migrate/restore a guest due to a bug in our validator, spawning QEMU without validation is worse (especially when you consider that users can supply their own XMLs for migrate/restore operations - these were never validated). Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2048435 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Libvirt API for virtualization
Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.
Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.
Further information about the libvirt project can be found on the website:
License
The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.0 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.
Installation
Instructions on building and installing libvirt can be found on the website:
https://libvirt.org/compiling.html
Contributing
The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:
https://libvirt.org/contribute.html
Contact
The libvirt project has two primary mailing lists:
- libvirt-users@redhat.com (for user discussions)
- libvir-list@redhat.com (for development only)
Further details on contacting the project are available on the website: