From 6314a78ef826d5fa525aac4ba7667aebf86edf64 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Sun, 15 Feb 2026 03:12:22 +0000 Subject: [PATCH 1/7] Backport packages from upstream --- ...-URL-creation-code-into-one-function.patch | 119 ++++++++++++++++++ ...-esx-Allow-connecting-to-IPv6-server.patch | 43 +++++++ ...ug-URL-just-before-opening-with-curl.patch | 29 +++++ ...-to-creating-URLs-using-virURIFormat.patch | 57 +++++++++ ...x-URI-encode-inventory-objects-twice.patch | 60 +++++++++ ...roduce-esxUtil_EscapeInventoryObject.patch | 76 +++++++++++ ...etting-of-group_name-out-of-the-loop.patch | 68 ++++++++++ ...hottle-group-name-passed-as-argument.patch | 75 +++++++++++ ...up-name-into-the-tunable-event-twice.patch | 43 +++++++ ...rce-non-zero-groupname-string-length.patch | 38 ++++++ ...nly-to-virStorageSource-of-same-type.patch | 56 +++++++++ ...rceIsSameLocation-with-NULL-argument.patch | 48 +++++++ ...-calling-virStorageSourceGetMetadata.patch | 75 +++++++++++ ...ateBackingStore-Remove-stale-comment.patch | 34 +++++ ...try-as-curent-user-if-qemu-img-fails.patch | 97 ++++++++++++++ ...ON-nesting-limit-when-parsing-to-300.patch | 50 ++++++++ ...nExternalNames-Improve-error-message.patch | 37 ++++++ ...rjsontest-Add-test-for-nesting-depth.patch | 45 +++++++ centos-10/SPECS/libvirt.spec | 42 ++++++- ...etting-of-group_name-out-of-the-loop.patch | 68 ++++++++++ ...hottle-group-name-passed-as-argument.patch | 75 +++++++++++ ...up-name-into-the-tunable-event-twice.patch | 43 +++++++ ...rce-non-zero-groupname-string-length.patch | 38 ++++++ ...nly-to-virStorageSource-of-same-type.patch | 57 +++++++++ ...rceIsSameLocation-with-NULL-argument.patch | 48 +++++++ ...-calling-virStorageSourceGetMetadata.patch | 75 +++++++++++ ...ateBackingStore-Remove-stale-comment.patch | 34 +++++ ...try-as-curent-user-if-qemu-img-fails.patch | 97 ++++++++++++++ ...nExternalNames-Improve-error-message.patch | 37 ++++++ centos-9/SPECS/libvirt.spec | 24 +++- 30 files changed, 1686 insertions(+), 2 deletions(-) create mode 100644 centos-10/SOURCES/libvirt-esx-Abstract-all-URL-creation-code-into-one-function.patch create mode 100644 centos-10/SOURCES/libvirt-esx-Allow-connecting-to-IPv6-server.patch create mode 100644 centos-10/SOURCES/libvirt-esx-Debug-URL-just-before-opening-with-curl.patch create mode 100644 centos-10/SOURCES/libvirt-esx-Switch-to-creating-URLs-using-virURIFormat.patch create mode 100644 centos-10/SOURCES/libvirt-esx-URI-encode-inventory-objects-twice.patch create mode 100644 centos-10/SOURCES/libvirt-esx_util-Introduce-esxUtil_EscapeInventoryObject.patch create mode 100644 centos-10/SOURCES/libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch create mode 100644 centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch create mode 100644 centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch create mode 100644 centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch create mode 100644 centos-10/SOURCES/libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch create mode 100644 centos-10/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch create mode 100644 centos-10/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch create mode 100644 centos-10/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch create mode 100644 centos-10/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch create mode 100644 centos-10/SOURCES/libvirt-util-json-Increase-JSON-nesting-limit-when-parsing-to-300.patch create mode 100644 centos-10/SOURCES/libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch create mode 100644 centos-10/SOURCES/libvirt-virjsontest-Add-test-for-nesting-depth.patch create mode 100644 centos-9/SOURCES/libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch create mode 100644 centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch create mode 100644 centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch create mode 100644 centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch create mode 100644 centos-9/SOURCES/libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch create mode 100644 centos-9/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch create mode 100644 centos-9/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch create mode 100644 centos-9/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch create mode 100644 centos-9/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch create mode 100644 centos-9/SOURCES/libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch diff --git a/centos-10/SOURCES/libvirt-esx-Abstract-all-URL-creation-code-into-one-function.patch b/centos-10/SOURCES/libvirt-esx-Abstract-all-URL-creation-code-into-one-function.patch new file mode 100644 index 0000000..a6aebca --- /dev/null +++ b/centos-10/SOURCES/libvirt-esx-Abstract-all-URL-creation-code-into-one-function.patch @@ -0,0 +1,119 @@ +From 95ff5dcad20269f8e26eda628c85168dd4702285 Mon Sep 17 00:00:00 2001 +Message-ID: <95ff5dcad20269f8e26eda628c85168dd4702285.1769699749.git.jdenemar@redhat.com> +From: "Richard W.M. Jones" +Date: Mon, 26 Jan 2026 10:47:01 +0000 +Subject: [PATCH] esx: Abstract all URL-creation code into one function + +Abstract the places where we create URLs into one place. This is just +refactoring and should not change the behaviour. + +Signed-off-by: Richard W.M. Jones +(cherry picked from commit e013d5b5cae732ddeae479098165b9331b8ea441) +Resolves: https://issues.redhat.com/browse/RHEL-138300 +Signed-off-by: Michal Privoznik +--- + src/esx/esx_driver.c | 53 +++++++++++++++++++++++++++++++++++--------- + 1 file changed, 43 insertions(+), 10 deletions(-) + +diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c +index 9f965811b1..29735e359f 100644 +--- a/src/esx/esx_driver.c ++++ b/src/esx/esx_driver.c +@@ -582,7 +582,37 @@ esxCapsInit(esxPrivate *priv) + return NULL; + } + ++static char * ++esxCreateURL(const char *transport, ++ const char *server, ++ int port, ++ const char *path) ++{ ++ char *url; + ++ url = g_strdup_printf("%s://%s:%d%s", ++ transport, ++ server, ++ port, ++ path); ++ return url; ++} ++ ++/* ++ * Same as above, but add it to a buffer because the calling code will ++ * append query strings etc. ++ */ ++static void ++esxCreateURLBuffer(virBuffer *buffer, ++ const char *transport, ++ const char *server, ++ int port, ++ const char *path) ++{ ++ g_autofree char *url = esxCreateURL(transport, server, port, path); ++ ++ virBufferAdd(buffer, url, -1); ++} + + static int + esxConnectToHost(esxPrivate *priv, +@@ -619,8 +649,8 @@ esxConnectToHost(esxPrivate *priv, + conn->uri->server))) + goto cleanup; + +- url = g_strdup_printf("%s://%s:%d/sdk", priv->parsedUri->transport, +- conn->uri->server, conn->uri->port); ++ url = esxCreateURL(priv->parsedUri->transport, ++ conn->uri->server, conn->uri->port, "/sdk"); + + if (esxVI_Context_Alloc(&priv->host) < 0 || + esxVI_Context_Connect(priv->host, url, ipAddress, username, password, +@@ -706,8 +736,8 @@ esxConnectToVCenter(esxPrivate *priv, + if (!(password = virAuthGetPassword(conn, auth, "esx", username, hostname))) + return -1; + +- url = g_strdup_printf("%s://%s:%d/sdk", priv->parsedUri->transport, hostname, +- conn->uri->port); ++ url = esxCreateURL(priv->parsedUri->transport, hostname, ++ conn->uri->port, "/sdk"); + + if (esxVI_Context_Alloc(&priv->vCenter) < 0 || + esxVI_Context_Connect(priv->vCenter, url, ipAddress, username, +@@ -2357,8 +2387,9 @@ esxDomainScreenshot(virDomainPtr domain, virStreamPtr stream, + } + + /* Build URL */ +- virBufferAsprintf(&buffer, "%s://%s:%d/screen?id=", priv->parsedUri->transport, +- domain->conn->uri->server, domain->conn->uri->port); ++ esxCreateURLBuffer(&buffer, priv->parsedUri->transport, ++ domain->conn->uri->server, domain->conn->uri->port, ++ "/screen?id="); + virBufferURIEncodeString(&buffer, virtualMachine->obj->value); + + url = virBufferContentAndReset(&buffer); +@@ -2563,8 +2594,9 @@ esxDomainGetXMLDesc(virDomainPtr domain, unsigned int flags) + goto cleanup; + } + +- virBufferAsprintf(&buffer, "%s://%s:%d/folder/", priv->parsedUri->transport, +- domain->conn->uri->server, domain->conn->uri->port); ++ esxCreateURLBuffer(&buffer, priv->parsedUri->transport, ++ domain->conn->uri->server, domain->conn->uri->port, ++ "/folder/"); + virBufferURIEncodeString(&buffer, directoryAndFileName); + virBufferAddLit(&buffer, "?dcPath="); + virBufferURIEncodeString(&buffer, priv->primary->datacenterPath); +@@ -2987,8 +3019,9 @@ esxDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) + goto cleanup; + } + +- virBufferAsprintf(&buffer, "%s://%s:%d/folder/", priv->parsedUri->transport, +- conn->uri->server, conn->uri->port); ++ esxCreateURLBuffer(&buffer, priv->parsedUri->transport, ++ conn->uri->server, conn->uri->port, ++ "/folder/"); + + if (directoryName) { + virBufferURIEncodeString(&buffer, directoryName); +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-esx-Allow-connecting-to-IPv6-server.patch b/centos-10/SOURCES/libvirt-esx-Allow-connecting-to-IPv6-server.patch new file mode 100644 index 0000000..232a8cc --- /dev/null +++ b/centos-10/SOURCES/libvirt-esx-Allow-connecting-to-IPv6-server.patch @@ -0,0 +1,43 @@ +From 16276aad5c682651e2a5aabe7d5a7258dda251c1 Mon Sep 17 00:00:00 2001 +Message-ID: <16276aad5c682651e2a5aabe7d5a7258dda251c1.1769173967.git.jdenemar@redhat.com> +From: Michal Privoznik +Date: Tue, 20 Jan 2026 10:08:29 +0100 +Subject: [PATCH] esx: Allow connecting to IPv6 server +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When connecting to a VMWare server, the hostname from URI is +resolved using esxUtil_ResolveHostname() which in turn calls +getaddrinfo(). But in the hints argument, we restrict the return +address to be IPv4 (AF_INET) which obviously fails if the address +to resolve is an IPv6 address. Set the hint to AF_UNSPEC which +allows both IPv4 and IPv6. While at it, also allow IPv4 addresses +mapped in IPv6 by setting AI_V4MAPPED flag. + +Resolves: https://issues.redhat.com/browse/RHEL-138300 +Signed-off-by: Michal Privoznik +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 845210011a9ffd9d17e30c51cbc81ba67c5d3166) +Signed-off-by: Michal Privoznik +--- + src/esx/esx_util.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/esx/esx_util.c b/src/esx/esx_util.c +index 7ee0e5f7c0..12a34a2275 100644 +--- a/src/esx/esx_util.c ++++ b/src/esx/esx_util.c +@@ -280,8 +280,8 @@ esxUtil_ResolveHostname(const char *hostname, char **ipAddress) + int errcode; + g_autofree char *address = NULL; + +- hints.ai_flags = AI_ADDRCONFIG; +- hints.ai_family = AF_INET; ++ hints.ai_flags = AI_ADDRCONFIG | AI_V4MAPPED; ++ hints.ai_family = AF_UNSPEC; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = 0; + +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-esx-Debug-URL-just-before-opening-with-curl.patch b/centos-10/SOURCES/libvirt-esx-Debug-URL-just-before-opening-with-curl.patch new file mode 100644 index 0000000..a8233ef --- /dev/null +++ b/centos-10/SOURCES/libvirt-esx-Debug-URL-just-before-opening-with-curl.patch @@ -0,0 +1,29 @@ +From 0e5f062ba33929bc592fff175a2cd9d043a32b23 Mon Sep 17 00:00:00 2001 +Message-ID: <0e5f062ba33929bc592fff175a2cd9d043a32b23.1769699749.git.jdenemar@redhat.com> +From: "Richard W.M. Jones" +Date: Mon, 26 Jan 2026 10:38:02 +0000 +Subject: [PATCH] esx: Debug URL just before opening with curl + +Signed-off-by: Richard W.M. Jones +(cherry picked from commit 38c952d89317f5b4bd23223f9a9d8be086ef7a40) +Resolves: https://issues.redhat.com/browse/RHEL-138300 +Signed-off-by: Michal Privoznik +--- + src/esx/esx_vi.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/esx/esx_vi.c b/src/esx/esx_vi.c +index 3264afc13a..8d2ffb3f8f 100644 +--- a/src/esx/esx_vi.c ++++ b/src/esx/esx_vi.c +@@ -231,6 +231,8 @@ esxVI_CURL_Perform(esxVI_CURL *curl, const char *url) + long responseCode = 0; + const char *redirectUrl = NULL; + ++ VIR_DEBUG("URL: %s", url); ++ + errorCode = curl_easy_perform(curl->handle); + + if (errorCode != CURLE_OK) { +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-esx-Switch-to-creating-URLs-using-virURIFormat.patch b/centos-10/SOURCES/libvirt-esx-Switch-to-creating-URLs-using-virURIFormat.patch new file mode 100644 index 0000000..a990628 --- /dev/null +++ b/centos-10/SOURCES/libvirt-esx-Switch-to-creating-URLs-using-virURIFormat.patch @@ -0,0 +1,57 @@ +From 1ac21634942d30288dd11005d1d832b8dda86ceb Mon Sep 17 00:00:00 2001 +Message-ID: <1ac21634942d30288dd11005d1d832b8dda86ceb.1769699749.git.jdenemar@redhat.com> +From: "Richard W.M. Jones" +Date: Mon, 26 Jan 2026 17:54:57 +0000 +Subject: [PATCH] esx: Switch to creating URLs using virURIFormat +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since libvirt has existing support for creating URIs, use that rather +than home-rolling our own code without any escaping. + +As a side-effect this ensures that URLs containing IPv6 addresses are +escaped correctly, for example as below (note square brackets): + + https://[1234:56:0:789a:bcde:72ff:fe0a:7baa]:443/sdk + +Fixes: https://issues.redhat.com/browse/RHEL-138300 +Updates: commit 845210011a9ffd9d17e30c51cbc81ba67c5d3166 +Reported-by: Ming Xie +Signed-off-by: Richard W.M. Jones +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 13889feb14a24fdf7717960aa5331a0b63ce97ed) +Resolves: https://issues.redhat.com/browse/RHEL-138300 +Signed-off-by: Michal Privoznik +--- + src/esx/esx_driver.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c +index 29735e359f..40b7f793cd 100644 +--- a/src/esx/esx_driver.c ++++ b/src/esx/esx_driver.c +@@ -588,14 +588,14 @@ esxCreateURL(const char *transport, + int port, + const char *path) + { +- char *url; ++ virURI uri = { ++ .scheme = (char*)transport, ++ .server = (char*)server, ++ .port = port, ++ .path = (char*)path, ++ }; + +- url = g_strdup_printf("%s://%s:%d%s", +- transport, +- server, +- port, +- path); +- return url; ++ return virURIFormat(&uri); + } + + /* +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-esx-URI-encode-inventory-objects-twice.patch b/centos-10/SOURCES/libvirt-esx-URI-encode-inventory-objects-twice.patch new file mode 100644 index 0000000..c775ab9 --- /dev/null +++ b/centos-10/SOURCES/libvirt-esx-URI-encode-inventory-objects-twice.patch @@ -0,0 +1,60 @@ +From 1ff41e00c1d0a280b22ba4f8bf4e86472570486a Mon Sep 17 00:00:00 2001 +Message-ID: <1ff41e00c1d0a280b22ba4f8bf4e86472570486a.1769699749.git.jdenemar@redhat.com> +From: Michal Privoznik +Date: Tue, 6 Jan 2026 17:18:03 +0100 +Subject: [PATCH] esx: URI encode inventory objects twice + +While discouraged by a KB article to use special characters in +inventory object names [1], ESX won't stop you. And thus users +can end up with a datastore named "datastore2+", for instance. +The datastore name (and datacenter path) are important when +fetching/uploading a .vmx file (used in APIs like +virDomainGetXMLDesc() or virDomainDefineXML()). And while we do +URI encode both (dcPath and dsName), encoding them once is not +enough. Cole Robinson discovered [2] that they need to be +URI-encoded twice. Use newly introduced +esxUtil_EscapeInventoryObject() helper to encode them twice. + +1: https://knowledge.broadcom.com/external/article/386368/vcenter-inventory-object-name-with-speci.html +2: https://issues.redhat.com/browse/RHEL-133729#comment-28604072 +Resolves: https://issues.redhat.com/browse/RHEL-134127 +Signed-off-by: Michal Privoznik +Reviewed-by: Jiri Denemark +Reviewed-by: Richard W.M. Jones +(cherry picked from commit 6c9d2591c668732eb05cf17d27c9102ef3d40b39) +Resolves: https://issues.redhat.com/browse/RHEL-140196 +Signed-off-by: Michal Privoznik +--- + src/esx/esx_driver.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c +index 40b7f793cd..010c62b8e8 100644 +--- a/src/esx/esx_driver.c ++++ b/src/esx/esx_driver.c +@@ -2599,9 +2599,9 @@ esxDomainGetXMLDesc(virDomainPtr domain, unsigned int flags) + "/folder/"); + virBufferURIEncodeString(&buffer, directoryAndFileName); + virBufferAddLit(&buffer, "?dcPath="); +- virBufferURIEncodeString(&buffer, priv->primary->datacenterPath); ++ esxUtil_EscapeInventoryObject(&buffer, priv->primary->datacenterPath); + virBufferAddLit(&buffer, "&dsName="); +- virBufferURIEncodeString(&buffer, datastoreName); ++ esxUtil_EscapeInventoryObject(&buffer, datastoreName); + + url = virBufferContentAndReset(&buffer); + +@@ -3035,9 +3035,9 @@ esxDomainDefineXMLFlags(virConnectPtr conn, const char *xml, unsigned int flags) + + virBufferURIEncodeString(&buffer, escapedName); + virBufferAddLit(&buffer, ".vmx?dcPath="); +- virBufferURIEncodeString(&buffer, priv->primary->datacenterPath); ++ esxUtil_EscapeInventoryObject(&buffer, priv->primary->datacenterPath); + virBufferAddLit(&buffer, "&dsName="); +- virBufferURIEncodeString(&buffer, datastoreName); ++ esxUtil_EscapeInventoryObject(&buffer, datastoreName); + + url = virBufferContentAndReset(&buffer); + +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-esx_util-Introduce-esxUtil_EscapeInventoryObject.patch b/centos-10/SOURCES/libvirt-esx_util-Introduce-esxUtil_EscapeInventoryObject.patch new file mode 100644 index 0000000..34b11ba --- /dev/null +++ b/centos-10/SOURCES/libvirt-esx_util-Introduce-esxUtil_EscapeInventoryObject.patch @@ -0,0 +1,76 @@ +From 0776d3a966522785927456bf85037503a9d85bd7 Mon Sep 17 00:00:00 2001 +Message-ID: <0776d3a966522785927456bf85037503a9d85bd7.1769699749.git.jdenemar@redhat.com> +From: Michal Privoznik +Date: Wed, 7 Jan 2026 10:34:25 +0100 +Subject: [PATCH] esx_util: Introduce esxUtil_EscapeInventoryObject() + +The aim of this helper function is to URI-encode given string +twice. There's a bug (fixed in next commit) in which we're unable +to fetch .vmx file for a domain if corresponding datastore +contains some special characters (like +). Cole Robinson +discovered that encoding datastore twice enables libvirt to work +around the issue [2]. Well, this function does exactly that. +It was tested with the following inputs and all worked +flawlessly: "datastore", "datastore2", "datastore2+", +"datastore3+-@", "data store2+". + +1: https://issues.redhat.com/browse/RHEL-134127 +2: https://issues.redhat.com/browse/RHEL-133729#comment-28604072 + +Signed-off-by: Michal Privoznik +Reviewed-by: Jiri Denemark +Reviewed-by: Richard W.M. Jones +(cherry picked from commit ffe74c7c551bd641cbcaa2512ed0ad4a25d3980b) +Resolves: https://issues.redhat.com/browse/RHEL-140196 +Signed-off-by: Michal Privoznik +--- + src/esx/esx_util.c | 18 ++++++++++++++++++ + src/esx/esx_util.h | 3 +++ + 2 files changed, 21 insertions(+) + +diff --git a/src/esx/esx_util.c b/src/esx/esx_util.c +index 12a34a2275..963bcd0a75 100644 +--- a/src/esx/esx_util.c ++++ b/src/esx/esx_util.c +@@ -448,3 +448,21 @@ esxUtil_EscapeForXml(const char *string) + + return virBufferContentAndReset(&buffer); + } ++ ++ ++/* esxUtil_EscapeInventoryObject: ++ * @buf: the buffer to append to ++ * @string: the string argument which will be URI-encoded ++ * ++ * URI-encode given @string TWICE and append the result to the @buf. This is ++ * to be used with inventory objects (like 'dcPath' and 'dsName') to work ++ * around a VMware bug in which once round of URI-encoding is not enough. ++ */ ++void ++esxUtil_EscapeInventoryObject(virBuffer *buf, const char *string) ++{ ++ g_autoptr(GString) escaped = g_string_new(NULL); ++ ++ g_string_append_uri_escaped(escaped, string, NULL, false); ++ virBufferURIEncodeString(buf, escaped->str); ++} +diff --git a/src/esx/esx_util.h b/src/esx/esx_util.h +index 58bc44e744..29f01e0c15 100644 +--- a/src/esx/esx_util.h ++++ b/src/esx/esx_util.h +@@ -22,6 +22,7 @@ + #pragma once + + #include "internal.h" ++#include "virbuffer.h" + #include "viruri.h" + + #define ESX_VI_CHECK_ARG_LIST(val) \ +@@ -67,3 +68,5 @@ void esxUtil_ReplaceSpecialWindowsPathChars(char *string); + char *esxUtil_EscapeDatastoreItem(const char *string); + + char *esxUtil_EscapeForXml(const char *string); ++ ++void esxUtil_EscapeInventoryObject(virBuffer *buf, const char *string); +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch b/centos-10/SOURCES/libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch new file mode 100644 index 0000000..a87a353 --- /dev/null +++ b/centos-10/SOURCES/libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch @@ -0,0 +1,68 @@ +From 2f60aff267af628839c90fe36cacbc9d5057509a Mon Sep 17 00:00:00 2001 +Message-ID: <2f60aff267af628839c90fe36cacbc9d5057509a.1769699749.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Fri, 16 Jan 2026 16:38:38 +0100 +Subject: [PATCH] qemuDomainSetBlockIoTuneField: Move setting of 'group_name' + out of the loop + +The refactor will simplify further change which will introduce another +source for the group name. + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit fa064375668df0e67b4d68fdfc4a386862026f3f) + +https://issues.redhat.com/browse/RHEL-141820 [rhel-10.2] +https://issues.redhat.com/browse/RHEL-144010 [rhel-9.8] +--- + src/qemu/qemu_driver.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 194017a29a..ecfb65c535 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -15173,6 +15173,7 @@ qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + int *eventNparams, + int *eventMaxparams) + { ++ const char *param_group_name = NULL; + size_t i; + + #define SET_IOTUNE_FIELD(FIELD, BOOL, CONST) \ +@@ -15218,15 +15219,8 @@ qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + WRITE_IOPS_SEC_MAX); + SET_IOTUNE_FIELD(size_iops_sec, SIZE_IOPS, SIZE_IOPS_SEC); + +- /* NB: Cannot use macro since this is a value.s not a value.ul */ + if (STREQ(param->field, VIR_DOMAIN_BLOCK_IOTUNE_GROUP_NAME)) { +- info->group_name = g_strdup(param->value.s); +- *set_fields |= QEMU_BLOCK_IOTUNE_SET_GROUP_NAME; +- if (virTypedParamsAddString(eventParams, eventNparams, +- eventMaxparams, +- VIR_DOMAIN_TUNABLE_BLKDEV_GROUP_NAME, +- param->value.s) < 0) +- return -1; ++ param_group_name = param->value.s; + continue; + } + +@@ -15244,6 +15238,16 @@ qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + WRITE_IOPS_SEC_MAX_LENGTH); + } + ++ if (param_group_name) { ++ info->group_name = g_strdup(param_group_name); ++ *set_fields |= QEMU_BLOCK_IOTUNE_SET_GROUP_NAME; ++ if (virTypedParamsAddString(eventParams, eventNparams, ++ eventMaxparams, ++ VIR_DOMAIN_TUNABLE_BLKDEV_GROUP_NAME, ++ param_group_name) < 0) ++ return -1; ++ } ++ + #undef SET_IOTUNE_FIELD + + return 0; +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch b/centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch new file mode 100644 index 0000000..0d1b945 --- /dev/null +++ b/centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch @@ -0,0 +1,75 @@ +From f44d3fa49e7f1507e93c1e9525dd0db4227809cc Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Fri, 16 Jan 2026 16:39:40 +0100 +Subject: [PATCH] qemuDomainSetThrottleGroup: Always honour thottle group name + passed as argument + +Due to the code share with 'qemuDomainSetBlockIoTune' the throttle group +setting code accepts the throttle group name also via typed parameters. + +In 'qemuDomainSetThrottleGroup', this means that there are 2 ways to +pass it the throttle group name and both are handled slightly +differently. Specifically the name of the group used in the list of +groups is the name taken from the typed parameters rather than the one +passed via API. We also don't validate that they match. + +Now if the name in the typed parameters is missing we'd add empty string +to the group list which would later crash when looking up the group +name. + +To avoid this problem always use the name passed via argument. This is +achieved by passing it into 'qemuDomainSetBlockIoTuneFields' so that it +overrides whatever is in the typed parameters. + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit 0cd13906dcf15ea5709a7b253466816a1b875640) + +https://issues.redhat.com/browse/RHEL-141820 [rhel-10.2] +https://issues.redhat.com/browse/RHEL-144010 [rhel-9.8] +--- + src/qemu/qemu_driver.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index ecfb65c535..a6d5dd6e05 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -15168,6 +15168,7 @@ static int + qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + virTypedParameterPtr params, + int nparams, ++ const char *group_name, + qemuBlockIoTuneSetFlags *set_fields, + virTypedParameterPtr *eventParams, + int *eventNparams, +@@ -15238,6 +15239,10 @@ qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + WRITE_IOPS_SEC_MAX_LENGTH); + } + ++ /* The name of the throttle group passed via API always takes precedence */ ++ if (group_name) ++ param_group_name = group_name; ++ + if (param_group_name) { + info->group_name = g_strdup(param_group_name); + *set_fields |= QEMU_BLOCK_IOTUNE_SET_GROUP_NAME; +@@ -15385,6 +15390,7 @@ qemuDomainSetBlockIoTune(virDomainPtr dom, + if (qemuDomainSetBlockIoTuneFields(&info, + params, + nparams, ++ NULL, + &set_fields, + &eventParams, + &eventNparams, +@@ -20379,6 +20385,7 @@ qemuDomainSetThrottleGroup(virDomainPtr dom, + if (qemuDomainSetBlockIoTuneFields(&info, + params, + nparams, ++ groupname, + &set_fields, + &eventParams, + &eventNparams, +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch b/centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch new file mode 100644 index 0000000..0f0a739 --- /dev/null +++ b/centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch @@ -0,0 +1,43 @@ +From e48225074a9179e73b8ce9a573a513e619ae0a65 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Fri, 16 Jan 2026 16:39:49 +0100 +Subject: [PATCH] qemuDomainSetThrottleGroup: Don't put group name into the + 'tunable' event twice + +'qemuDomainSetBlockIoTuneFields' already populates the contents of the +VIR_DOMAIN_EVENT_ID_TUNABLE params with the group name so there's no +need to do it explicitly. We'd report the group name twice: + + event 'tunable' for domain 'cd': + blkdeviotune.group_name: asdf + blkdeviotune.total_bytes_sec: 1234 + blkdeviotune.group_name: asdf + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit adcc14e1538433ec1b2f4b103cdf641917e63242) + +https://issues.redhat.com/browse/RHEL-141820 [rhel-10.2] +https://issues.redhat.com/browse/RHEL-144010 [rhel-9.8] +--- + src/qemu/qemu_driver.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index a6d5dd6e05..08a547c546 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -20378,10 +20378,6 @@ qemuDomainSetThrottleGroup(virDomainPtr dom, + if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) + goto endjob; + +- if (virTypedParamsAddString(&eventParams, &eventNparams, &eventMaxparams, +- VIR_DOMAIN_TUNABLE_BLKDEV_GROUP_NAME, groupname) < 0) +- goto endjob; +- + if (qemuDomainSetBlockIoTuneFields(&info, + params, + nparams, +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch b/centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch new file mode 100644 index 0000000..62c27b6 --- /dev/null +++ b/centos-10/SOURCES/libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch @@ -0,0 +1,38 @@ +From fee37458a1f93dc30a209ceeda1ec31847884fcf Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Fri, 16 Jan 2026 16:36:50 +0100 +Subject: [PATCH] qemuDomainSetThrottleGroup: Enforce non-zero 'groupname' + string length + +Having a name of 0 characters makes no sense. Reject it. + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit abcdc9511b1c78df7dcdee9f01c6d55651d3a424) + +https://issues.redhat.com/browse/RHEL-141820 [rhel-10.2] +https://issues.redhat.com/browse/RHEL-144010 [rhel-9.8] +--- + src/qemu/qemu_driver.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index f2e024dae3..194017a29a 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -20345,6 +20345,12 @@ qemuDomainSetThrottleGroup(virDomainPtr dom, + virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | + VIR_DOMAIN_AFFECT_CONFIG, -1); + ++ if (strlen(groupname) == 0) { ++ virReportError(VIR_ERR_INVALID_ARG, "%s", ++ _("'groupname' parameter string must have non-zero length")); ++ return -1; ++ } ++ + if (qemuDomainValidateBlockIoTune(params, nparams) < 0) + return -1; + +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch b/centos-10/SOURCES/libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch new file mode 100644 index 0000000..6be8545 --- /dev/null +++ b/centos-10/SOURCES/libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch @@ -0,0 +1,56 @@ +From 5a7cc07af8355ae117d04d357bd8b694fc2af091 Mon Sep 17 00:00:00 2001 +Message-ID: <5a7cc07af8355ae117d04d357bd8b694fc2af091.1769173967.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Mon, 12 Jan 2026 10:54:38 +0100 +Subject: [PATCH] qemuSecurityMoveImageMetadata: Move seclabels only to + virStorageSource of same type + +The concept of moving a seclabel is used e.g. when a new image is +introduced to the backing chain (or one of the existing ones becomes +active during block commit). What it does is that it moves the metedata +remembering the original seclabel to the new image. + +That idea works reasonably well if both the original and new image are +of same type e.g. a file, where they have comparable seclabel. + +It breaks down though when you e.g. create a snapshot stored in a 'file' +on top of a disk originally backed by a 'block' storage source, since +the seclabels differ quite siginificantly. + +This patch restricts the seclabel move in qemuSecurityMoveImageMetadata +to happen only if the storage sources are of same type to avoid the +issue. This means that the seclabels will not be remebered and will be +restored to the default but it's better than to transfer wrong labels. + +Resolves: https://issues.redhat.com/browse/RHEL-114412 + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit 37d51c0d27692a245d7a5eeeef57748e7574de4b) +--- + src/qemu/qemu_security.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c +index 6bb0f9170d..84cb981a96 100644 +--- a/src/qemu/qemu_security.c ++++ b/src/qemu/qemu_security.c +@@ -201,6 +201,16 @@ qemuSecurityMoveImageMetadata(virQEMUDriver *driver, + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid = vm->pid; + ++ /* Moving seclabel metadata makes sense only when 'src' and 'dst' are of ++ * the same type. Otherwise 'dst' could end up with a seclabel that doesn't ++ * make sense for it (e.g. a seclabel originating from a block device /dev ++ * node moved to a file), once the seclabels are restored for it */ ++ if (src && dst && src->type != dst->type) { ++ VIR_DEBUG("dropping security label metadata instead of moving it from '%s' to '%s' due to type mismatch", ++ NULLSTR(src->path), NULLSTR(dst->path)); ++ dst = NULL; ++ } ++ + return virSecurityManagerMoveImageMetadata(driver->securityManager, + cfg->sharedFilesystems, + pid, src, dst); +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch b/centos-10/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch new file mode 100644 index 0000000..e551ccf --- /dev/null +++ b/centos-10/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch @@ -0,0 +1,48 @@ +From 744a5361793546bed7976acebed669b1928e8c9d Mon Sep 17 00:00:00 2001 +Message-ID: <744a5361793546bed7976acebed669b1928e8c9d.1769699749.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Fri, 23 Jan 2026 08:42:50 +0100 +Subject: [PATCH] qemuSnapshotDiskHasBackingDisk: Avoid call of + virStorageSourceIsSameLocation with NULL argument + +When the 'backingStore' pointer is not populated the function calls +'virStorageSourceGetMetadata' to try to populate it but if the on-disk +metadata doesn't have a backing image (e.g. if it's the 'base' image of +the chain) the 'backingStore' or the metadata fetcher fails the pointer +will still be NULL. + +The function then calls 'virStorageSourceIsSameLocation' but the +internal functions for dealing with storage sources don't handle NULL +gracefully. + +Since the code calling 'qemu-img' based on the data detected here +doesn't actually raise errors if the operations fail there's no point +in raising errors here either. + +Closes: https://gitlab.com/libvirt/libvirt/-/issues/844 +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit b43aee9cc904961e0f18156c3c84a3e460bdb7be) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/qemu/qemu_snapshot.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index 302775af92..dfc3f449e3 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -3135,7 +3135,8 @@ qemuSnapshotDiskHasBackingDisk(void *payload, + if (!disk->src->backingStore) + ignore_value(virStorageSourceGetMetadata(disk->src, uid, gid, 1, false)); + +- if (virStorageSourceIsSameLocation(disk->src->backingStore, iterdata->diskSrc)) { ++ if (disk->src->backingStore && ++ virStorageSourceIsSameLocation(disk->src->backingStore, iterdata->diskSrc)) { + struct _qemuSnapshotDisksWithBackingStoreData *data = + g_new0(struct _qemuSnapshotDisksWithBackingStoreData, 1); + +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch b/centos-10/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch new file mode 100644 index 0000000..3120c50 --- /dev/null +++ b/centos-10/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch @@ -0,0 +1,75 @@ +From 78e9a796a24c4f60c162ee3643c4a251c97ab1d2 Mon Sep 17 00:00:00 2001 +Message-ID: <78e9a796a24c4f60c162ee3643c4a251c97ab1d2.1769699749.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Mon, 26 Jan 2026 16:39:24 +0100 +Subject: [PATCH] qemuSnapshotDiskHasBackingDisk: Use proper 'max_depth' when + calling 'virStorageSourceGetMetadata' + +The 'max_depth' argument of 'virStorageSourceGetMetadata' doesn't just +limit how far the function goes but also fails completely if the chain +is deeper than the passed value. + +In 'qemuSnapshotDiskHasBackingDisk' we only care about finding the +backing image, so just one level below, the passed path, but due to the +above setting '1' as max_depth will make the function simply fail every +time. + +Extract and reuse QEMU_DOMAIN_STORAGE_SOURCE_CHAIN_MAX_DEPTH as the +detection depth. While '200' layers is overkill for this code, we also +start a full qemu instance just to delete an snapshot so this doens't +matter and still protects from self-referential images. + +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit 6bcdf4ee59595041c76ed2339c45503723400737) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/qemu/qemu_domain.c | 2 -- + src/qemu/qemu_domain.h | 1 + + src/qemu/qemu_snapshot.c | 4 +++- + 3 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index ac56fc7cb4..486a0e7913 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -6297,8 +6297,6 @@ qemuDomainStorageAlias(const char *device, int depth) + } + + +-#define QEMU_DOMAIN_STORAGE_SOURCE_CHAIN_MAX_DEPTH 200 +- + /** + * qemuDomainStorageSourceValidateDepth: + * @src: storage source chain to validate +diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h +index 3396f929fd..b9bb338682 100644 +--- a/src/qemu/qemu_domain.h ++++ b/src/qemu/qemu_domain.h +@@ -706,6 +706,7 @@ int qemuDomainCheckDiskStartupPolicy(virQEMUDriver *driver, + size_t diskIndex, + bool cold_boot); + ++#define QEMU_DOMAIN_STORAGE_SOURCE_CHAIN_MAX_DEPTH 200 + int qemuDomainStorageSourceValidateDepth(virStorageSource *src, + int add, + const char *diskdst); +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index 942ba0d437..c23add5103 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -3133,7 +3133,9 @@ qemuSnapshotDiskHasBackingDisk(void *payload, + NULL, &uid, &gid); + + if (!disk->src->backingStore) +- ignore_value(virStorageSourceGetMetadata(disk->src, uid, gid, 1, false)); ++ ignore_value(virStorageSourceGetMetadata(disk->src, uid, gid, ++ QEMU_DOMAIN_STORAGE_SOURCE_CHAIN_MAX_DEPTH, ++ false)); + + if (disk->src->backingStore && + virStorageSourceIsSameLocation(disk->src->backingStore, iterdata->diskSrc)) { +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch b/centos-10/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch new file mode 100644 index 0000000..c8e3ae3 --- /dev/null +++ b/centos-10/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch @@ -0,0 +1,34 @@ +From ca8a9f6b124dbfe5809c83d7f2d268bb18b9fa75 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Fri, 23 Jan 2026 08:54:32 +0100 +Subject: [PATCH] qemuSnapshotUpdateBackingStore: Remove stale comment + +The code does a 'qemu-img rebase' rather than a 'qemu-img create' what +the commit suggests. Since we enumerate all arguments right below, +there's no need for a comment. + +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit 452c281aee7a043b59a288de043ea4e3b75a6b7c) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/qemu/qemu_snapshot.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index dfc3f449e3..942ba0d437 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -3698,7 +3698,6 @@ qemuSnapshotUpdateBackingStore(qemuSnapshotDeleteExternalData *data) + struct _qemuSnapshotDisksWithBackingStoreData *backingData = cur->data; + g_autoptr(virCommand) cmd = NULL; + +- /* creates cmd line args: qemu-img create -f qcow2 -o */ + if (!(cmd = virCommandNewArgList("qemu-img", + "rebase", + "-u", +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch b/centos-10/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch new file mode 100644 index 0000000..0b1fa87 --- /dev/null +++ b/centos-10/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch @@ -0,0 +1,97 @@ +From 7d39e57db8479f4c481636c8c41311f3eabc935f Mon Sep 17 00:00:00 2001 +Message-ID: <7d39e57db8479f4c481636c8c41311f3eabc935f.1769699749.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Mon, 26 Jan 2026 16:49:50 +0100 +Subject: [PATCH] qemuSnapshotUpdateBackingStore: Retry as curent user if + qemu-img fails + +The code calls 'qemu-img rebase' to fix the backing store references. +The 'qemu-img' process here is run as the 'qemu' user or whatever the +defaults and domain XML resolve to. Since this, in certain cases, works +also on images which are not part of the backing chain and in privileged +deployments thus can be owned by 'root:root' the update may fail +(silently). + +To preserver root-squash deployments but fix also the above case, retry +the operation on failure as current user. + +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit 6bb982178b40768f37c5177f317e73562733530f) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/qemu/qemu_snapshot.c | 53 ++++++++++++++++++++++++++++------------ + 1 file changed, 38 insertions(+), 15 deletions(-) + +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index c23add5103..e30ade9dc8 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -3698,25 +3698,48 @@ qemuSnapshotUpdateBackingStore(qemuSnapshotDeleteExternalData *data) + + for (cur = data->disksWithBacking; cur; cur = g_slist_next(cur)) { + struct _qemuSnapshotDisksWithBackingStoreData *backingData = cur->data; +- g_autoptr(virCommand) cmd = NULL; ++ /* Try to run the command first as the appropriate user based on the ++ * domain definition and config. If error is returned retry as current ++ * (possibly privileged) user for cases where seclabels were reset ++ * to the default */ ++ g_autoptr(virCommand) cmd_user_qemu = NULL; ++ g_autoptr(virCommand) cmd_user_curr = NULL; + +- if (!(cmd = virCommandNewArgList("qemu-img", +- "rebase", +- "-u", +- "-F", +- virStorageFileFormatTypeToString(data->parentDiskSrc->format), +- "-f", +- virStorageFileFormatTypeToString(backingData->diskSrc->format), +- "-b", +- data->parentDiskSrc->path, +- backingData->diskSrc->path, +- NULL))) ++ if (!(cmd_user_qemu = virCommandNewArgList("qemu-img", ++ "rebase", ++ "-u", ++ "-F", ++ virStorageFileFormatTypeToString(data->parentDiskSrc->format), ++ "-f", ++ virStorageFileFormatTypeToString(backingData->diskSrc->format), ++ "-b", ++ data->parentDiskSrc->path, ++ backingData->diskSrc->path, ++ NULL))) + continue; + +- virCommandSetUID(cmd, backingData->uid); +- virCommandSetGID(cmd, backingData->gid); ++ virCommandSetUID(cmd_user_qemu, backingData->uid); ++ virCommandSetGID(cmd_user_qemu, backingData->gid); + +- ignore_value(virCommandRun(cmd, NULL)); ++ /* done on success */ ++ if (virCommandRun(cmd_user_qemu, NULL) == 0) ++ continue; ++ ++ /* retry as current user */ ++ if (!(cmd_user_curr = virCommandNewArgList("qemu-img", ++ "rebase", ++ "-u", ++ "-F", ++ virStorageFileFormatTypeToString(data->parentDiskSrc->format), ++ "-f", ++ virStorageFileFormatTypeToString(backingData->diskSrc->format), ++ "-b", ++ data->parentDiskSrc->path, ++ backingData->diskSrc->path, ++ NULL))) ++ continue; ++ ++ ignore_value(virCommandRun(cmd_user_curr, NULL)); + } + } + +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-util-json-Increase-JSON-nesting-limit-when-parsing-to-300.patch b/centos-10/SOURCES/libvirt-util-json-Increase-JSON-nesting-limit-when-parsing-to-300.patch new file mode 100644 index 0000000..0f27114 --- /dev/null +++ b/centos-10/SOURCES/libvirt-util-json-Increase-JSON-nesting-limit-when-parsing-to-300.patch @@ -0,0 +1,50 @@ +From e78a5a3559bee1bca42f8edde91e836b301876dc Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Thu, 11 Dec 2025 09:39:03 +0100 +Subject: [PATCH] util: json: Increase JSON nesting limit when parsing to 300 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The default in json-c is 32 which is too low to accomodate the 200 +snapshot layers we supported historically in the qemu driver (200 is +picked based on the 256 layer limit in libxml). + +The response to 'query-block' is otherwise too low and we fail to start +the VM when there's around 26 images in a backing chain. + +'json_tokener_new_ex' is supported since json-c 0.11 and we require at +least 0.14. + +Signed-off-by: Peter Krempa +Reviewed-by: Ján Tomko +(cherry picked from commit b49d41b7e9eb983fdfbf70c91c2a27a995af3987) +https://issues.redhat.com/browse/RHEL-135181 +--- + src/util/virjson.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/src/util/virjson.c b/src/util/virjson.c +index a799707c16..454bd657be 100644 +--- a/src/util/virjson.c ++++ b/src/util/virjson.c +@@ -1466,7 +1466,15 @@ virJSONValueFromString(const char *jsonstring) + + VIR_DEBUG("string=%s", jsonstring); + +- tok = json_tokener_new(); ++ /* When creating the tokener we need to specify the limit of the nesting ++ * depth of JSON objects. The default in json-c is 32. Since we need to ++ * support at least 200 layers of snapshots (the limit is based on a ++ * conservative take on the 256 layer nesting limit for XML in libxml), for ++ * which we have internal checks, we also need to set the JSON limit to ++ * be able to parse qemu responses for such a deeply nested snapshot list. ++ * '300' is picked a sa conservative buffer on top of the 200 layers plus ++ * some of the extra wrappers that qemu adds*/ ++ tok = json_tokener_new_ex(300); + if (!tok) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("failed to create JSON tokener")); +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch b/centos-10/SOURCES/libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch new file mode 100644 index 0000000..b3d3826 --- /dev/null +++ b/centos-10/SOURCES/libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch @@ -0,0 +1,37 @@ +From 12d480034a41e3066c6c5adab27b504cfaefea6a Mon Sep 17 00:00:00 2001 +Message-ID: <12d480034a41e3066c6c5adab27b504cfaefea6a.1769699749.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Mon, 26 Jan 2026 16:39:45 +0100 +Subject: [PATCH] virDomainSnapshotDefAssignExternalNames: Improve error + message + +Mention the 'path' where the detection failed as well as include the +possibility that the 'path' doesn't exist in the message itself. + +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit f1ad5219368b1b2c603d876f28dc852fd6da3a8d) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/conf/snapshot_conf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/conf/snapshot_conf.c b/src/conf/snapshot_conf.c +index 039ed77b84..4309667a34 100644 +--- a/src/conf/snapshot_conf.c ++++ b/src/conf/snapshot_conf.c +@@ -541,8 +541,8 @@ virDomainSnapshotDefAssignExternalNames(virDomainSnapshotDef *def, + + if (stat(origpath, &sb) < 0 || !S_ISREG(sb.st_mode)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, +- _("source for disk '%1$s' is not a regular file; refusing to generate external snapshot name"), +- disk->name); ++ _("source for disk '%1$s' (%2$s) doesn't exist or is not a regular file; refusing to generate external snapshot name"), ++ disk->name, origpath); + return -1; + } + +-- +2.52.0 diff --git a/centos-10/SOURCES/libvirt-virjsontest-Add-test-for-nesting-depth.patch b/centos-10/SOURCES/libvirt-virjsontest-Add-test-for-nesting-depth.patch new file mode 100644 index 0000000..771947b --- /dev/null +++ b/centos-10/SOURCES/libvirt-virjsontest-Add-test-for-nesting-depth.patch @@ -0,0 +1,45 @@ +From 953937e8beb9328de59b5f25eececb4901a416cc Mon Sep 17 00:00:00 2001 +Message-ID: <953937e8beb9328de59b5f25eececb4901a416cc.1769173967.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Mon, 5 Jan 2026 15:00:18 +0100 +Subject: [PATCH] virjsontest: Add test for nesting depth +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Add an example of 250 layer deep nested JSON to make sure the parser +supports it. This is in order to maintain compatibility with external +snapshots in qemu, where such a deeply nested document is returned with +a 'query-block' QMP call. + +I've used a fake JSON as a real reply from qemu is around 1.4MiB for a +200 deep image chain. + +Signed-off-by: Peter Krempa +Reviewed-by: Ján Tomko +(cherry picked from commit 16804acf14616d7357ad6a336f2ffd6d255a8d63) +https://issues.redhat.com/browse/RHEL-135181 +--- + tests/virjsondata/parse-nesting-in.json | 1 + + tests/virjsondata/parse-nesting-out.json | 1 + + 2 files changed, 2 insertions(+) + create mode 100644 tests/virjsondata/parse-nesting-in.json + create mode 120000 tests/virjsondata/parse-nesting-out.json + +diff --git a/tests/virjsondata/parse-nesting-in.json b/tests/virjsondata/parse-nesting-in.json +new file mode 100644 +index 0000000000..8bbe1a3439 +--- /dev/null ++++ b/tests/virjsondata/parse-nesting-in.json +@@ -0,0 +1 @@ ++{"n249": {"n248": {"n247": {"n246": {"n245": {"n244": {"n243": {"n242": {"n241": {"n240": {"n239": {"n238": {"n237": {"n236": {"n235": {"n234": {"n233": {"n232": {"n231": {"n230": {"n229": {"n228": {"n227": {"n226": {"n225": {"n224": {"n223": {"n222": {"n221": {"n220": {"n219": {"n218": {"n217": {"n216": {"n215": {"n214": {"n213": {"n212": {"n211": {"n210": {"n209": {"n208": {"n207": {"n206": {"n205": {"n204": {"n203": {"n202": {"n201": {"n200": {"n199": {"n198": {"n197": {"n196": {"n195": {"n194": {"n193": {"n192": {"n191": {"n190": {"n189": {"n188": {"n187": {"n186": {"n185": {"n184": {"n183": {"n182": {"n181": {"n180": {"n179": {"n178": {"n177": {"n176": {"n175": {"n174": {"n173": {"n172": {"n171": {"n170": {"n169": {"n168": {"n167": {"n166": {"n165": {"n164": {"n163": {"n162": {"n161": {"n160": {"n159": {"n158": {"n157": {"n156": {"n155": {"n154": {"n153": {"n152": {"n151": {"n150": {"n149": {"n148": {"n147": {"n146": {"n145": {"n144": {"n143": {"n142": {"n141": {"n140": {"n139": {"n138": {"n137": {"n136": {"n135": {"n134": {"n133": {"n132": {"n131": {"n130": {"n129": {"n128": {"n127": {"n126": {"n125": {"n124": {"n123": {"n122": {"n121": {"n120": {"n119": {"n118": {"n117": {"n116": {"n115": {"n114": {"n113": {"n112": {"n111": {"n110": {"n109": {"n108": {"n107": {"n106": {"n105": {"n104": {"n103": {"n102": {"n101": {"n100": {"n99": {"n98": {"n97": {"n96": {"n95": {"n94": {"n93": {"n92": {"n91": {"n90": {"n89": {"n88": {"n87": {"n86": {"n85": {"n84": {"n83": {"n82": {"n81": {"n80": {"n79": {"n78": {"n77": {"n76": {"n75": {"n74": {"n73": {"n72": {"n71": {"n70": {"n69": {"n68": {"n67": {"n66": {"n65": {"n64": {"n63": {"n62": {"n61": {"n60": {"n59": {"n58": {"n57": {"n56": {"n55": {"n54": {"n53": {"n52": {"n51": {"n50": {"n49": {"n48": {"n47": {"n46": {"n45": {"n44": {"n43": {"n42": {"n41": {"n40": {"n39": {"n38": {"n37": {"n36": {"n35": {"n34": {"n33": {"n32": {"n31": {"n30": {"n29": {"n28": {"n27": {"n26": {"n25": {"n24": {"n23": {"n22": {"n21": {"n20": {"n19": {"n18": {"n17": {"n16": {"n15": {"n14": {"n13": {"n12": {"n11": {"n10": {"n9": {"n8": {"n7": {"n6": {"n5": {"n4": {"n3": {"n2": {"n1": {"n0": "end"}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}}} +diff --git a/tests/virjsondata/parse-nesting-out.json b/tests/virjsondata/parse-nesting-out.json +new file mode 120000 +index 0000000000..d269172843 +--- /dev/null ++++ b/tests/virjsondata/parse-nesting-out.json +@@ -0,0 +1 @@ ++parse-nesting-in.json +\ No newline at end of file +-- +2.52.0 diff --git a/centos-10/SPECS/libvirt.spec b/centos-10/SPECS/libvirt.spec index 8e9f452..4023bb5 100644 --- a/centos-10/SPECS/libvirt.spec +++ b/centos-10/SPECS/libvirt.spec @@ -287,7 +287,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 11.10.0 -Release: 2%{?dist}%{?extra_release} +Release: 4%{?dist}%{?extra_release} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -302,6 +302,24 @@ Patch4: libvirt-tests-Test-virFileIsSharedFSOverride.patch Patch5: libvirt-util-Fix-race-condition-in-virFileIsSharedFSType.patch Patch6: libvirt-util-Fix-race-condition-in-virFileIsSharedFSOverride.patch Patch7: libvirt-util-Rework-virFileIsSharedFSOverride-using-virFileCheckParents.patch +Patch8: libvirt-util-json-Increase-JSON-nesting-limit-when-parsing-to-300.patch +Patch9: libvirt-virjsontest-Add-test-for-nesting-depth.patch +Patch10: libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch +Patch11: libvirt-esx-Allow-connecting-to-IPv6-server.patch +Patch12: libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch +Patch13: libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch +Patch14: libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch +Patch15: libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch +Patch16: libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch +Patch17: libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch +Patch18: libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch +Patch19: libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch +Patch20: libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch +Patch21: libvirt-esx-Debug-URL-just-before-opening-with-curl.patch +Patch22: libvirt-esx-Abstract-all-URL-creation-code-into-one-function.patch +Patch23: libvirt-esx-Switch-to-creating-URLs-using-virURIFormat.patch +Patch24: libvirt-esx_util-Introduce-esxUtil_EscapeInventoryObject.patch +Patch25: libvirt-esx-URI-encode-inventory-objects-twice.patch Requires: libvirt-daemon = %{version}-%{release} @@ -2693,6 +2711,28 @@ exit 0 %endif %changelog +* Thu Jan 29 2026 Jiri Denemark - 11.10.0-4 +- qemuDomainSetThrottleGroup: Enforce non-zero 'groupname' string length (RHEL-141820) +- qemuDomainSetBlockIoTuneField: Move setting of 'group_name' out of the loop (RHEL-141820) +- qemuDomainSetThrottleGroup: Always honour thottle group name passed as argument (RHEL-141820) +- qemuDomainSetThrottleGroup: Don't put group name into the 'tunable' event twice (RHEL-141820) +- qemuSnapshotDiskHasBackingDisk: Avoid call of virStorageSourceIsSameLocation with NULL argument (RHEL-144089) +- qemuSnapshotUpdateBackingStore: Remove stale comment (RHEL-144089) +- qemuSnapshotDiskHasBackingDisk: Use proper 'max_depth' when calling 'virStorageSourceGetMetadata' (RHEL-144089) +- virDomainSnapshotDefAssignExternalNames: Improve error message (RHEL-144089) +- qemuSnapshotUpdateBackingStore: Retry as curent user if qemu-img fails (RHEL-144089) +- esx: Debug URL just before opening with curl (RHEL-138300) +- esx: Abstract all URL-creation code into one function (RHEL-138300) +- esx: Switch to creating URLs using virURIFormat (RHEL-138300) +- esx_util: Introduce esxUtil_EscapeInventoryObject() (RHEL-140196) +- esx: URI encode inventory objects twice (RHEL-140196) + +* Fri Jan 23 2026 Jiri Denemark - 11.10.0-3 +- util: json: Increase JSON nesting limit when parsing to 300 (RHEL-135181) +- virjsontest: Add test for nesting depth (RHEL-135181) +- qemuSecurityMoveImageMetadata: Move seclabels only to virStorageSource of same type (RHEL-114412) +- esx: Allow connecting to IPv6 server (RHEL-138300) + * Thu Dec 18 2025 Jiri Denemark - 11.10.0-2 - tests: add test for a single per-device smmuv3 (RHEL-74200) - qemu: Use pci_bus to identify multi-smmuv3 model (RHEL-74200) diff --git a/centos-9/SOURCES/libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch b/centos-9/SOURCES/libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch new file mode 100644 index 0000000..375ed05 --- /dev/null +++ b/centos-9/SOURCES/libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch @@ -0,0 +1,68 @@ +From 531c9abeb0483ed64adafdd0546d77b13d913445 Mon Sep 17 00:00:00 2001 +Message-ID: <531c9abeb0483ed64adafdd0546d77b13d913445.1769699807.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Fri, 16 Jan 2026 16:38:38 +0100 +Subject: [PATCH] qemuDomainSetBlockIoTuneField: Move setting of 'group_name' + out of the loop + +The refactor will simplify further change which will introduce another +source for the group name. + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit fa064375668df0e67b4d68fdfc4a386862026f3f) + +https://issues.redhat.com/browse/RHEL-141820 [rhel-10.2] +https://issues.redhat.com/browse/RHEL-144010 [rhel-9.8] +--- + src/qemu/qemu_driver.c | 20 ++++++++++++-------- + 1 file changed, 12 insertions(+), 8 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 194017a29a..ecfb65c535 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -15173,6 +15173,7 @@ qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + int *eventNparams, + int *eventMaxparams) + { ++ const char *param_group_name = NULL; + size_t i; + + #define SET_IOTUNE_FIELD(FIELD, BOOL, CONST) \ +@@ -15218,15 +15219,8 @@ qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + WRITE_IOPS_SEC_MAX); + SET_IOTUNE_FIELD(size_iops_sec, SIZE_IOPS, SIZE_IOPS_SEC); + +- /* NB: Cannot use macro since this is a value.s not a value.ul */ + if (STREQ(param->field, VIR_DOMAIN_BLOCK_IOTUNE_GROUP_NAME)) { +- info->group_name = g_strdup(param->value.s); +- *set_fields |= QEMU_BLOCK_IOTUNE_SET_GROUP_NAME; +- if (virTypedParamsAddString(eventParams, eventNparams, +- eventMaxparams, +- VIR_DOMAIN_TUNABLE_BLKDEV_GROUP_NAME, +- param->value.s) < 0) +- return -1; ++ param_group_name = param->value.s; + continue; + } + +@@ -15244,6 +15238,16 @@ qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + WRITE_IOPS_SEC_MAX_LENGTH); + } + ++ if (param_group_name) { ++ info->group_name = g_strdup(param_group_name); ++ *set_fields |= QEMU_BLOCK_IOTUNE_SET_GROUP_NAME; ++ if (virTypedParamsAddString(eventParams, eventNparams, ++ eventMaxparams, ++ VIR_DOMAIN_TUNABLE_BLKDEV_GROUP_NAME, ++ param_group_name) < 0) ++ return -1; ++ } ++ + #undef SET_IOTUNE_FIELD + + return 0; +-- +2.52.0 diff --git a/centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch b/centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch new file mode 100644 index 0000000..9f58bb6 --- /dev/null +++ b/centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch @@ -0,0 +1,75 @@ +From a32dfdf78ac0051b3f2c218272c2baa253ffa239 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Fri, 16 Jan 2026 16:39:40 +0100 +Subject: [PATCH] qemuDomainSetThrottleGroup: Always honour thottle group name + passed as argument + +Due to the code share with 'qemuDomainSetBlockIoTune' the throttle group +setting code accepts the throttle group name also via typed parameters. + +In 'qemuDomainSetThrottleGroup', this means that there are 2 ways to +pass it the throttle group name and both are handled slightly +differently. Specifically the name of the group used in the list of +groups is the name taken from the typed parameters rather than the one +passed via API. We also don't validate that they match. + +Now if the name in the typed parameters is missing we'd add empty string +to the group list which would later crash when looking up the group +name. + +To avoid this problem always use the name passed via argument. This is +achieved by passing it into 'qemuDomainSetBlockIoTuneFields' so that it +overrides whatever is in the typed parameters. + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit 0cd13906dcf15ea5709a7b253466816a1b875640) + +https://issues.redhat.com/browse/RHEL-141820 [rhel-10.2] +https://issues.redhat.com/browse/RHEL-144010 [rhel-9.8] +--- + src/qemu/qemu_driver.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index ecfb65c535..a6d5dd6e05 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -15168,6 +15168,7 @@ static int + qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + virTypedParameterPtr params, + int nparams, ++ const char *group_name, + qemuBlockIoTuneSetFlags *set_fields, + virTypedParameterPtr *eventParams, + int *eventNparams, +@@ -15238,6 +15239,10 @@ qemuDomainSetBlockIoTuneFields(virDomainBlockIoTuneInfo *info, + WRITE_IOPS_SEC_MAX_LENGTH); + } + ++ /* The name of the throttle group passed via API always takes precedence */ ++ if (group_name) ++ param_group_name = group_name; ++ + if (param_group_name) { + info->group_name = g_strdup(param_group_name); + *set_fields |= QEMU_BLOCK_IOTUNE_SET_GROUP_NAME; +@@ -15385,6 +15390,7 @@ qemuDomainSetBlockIoTune(virDomainPtr dom, + if (qemuDomainSetBlockIoTuneFields(&info, + params, + nparams, ++ NULL, + &set_fields, + &eventParams, + &eventNparams, +@@ -20379,6 +20385,7 @@ qemuDomainSetThrottleGroup(virDomainPtr dom, + if (qemuDomainSetBlockIoTuneFields(&info, + params, + nparams, ++ groupname, + &set_fields, + &eventParams, + &eventNparams, +-- +2.52.0 diff --git a/centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch b/centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch new file mode 100644 index 0000000..0e7a2d4 --- /dev/null +++ b/centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch @@ -0,0 +1,43 @@ +From 537bc39e12472a9cd9bdaa149e680caa4eb7d5f2 Mon Sep 17 00:00:00 2001 +Message-ID: <537bc39e12472a9cd9bdaa149e680caa4eb7d5f2.1769699807.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Fri, 16 Jan 2026 16:39:49 +0100 +Subject: [PATCH] qemuDomainSetThrottleGroup: Don't put group name into the + 'tunable' event twice + +'qemuDomainSetBlockIoTuneFields' already populates the contents of the +VIR_DOMAIN_EVENT_ID_TUNABLE params with the group name so there's no +need to do it explicitly. We'd report the group name twice: + + event 'tunable' for domain 'cd': + blkdeviotune.group_name: asdf + blkdeviotune.total_bytes_sec: 1234 + blkdeviotune.group_name: asdf + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit adcc14e1538433ec1b2f4b103cdf641917e63242) + +https://issues.redhat.com/browse/RHEL-141820 [rhel-10.2] +https://issues.redhat.com/browse/RHEL-144010 [rhel-9.8] +--- + src/qemu/qemu_driver.c | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index a6d5dd6e05..08a547c546 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -20378,10 +20378,6 @@ qemuDomainSetThrottleGroup(virDomainPtr dom, + if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) + goto endjob; + +- if (virTypedParamsAddString(&eventParams, &eventNparams, &eventMaxparams, +- VIR_DOMAIN_TUNABLE_BLKDEV_GROUP_NAME, groupname) < 0) +- goto endjob; +- + if (qemuDomainSetBlockIoTuneFields(&info, + params, + nparams, +-- +2.52.0 diff --git a/centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch b/centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch new file mode 100644 index 0000000..c6d0945 --- /dev/null +++ b/centos-9/SOURCES/libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch @@ -0,0 +1,38 @@ +From 9b395b3de68aacda18bbb40f8bfba8f85087aec1 Mon Sep 17 00:00:00 2001 +Message-ID: <9b395b3de68aacda18bbb40f8bfba8f85087aec1.1769699807.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Fri, 16 Jan 2026 16:36:50 +0100 +Subject: [PATCH] qemuDomainSetThrottleGroup: Enforce non-zero 'groupname' + string length + +Having a name of 0 characters makes no sense. Reject it. + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit abcdc9511b1c78df7dcdee9f01c6d55651d3a424) + +https://issues.redhat.com/browse/RHEL-141820 [rhel-10.2] +https://issues.redhat.com/browse/RHEL-144010 [rhel-9.8] +--- + src/qemu/qemu_driver.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index f2e024dae3..194017a29a 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -20345,6 +20345,12 @@ qemuDomainSetThrottleGroup(virDomainPtr dom, + virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | + VIR_DOMAIN_AFFECT_CONFIG, -1); + ++ if (strlen(groupname) == 0) { ++ virReportError(VIR_ERR_INVALID_ARG, "%s", ++ _("'groupname' parameter string must have non-zero length")); ++ return -1; ++ } ++ + if (qemuDomainValidateBlockIoTune(params, nparams) < 0) + return -1; + +-- +2.52.0 diff --git a/centos-9/SOURCES/libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch b/centos-9/SOURCES/libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch new file mode 100644 index 0000000..ddc8a2c --- /dev/null +++ b/centos-9/SOURCES/libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch @@ -0,0 +1,57 @@ +From 887c6befa9ee57f0da96f49dd62bea463bbc75af Mon Sep 17 00:00:00 2001 +Message-ID: <887c6befa9ee57f0da96f49dd62bea463bbc75af.1769699807.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Mon, 12 Jan 2026 10:54:38 +0100 +Subject: [PATCH] qemuSecurityMoveImageMetadata: Move seclabels only to + virStorageSource of same type + +The concept of moving a seclabel is used e.g. when a new image is +introduced to the backing chain (or one of the existing ones becomes +active during block commit). What it does is that it moves the metedata +remembering the original seclabel to the new image. + +That idea works reasonably well if both the original and new image are +of same type e.g. a file, where they have comparable seclabel. + +It breaks down though when you e.g. create a snapshot stored in a 'file' +on top of a disk originally backed by a 'block' storage source, since +the seclabels differ quite siginificantly. + +This patch restricts the seclabel move in qemuSecurityMoveImageMetadata +to happen only if the storage sources are of same type to avoid the +issue. This means that the seclabels will not be remebered and will be +restored to the default but it's better than to transfer wrong labels. + +Resolves: https://issues.redhat.com/browse/RHEL-114412 + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit 37d51c0d27692a245d7a5eeeef57748e7574de4b) +https://issues.redhat.com/browse/RHEL-140624 +--- + src/qemu/qemu_security.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/qemu/qemu_security.c b/src/qemu/qemu_security.c +index 6bb0f9170d..84cb981a96 100644 +--- a/src/qemu/qemu_security.c ++++ b/src/qemu/qemu_security.c +@@ -201,6 +201,16 @@ qemuSecurityMoveImageMetadata(virQEMUDriver *driver, + if (qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT)) + pid = vm->pid; + ++ /* Moving seclabel metadata makes sense only when 'src' and 'dst' are of ++ * the same type. Otherwise 'dst' could end up with a seclabel that doesn't ++ * make sense for it (e.g. a seclabel originating from a block device /dev ++ * node moved to a file), once the seclabels are restored for it */ ++ if (src && dst && src->type != dst->type) { ++ VIR_DEBUG("dropping security label metadata instead of moving it from '%s' to '%s' due to type mismatch", ++ NULLSTR(src->path), NULLSTR(dst->path)); ++ dst = NULL; ++ } ++ + return virSecurityManagerMoveImageMetadata(driver->securityManager, + cfg->sharedFilesystems, + pid, src, dst); +-- +2.52.0 diff --git a/centos-9/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch b/centos-9/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch new file mode 100644 index 0000000..62d2a7a --- /dev/null +++ b/centos-9/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch @@ -0,0 +1,48 @@ +From 5192ca6507c19b3c98df8dff4354d2e22d946cfb Mon Sep 17 00:00:00 2001 +Message-ID: <5192ca6507c19b3c98df8dff4354d2e22d946cfb.1769699807.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Fri, 23 Jan 2026 08:42:50 +0100 +Subject: [PATCH] qemuSnapshotDiskHasBackingDisk: Avoid call of + virStorageSourceIsSameLocation with NULL argument + +When the 'backingStore' pointer is not populated the function calls +'virStorageSourceGetMetadata' to try to populate it but if the on-disk +metadata doesn't have a backing image (e.g. if it's the 'base' image of +the chain) the 'backingStore' or the metadata fetcher fails the pointer +will still be NULL. + +The function then calls 'virStorageSourceIsSameLocation' but the +internal functions for dealing with storage sources don't handle NULL +gracefully. + +Since the code calling 'qemu-img' based on the data detected here +doesn't actually raise errors if the operations fail there's no point +in raising errors here either. + +Closes: https://gitlab.com/libvirt/libvirt/-/issues/844 +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit b43aee9cc904961e0f18156c3c84a3e460bdb7be) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/qemu/qemu_snapshot.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index 302775af92..dfc3f449e3 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -3135,7 +3135,8 @@ qemuSnapshotDiskHasBackingDisk(void *payload, + if (!disk->src->backingStore) + ignore_value(virStorageSourceGetMetadata(disk->src, uid, gid, 1, false)); + +- if (virStorageSourceIsSameLocation(disk->src->backingStore, iterdata->diskSrc)) { ++ if (disk->src->backingStore && ++ virStorageSourceIsSameLocation(disk->src->backingStore, iterdata->diskSrc)) { + struct _qemuSnapshotDisksWithBackingStoreData *data = + g_new0(struct _qemuSnapshotDisksWithBackingStoreData, 1); + +-- +2.52.0 diff --git a/centos-9/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch b/centos-9/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch new file mode 100644 index 0000000..f81c7a0 --- /dev/null +++ b/centos-9/SOURCES/libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch @@ -0,0 +1,75 @@ +From f14123947915d38c9c1b9664f5da73cbf21ff4c5 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Mon, 26 Jan 2026 16:39:24 +0100 +Subject: [PATCH] qemuSnapshotDiskHasBackingDisk: Use proper 'max_depth' when + calling 'virStorageSourceGetMetadata' + +The 'max_depth' argument of 'virStorageSourceGetMetadata' doesn't just +limit how far the function goes but also fails completely if the chain +is deeper than the passed value. + +In 'qemuSnapshotDiskHasBackingDisk' we only care about finding the +backing image, so just one level below, the passed path, but due to the +above setting '1' as max_depth will make the function simply fail every +time. + +Extract and reuse QEMU_DOMAIN_STORAGE_SOURCE_CHAIN_MAX_DEPTH as the +detection depth. While '200' layers is overkill for this code, we also +start a full qemu instance just to delete an snapshot so this doens't +matter and still protects from self-referential images. + +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit 6bcdf4ee59595041c76ed2339c45503723400737) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/qemu/qemu_domain.c | 2 -- + src/qemu/qemu_domain.h | 1 + + src/qemu/qemu_snapshot.c | 4 +++- + 3 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index ac56fc7cb4..486a0e7913 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -6297,8 +6297,6 @@ qemuDomainStorageAlias(const char *device, int depth) + } + + +-#define QEMU_DOMAIN_STORAGE_SOURCE_CHAIN_MAX_DEPTH 200 +- + /** + * qemuDomainStorageSourceValidateDepth: + * @src: storage source chain to validate +diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h +index 3396f929fd..b9bb338682 100644 +--- a/src/qemu/qemu_domain.h ++++ b/src/qemu/qemu_domain.h +@@ -706,6 +706,7 @@ int qemuDomainCheckDiskStartupPolicy(virQEMUDriver *driver, + size_t diskIndex, + bool cold_boot); + ++#define QEMU_DOMAIN_STORAGE_SOURCE_CHAIN_MAX_DEPTH 200 + int qemuDomainStorageSourceValidateDepth(virStorageSource *src, + int add, + const char *diskdst); +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index 942ba0d437..c23add5103 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -3133,7 +3133,9 @@ qemuSnapshotDiskHasBackingDisk(void *payload, + NULL, &uid, &gid); + + if (!disk->src->backingStore) +- ignore_value(virStorageSourceGetMetadata(disk->src, uid, gid, 1, false)); ++ ignore_value(virStorageSourceGetMetadata(disk->src, uid, gid, ++ QEMU_DOMAIN_STORAGE_SOURCE_CHAIN_MAX_DEPTH, ++ false)); + + if (disk->src->backingStore && + virStorageSourceIsSameLocation(disk->src->backingStore, iterdata->diskSrc)) { +-- +2.52.0 diff --git a/centos-9/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch b/centos-9/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch new file mode 100644 index 0000000..c159416 --- /dev/null +++ b/centos-9/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch @@ -0,0 +1,34 @@ +From beaa6db9d526a2fe044507483d709505e1d62bb5 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Fri, 23 Jan 2026 08:54:32 +0100 +Subject: [PATCH] qemuSnapshotUpdateBackingStore: Remove stale comment + +The code does a 'qemu-img rebase' rather than a 'qemu-img create' what +the commit suggests. Since we enumerate all arguments right below, +there's no need for a comment. + +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit 452c281aee7a043b59a288de043ea4e3b75a6b7c) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/qemu/qemu_snapshot.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index dfc3f449e3..942ba0d437 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -3698,7 +3698,6 @@ qemuSnapshotUpdateBackingStore(qemuSnapshotDeleteExternalData *data) + struct _qemuSnapshotDisksWithBackingStoreData *backingData = cur->data; + g_autoptr(virCommand) cmd = NULL; + +- /* creates cmd line args: qemu-img create -f qcow2 -o */ + if (!(cmd = virCommandNewArgList("qemu-img", + "rebase", + "-u", +-- +2.52.0 diff --git a/centos-9/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch b/centos-9/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch new file mode 100644 index 0000000..8d5f560 --- /dev/null +++ b/centos-9/SOURCES/libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch @@ -0,0 +1,97 @@ +From d5878727f9fab5a93f040d1c8c340bb1d5e9da40 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Mon, 26 Jan 2026 16:49:50 +0100 +Subject: [PATCH] qemuSnapshotUpdateBackingStore: Retry as curent user if + qemu-img fails + +The code calls 'qemu-img rebase' to fix the backing store references. +The 'qemu-img' process here is run as the 'qemu' user or whatever the +defaults and domain XML resolve to. Since this, in certain cases, works +also on images which are not part of the backing chain and in privileged +deployments thus can be owned by 'root:root' the update may fail +(silently). + +To preserver root-squash deployments but fix also the above case, retry +the operation on failure as current user. + +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit 6bb982178b40768f37c5177f317e73562733530f) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/qemu/qemu_snapshot.c | 53 ++++++++++++++++++++++++++++------------ + 1 file changed, 38 insertions(+), 15 deletions(-) + +diff --git a/src/qemu/qemu_snapshot.c b/src/qemu/qemu_snapshot.c +index c23add5103..e30ade9dc8 100644 +--- a/src/qemu/qemu_snapshot.c ++++ b/src/qemu/qemu_snapshot.c +@@ -3698,25 +3698,48 @@ qemuSnapshotUpdateBackingStore(qemuSnapshotDeleteExternalData *data) + + for (cur = data->disksWithBacking; cur; cur = g_slist_next(cur)) { + struct _qemuSnapshotDisksWithBackingStoreData *backingData = cur->data; +- g_autoptr(virCommand) cmd = NULL; ++ /* Try to run the command first as the appropriate user based on the ++ * domain definition and config. If error is returned retry as current ++ * (possibly privileged) user for cases where seclabels were reset ++ * to the default */ ++ g_autoptr(virCommand) cmd_user_qemu = NULL; ++ g_autoptr(virCommand) cmd_user_curr = NULL; + +- if (!(cmd = virCommandNewArgList("qemu-img", +- "rebase", +- "-u", +- "-F", +- virStorageFileFormatTypeToString(data->parentDiskSrc->format), +- "-f", +- virStorageFileFormatTypeToString(backingData->diskSrc->format), +- "-b", +- data->parentDiskSrc->path, +- backingData->diskSrc->path, +- NULL))) ++ if (!(cmd_user_qemu = virCommandNewArgList("qemu-img", ++ "rebase", ++ "-u", ++ "-F", ++ virStorageFileFormatTypeToString(data->parentDiskSrc->format), ++ "-f", ++ virStorageFileFormatTypeToString(backingData->diskSrc->format), ++ "-b", ++ data->parentDiskSrc->path, ++ backingData->diskSrc->path, ++ NULL))) + continue; + +- virCommandSetUID(cmd, backingData->uid); +- virCommandSetGID(cmd, backingData->gid); ++ virCommandSetUID(cmd_user_qemu, backingData->uid); ++ virCommandSetGID(cmd_user_qemu, backingData->gid); + +- ignore_value(virCommandRun(cmd, NULL)); ++ /* done on success */ ++ if (virCommandRun(cmd_user_qemu, NULL) == 0) ++ continue; ++ ++ /* retry as current user */ ++ if (!(cmd_user_curr = virCommandNewArgList("qemu-img", ++ "rebase", ++ "-u", ++ "-F", ++ virStorageFileFormatTypeToString(data->parentDiskSrc->format), ++ "-f", ++ virStorageFileFormatTypeToString(backingData->diskSrc->format), ++ "-b", ++ data->parentDiskSrc->path, ++ backingData->diskSrc->path, ++ NULL))) ++ continue; ++ ++ ignore_value(virCommandRun(cmd_user_curr, NULL)); + } + } + +-- +2.52.0 diff --git a/centos-9/SOURCES/libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch b/centos-9/SOURCES/libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch new file mode 100644 index 0000000..8b9427e --- /dev/null +++ b/centos-9/SOURCES/libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch @@ -0,0 +1,37 @@ +From 75176aff12076de0511a3cc46ad820255a0d05f0 Mon Sep 17 00:00:00 2001 +Message-ID: <75176aff12076de0511a3cc46ad820255a0d05f0.1769699807.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Mon, 26 Jan 2026 16:39:45 +0100 +Subject: [PATCH] virDomainSnapshotDefAssignExternalNames: Improve error + message + +Mention the 'path' where the detection failed as well as include the +possibility that the 'path' doesn't exist in the message itself. + +Signed-off-by: Peter Krempa +Reviewed-by: Pavel Hrdina +(cherry picked from commit f1ad5219368b1b2c603d876f28dc852fd6da3a8d) + + https://issues.redhat.com/browse/RHEL-144089 [rhel-10.2] + https://issues.redhat.com/browse/RHEL-144090 [rhel-9.8] +--- + src/conf/snapshot_conf.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/conf/snapshot_conf.c b/src/conf/snapshot_conf.c +index 039ed77b84..4309667a34 100644 +--- a/src/conf/snapshot_conf.c ++++ b/src/conf/snapshot_conf.c +@@ -541,8 +541,8 @@ virDomainSnapshotDefAssignExternalNames(virDomainSnapshotDef *def, + + if (stat(origpath, &sb) < 0 || !S_ISREG(sb.st_mode)) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, +- _("source for disk '%1$s' is not a regular file; refusing to generate external snapshot name"), +- disk->name); ++ _("source for disk '%1$s' (%2$s) doesn't exist or is not a regular file; refusing to generate external snapshot name"), ++ disk->name, origpath); + return -1; + } + +-- +2.52.0 diff --git a/centos-9/SPECS/libvirt.spec b/centos-9/SPECS/libvirt.spec index 9a5a622..ec45285 100644 --- a/centos-9/SPECS/libvirt.spec +++ b/centos-9/SPECS/libvirt.spec @@ -287,7 +287,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 11.10.0 -Release: 3%{?dist}%{?extra_release} +Release: 4%{?dist}%{?extra_release} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -306,6 +306,16 @@ Patch8: libvirt-qemu_validate-Drop-VIR_DOMAIN_HYPERV_SYNIC-dependency-on-VIR_DOM Patch9: libvirt-qemu_validate-Drop-VIR_DOMAIN_HYPERV_STIMER-dependency-on-VIR_DOMAIN_HYPERV_VPINDEX.patch Patch10: libvirt-esx_util-Introduce-esxUtil_EscapeInventoryObject.patch Patch11: libvirt-esx-URI-encode-inventory-objects-twice.patch +Patch12: libvirt-qemuSecurityMoveImageMetadata-Move-seclabels-only-to-virStorageSource-of-same-type.patch +Patch13: libvirt-qemuDomainSetThrottleGroup-Enforce-non-zero-groupname-string-length.patch +Patch14: libvirt-qemuDomainSetBlockIoTuneField-Move-setting-of-group_name-out-of-the-loop.patch +Patch15: libvirt-qemuDomainSetThrottleGroup-Always-honour-thottle-group-name-passed-as-argument.patch +Patch16: libvirt-qemuDomainSetThrottleGroup-Don-t-put-group-name-into-the-tunable-event-twice.patch +Patch17: libvirt-qemuSnapshotDiskHasBackingDisk-Avoid-call-of-virStorageSourceIsSameLocation-with-NULL-argument.patch +Patch18: libvirt-qemuSnapshotUpdateBackingStore-Remove-stale-comment.patch +Patch19: libvirt-qemuSnapshotDiskHasBackingDisk-Use-proper-max_depth-when-calling-virStorageSourceGetMetadata.patch +Patch20: libvirt-virDomainSnapshotDefAssignExternalNames-Improve-error-message.patch +Patch21: libvirt-qemuSnapshotUpdateBackingStore-Retry-as-curent-user-if-qemu-img-fails.patch Requires: libvirt-daemon = %{version}-%{release} @@ -2697,6 +2707,18 @@ exit 0 %endif %changelog +* Thu Jan 29 2026 Jiri Denemark - 11.10.0-4 +- qemuSecurityMoveImageMetadata: Move seclabels only to virStorageSource of same type (RHEL-140624) +- qemuDomainSetThrottleGroup: Enforce non-zero 'groupname' string length (RHEL-144010) +- qemuDomainSetBlockIoTuneField: Move setting of 'group_name' out of the loop (RHEL-144010) +- qemuDomainSetThrottleGroup: Always honour thottle group name passed as argument (RHEL-144010) +- qemuDomainSetThrottleGroup: Don't put group name into the 'tunable' event twice (RHEL-144010) +- qemuSnapshotDiskHasBackingDisk: Avoid call of virStorageSourceIsSameLocation with NULL argument (RHEL-144090) +- qemuSnapshotUpdateBackingStore: Remove stale comment (RHEL-144090) +- qemuSnapshotDiskHasBackingDisk: Use proper 'max_depth' when calling 'virStorageSourceGetMetadata' (RHEL-144090) +- virDomainSnapshotDefAssignExternalNames: Improve error message (RHEL-144090) +- qemuSnapshotUpdateBackingStore: Retry as curent user if qemu-img fails (RHEL-144090) + * Tue Jan 13 2026 Jiri Denemark - 11.10.0-3 - util: json: Increase JSON nesting limit when parsing to 300 (RHEL-135128) - virjsontest: Add test for nesting depth (RHEL-135128) From 91415bdc1ad17495780ba5e1c5611609029e5330 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Mon, 2 Mar 2026 17:50:47 +0100 Subject: [PATCH 2/7] update f43 patches --- fedora-43/PATCHES/20-enable-zfs.patch | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/fedora-43/PATCHES/20-enable-zfs.patch b/fedora-43/PATCHES/20-enable-zfs.patch index 36362ed..a437bb9 100644 --- a/fedora-43/PATCHES/20-enable-zfs.patch +++ b/fedora-43/PATCHES/20-enable-zfs.patch @@ -10,12 +10,14 @@ diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec %define arches_numactl %{arches_x86} %{power64} aarch64 s390x %define arches_numad %{arches_x86} %{power64} aarch64 %define arches_ch x86_64 aarch64 -@@ -76,12 +76,7 @@ +@@ -76,14 +76,7 @@ %define with_storage_gluster 0 %endif --# Fedora had zfs-fuse until F43 --%if 0%{?fedora} && 0%{?fedora} < 43 +-# On Fedora 43, the 'zfs-fuse' package was removed, but is obtainable via +-# other means. Build the backend, but it's no longer considered to be part +-# of 'daemon-driver-storage'. +-%if 0%{?fedora} - %define with_storage_zfs 0%{!?_without_storage_zfs:1} -%else - %define with_storage_zfs 0 From 12bb24652b781515ebcce4c1a3553ad36c77238a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Mon, 2 Mar 2026 16:52:18 +0000 Subject: [PATCH 3/7] Backport packages from upstream --- fedora-42/SOURCES/zfs-2.4.1.tar.gz | 3 +++ fedora-42/SPECS/zfs-dkms.spec | 14 +++++++------- fedora-42/SPECS/zfs.spec | 2 +- fedora-43/SOURCES/zfs-2.4.1.tar.gz | 3 +++ fedora-43/SPECS/libvirt.spec | 19 +++++++++++++------ fedora-43/SPECS/zfs-dkms.spec | 14 +++++++------- fedora-43/SPECS/zfs.spec | 2 +- 7 files changed, 35 insertions(+), 22 deletions(-) create mode 100644 fedora-42/SOURCES/zfs-2.4.1.tar.gz create mode 100644 fedora-43/SOURCES/zfs-2.4.1.tar.gz diff --git a/fedora-42/SOURCES/zfs-2.4.1.tar.gz b/fedora-42/SOURCES/zfs-2.4.1.tar.gz new file mode 100644 index 0000000..5bc0cce --- /dev/null +++ b/fedora-42/SOURCES/zfs-2.4.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a9080ce03a91550cb0405c3466a3a1dc6bf29b8a62cf6ea44a1f53a465021991 +size 34497242 diff --git a/fedora-42/SPECS/zfs-dkms.spec b/fedora-42/SPECS/zfs-dkms.spec index 67b2cf2..94aba22 100644 --- a/fedora-42/SPECS/zfs-dkms.spec +++ b/fedora-42/SPECS/zfs-dkms.spec @@ -12,7 +12,7 @@ Name: %{module}-dkms -Version: 2.4.0 +Version: 2.4.1 Release: 1%{?dist} Summary: Kernel module(s) (dkms) @@ -32,12 +32,12 @@ Requires(post): gcc, make, perl, diffutils # Hold back kernel upgrades if kernel is not supported by ZFS %if 0%{?rhel}%{?fedora}%{?mageia}%{?suse_version}%{?openEuler} -Requires: kernel-devel >= 4.18, kernel-devel <= 6.18.999 -Requires(post): kernel-devel >= 4.18, kernel-devel <= 6.18.999 -Conflicts: kernel-devel < 4.18, kernel-devel > 6.18.999 -Requires: kernel-uname-r >= 4.18, kernel-uname-r <= 6.18.999 -Requires(post): kernel-uname-r >= 4.18, kernel-uname-r <= 6.18.999 -Conflicts: kernel-uname-r < 4.18, kernel-uname-r > 6.18.999 +Requires: kernel-devel >= 4.18, kernel-devel <= 6.19.999 +Requires(post): kernel-devel >= 4.18, kernel-devel <= 6.19.999 +Conflicts: kernel-devel < 4.18, kernel-devel > 6.19.999 +Requires: kernel-uname-r >= 4.18, kernel-uname-r <= 6.19.999 +Requires(post): kernel-uname-r >= 4.18, kernel-uname-r <= 6.19.999 +Conflicts: kernel-uname-r < 4.18, kernel-uname-r > 6.19.999 Obsoletes: spl-dkms <= %{version} %endif diff --git a/fedora-42/SPECS/zfs.spec b/fedora-42/SPECS/zfs.spec index b976cf2..f9875d1 100644 --- a/fedora-42/SPECS/zfs.spec +++ b/fedora-42/SPECS/zfs.spec @@ -102,7 +102,7 @@ sitedir = sysconfig.get_path('purelib', scheme, vars={'base': prefix}) print(sitedir);" 2>/dev/null || %{__python} -Esc "from distutils import sysconfig; print(sysconfig.get_python_lib(0,0))") Name: zfs -Version: 2.4.0 +Version: 2.4.1 Release: 1%{?dist} Summary: Commands to control the kernel modules and libraries diff --git a/fedora-43/SOURCES/zfs-2.4.1.tar.gz b/fedora-43/SOURCES/zfs-2.4.1.tar.gz new file mode 100644 index 0000000..9c83ecf --- /dev/null +++ b/fedora-43/SOURCES/zfs-2.4.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d6c3ea2775b87b1d1f7756a811c04c94470ac67665941f062de10ea226d322f +size 34508446 diff --git a/fedora-43/SPECS/libvirt.spec b/fedora-43/SPECS/libvirt.spec index 0d3f993..6fff337 100644 --- a/fedora-43/SPECS/libvirt.spec +++ b/fedora-43/SPECS/libvirt.spec @@ -284,7 +284,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 11.6.0 -Release: 2%{?dist} +Release: 3%{?dist} License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 URL: https://libvirt.org/ @@ -679,9 +679,6 @@ Requires: /usr/bin/qemu-img Obsoletes: libvirt-daemon-driver-storage-rbd < 5.2.0 %endif Obsoletes: libvirt-daemon-driver-storage-sheepdog < 8.8.0 - %if !%{with_storage_zfs} -Obsoletes: libvirt-daemon-driver-storage-zfs < 11.4.0 - %endif %description daemon-driver-storage-core The storage driver plugin for the libvirtd daemon, providing @@ -782,9 +779,13 @@ volumes using the ceph protocol. Summary: Storage driver plugin for ZFS Requires: libvirt-daemon-driver-storage-core = %{version}-%{release} Requires: libvirt-libs = %{version}-%{release} -# Support any conforming implementation of zfs +# Starting with Fedora 43 the 'zfs-fuse' is no longer shipped but obtainable +# externally. The package builds fine without these. Users will have to provide +# their own implementation. + %if 0%{?fedora} && 0%{?fedora} < 43 Requires: /sbin/zfs Requires: /sbin/zpool + %endif %description daemon-driver-storage-zfs The storage driver backend adding implementation of the storage APIs for @@ -808,7 +809,10 @@ Requires: libvirt-daemon-driver-storage-gluster = %{version}-%{release} %if %{with_storage_rbd} Requires: libvirt-daemon-driver-storage-rbd = %{version}-%{release} %endif - %if %{with_storage_zfs} +# Starting with Fedora 43 the 'zfs-fuse' is no longer shipped but obtainable +# externally. We do not want to install this as part of 'daemon-driver-storage' +# any more. + %if %{with_storage_zfs} && 0%{?fedora} && 0%{?fedora} < 43 Requires: libvirt-daemon-driver-storage-zfs = %{version}-%{release} %endif @@ -2694,6 +2698,9 @@ exit 0 %changelog +* Mon Feb 16 2026 Daniel P. Berrangé - 11.6.0-3 +- Re-enable ZFS (rhbz#2407005) + * Fri Oct 31 2025 Cole Robinson - 11.6.0-2 - Fix build with latest wireshark diff --git a/fedora-43/SPECS/zfs-dkms.spec b/fedora-43/SPECS/zfs-dkms.spec index 67b2cf2..94aba22 100644 --- a/fedora-43/SPECS/zfs-dkms.spec +++ b/fedora-43/SPECS/zfs-dkms.spec @@ -12,7 +12,7 @@ Name: %{module}-dkms -Version: 2.4.0 +Version: 2.4.1 Release: 1%{?dist} Summary: Kernel module(s) (dkms) @@ -32,12 +32,12 @@ Requires(post): gcc, make, perl, diffutils # Hold back kernel upgrades if kernel is not supported by ZFS %if 0%{?rhel}%{?fedora}%{?mageia}%{?suse_version}%{?openEuler} -Requires: kernel-devel >= 4.18, kernel-devel <= 6.18.999 -Requires(post): kernel-devel >= 4.18, kernel-devel <= 6.18.999 -Conflicts: kernel-devel < 4.18, kernel-devel > 6.18.999 -Requires: kernel-uname-r >= 4.18, kernel-uname-r <= 6.18.999 -Requires(post): kernel-uname-r >= 4.18, kernel-uname-r <= 6.18.999 -Conflicts: kernel-uname-r < 4.18, kernel-uname-r > 6.18.999 +Requires: kernel-devel >= 4.18, kernel-devel <= 6.19.999 +Requires(post): kernel-devel >= 4.18, kernel-devel <= 6.19.999 +Conflicts: kernel-devel < 4.18, kernel-devel > 6.19.999 +Requires: kernel-uname-r >= 4.18, kernel-uname-r <= 6.19.999 +Requires(post): kernel-uname-r >= 4.18, kernel-uname-r <= 6.19.999 +Conflicts: kernel-uname-r < 4.18, kernel-uname-r > 6.19.999 Obsoletes: spl-dkms <= %{version} %endif diff --git a/fedora-43/SPECS/zfs.spec b/fedora-43/SPECS/zfs.spec index b976cf2..f9875d1 100644 --- a/fedora-43/SPECS/zfs.spec +++ b/fedora-43/SPECS/zfs.spec @@ -102,7 +102,7 @@ sitedir = sysconfig.get_path('purelib', scheme, vars={'base': prefix}) print(sitedir);" 2>/dev/null || %{__python} -Esc "from distutils import sysconfig; print(sysconfig.get_python_lib(0,0))") Name: zfs -Version: 2.4.0 +Version: 2.4.1 Release: 1%{?dist} Summary: Commands to control the kernel modules and libraries From 7f339284d96dd991ba141ab93b86747bee3015f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Sun, 22 Mar 2026 03:13:12 +0000 Subject: [PATCH 4/7] Backport packages from upstream --- ...rams-via-virConnectGetAllDomainStats.patch | 248 + ...eration-latency-histogram-collection.patch | 422 + ...-migrate-pr-capability-of-scsi-block.patch | 125 + ...mwareFeatures-element-for-domaincaps.patch | 85 + ...-Include-varstore-element-in-domcaps.patch | 140 + ...ntroduce-iommufd-enum-for-domaincaps.patch | 69 + ...virDomainDefHasPCIHostdevWithIOMMUFD.patch | 132 + ...uce-virHostdevIsPCIDeviceWithIOMMUFD.patch | 89 + ...pe-rom-default-for-loader-to-drivers.patch | 104 + ...nf-Parse-and-format-varstore-element.patch | 385 + ...idation-to-consider-varstore-element.patch | 378 + ...rmwareFeature-element-for-domaincaps.patch | 88 + ...vement-related-to-firmware-selection.patch | 109 + ...bootloader-section-to-guest-firmware.patch | 159 + ...s-for-disk-driver-statistics-element.patch | 62 + ...statistics-element-under-disk-driver.patch | 51 + ...tialize-network-hostdev-private-data.patch | 94 + ...eject-NVRAM-with-read-write-firmware.patch | 165 + ...ject-ROMs-with-format-other-than-raw.patch | 157 + ...main_validate-Reject-read-write-ROMs.patch | 140 + ...de-Mention-varstore-where-applicable.patch | 69 + ...iommufd-fix-FD-leak-in-case-of-error.patch | 38 + ...-Convert-IOMMUFD-to-qemuFDPassDirect.patch | 125 + ...ert-vfioDeviceFd-to-qemuFDPassDirect.patch | 129 + ...qemu-Create-and-delete-varstore-file.patch | 118 + ...-done-via-QMP-into-a-separate-helper.patch | 144 + ...rmwareFeature-element-for-domaincaps.patch | 1675 ++++ ...-Fill-in-varstore-element-in-domcaps.patch | 1232 +++ ...-qemu-Fill-iommufd-domain-capability.patch | 1257 +++ ...virt-qemu-Ignore-cmp_legacy-CPU-flag.patch | 713 ++ ...t-for-associating-iommufd-to-hostdev.patch | 191 + ...istent-reservation-migration-control.patch | 220 + ...u-Introduce-QEMU_CAPS_OBJECT_IOMMUFD.patch | 266 + ...u-Introduce-privateData-for-hostdevs.patch | 277 + ...Introduce-qemuPrepareNVRAMFileCommon.patch | 123 + .../libvirt-qemu-Introduce-varstoreDir.patch | 135 + ...-IOMMUFD-validation-to-qemu_validate.patch | 111 + ...u-Save-IOMMUFD-state-into-status-XML.patch | 79 + ...histograms-on-startup-hotplug-update.patch | 132 + ...rocess-memory-accounting-for-iommufd.patch | 212 + ...p-namespace-and-seclabel-for-iommufd.patch | 336 + ...alidate-presence-of-uefi-vars-device.patch | 65 + ...MU_CAPS_DEVICE_SCSI_BLOCK_MIGRATE_PR.patch | 58 + ...-scsi-block-and-scsi-generic-devices.patch | 7714 +++++++++++++++++ ...block-dirty-bitmaps-during-migration.patch | 147 + ...lers-for-block-latency-histogram-set.patch | 182 + ...maps-from-qcow2-format-specific-data.patch | 173 + ...-histogram-stats-into-qemuBlockStats.patch | 168 + ...u-open-VFIO-FDs-from-libvirt-backend.patch | 247 + ...open-iommufd-FD-from-libvirt-backend.patch | 175 + ...kThrottling-to-qemuProcessSetupDisks.patch | 62 + ...maps-Always-consider-offered-bitmaps.patch | 98 + ...tmaps-Fix-check-for-existing-bitmaps.patch | 68 + ...Introduce-QEMU_CAPS_DEVICE_UEFI_VARS.patch | 172 + ...use-host-property-if-IOMMUFD-is-used.patch | 134 + ...t-building-IOMMUFD-props-to-function.patch | 73 + ...e-uefi-vars-device-where-appropriate.patch | 154 + ...u_domain-Add-missing-IOMMUFD-cleanup.patch | 33 + ...ng-both-UEFI-and-BIOS-for-ROM-loader.patch | 131 + ...irmware-Allow-matching-stateful-ROMs.patch | 259 + ...st-uefi-vars-feature-in-sanity-check.patch | 83 + ...are-Don-t-skip-autoselection-for-ROM.patch | 64 + ...lback-for-absent-nvramTemplateFormat.patch | 44 + ...u_firmware-Drop-nvram-local-variable.patch | 58 + ...-Drop-support-for-kernel-descriptors.patch | 232 + ...irmware-Fill-in-varstore-information.patch | 61 + ...enerate-varstore-path-when-necessary.patch | 86 + ...ss-combined-when-NVRAM-is-configured.patch | 72 + ...troduce-qemuFirmwareFillDomainCustom.patch | 80 + ...ing-of-nvram.format-to-loader.format.patch | 90 + ...are-Move-format-raw-compat-exception.patch | 86 + ...for-custom-loader-if-path-is-present.patch | 45 + ...arse-host-uefi-vars-firmware-feature.patch | 80 + ...fer-template-format-to-loader-format.patch | 39 + ...ROM-firmware-is-always-in-raw-format.patch | 33 + ...rmware-Refactor-setting-NVRAM-format.patch | 53 + ...ove-NVRAM-to-loader-format-copy-hack.patch | 331 + ...-Report-NVRAM-template-path-for-ROMs.patch | 49 + ...e-Retain-user-specified-NVRAM-format.patch | 108 + ...-Set-templateFormat-for-custom-paths.patch | 65 + ...re-Simplify-handling-of-legacy-paths.patch | 132 + ...irt-qemu_firmware-Split-sanity-check.patch | 66 + ...-syntax-for-ROM-firmware-descriptors.patch | 99 + ...AM-format-into-account-when-matching.patch | 66 + ...ateFormat-into-account-when-matching.patch | 231 + ...e-of-NVRAM-implies-stateful-firmware.patch | 54 + ...-to-hotplug-host-device-with-IOMMUFD.patch | 134 + ...etwork-inteface-with-hostdev-network.patch | 96 + ...e-iommufd-object-if-no-longer-needed.patch | 40 + ...nitor-in-order-to-rollback-passed-FD.patch | 46 + ...-multiple-host-devices-using-IOMMUFD.patch | 48 + ...cess-Refactor-qemuProcessOpenIommuFd.patch | 72 + ...Refactor-qemuProcessOpenVfioDeviceFd.patch | 75 + ...cess-Refactor-qemuProcessOpenVfioFds.patch | 77 + ...l-nodenames-in-testQemuDetectBitmaps.patch | 175 + ...est-Refactor-host-device-preparation.patch | 101 + ...refactor-testSetupHostdevPrivateData.patch | 78 + ...uxmlconftest-Set-fake-FD-for-IOMMUFD.patch | 98 + ...mwareFeatures-element-for-domaincaps.patch | 49 + ...virt-schema-Introduce-osnvram-define.patch | 100 + ...templateFormat-without-template-path.patch | 44 + ...ibvirt-security-Handle-varstore-file.patch | 221 + ...OMs-as-read-only-when-using-AppArmor.patch | 47 + ...unset-in-virDomainInterfaceAddresses.patch | 98 + ..._vi.c-Debug-path-element-comparisons.patch | 53 + ...-test-Default-to-ROM-type-for-loader.patch | 59 + ...virt-tests-Add-firmware-auto-bios-rw.patch | 115 + ...mware-auto-efi-enrolled-keys-aarch64.patch | 181 + ...are-auto-efi-format-loader-qcow2-rom.patch | 154 + ...to-efi-format-mismatch-nvramtemplate.patch | 165 + ...uto-efi-format-nvram-raw-loader-path.patch | 124 + ...-format-nvram-raw-nvramtemplate-path.patch | 120 + ...d-firmware-auto-efi-format-nvram-raw.patch | 251 + ...-auto-efi-format-nvramtemplate-qcow2.patch | 161 + ...d-firmware-auto-efi-varstore-aarch64.patch | 84 + ...s-Add-firmware-auto-efi-varstore-q35.patch | 84 + ...are-descriptors-for-uefi-vars-builds.patch | 815 ++ ...rt-tests-Add-firmware-manual-bios-rw.patch | 138 + ...fi-nvram-template-nonstandard-format.patch | 152 + ...am-template-nonstandard-legacy-paths.patch | 155 + ...sts-Add-firmware-manual-efi-rw-nvram.patch | 160 + ...ests-Add-firmware-manual-efi-sev-snp.patch | 162 + ...rt-tests-Add-firmware-manual-efi-tdx.patch | 164 + ...firmware-manual-efi-varstore-aarch64.patch | 89 + ...Add-firmware-manual-efi-varstore-q35.patch | 168 + ...ame-custom-JSON-firmware-descriptors.patch | 151 + ...-properly-mock-VFIO-and-IOMMU-checks.patch | 113 + ...vide-iommufd-sample-XML-and-CLI-args.patch | 635 ++ ...-openning-IOMMU-device-to-viriommufd.patch | 115 + ...-Move-openning-VFIO-device-to-virpci.patch | 123 + ...-argument-in-virPCIDeviceGetVfioPath.patch | 143 + ...t-virsh-Update-for-varstore-handling.patch | 150 + centos-10/SPECS/libvirt.spec | 283 +- ...rams-via-virConnectGetAllDomainStats.patch | 248 + ...eration-latency-histogram-collection.patch | 422 + ...-migrate-pr-capability-of-scsi-block.patch | 125 + ...ntroduce-iommufd-enum-for-domaincaps.patch | 69 + ...virDomainDefHasPCIHostdevWithIOMMUFD.patch | 132 + ...uce-virHostdevIsPCIDeviceWithIOMMUFD.patch | 89 + ...s-for-disk-driver-statistics-element.patch | 62 + ...statistics-element-under-disk-driver.patch | 51 + ...tialize-network-hostdev-private-data.patch | 94 + ...iommufd-fix-FD-leak-in-case-of-error.patch | 38 + ...-Convert-IOMMUFD-to-qemuFDPassDirect.patch | 125 + ...ert-vfioDeviceFd-to-qemuFDPassDirect.patch | 129 + ...-done-via-QMP-into-a-separate-helper.patch | 144 + ...-qemu-Fill-iommufd-domain-capability.patch | 1257 +++ ...virt-qemu-Ignore-cmp_legacy-CPU-flag.patch | 713 ++ ...t-for-associating-iommufd-to-hostdev.patch | 190 + ...istent-reservation-migration-control.patch | 220 + ...u-Introduce-QEMU_CAPS_OBJECT_IOMMUFD.patch | 266 + ...u-Introduce-privateData-for-hostdevs.patch | 276 + ...-IOMMUFD-validation-to-qemu_validate.patch | 111 + ...u-Save-IOMMUFD-state-into-status-XML.patch | 79 + ...histograms-on-startup-hotplug-update.patch | 132 + ...rocess-memory-accounting-for-iommufd.patch | 211 + ...p-namespace-and-seclabel-for-iommufd.patch | 335 + ...MU_CAPS_DEVICE_SCSI_BLOCK_MIGRATE_PR.patch | 58 + ...-scsi-block-and-scsi-generic-devices.patch | 7714 +++++++++++++++++ ...block-dirty-bitmaps-during-migration.patch | 147 + ...lers-for-block-latency-histogram-set.patch | 182 + ...maps-from-qcow2-format-specific-data.patch | 173 + ...-histogram-stats-into-qemuBlockStats.patch | 168 + ...u-open-VFIO-FDs-from-libvirt-backend.patch | 246 + ...open-iommufd-FD-from-libvirt-backend.patch | 174 + ...kThrottling-to-qemuProcessSetupDisks.patch | 62 + ...maps-Always-consider-offered-bitmaps.patch | 98 + ...tmaps-Fix-check-for-existing-bitmaps.patch | 68 + ...use-host-property-if-IOMMUFD-is-used.patch | 134 + ...t-building-IOMMUFD-props-to-function.patch | 73 + ...u_domain-Add-missing-IOMMUFD-cleanup.patch | 33 + ...-to-hotplug-host-device-with-IOMMUFD.patch | 134 + ...etwork-inteface-with-hostdev-network.patch | 96 + ...e-iommufd-object-if-no-longer-needed.patch | 40 + ...nitor-in-order-to-rollback-passed-FD.patch | 46 + ...-multiple-host-devices-using-IOMMUFD.patch | 48 + ...cess-Refactor-qemuProcessOpenIommuFd.patch | 72 + ...Refactor-qemuProcessOpenVfioDeviceFd.patch | 75 + ...cess-Refactor-qemuProcessOpenVfioFds.patch | 77 + ...l-nodenames-in-testQemuDetectBitmaps.patch | 175 + ...est-Refactor-host-device-preparation.patch | 101 + ...refactor-testSetupHostdevPrivateData.patch | 78 + ...uxmlconftest-Set-fake-FD-for-IOMMUFD.patch | 98 + ...unset-in-virDomainInterfaceAddresses.patch | 98 + ...-properly-mock-VFIO-and-IOMMU-checks.patch | 113 + ...vide-iommufd-sample-XML-and-CLI-args.patch | 634 ++ ...-openning-IOMMU-device-to-viriommufd.patch | 115 + ...-Move-openning-VFIO-device-to-virpci.patch | 123 + ...-argument-in-virPCIDeviceGetVfioPath.patch | 143 + centos-9/SPECS/libvirt.spec | 130 +- 190 files changed, 47412 insertions(+), 2 deletions(-) create mode 100644 centos-10/SOURCES/libvirt-Expose-latency-histograms-via-virConnectGetAllDomainStats.patch create mode 100644 centos-10/SOURCES/libvirt-Introduce-support-for-disk-operation-latency-histogram-collection.patch create mode 100644 centos-10/SOURCES/libvirt-RHEL-ONLY-backport-test-data-for-migrate-pr-capability-of-scsi-block.patch create mode 100644 centos-10/SOURCES/libvirt-conf-Add-firmwareFeatures-element-for-domaincaps.patch create mode 100644 centos-10/SOURCES/libvirt-conf-Include-varstore-element-in-domcaps.patch create mode 100644 centos-10/SOURCES/libvirt-conf-Introduce-iommufd-enum-for-domaincaps.patch create mode 100644 centos-10/SOURCES/libvirt-conf-Introduce-virDomainDefHasPCIHostdevWithIOMMUFD.patch create mode 100644 centos-10/SOURCES/libvirt-conf-Introduce-virHostdevIsPCIDeviceWithIOMMUFD.patch create mode 100644 centos-10/SOURCES/libvirt-conf-Move-type-rom-default-for-loader-to-drivers.patch create mode 100644 centos-10/SOURCES/libvirt-conf-Parse-and-format-varstore-element.patch create mode 100644 centos-10/SOURCES/libvirt-conf-Update-validation-to-consider-varstore-element.patch create mode 100644 centos-10/SOURCES/libvirt-docs-Document-firmwareFeature-element-for-domaincaps.patch create mode 100644 centos-10/SOURCES/libvirt-docs-Improvement-related-to-firmware-selection.patch create mode 100644 centos-10/SOURCES/libvirt-docs-Rename-BIOS-bootloader-section-to-guest-firmware.patch create mode 100644 centos-10/SOURCES/libvirt-docs-formatdomain-Fix-indentation-of-docs-for-disk-driver-statistics-element.patch create mode 100644 centos-10/SOURCES/libvirt-docs-formatdomain-Reword-section-about-the-statistics-element-under-disk-driver.patch create mode 100644 centos-10/SOURCES/libvirt-domain_conf-initialize-network-hostdev-private-data.patch create mode 100644 centos-10/SOURCES/libvirt-domain_validate-Reject-NVRAM-with-read-write-firmware.patch create mode 100644 centos-10/SOURCES/libvirt-domain_validate-Reject-ROMs-with-format-other-than-raw.patch create mode 100644 centos-10/SOURCES/libvirt-domain_validate-Reject-read-write-ROMs.patch create mode 100644 centos-10/SOURCES/libvirt-include-Mention-varstore-where-applicable.patch create mode 100644 centos-10/SOURCES/libvirt-iommufd-fix-FD-leak-in-case-of-error.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Convert-IOMMUFD-to-qemuFDPassDirect.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Convert-vfioDeviceFd-to-qemuFDPassDirect.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Create-and-delete-varstore-file.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Extract-disk-setup-done-via-QMP-into-a-separate-helper.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Fill-in-firmwareFeature-element-for-domaincaps.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Fill-in-varstore-element-in-domcaps.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Fill-iommufd-domain-capability.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Ignore-cmp_legacy-CPU-flag.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Implement-support-for-associating-iommufd-to-hostdev.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Implement-support-for-persistent-reservation-migration-control.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Introduce-QEMU_CAPS_OBJECT_IOMMUFD.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Introduce-privateData-for-hostdevs.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Introduce-qemuPrepareNVRAMFileCommon.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Introduce-varstoreDir.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Move-IOMMUFD-validation-to-qemu_validate.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Save-IOMMUFD-state-into-status-XML.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Setup-disk-latency-histograms-on-startup-hotplug-update.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Support-per-process-memory-accounting-for-iommufd.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Update-Cgroup-namespace-and-seclabel-for-iommufd.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-Validate-presence-of-uefi-vars-device.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-capabilities-Introduce-QEMU_CAPS_DEVICE_SCSI_BLOCK_MIGRATE_PR.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-capabilities-Probe-properties-of-scsi-block-and-scsi-generic-devices.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-migration-Always-offer-block-dirty-bitmaps-during-migration.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-monitor-Add-handlers-for-block-latency-histogram-set.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-monitor-Detect-list-of-bitmaps-from-qcow2-format-specific-data.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-monitor-Extract-block-latency-histogram-stats-into-qemuBlockStats.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-open-VFIO-FDs-from-libvirt-backend.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-open-iommufd-FD-from-libvirt-backend.patch create mode 100644 centos-10/SOURCES/libvirt-qemu-process-Rename-qemuProcessSetupDiskThrottling-to-qemuProcessSetupDisks.patch create mode 100644 centos-10/SOURCES/libvirt-qemuMigrationDstPrepareAnyBlockDirtyBitmaps-Always-consider-offered-bitmaps.patch create mode 100644 centos-10/SOURCES/libvirt-qemuMigrationDstPrepareAnyBlockDirtyBitmaps-Fix-check-for-existing-bitmaps.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_capabilities-Introduce-QEMU_CAPS_DEVICE_UEFI_VARS.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_command-Don-t-use-host-property-if-IOMMUFD-is-used.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_command-Extract-building-IOMMUFD-props-to-function.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_command-Use-uefi-vars-device-where-appropriate.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_domain-Add-missing-IOMMUFD-cleanup.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Allow-matching-both-UEFI-and-BIOS-for-ROM-loader.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Allow-matching-stateful-ROMs.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Consider-host-uefi-vars-feature-in-sanity-check.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Don-t-skip-autoselection-for-ROM.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Drop-fallback-for-absent-nvramTemplateFormat.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Drop-nvram-local-variable.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Drop-support-for-kernel-descriptors.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Fill-in-varstore-information.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Generate-varstore-path-when-necessary.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Ignore-stateless-combined-when-NVRAM-is-configured.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Introduce-qemuFirmwareFillDomainCustom.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Move-copying-of-nvram.format-to-loader.format.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Move-format-raw-compat-exception.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Only-set-format-for-custom-loader-if-path-is-present.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Parse-host-uefi-vars-firmware-feature.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Prefer-template-format-to-loader-format.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-ROM-firmware-is-always-in-raw-format.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Refactor-setting-NVRAM-format.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Remove-NVRAM-to-loader-format-copy-hack.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Report-NVRAM-template-path-for-ROMs.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Retain-user-specified-NVRAM-format.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Set-templateFormat-for-custom-paths.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Simplify-handling-of-legacy-paths.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Split-sanity-check.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Support-extended-syntax-for-ROM-firmware-descriptors.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Take-NVRAM-format-into-account-when-matching.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Take-templateFormat-into-account-when-matching.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_firmware-Use-of-NVRAM-implies-stateful-firmware.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_hotplug-Add-support-to-hotplug-host-device-with-IOMMUFD.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_hotplug-Fix-crash-when-attaching-network-inteface-with-hostdev-network.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_hotplug-Remove-iommufd-object-if-no-longer-needed.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_hotplug-enter-monitor-in-order-to-rollback-passed-FD.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_process-Fix-FD-leak-with-multiple-host-devices-using-IOMMUFD.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_process-Refactor-qemuProcessOpenIommuFd.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_process-Refactor-qemuProcessOpenVfioDeviceFd.patch create mode 100644 centos-10/SOURCES/libvirt-qemu_process-Refactor-qemuProcessOpenVfioFds.patch create mode 100644 centos-10/SOURCES/libvirt-qemublocktest-Iterate-all-nodenames-in-testQemuDetectBitmaps.patch create mode 100644 centos-10/SOURCES/libvirt-qemuxmlconftest-Refactor-host-device-preparation.patch create mode 100644 centos-10/SOURCES/libvirt-qemuxmlconftest-Rename-and-refactor-testSetupHostdevPrivateData.patch create mode 100644 centos-10/SOURCES/libvirt-qemuxmlconftest-Set-fake-FD-for-IOMMUFD.patch create mode 100644 centos-10/SOURCES/libvirt-schema-Add-firmwareFeatures-element-for-domaincaps.patch create mode 100644 centos-10/SOURCES/libvirt-schema-Introduce-osnvram-define.patch create mode 100644 centos-10/SOURCES/libvirt-schemas-Allow-templateFormat-without-template-path.patch create mode 100644 centos-10/SOURCES/libvirt-security-Handle-varstore-file.patch create mode 100644 centos-10/SOURCES/libvirt-security-Mark-ROMs-as-read-only-when-using-AppArmor.patch create mode 100644 centos-10/SOURCES/libvirt-src-Use-device-alias-when-ifname-is-unset-in-virDomainInterfaceAddresses.patch create mode 100644 centos-10/SOURCES/libvirt-src-esx-esx_vi.c-Debug-path-element-comparisons.patch create mode 100644 centos-10/SOURCES/libvirt-test-Default-to-ROM-type-for-loader.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-bios-rw.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-efi-enrolled-keys-aarch64.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-efi-format-loader-qcow2-rom.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-efi-format-mismatch-nvramtemplate.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-efi-format-nvram-raw-loader-path.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-efi-format-nvram-raw-nvramtemplate-path.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-efi-format-nvram-raw.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-efi-format-nvramtemplate-qcow2.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-efi-varstore-aarch64.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-auto-efi-varstore-q35.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-descriptors-for-uefi-vars-builds.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-manual-bios-rw.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-manual-efi-nvram-template-nonstandard-format.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-manual-efi-nvram-template-nonstandard-legacy-paths.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-manual-efi-rw-nvram.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-manual-efi-sev-snp.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-manual-efi-tdx.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-manual-efi-varstore-aarch64.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Add-firmware-manual-efi-varstore-q35.patch create mode 100644 centos-10/SOURCES/libvirt-tests-Rename-custom-JSON-firmware-descriptors.patch create mode 100644 centos-10/SOURCES/libvirt-tests-properly-mock-VFIO-and-IOMMU-checks.patch create mode 100644 centos-10/SOURCES/libvirt-tests-qemuxmlconfdata-provide-iommufd-sample-XML-and-CLI-args.patch create mode 100644 centos-10/SOURCES/libvirt-util-Move-openning-IOMMU-device-to-viriommufd.patch create mode 100644 centos-10/SOURCES/libvirt-util-Move-openning-VFIO-device-to-virpci.patch create mode 100644 centos-10/SOURCES/libvirt-util-Use-virPCIDevice-as-argument-in-virPCIDeviceGetVfioPath.patch create mode 100644 centos-10/SOURCES/libvirt-virsh-Update-for-varstore-handling.patch create mode 100644 centos-9/SOURCES/libvirt-Expose-latency-histograms-via-virConnectGetAllDomainStats.patch create mode 100644 centos-9/SOURCES/libvirt-Introduce-support-for-disk-operation-latency-histogram-collection.patch create mode 100644 centos-9/SOURCES/libvirt-RHEL-ONLY-backport-test-data-for-migrate-pr-capability-of-scsi-block.patch create mode 100644 centos-9/SOURCES/libvirt-conf-Introduce-iommufd-enum-for-domaincaps.patch create mode 100644 centos-9/SOURCES/libvirt-conf-Introduce-virDomainDefHasPCIHostdevWithIOMMUFD.patch create mode 100644 centos-9/SOURCES/libvirt-conf-Introduce-virHostdevIsPCIDeviceWithIOMMUFD.patch create mode 100644 centos-9/SOURCES/libvirt-docs-formatdomain-Fix-indentation-of-docs-for-disk-driver-statistics-element.patch create mode 100644 centos-9/SOURCES/libvirt-docs-formatdomain-Reword-section-about-the-statistics-element-under-disk-driver.patch create mode 100644 centos-9/SOURCES/libvirt-domain_conf-initialize-network-hostdev-private-data.patch create mode 100644 centos-9/SOURCES/libvirt-iommufd-fix-FD-leak-in-case-of-error.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Convert-IOMMUFD-to-qemuFDPassDirect.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Convert-vfioDeviceFd-to-qemuFDPassDirect.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Extract-disk-setup-done-via-QMP-into-a-separate-helper.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Fill-iommufd-domain-capability.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Ignore-cmp_legacy-CPU-flag.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Implement-support-for-associating-iommufd-to-hostdev.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Implement-support-for-persistent-reservation-migration-control.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Introduce-QEMU_CAPS_OBJECT_IOMMUFD.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Introduce-privateData-for-hostdevs.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Move-IOMMUFD-validation-to-qemu_validate.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Save-IOMMUFD-state-into-status-XML.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Setup-disk-latency-histograms-on-startup-hotplug-update.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Support-per-process-memory-accounting-for-iommufd.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-Update-Cgroup-namespace-and-seclabel-for-iommufd.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-capabilities-Introduce-QEMU_CAPS_DEVICE_SCSI_BLOCK_MIGRATE_PR.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-capabilities-Probe-properties-of-scsi-block-and-scsi-generic-devices.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-migration-Always-offer-block-dirty-bitmaps-during-migration.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-monitor-Add-handlers-for-block-latency-histogram-set.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-monitor-Detect-list-of-bitmaps-from-qcow2-format-specific-data.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-monitor-Extract-block-latency-histogram-stats-into-qemuBlockStats.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-open-VFIO-FDs-from-libvirt-backend.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-open-iommufd-FD-from-libvirt-backend.patch create mode 100644 centos-9/SOURCES/libvirt-qemu-process-Rename-qemuProcessSetupDiskThrottling-to-qemuProcessSetupDisks.patch create mode 100644 centos-9/SOURCES/libvirt-qemuMigrationDstPrepareAnyBlockDirtyBitmaps-Always-consider-offered-bitmaps.patch create mode 100644 centos-9/SOURCES/libvirt-qemuMigrationDstPrepareAnyBlockDirtyBitmaps-Fix-check-for-existing-bitmaps.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_command-Don-t-use-host-property-if-IOMMUFD-is-used.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_command-Extract-building-IOMMUFD-props-to-function.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_domain-Add-missing-IOMMUFD-cleanup.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_hotplug-Add-support-to-hotplug-host-device-with-IOMMUFD.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_hotplug-Fix-crash-when-attaching-network-inteface-with-hostdev-network.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_hotplug-Remove-iommufd-object-if-no-longer-needed.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_hotplug-enter-monitor-in-order-to-rollback-passed-FD.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_process-Fix-FD-leak-with-multiple-host-devices-using-IOMMUFD.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_process-Refactor-qemuProcessOpenIommuFd.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_process-Refactor-qemuProcessOpenVfioDeviceFd.patch create mode 100644 centos-9/SOURCES/libvirt-qemu_process-Refactor-qemuProcessOpenVfioFds.patch create mode 100644 centos-9/SOURCES/libvirt-qemublocktest-Iterate-all-nodenames-in-testQemuDetectBitmaps.patch create mode 100644 centos-9/SOURCES/libvirt-qemuxmlconftest-Refactor-host-device-preparation.patch create mode 100644 centos-9/SOURCES/libvirt-qemuxmlconftest-Rename-and-refactor-testSetupHostdevPrivateData.patch create mode 100644 centos-9/SOURCES/libvirt-qemuxmlconftest-Set-fake-FD-for-IOMMUFD.patch create mode 100644 centos-9/SOURCES/libvirt-src-Use-device-alias-when-ifname-is-unset-in-virDomainInterfaceAddresses.patch create mode 100644 centos-9/SOURCES/libvirt-tests-properly-mock-VFIO-and-IOMMU-checks.patch create mode 100644 centos-9/SOURCES/libvirt-tests-qemuxmlconfdata-provide-iommufd-sample-XML-and-CLI-args.patch create mode 100644 centos-9/SOURCES/libvirt-util-Move-openning-IOMMU-device-to-viriommufd.patch create mode 100644 centos-9/SOURCES/libvirt-util-Move-openning-VFIO-device-to-virpci.patch create mode 100644 centos-9/SOURCES/libvirt-util-Use-virPCIDevice-as-argument-in-virPCIDeviceGetVfioPath.patch diff --git a/centos-10/SOURCES/libvirt-Expose-latency-histograms-via-virConnectGetAllDomainStats.patch b/centos-10/SOURCES/libvirt-Expose-latency-histograms-via-virConnectGetAllDomainStats.patch new file mode 100644 index 0000000..fd28497 --- /dev/null +++ b/centos-10/SOURCES/libvirt-Expose-latency-histograms-via-virConnectGetAllDomainStats.patch @@ -0,0 +1,248 @@ +From 48f5933f6cd6f53997823cfe2a277b822b00264f Mon Sep 17 00:00:00 2001 +Message-ID: <48f5933f6cd6f53997823cfe2a277b822b00264f.1771336681.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Thu, 29 Jan 2026 18:10:26 +0100 +Subject: [PATCH] Expose latency histograms via 'virConnectGetAllDomainStats' + +Add documentation and constants for constructing the stats field names +for latency histograms and expose them in the qemu driver: + +Example: + + block.1.latency_histogram.read.bin.count=9 + block.1.latency_histogram.read.bin.0.start=0 + block.1.latency_histogram.read.bin.0.value=0 + block.1.latency_histogram.read.bin.1.start=10 + block.1.latency_histogram.read.bin.1.value=0 + block.1.latency_histogram.read.bin.2.start=100 + block.1.latency_histogram.read.bin.2.value=0 + block.1.latency_histogram.read.bin.3.start=1000 + block.1.latency_histogram.read.bin.3.value=1047 + block.1.latency_histogram.read.bin.4.start=10000 + block.1.latency_histogram.read.bin.4.value=2131 + block.1.latency_histogram.read.bin.5.start=100000 + block.1.latency_histogram.read.bin.5.value=0 + block.1.latency_histogram.read.bin.6.start=1000000 + block.1.latency_histogram.read.bin.6.value=0 + block.1.latency_histogram.read.bin.7.start=10000000 + block.1.latency_histogram.read.bin.7.value=0 + block.1.latency_histogram.read.bin.8.start=100000000 + block.1.latency_histogram.read.bin.8.value=0 + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit 237e49127a9390f054e33e689ba9db1587cdc9f1) + +https://issues.redhat.com/browse/RHEL-147866 [rhel-9.8] +https://issues.redhat.com/browse/RHEL-131335 [rhel-10.2] +--- + docs/manpages/virsh.rst | 7 ++ + include/libvirt/libvirt-domain.h | 113 +++++++++++++++++++++++++++++++ + src/qemu/qemu_driver.c | 43 ++++++++++++ + 3 files changed, 163 insertions(+) + +diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst +index a9d691824e..ff0cf1a715 100644 +--- a/docs/manpages/virsh.rst ++++ b/docs/manpages/virsh.rst +@@ -2811,6 +2811,13 @@ Information listed includes: + pending write operations in the defined interval + * ``block..timed_group..zone_append_queue_depth_avg`` - average number + of pending zone append operations in the defined interval ++* ``block..latency_histogram..bin.count`` - number of bins in ++ latency histogram. is one of ``read``, ``write``, ``zone_append``, or ++ ``flush`` ++* ``block..latency_histogram..bin..start`` start boundary of ++ a latency histogram bin in nanoseconds of given operation duration ++* ``block..latency_histogram..bin..value`` current number of ++ events corresponding to the given bin and type + + + *--iothread* returns information about IOThreads on the running guest +diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h +index 16fac6b085..8e62bd23d4 100644 +--- a/include/libvirt/libvirt-domain.h ++++ b/include/libvirt/libvirt-domain.h +@@ -3815,6 +3815,119 @@ struct _virDomainStatsRecord { + */ + # define VIR_DOMAIN_STATS_BLOCK_SUFFIX_TIMED_GROUP_SUFFIX_ZONE_APPEND_QUEUE_DEPTH_AVG ".zone_append_queue_depth_avg" + ++/** ++ * VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_READ_PREFIX: ++ * ++ * The parameter name prefix to access 'read' latency histograms. Concatenate ++ * the prefix with either: ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_COUNT ++ * to get the number of bins in given histogram ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_PREFIX and ++ * entry number formatted as an unsigned integer and one of the latency ++ * histogram suffix parameters to compelte a full bin parameter name ++ * ++ * Since: 12.1.0 ++ */ ++# define VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_READ_PREFIX ".latency_histogram.read." ++ ++/** ++ * VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_WRITE_PREFIX: ++ * ++ * The parameter name prefix to access 'write' latency histograms. Concatenate ++ * the prefix with either: ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_COUNT ++ * to get the number of bins in given histogram ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_PREFIX and ++ * entry number formatted as an unsigned integer and one of the latency ++ * histogram suffix parameters to compelte a full bin parameter name ++ * ++ * Since: 12.1.0 ++ */ ++# define VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_WRITE_PREFIX ".latency_histogram.write." ++ ++/** ++ * VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_ZONE_APPEND_PREFIX: ++ * ++ * The parameter name prefix to access 'zone_append' latency histograms. Concatenate ++ * the prefix with either: ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_COUNT ++ * to get the number of bins in given histogram ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_PREFIX and ++ * entry number formatted as an unsigned integer and one of the latency ++ * histogram suffix parameters to compelte a full bin parameter name ++ * ++ * Since: 12.1.0 ++ */ ++# define VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_ZONE_APPEND_PREFIX ".latency_histogram.zone_append." ++ ++/** ++ * VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_FLUSH_PREFIX: ++ * ++ * The parameter name prefix to access 'flush' latency histograms. Concatenate ++ * the prefix with either: ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_COUNT ++ * to get the number of bins in given histogram ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_PREFIX and ++ * entry number formatted as an unsigned integer and one of the latency ++ * histogram suffix parameters to compelte a full bin parameter name ++ * ++ * Since: 12.1.0 ++ */ ++# define VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_FLUSH_PREFIX ".latency_histogram.flush." ++ ++/** ++ * VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_COUNT: ++ * ++ * The parameter name suffix to access number of bins in one of the following ++ * latency histogram types: ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_READ_PREFIX ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_WRITE_PREFIX ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_ZONE_APPEND_PREFIX ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_FLUSH_PREFIX ++ * ++ * Number of bins in latency histogram as unsigned long long. ++ * ++ * Since: 12.1.0 ++ */ ++# define VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_COUNT "bin.count" ++ ++/** ++ * VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_PREFIX: ++ * ++ * The parameter name suffix to access a latency histogram bin in one of the ++ * following latency histogram types: ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_READ_PREFIX ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_WRITE_PREFIX ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_ZONE_APPEND_PREFIX ++ * - VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_FLUSH_PREFIX ++ * ++ * Concatenate with a bin number as unsigned int and one of the other field ++ * suffixes to access bin parameters. ++ * ++ * Since: 12.1.0 ++ */ ++# define VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_PREFIX "bin." ++ ++/** ++ * VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_SUFFIX_START: ++ * ++ * Start of the current latency histogram bin in nanoseconds as unsigned long long. ++ * ++ * Since: 12.1.0 ++ */ ++# define VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_SUFFIX_START ".start" ++ ++/** ++ * VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_SUFFIX_VALUE: ++ * ++ * Current value of the number of occurences of the latency within this bin ++ * as unsigned long long. ++ * ++ * Since: 12.1.0 ++ */ ++# define VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_SUFFIX_VALUE ".value" ++ ++ + /** + * VIR_DOMAIN_STATS_PERF_CMT: + * +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 08a547c546..f3e7410f9e 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -17597,6 +17597,36 @@ qemuDomainGetStatsBlockExportBackendStorage(const char *entryname, + } + + ++static void ++qemuDomainGetStatsBlockExportFrontendLatencyHistogram(struct qemuBlockStatsLatencyHistogram *h, ++ size_t disk_idx, ++ const char *prefix_hist, ++ virTypedParamList *par) ++{ ++ size_t i; ++ ++ if (!h) ++ return; ++ ++ virTypedParamListAddULLong(par, h->nbins, ++ VIR_DOMAIN_STATS_BLOCK_PREFIX "%zu%s" VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_COUNT, ++ disk_idx, prefix_hist); ++ ++ for (i = 0; i < h->nbins; i++) { ++ virTypedParamListAddULLong(par, h->bins[i].start, ++ VIR_DOMAIN_STATS_BLOCK_PREFIX "%zu%s" ++ VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_PREFIX "%zu" ++ VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_SUFFIX_START, ++ disk_idx, prefix_hist, i); ++ virTypedParamListAddULLong(par, h->bins[i].value, ++ VIR_DOMAIN_STATS_BLOCK_PREFIX "%zu%s" ++ VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_PREFIX "%zu" ++ VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_SUFFIX_BIN_SUFFIX_VALUE, ++ disk_idx, prefix_hist, i); ++ } ++} ++ ++ + static void + qemuDomainGetStatsBlockExportFrontend(const char *frontendname, + GHashTable *stats, +@@ -17721,6 +17751,19 @@ qemuDomainGetStatsBlockExportFrontend(const char *frontendname, + idx, i); + } + } ++ ++ qemuDomainGetStatsBlockExportFrontendLatencyHistogram(en->histogram_read, idx, ++ VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_READ_PREFIX, ++ par); ++ qemuDomainGetStatsBlockExportFrontendLatencyHistogram(en->histogram_write, idx, ++ VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_WRITE_PREFIX, ++ par); ++ qemuDomainGetStatsBlockExportFrontendLatencyHistogram(en->histogram_zone, idx, ++ VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_ZONE_APPEND_PREFIX, ++ par); ++ qemuDomainGetStatsBlockExportFrontendLatencyHistogram(en->histogram_flush, idx, ++ VIR_DOMAIN_STATS_BLOCK_SUFFIX_LATENCY_HISTOGRAM_FLUSH_PREFIX, ++ par); + } + + +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-Introduce-support-for-disk-operation-latency-histogram-collection.patch b/centos-10/SOURCES/libvirt-Introduce-support-for-disk-operation-latency-histogram-collection.patch new file mode 100644 index 0000000..c417f58 --- /dev/null +++ b/centos-10/SOURCES/libvirt-Introduce-support-for-disk-operation-latency-histogram-collection.patch @@ -0,0 +1,422 @@ +From 8fbea435edb1635ec98c9419e9249223e5c3b2b6 Mon Sep 17 00:00:00 2001 +Message-ID: <8fbea435edb1635ec98c9419e9249223e5c3b2b6.1771336682.git.jdenemar@redhat.com> +From: Peter Krempa +Date: Fri, 23 Jan 2026 17:09:27 +0100 +Subject: [PATCH] Introduce support for disk operation latency histogram + collection + +Add config and docs allowing enabling latency histogram collection for +block device operations. + +This patch sets up the docs, schema and XML infrastructure. + +Signed-off-by: Peter Krempa +Reviewed-by: Michal Privoznik +(cherry picked from commit b874c944bd8c4ffa6c51394557587c8c203f1656) + +https://issues.redhat.com/browse/RHEL-147866 [rhel-9.8] +https://issues.redhat.com/browse/RHEL-131335 [rhel-10.2] +--- + docs/formatdomain.rst | 41 ++++++ + src/conf/domain_conf.c | 133 +++++++++++++++++- + src/conf/domain_conf.h | 7 + + src/conf/schemas/domaincommon.rng | 37 ++++- + ...isk-statistics-intervals.x86_64-latest.xml | 29 ++++ + .../disk-statistics-intervals.xml | 25 ++++ + 6 files changed, 262 insertions(+), 10 deletions(-) + +diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst +index 70882c6820..31232deb3c 100644 +--- a/docs/formatdomain.rst ++++ b/docs/formatdomain.rst +@@ -3628,6 +3628,47 @@ paravirtualized driver is specified via the ``disk`` element. + + :since:`Since 11.9.0 (QEMU 10.2, virtio, ide, scsi disks only)`. + ++ Block operation latency histogram collection can be configured using ++ ```` sub-element. The histogram is collected for ++ the whole runtime of the VM, but can be re-started or reconfigured using ++ the `virDomainUpdateDeviceFlags `__ ++ API. Using the same config re-starts histogram collection. ++ ++ The optional ``type`` attribute configures specific operation to collect ++ the histogram for. Supported types are ``read``, ``write``, ``zone``, and ++ ``flush``. If the ``type`` attribute is omitted the histogram collection ++ bins bins apply to all of the aforementioned types, which can be overriden ++ with specific config. ++ ++ The ```` has multiple mandatory ```` sub-elements ++ with mandatory ``start`` attribute configuring the starting boundary of ++ the histogram bin configured in nanosecods of the operation duration and ++ the intervals must be properly ordered and non-duplicate. ++ ++ Example:: ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ [or for specific operation types] ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ :since:`Since 12.1.0`. ++ + - The optional ``queues`` attribute specifies the number of virt queues for + virtio-blk ( :since:`Since 3.9.0` ) or vhost-user-blk + ( :since:`Since 7.1.0` ) +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index f5c4d135a9..83c58ab5ff 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -2445,6 +2445,11 @@ virDomainDiskDefFree(virDomainDiskDef *def) + virObjectUnref(def->privateData); + g_slist_free_full(def->iothreads, (GDestroyNotify) virDomainIothreadMappingDefFree); + g_free(def->statistics); ++ g_free(def->histogram_boundaries); ++ g_free(def->histogram_boundaries_read); ++ g_free(def->histogram_boundaries_write); ++ g_free(def->histogram_boundaries_zone); ++ g_free(def->histogram_boundaries_flush); + + if (def->throttlefilters) { + size_t i; +@@ -8307,6 +8312,91 @@ virDomainIothreadMappingDefParse(xmlNodePtr driverNode, + } + + ++static int ++virDomainDiskDefDriverParseXMLHistogramOne(virDomainDiskDef *def, ++ xmlNodePtr cur) ++{ ++ g_autofree char *histogram_type = NULL; ++ unsigned int **histogram_config = NULL; ++ g_autoptr(GPtrArray) binNodes = virXMLNodeGetSubelementList(cur, "bin"); ++ size_t nbins = 0; ++ size_t i; ++ ++ if ((histogram_type = virXMLPropString(cur, "type"))) { ++ if (STREQ(histogram_type, "read")) { ++ histogram_config = &def->histogram_boundaries_read; ++ } else if (STREQ(histogram_type, "write")) { ++ histogram_config = &def->histogram_boundaries_write; ++ } else if (STREQ(histogram_type, "zone")) { ++ histogram_config = &def->histogram_boundaries_zone; ++ } else if (STREQ(histogram_type, "flush")) { ++ histogram_config = &def->histogram_boundaries_flush; ++ } else { ++ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, ++ _("unknown latency_histogram type '%1$s'"), ++ histogram_type); ++ return -1; ++ } ++ } else { ++ histogram_config = &def->histogram_boundaries; ++ } ++ ++ if (*histogram_config) { ++ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", ++ _("only one latency-histogram of a given type is supported")); ++ return -1; ++ } ++ ++ if (binNodes->len == 0) { ++ virReportError(VIR_ERR_XML_ERROR, "%s", ++ _("missing 'bin' elements for 'latency-histogram'")); ++ return -1; ++ } ++ ++ *histogram_config = g_new0(unsigned int, binNodes->len + 1); ++ ++ for (i = 0; i < binNodes->len; i++) { ++ unsigned int val; ++ ++ if (virXMLPropUInt(g_ptr_array_index(binNodes, i), ++ "start", 10, ++ VIR_XML_PROP_REQUIRED, ++ &val) < 0) ++ return -1; ++ ++ if (nbins > 0 && ++ (val == 0 || ++ val <= (*histogram_config)[nbins-1])) { ++ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", ++ _("the values of 'start' attribute of a 'latency-histogram' 'bin' configuration must be sorted and non-overlapping")); ++ return -1; ++ } ++ ++ if (val > 0) ++ (*histogram_config)[nbins++] = val; ++ } ++ ++ return 0; ++} ++ ++ ++static int ++virDomainDiskDefDriverParseXMLHistograms(virDomainDiskDef *def, ++ xmlNodePtr cur) ++{ ++ g_autoptr(GPtrArray) histogramNodes = virXMLNodeGetSubelementList(cur, "latency-histogram"); ++ size_t i; ++ ++ for (i = 0; i < histogramNodes->len; i++) { ++ if (virDomainDiskDefDriverParseXMLHistogramOne(def, ++ g_ptr_array_index(histogramNodes, i)) < 0) ++ return -1; ++ } ++ ++ return 0; ++} ++ ++ + static int + virDomainDiskDefDriverParseXML(virDomainDiskDef *def, + xmlNodePtr cur) +@@ -8380,6 +8470,9 @@ virDomainDiskDefDriverParseXML(virDomainDiskDef *def, + return -1; + } + } ++ ++ if (virDomainDiskDefDriverParseXMLHistograms(def, statisticsNode) < 0) ++ return -1; + } + + if (virXMLPropEnum(cur, "detect_zeroes", +@@ -23961,12 +24054,37 @@ virDomainDiskDefFormatThrottleFilters(virBuffer *buf, + } + + ++static void ++virDomainDiskDefFormatDriverHistogram(virBuffer *buf, ++ const char *type, ++ unsigned int *bins) ++{ ++ g_auto(virBuffer) histogramAttrBuf = VIR_BUFFER_INITIALIZER; ++ g_auto(virBuffer) histogramChildBuf = VIR_BUFFER_INIT_CHILD(buf); ++ ++ if (!bins || bins[0] == 0) ++ return; ++ ++ if (type) ++ virBufferAsprintf(&histogramAttrBuf, " type='%s'", type); ++ ++ /* we dont store the start boundary of the first bin but it's always there */ ++ virBufferAddLit(&histogramChildBuf, "\n"); ++ ++ for (; *bins > 0; bins++) ++ virBufferAsprintf(&histogramChildBuf, "\n", *bins); ++ ++ virXMLFormatElement(buf, "latency-histogram", &histogramAttrBuf, &histogramChildBuf); ++} ++ ++ + static void + virDomainDiskDefFormatDriver(virBuffer *buf, + virDomainDiskDef *disk) + { + g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER; + g_auto(virBuffer) childBuf = VIR_BUFFER_INIT_CHILD(buf); ++ g_auto(virBuffer) statisticsChildBuf = VIR_BUFFER_INIT_CHILD(&childBuf); + + virBufferEscapeString(&attrBuf, " name='%s'", virDomainDiskGetDriver(disk)); + +@@ -24038,16 +24156,25 @@ virDomainDiskDefFormatDriver(virBuffer *buf, + virDomainIothreadMappingDefFormat(&childBuf, disk->iothreads); + + if (disk->statistics) { +- g_auto(virBuffer) statisticsChildBuf = VIR_BUFFER_INIT_CHILD(&childBuf); + size_t i; + + for (i = 0; disk->statistics[i] > 0; i++) + virBufferAsprintf(&statisticsChildBuf, "\n", + disk->statistics[i]); +- +- virXMLFormatElement(&childBuf, "statistics", NULL, &statisticsChildBuf); + } + ++ virDomainDiskDefFormatDriverHistogram(&statisticsChildBuf, NULL, ++ disk->histogram_boundaries); ++ virDomainDiskDefFormatDriverHistogram(&statisticsChildBuf, "read", ++ disk->histogram_boundaries_read); ++ virDomainDiskDefFormatDriverHistogram(&statisticsChildBuf, "write", ++ disk->histogram_boundaries_write); ++ virDomainDiskDefFormatDriverHistogram(&statisticsChildBuf, "zone", ++ disk->histogram_boundaries_zone); ++ virDomainDiskDefFormatDriverHistogram(&statisticsChildBuf, "flush", ++ disk->histogram_boundaries_flush); ++ ++ virXMLFormatElement(&childBuf, "statistics", NULL, &statisticsChildBuf); + + virXMLFormatElement(buf, "driver", &attrBuf, &childBuf); + } +diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h +index 8f53ed96c0..b120d4a68e 100644 +--- a/src/conf/domain_conf.h ++++ b/src/conf/domain_conf.h +@@ -596,6 +596,13 @@ struct _virDomainDiskDef { + GSList *iothreads; /* List of virDomainIothreadMappingDef */ + unsigned int *statistics; /* Optional, zero terminated list of intervals to + collect statistics for */ ++ /* optional zero terminated lists of bin boundaries for latency histograms */ ++ unsigned int *histogram_boundaries; ++ unsigned int *histogram_boundaries_read; ++ unsigned int *histogram_boundaries_write; ++ unsigned int *histogram_boundaries_zone; ++ unsigned int *histogram_boundaries_flush; ++ + virDomainDiskDetectZeroes detect_zeroes; + virTristateSwitch discard_no_unref; + char *domain_name; /* backend domain name */ +diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng +index 1f9ac102a0..441328a08e 100644 +--- a/src/conf/schemas/domaincommon.rng ++++ b/src/conf/schemas/domaincommon.rng +@@ -2728,13 +2728,36 @@ + + + +- +- +- +- +- +- +- ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ read ++ write ++ zone ++ flush ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +diff --git a/tests/qemuxmlconfdata/disk-statistics-intervals.x86_64-latest.xml b/tests/qemuxmlconfdata/disk-statistics-intervals.x86_64-latest.xml +index 4c55c50ef5..d02f954073 100644 +--- a/tests/qemuxmlconfdata/disk-statistics-intervals.x86_64-latest.xml ++++ b/tests/qemuxmlconfdata/disk-statistics-intervals.x86_64-latest.xml +@@ -22,6 +22,11 @@ + + + ++ ++ ++ ++ ++ + + + +@@ -33,6 +38,30 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +diff --git a/tests/qemuxmlconfdata/disk-statistics-intervals.xml b/tests/qemuxmlconfdata/disk-statistics-intervals.xml +index f5e801f5a8..5f9e9470d7 100644 +--- a/tests/qemuxmlconfdata/disk-statistics-intervals.xml ++++ b/tests/qemuxmlconfdata/disk-statistics-intervals.xml +@@ -19,6 +19,11 @@ + + + ++ ++ ++ ++ ++ + + + +@@ -29,6 +34,26 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-RHEL-ONLY-backport-test-data-for-migrate-pr-capability-of-scsi-block.patch b/centos-10/SOURCES/libvirt-RHEL-ONLY-backport-test-data-for-migrate-pr-capability-of-scsi-block.patch new file mode 100644 index 0000000..de4bb90 --- /dev/null +++ b/centos-10/SOURCES/libvirt-RHEL-ONLY-backport-test-data-for-migrate-pr-capability-of-scsi-block.patch @@ -0,0 +1,125 @@ +From c2eb6d70891d9be5ce13f07946841239a81c3ed9 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Peter Krempa +Date: Mon, 16 Feb 2026 15:08:54 +0100 +Subject: [PATCH] RHEL-ONLY: backport test data for 'migrate-pr' capability of + 'scsi-block' + +In upstream qemu the capability is present starting with qemu-11.0. We +don't have the test data downstream and backporting them would be too +invasive. Backport the relevant capability detection as a +downstream-only fix. + +https://issues.redhat.com/browse/RHEL-140614 [rhel-9.8] +https://issues.redhat.com/browse/RHEL-135115 [rhel-10.2] + +Signed-off-by: Peter Krempa +--- + .../caps_10.2.0_x86_64.replies | 79 ++++++++++++++++++- + .../caps_10.2.0_x86_64.xml | 1 + + 2 files changed, 76 insertions(+), 4 deletions(-) + +diff --git a/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.replies b/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.replies +index cb4abb4533..10db9baca1 100644 +--- a/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.replies ++++ b/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.replies +@@ -33081,10 +33081,81 @@ + } + + { +- "error": { +- "class": "DeviceNotFound", +- "desc": "The libvirt device dump was not collected for this version+device tuple" +- }, ++ "return": [ ++ { ++ "default-value": 4294967295, ++ "name": "scsi-id", ++ "type": "uint32" ++ }, ++ { ++ "default-value": 4294967295, ++ "name": "lun", ++ "type": "uint32" ++ }, ++ { ++ "default-value": 0, ++ "name": "channel", ++ "type": "uint32" ++ }, ++ { ++ "default-value": "auto", ++ "name": "rerror", ++ "description": "Error handling policy (report/ignore/enospc/stop/auto)", ++ "type": "BlockdevOnError" ++ }, ++ { ++ "default-value": 2147483647, ++ "name": "max_io_size", ++ "type": "uint64" ++ }, ++ { ++ "default-value": false, ++ "name": "share-rw", ++ "description": "on/off", ++ "type": "bool" ++ }, ++ { ++ "default-value": true, ++ "name": "migrate-pr", ++ "description": "on/off", ++ "type": "bool" ++ }, ++ { ++ "default-value": "auto", ++ "name": "werror", ++ "description": "Error handling policy (report/ignore/enospc/stop/auto)", ++ "type": "BlockdevOnError" ++ }, ++ { ++ "default-value": 1073741824, ++ "name": "max_unmap_size", ++ "type": "uint64" ++ }, ++ { ++ "default-value": -1, ++ "name": "scsi_version", ++ "type": "int32" ++ }, ++ { ++ "default-value": 0, ++ "name": "rotation_rate", ++ "type": "uint16" ++ }, ++ { ++ "name": "drive", ++ "description": "Node name or ID of a block device to use as a backend", ++ "type": "str" ++ }, ++ { ++ "default-value": 30, ++ "name": "io_timeout", ++ "type": "uint32" ++ }, ++ { ++ "name": "bootindex", ++ "type": "int32" ++ } ++ ], + "id": "libvirt-37" + } + +diff --git a/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml b/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml +index 7cff2c2291..7d5a75ce88 100644 +--- a/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml ++++ b/tests/qemucapabilitiesdata/caps_10.2.0_x86_64.xml +@@ -215,6 +215,7 @@ + + + ++ + 10001091 + 43100287 + v10.2.0-rc1-38-gfb241d0a1f +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-conf-Add-firmwareFeatures-element-for-domaincaps.patch b/centos-10/SOURCES/libvirt-conf-Add-firmwareFeatures-element-for-domaincaps.patch new file mode 100644 index 0000000..8896e29 --- /dev/null +++ b/centos-10/SOURCES/libvirt-conf-Add-firmwareFeatures-element-for-domaincaps.patch @@ -0,0 +1,85 @@ +From 271cfe0d7954d5398af307b24fc5b601977975b8 Mon Sep 17 00:00:00 2001 +Message-ID: <271cfe0d7954d5398af307b24fc5b601977975b8.1772815313.git.jdenemar@redhat.com> +From: Andrea Bolognani +Date: Mon, 9 Feb 2026 21:28:50 +0100 +Subject: [PATCH] conf: Add firmwareFeatures element for domaincaps + +Signed-off-by: Andrea Bolognani +Reviewed-by: Michal Privoznik +(cherry picked from commit 928bdc3e67b29ff2314ff538905703e299b1e47e) + +https://issues.redhat.com/browse/RHEL-82645 + +Signed-off-by: Andrea Bolognani +--- + src/conf/domain_capabilities.c | 15 +++++++++++++++ + src/conf/domain_capabilities.h | 8 ++++++++ + 2 files changed, 23 insertions(+) + +diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c +index 49179b97ab..9b3577cd08 100644 +--- a/src/conf/domain_capabilities.c ++++ b/src/conf/domain_capabilities.c +@@ -422,6 +422,19 @@ virDomainCapsFeatureFormatSimple(virBuffer *buf, + } + + ++static void ++virDomainCapsFirmwareFeaturesFormat(virBuffer *buf, ++ const virDomainCapsFirmwareFeatures *firmwareFeatures) ++{ ++ FORMAT_PROLOGUE(firmwareFeatures); ++ ++ ENUM_PROCESS(firmwareFeatures, secureBoot, virTristateBoolTypeToString); ++ ENUM_PROCESS(firmwareFeatures, enrolledKeys, virTristateBoolTypeToString); ++ ++ FORMAT_EPILOGUE(firmwareFeatures); ++} ++ ++ + static void + virDomainCapsLoaderFormat(virBuffer *buf, + const virDomainCapsLoader *loader) +@@ -440,12 +453,14 @@ static void + virDomainCapsOSFormat(virBuffer *buf, + const virDomainCapsOS *os) + { ++ const virDomainCapsFirmwareFeatures *firmwareFeatures = &os->firmwareFeatures; + const virDomainCapsLoader *loader = &os->loader; + + FORMAT_PROLOGUE(os); + + ENUM_PROCESS(os, firmware, virDomainOsDefFirmwareTypeToString); + ++ virDomainCapsFirmwareFeaturesFormat(&childBuf, firmwareFeatures); + virDomainCapsLoaderFormat(&childBuf, loader); + + FORMAT_EPILOGUE(os); +diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h +index b10370db8f..a68fafe235 100644 +--- a/src/conf/domain_capabilities.h ++++ b/src/conf/domain_capabilities.h +@@ -43,6 +43,13 @@ struct _virDomainCapsStringValues { + size_t nvalues; /* number of strings */ + }; + ++typedef struct _virDomainCapsFirmwareFeatures virDomainCapsFirmwareFeatures; ++struct _virDomainCapsFirmwareFeatures { ++ virTristateBool supported; ++ virDomainCapsEnum secureBoot; ++ virDomainCapsEnum enrolledKeys; ++}; ++ + STATIC_ASSERT_ENUM(VIR_DOMAIN_LOADER_TYPE_LAST); + STATIC_ASSERT_ENUM(VIR_TRISTATE_BOOL_LAST); + typedef struct _virDomainCapsLoader virDomainCapsLoader; +@@ -59,6 +66,7 @@ typedef struct _virDomainCapsOS virDomainCapsOS; + struct _virDomainCapsOS { + virTristateBool supported; + virDomainCapsEnum firmware; /* Info about virDomainOsDefFirmware */ ++ virDomainCapsFirmwareFeatures firmwareFeatures; + virDomainCapsLoader loader; /* Info about virDomainLoaderDef */ + }; + +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-conf-Include-varstore-element-in-domcaps.patch b/centos-10/SOURCES/libvirt-conf-Include-varstore-element-in-domcaps.patch new file mode 100644 index 0000000..f254bed --- /dev/null +++ b/centos-10/SOURCES/libvirt-conf-Include-varstore-element-in-domcaps.patch @@ -0,0 +1,140 @@ +From af94300604718604a70a5d587e56187ffe5e6557 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Andrea Bolognani +Date: Fri, 30 Jan 2026 17:46:30 +0100 +Subject: [PATCH] conf: Include varstore element in domcaps +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We want to advertise whether the element is usable when +defining new domains. + +Signed-off-by: Andrea Bolognani +Reviewed-by: Michal Privoznik +Acked-by: Gerd Hoffmann +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 3d6987914bb10beb11b9eb5e83ec2194dfab1659) + +https://issues.redhat.com/browse/RHEL-82645 + +Signed-off-by: Andrea Bolognani +--- + docs/formatdomaincaps.rst | 7 +++++++ + src/conf/domain_capabilities.c | 10 ++++++++++ + src/conf/domain_capabilities.h | 6 ++++++ + src/conf/schemas/domaincaps.rng | 9 +++++++++ + 4 files changed, 32 insertions(+) + +diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst +index 3426b7c9cd..5a1d3f2670 100644 +--- a/docs/formatdomaincaps.rst ++++ b/docs/formatdomaincaps.rst +@@ -141,6 +141,7 @@ domains. + no + + ++ + + ... + +@@ -227,6 +228,12 @@ are the following: + possible to enforce Secure Boot, look at the ``enrolledKeys`` enum inside + the ```` element instead. + ++The ```` element :since:`(since 12.1.0)` indicates whether UEFI ++variable storage backed by the ``uefi-vars`` QEMU device can be used as an ++alternative to pflash-based NVRAM storage. This is the only type of variable ++storage compatible with Secure Boot on non-x86 architectures, but it can be ++used on x86 too. ++ + CPU configuration + ~~~~~~~~~~~~~~~~~ + +diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c +index 9b3577cd08..78b8e6e6e1 100644 +--- a/src/conf/domain_capabilities.c ++++ b/src/conf/domain_capabilities.c +@@ -449,12 +449,21 @@ virDomainCapsLoaderFormat(virBuffer *buf, + FORMAT_EPILOGUE(loader); + } + ++static void ++virDomainCapsVarstoreFormat(virBuffer *buf, ++ const virDomainCapsVarstore *varstore) ++{ ++ FORMAT_PROLOGUE(varstore); ++ FORMAT_EPILOGUE(varstore); ++} ++ + static void + virDomainCapsOSFormat(virBuffer *buf, + const virDomainCapsOS *os) + { + const virDomainCapsFirmwareFeatures *firmwareFeatures = &os->firmwareFeatures; + const virDomainCapsLoader *loader = &os->loader; ++ const virDomainCapsVarstore *varstore = &os->varstore; + + FORMAT_PROLOGUE(os); + +@@ -462,6 +471,7 @@ virDomainCapsOSFormat(virBuffer *buf, + + virDomainCapsFirmwareFeaturesFormat(&childBuf, firmwareFeatures); + virDomainCapsLoaderFormat(&childBuf, loader); ++ virDomainCapsVarstoreFormat(&childBuf, varstore); + + FORMAT_EPILOGUE(os); + } +diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h +index a68fafe235..02344fd9b6 100644 +--- a/src/conf/domain_capabilities.h ++++ b/src/conf/domain_capabilities.h +@@ -61,6 +61,11 @@ struct _virDomainCapsLoader { + virDomainCapsEnum secure; /* Info about secure:virTristateBool */ + }; + ++typedef struct _virDomainCapsVarstore virDomainCapsVarstore; ++struct _virDomainCapsVarstore { ++ virTristateBool supported; ++}; ++ + STATIC_ASSERT_ENUM(VIR_DOMAIN_OS_DEF_FIRMWARE_LAST); + typedef struct _virDomainCapsOS virDomainCapsOS; + struct _virDomainCapsOS { +@@ -68,6 +73,7 @@ struct _virDomainCapsOS { + virDomainCapsEnum firmware; /* Info about virDomainOsDefFirmware */ + virDomainCapsFirmwareFeatures firmwareFeatures; + virDomainCapsLoader loader; /* Info about virDomainLoaderDef */ ++ virDomainCapsVarstore varstore; + }; + + STATIC_ASSERT_ENUM(VIR_DOMAIN_MEMORY_SOURCE_LAST); +diff --git a/src/conf/schemas/domaincaps.rng b/src/conf/schemas/domaincaps.rng +index 3b24caeca6..4682abbf41 100644 +--- a/src/conf/schemas/domaincaps.rng ++++ b/src/conf/schemas/domaincaps.rng +@@ -87,6 +87,12 @@ + + + ++ ++ ++ ++ ++ ++ + + + +@@ -98,6 +104,9 @@ + + + ++ ++ ++ + + + +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-conf-Introduce-iommufd-enum-for-domaincaps.patch b/centos-10/SOURCES/libvirt-conf-Introduce-iommufd-enum-for-domaincaps.patch new file mode 100644 index 0000000..3570634 --- /dev/null +++ b/centos-10/SOURCES/libvirt-conf-Introduce-iommufd-enum-for-domaincaps.patch @@ -0,0 +1,69 @@ +From c0fbd0d516a2c4457789d158bfdea839255d0854 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Pavel Hrdina +Date: Sat, 14 Feb 2026 06:14:20 +0100 +Subject: [PATCH] conf: Introduce iommufd enum for domaincaps + +Signed-off-by: Pavel Hrdina +Reviewed-by: Michal Privoznik +(cherry picked from commit 855f8fe9e2454555ba84696750e0e1501dd5ba80) + +Resolves: https://issues.redhat.com/browse/RHEL-148135 +Signed-off-by: Pavel Hrdina +--- + docs/formatdomaincaps.rst | 7 +++++++ + src/conf/domain_capabilities.c | 1 + + src/conf/domain_capabilities.h | 1 + + 3 files changed, 9 insertions(+) + +diff --git a/docs/formatdomaincaps.rst b/docs/formatdomaincaps.rst +index 8b4f0ecff3..6ba7f84f96 100644 +--- a/docs/formatdomaincaps.rst ++++ b/docs/formatdomaincaps.rst +@@ -461,6 +461,10 @@ Well, only if the following is enabled: + vfio + xen + ++ ++ yes ++ no ++ + + + +@@ -477,6 +481,9 @@ Well, only if the following is enabled: + ``mode="capabilities"``. + ``pciBackend`` + Options for the ``name`` attribute of the element. ++``iommufd`` ++ Options for the ``iommufd`` attribute of the element. ++ :since:`Since 12.1.0` + + RNG device + ^^^^^^^^^^ +diff --git a/src/conf/domain_capabilities.c b/src/conf/domain_capabilities.c +index f843124695..49179b97ab 100644 +--- a/src/conf/domain_capabilities.c ++++ b/src/conf/domain_capabilities.c +@@ -620,6 +620,7 @@ virDomainCapsDeviceHostdevFormat(virBuffer *buf, + ENUM_PROCESS(hostdev, subsysType, virDomainHostdevSubsysTypeToString); + ENUM_PROCESS(hostdev, capsType, virDomainHostdevCapsTypeToString); + ENUM_PROCESS(hostdev, pciBackend, virDeviceHostdevPCIDriverNameTypeToString); ++ ENUM_PROCESS(hostdev, iommufd, virTristateBoolTypeToString); + + FORMAT_EPILOGUE(hostdev); + } +diff --git a/src/conf/domain_capabilities.h b/src/conf/domain_capabilities.h +index 437981c711..b10370db8f 100644 +--- a/src/conf/domain_capabilities.h ++++ b/src/conf/domain_capabilities.h +@@ -108,6 +108,7 @@ struct _virDomainCapsDeviceHostdev { + virDomainCapsEnum subsysType; /* Info about virDomainHostdevSubsysType */ + virDomainCapsEnum capsType; /* Info about virDomainHostdevCapsType */ + virDomainCapsEnum pciBackend; /* Info about virDomainHostdevSubsysPCIBackendType */ ++ virDomainCapsEnum iommufd; /* Info about iommufd:virTristateBool */ + /* add new fields here */ + }; + +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-conf-Introduce-virDomainDefHasPCIHostdevWithIOMMUFD.patch b/centos-10/SOURCES/libvirt-conf-Introduce-virDomainDefHasPCIHostdevWithIOMMUFD.patch new file mode 100644 index 0000000..945db18 --- /dev/null +++ b/centos-10/SOURCES/libvirt-conf-Introduce-virDomainDefHasPCIHostdevWithIOMMUFD.patch @@ -0,0 +1,132 @@ +From 4e8fe2eb42b47a55e491a63e2600a24e0501fd1f Mon Sep 17 00:00:00 2001 +Message-ID: <4e8fe2eb42b47a55e491a63e2600a24e0501fd1f.1771423658.git.jdenemar@redhat.com> +From: Pavel Hrdina +Date: Sun, 15 Feb 2026 18:19:56 +0100 +Subject: [PATCH] conf: Introduce virDomainDefHasPCIHostdevWithIOMMUFD + +Signed-off-by: Pavel Hrdina +Reviewed-by: Michal Privoznik +(cherry picked from commit 4b176cfc3877cca882d63ab4ed446794d7a05722) + +Resolves: https://issues.redhat.com/browse/RHEL-150351 +Signed-off-by: Pavel Hrdina +--- + src/conf/domain_conf.c | 14 ++++++++++++++ + src/conf/domain_conf.h | 3 +++ + src/libvirt_private.syms | 1 + + src/qemu/qemu_command.c | 42 ++++++++++++---------------------------- + 4 files changed, 30 insertions(+), 30 deletions(-) + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index 9ae48e9abc..cb047e5a3e 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -32482,6 +32482,20 @@ virDomainDefHasPCIHostdev(const virDomainDef *def) + } + + ++bool ++virDomainDefHasPCIHostdevWithIOMMUFD(const virDomainDef *def) ++{ ++ size_t i; ++ ++ for (i = 0; i < def->nhostdevs; i++) { ++ if (virHostdevIsPCIDeviceWithIOMMUFD(def->hostdevs[i])) ++ return true; ++ } ++ ++ return false; ++} ++ ++ + bool + virDomainDefHasMdevHostdev(const virDomainDef *def) + { +diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h +index d958ed04f9..69a8e79c6d 100644 +--- a/src/conf/domain_conf.h ++++ b/src/conf/domain_conf.h +@@ -4655,6 +4655,9 @@ virDomainDefHasNVMeDisk(const virDomainDef *def); + bool + virDomainDefHasPCIHostdev(const virDomainDef *def); + ++bool ++virDomainDefHasPCIHostdevWithIOMMUFD(const virDomainDef *def); ++ + bool + virDomainDefHasMdevHostdev(const virDomainDef *def); + +diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms +index 863e50ec4f..effe44fe57 100644 +--- a/src/libvirt_private.syms ++++ b/src/libvirt_private.syms +@@ -348,6 +348,7 @@ virDomainDefHasNVMeDisk; + virDomainDefHasOldStyleROUEFI; + virDomainDefHasOldStyleUEFI; + virDomainDefHasPCIHostdev; ++virDomainDefHasPCIHostdevWithIOMMUFD; + virDomainDefHasTimer; + virDomainDefHasUSB; + virDomainDefHasVcpusOffline; +diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c +index c8626e6d49..3119191413 100644 +--- a/src/qemu/qemu_command.c ++++ b/src/qemu/qemu_command.c +@@ -5349,43 +5349,25 @@ qemuBuildIOMMUFDCommandLine(virCommand *cmd, + const virDomainDef *def, + virDomainObj *vm) + { +- size_t i; + qemuDomainObjPrivate *priv = vm->privateData; + g_autofree char *fdstr = g_strdup_printf("%d", priv->iommufd); ++ g_autoptr(virJSONValue) props = NULL; + ++ if (!virDomainDefHasPCIHostdevWithIOMMUFD(def)) ++ return 0; + +- for (i = 0; i < def->nhostdevs; i++) { +- virDomainHostdevDef *hostdev = def->hostdevs[i]; +- virDomainHostdevSubsys *subsys = &hostdev->source.subsys; +- g_autoptr(virJSONValue) props = NULL; ++ virCommandPassFD(cmd, priv->iommufd, VIR_COMMAND_PASS_FD_CLOSE_PARENT); + +- if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS) +- continue; ++ priv->iommufd = -1; + +- if (subsys->type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI) +- continue; ++ if (qemuMonitorCreateObjectProps(&props, "iommufd", ++ "iommufd0", ++ "S:fd", fdstr, ++ NULL) < 0) ++ return -1; + +- if (hostdev->info->type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_UNASSIGNED) +- continue; +- +- if (subsys->u.pci.driver.iommufd != VIR_TRISTATE_BOOL_YES) +- continue; +- +- virCommandPassFD(cmd, priv->iommufd, VIR_COMMAND_PASS_FD_CLOSE_PARENT); +- +- priv->iommufd = -1; +- +- if (qemuMonitorCreateObjectProps(&props, "iommufd", +- "iommufd0", +- "S:fd", fdstr, +- NULL) < 0) +- return -1; +- +- if (qemuBuildObjectCommandlineFromJSON(cmd, props) < 0) +- return -1; +- +- break; +- } ++ if (qemuBuildObjectCommandlineFromJSON(cmd, props) < 0) ++ return -1; + + return 0; + } +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-conf-Introduce-virHostdevIsPCIDeviceWithIOMMUFD.patch b/centos-10/SOURCES/libvirt-conf-Introduce-virHostdevIsPCIDeviceWithIOMMUFD.patch new file mode 100644 index 0000000..7f8e036 --- /dev/null +++ b/centos-10/SOURCES/libvirt-conf-Introduce-virHostdevIsPCIDeviceWithIOMMUFD.patch @@ -0,0 +1,89 @@ +From 615f11792c8988cfd6a30717dcc8d5d9174ea508 Mon Sep 17 00:00:00 2001 +Message-ID: <615f11792c8988cfd6a30717dcc8d5d9174ea508.1771423658.git.jdenemar@redhat.com> +From: Pavel Hrdina +Date: Sun, 15 Feb 2026 18:19:23 +0100 +Subject: [PATCH] conf: Introduce virHostdevIsPCIDeviceWithIOMMUFD + +Signed-off-by: Pavel Hrdina +Reviewed-by: Michal Privoznik +(cherry picked from commit 97eed30948e980be8b7552fff637e828768854e4) + +Resolves: https://issues.redhat.com/browse/RHEL-150351 +Signed-off-by: Pavel Hrdina +--- + src/conf/domain_conf.c | 15 +++++++++++++++ + src/conf/domain_conf.h | 3 +++ + src/libvirt_private.syms | 1 + + src/qemu/qemu_process.c | 5 +---- + 4 files changed, 20 insertions(+), 4 deletions(-) + +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index 83c58ab5ff..9ae48e9abc 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -32758,6 +32758,21 @@ virHostdevIsPCIDevice(const virDomainHostdevDef *hostdev) + } + + ++/** ++ * virHostdevIsPCIDeviceWithIOMMUFD: ++ * @hostdev: host device to check ++ * ++ * Returns true if @hostdev is a PCI device with IOMMUFD enabled, false otherwise. ++ */ ++bool ++virHostdevIsPCIDeviceWithIOMMUFD(const virDomainHostdevDef *hostdev) ++{ ++ return virHostdevIsPCIDevice(hostdev) && ++ hostdev->source.subsys.u.pci.driver.name == VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_VFIO && ++ hostdev->source.subsys.u.pci.driver.iommufd == VIR_TRISTATE_BOOL_YES; ++} ++ ++ + static void + virDomainObjGetMessagesIOErrorsSrc(virStorageSource *src, + const char *diskdst, +diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h +index b120d4a68e..d958ed04f9 100644 +--- a/src/conf/domain_conf.h ++++ b/src/conf/domain_conf.h +@@ -4713,6 +4713,9 @@ virHostdevIsMdevDevice(const virDomainHostdevDef *hostdev) + bool + virHostdevIsPCIDevice(const virDomainHostdevDef *hostdev) + ATTRIBUTE_NONNULL(1); ++bool ++virHostdevIsPCIDeviceWithIOMMUFD(const virDomainHostdevDef *hostdev) ++ ATTRIBUTE_NONNULL(1); + + void + virDomainObjGetMessagesIOErrorsChain(virStorageSource *src, +diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms +index 9ae44e31b8..863e50ec4f 100644 +--- a/src/libvirt_private.syms ++++ b/src/libvirt_private.syms +@@ -812,6 +812,7 @@ virDomainQemuMonitorEventNew; + virDomainQemuMonitorEventStateRegisterID; + virHostdevIsMdevDevice; + virHostdevIsPCIDevice; ++virHostdevIsPCIDeviceWithIOMMUFD; + virHostdevIsSCSIDevice; + + +diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c +index 7e32325fa0..3bd81c55b3 100644 +--- a/src/qemu/qemu_process.c ++++ b/src/qemu/qemu_process.c +@@ -7732,10 +7732,7 @@ qemuProcessOpenVfioFds(virDomainObj *vm) + for (i = 0; i < vm->def->nhostdevs; i++) { + virDomainHostdevDef *hostdev = vm->def->hostdevs[i]; + +- if (hostdev->mode == VIR_DOMAIN_HOSTDEV_MODE_SUBSYS && +- hostdev->source.subsys.type == VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI && +- hostdev->source.subsys.u.pci.driver.name == VIR_DEVICE_HOSTDEV_PCI_DRIVER_NAME_VFIO && +- hostdev->source.subsys.u.pci.driver.iommufd == VIR_TRISTATE_BOOL_YES) { ++ if (virHostdevIsPCIDeviceWithIOMMUFD(hostdev)) { + /* Open VFIO device FD */ + if (qemuProcessOpenVfioDeviceFd(hostdev) < 0) + return -1; +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-conf-Move-type-rom-default-for-loader-to-drivers.patch b/centos-10/SOURCES/libvirt-conf-Move-type-rom-default-for-loader-to-drivers.patch new file mode 100644 index 0000000..96b68cb --- /dev/null +++ b/centos-10/SOURCES/libvirt-conf-Move-type-rom-default-for-loader-to-drivers.patch @@ -0,0 +1,104 @@ +From 08ff36546b810ae14135c19c99fb1dc1aa5fcbb2 Mon Sep 17 00:00:00 2001 +Message-ID: <08ff36546b810ae14135c19c99fb1dc1aa5fcbb2.1772815313.git.jdenemar@redhat.com> +From: Andrea Bolognani +Date: Tue, 3 Feb 2026 15:18:39 +0100 +Subject: [PATCH] conf: Move type=rom default for loader to drivers +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Right now we set this default in the common parsing code, which +is not a big problem per se but would get in the way of some +upcoming changes. + +Leave this choice to individual drivers instead. Only the QEMU +and Xen drivers use the value for anything, so we can limit the +amount of code duplication this change causes. + +Signed-off-by: Andrea Bolognani +Reviewed-by: Michal Privoznik +Acked-by: Gerd Hoffmann +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 1504b7f687bdfc679377e605d076776b18533468) + +https://issues.redhat.com/browse/RHEL-82645 + +Signed-off-by: Andrea Bolognani +--- + src/conf/domain_postparse.c | 19 ------------------- + src/libxl/libxl_domain.c | 6 ++++++ + src/qemu/qemu_firmware.c | 5 +++++ + 3 files changed, 11 insertions(+), 19 deletions(-) + +diff --git a/src/conf/domain_postparse.c b/src/conf/domain_postparse.c +index 38e731348d..cbaae75c02 100644 +--- a/src/conf/domain_postparse.c ++++ b/src/conf/domain_postparse.c +@@ -89,22 +89,6 @@ virDomainDefPostParseMemory(virDomainDef *def, + } + + +-static int +-virDomainDefPostParseOs(virDomainDef *def) +-{ +- if (!def->os.loader) +- return 0; +- +- if (def->os.loader->path && +- def->os.loader->type == VIR_DOMAIN_LOADER_TYPE_NONE) { +- /* By default, loader is type of 'rom' */ +- def->os.loader->type = VIR_DOMAIN_LOADER_TYPE_ROM; +- } +- +- return 0; +-} +- +- + static void + virDomainDefPostParseMemtune(virDomainDef *def) + { +@@ -1251,9 +1235,6 @@ virDomainDefPostParseCommon(virDomainDef *def, + if (virDomainDefPostParseMemory(def, data->parseFlags) < 0) + return -1; + +- if (virDomainDefPostParseOs(def) < 0) +- return -1; +- + virDomainDefPostParseMemtune(def); + + if (virDomainDefRejectDuplicateControllers(def) < 0) +diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c +index 9842d6fece..c6717e31cf 100644 +--- a/src/libxl/libxl_domain.c ++++ b/src/libxl/libxl_domain.c +@@ -279,6 +279,12 @@ libxlDomainDefPostParse(virDomainDef *def, + def->features[VIR_DOMAIN_FEATURE_ACPI] = VIR_TRISTATE_SWITCH_ON; + } + ++ if (def->os.loader && ++ def->os.loader->path && ++ !def->os.loader->type) { ++ def->os.loader->type = VIR_DOMAIN_LOADER_TYPE_ROM; ++ } ++ + /* add implicit balloon device */ + if (def->memballoon == NULL) { + virDomainMemballoonDef *memballoon; +diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c +index 519828f6f9..6a074055ca 100644 +--- a/src/qemu/qemu_firmware.c ++++ b/src/qemu/qemu_firmware.c +@@ -1662,6 +1662,11 @@ qemuFirmwareFillDomainCustom(virDomainDef *def) + if (!loader) + return; + ++ if (loader->path && ++ !loader->type) { ++ loader->type = VIR_DOMAIN_LOADER_TYPE_ROM; ++ } ++ + if (loader->path && + !loader->format) { + loader->format = VIR_STORAGE_FILE_RAW; +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-conf-Parse-and-format-varstore-element.patch b/centos-10/SOURCES/libvirt-conf-Parse-and-format-varstore-element.patch new file mode 100644 index 0000000..477d66e --- /dev/null +++ b/centos-10/SOURCES/libvirt-conf-Parse-and-format-varstore-element.patch @@ -0,0 +1,385 @@ +From 50a7a37ea4d6c8ffab8110a58db1b16b9d1d7b84 Mon Sep 17 00:00:00 2001 +Message-ID: <50a7a37ea4d6c8ffab8110a58db1b16b9d1d7b84.1772815313.git.jdenemar@redhat.com> +From: Andrea Bolognani +Date: Mon, 19 Jan 2026 14:20:06 +0100 +Subject: [PATCH] conf: Parse and format varstore element +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This will be used to configure the backing storage used by the +uefi-vars QEMU device. + +Dealing with the element itself is trivial, however we have to +refactor the existing code which deals with the loader and nvram +elements slightly: in particular, we can no longer perform an +early exit if those elements are absent. + +Signed-off-by: Andrea Bolognani +Reviewed-by: Michal Privoznik +Acked-by: Gerd Hoffmann +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 3feee6d0aba5abf5e69d69b0022c08ea6bd5af3e) + +https://issues.redhat.com/browse/RHEL-82645 + +Signed-off-by: Andrea Bolognani +--- + docs/formatdomain.rst | 23 +++++++-- + docs/kbase/secureboot.rst | 46 ++++++++++++------ + src/conf/domain_conf.c | 81 ++++++++++++++++++++++++++++--- + src/conf/domain_conf.h | 9 ++++ + src/conf/schemas/domaincommon.rng | 22 ++++++++- + src/conf/virconftypes.h | 2 + + src/libvirt_private.syms | 2 + + 7 files changed, 157 insertions(+), 28 deletions(-) + +diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst +index 152fd7f530..7d6cc45efd 100644 +--- a/docs/formatdomain.rst ++++ b/docs/formatdomain.rst +@@ -196,9 +196,9 @@ harddisk, cdrom, network) determining where to obtain/find the boot image. + + ``firmware`` + The ``firmware`` attribute allows management applications to automatically +- fill ```` and ```` elements and possibly enable some +- features required by selected firmware. Accepted values are ``bios`` and +- ``efi``. ++ fill ```` and ```` or ```` elements and possibly ++ enable some features required by selected firmware. Accepted values are ++ ``bios`` and ``efi``. + The selection process scans for files describing installed firmware images in + specified location and uses the most specific one which fulfills domain + requirements. The locations in order of preference (from generic to most +@@ -311,6 +311,23 @@ harddisk, cdrom, network) determining where to obtain/find the boot image. + It is not valid to provide this element if the loader is marked as + stateless. + ++``varstore`` ++ This works much the same way as the ```` element described above, ++ except that variable storage is handled by the ``uefi-vars`` QEMU device ++ instead of being backed by a pflash device. :since:`Since 12.1.0 (QEMU only)` ++ ++ The ``path`` attribute contains the path of the domain-specific file where ++ variables are stored, while the ``template`` attribute points to a template ++ that the domain-specific file can be (re)generated from. Assuming that the ++ necessary JSON firmware descriptor files are present, both attributes will ++ be filled in automatically by libvirt. ++ ++ Using ```` instead of ```` is particularly useful on ++ non-x86 architectures such as aarch64, where it represents the only way to ++ get Secure Boot working. It can be used on x86 too, and doing so will make ++ it possible to keep UEFI authenticated variables safe from tampering without ++ requiring the use of SMM emulation. ++ + ``boot`` + The ``dev`` attribute takes one of the values "fd", "hd", "cdrom" or + "network" and is used to specify the next boot device to consider. The +diff --git a/docs/kbase/secureboot.rst b/docs/kbase/secureboot.rst +index 6c22b08d22..b411b65f00 100644 +--- a/docs/kbase/secureboot.rst ++++ b/docs/kbase/secureboot.rst +@@ -74,8 +74,8 @@ Changing an existing VM + + When a VM is defined, libvirt will pick the firmware that best + satisfies the provided criteria and record this information for use +-on subsequent boots. The resulting XML configuration will look like +-this: ++on subsequent boots. The resulting XML configuration will look either ++like this: + + :: + +@@ -88,14 +88,28 @@ this: + /var/lib/libvirt/qemu/nvram/vm_VARS.fd + + ++or like this: ++ ++:: ++ ++ ++ ++ ++ ++ ++ /usr/share/edk2/aarch64/QEMU_EFI.qemuvars.fd ++ ++ ++ + In order to force libvirt to repeat the firmware autoselection +-process, it's necessary to remove the ```` and ```` +-elements. Failure to do so will likely result in an error. ++process, it's necessary to remove the ```` as well as the ++```` or ```` elements, depending on what's ++applicable. Failure to do so will likely result in an error. + + Note that updating the XML configuration as described above is +-**not** enough to change the Secure Boot status: the NVRAM file +-associated with the VM has to be regenerated from its template as +-well. ++**not** enough to change the Secure Boot status: the NVRAM/varstore ++file associated with the VM has to be regenerated from its template ++as well. + + In order to do that, update the XML and then start the VM with + +@@ -107,9 +121,9 @@ This option is only available starting with libvirt 8.1.0, so if your + version of libvirt is older than that you will have to delete the + NVRAM file manually before starting the VM. + +-Most guest operating systems will be able to cope with the NVRAM file +-being reinitialized, but in some cases the VM will be unable to boot +-after the change. ++Most guest operating systems will be able to cope with the ++NVRAM/varstore file being reinitialized, but in some cases the VM ++will be unable to boot after the change. + + + Additional information +@@ -126,15 +140,15 @@ can be used to validate the operating system signature need to be + provided as well. + + Asking for the ``enrolled-keys`` firmware feature to be enabled will +-cause libvirt to initialize the NVRAM file associated with the VM +-from a template that contains a suitable set of keys. These keys +-being present will cause the firmware to enforce the Secure Boot ++cause libvirt to initialize the NVRAM/varstore file associated with ++the VM from a template that contains a suitable set of keys. These ++keys being present will cause the firmware to enforce the Secure Boot + signing requirements. + + The opposite configuration, where the feature is explicitly disabled, +-will result in no keys being present in the NVRAM file. Unable to +-verify signatures, the firmware will allow even unsigned operating +-systems to run. ++will result in no keys being present in the NVRAM/varstore file. ++Unable to verify signatures, the firmware will allow even unsigned ++operating systems to run. + + If running unsigned code is desired, it's also possible to ask for + the ``secure-boot`` feature to be disabled, which will cause libvirt +diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c +index e72cda0048..16ea9f0b2e 100644 +--- a/src/conf/domain_conf.c ++++ b/src/conf/domain_conf.c +@@ -3932,6 +3932,27 @@ virDomainLoaderDefFree(virDomainLoaderDef *loader) + g_free(loader); + } + ++virDomainVarstoreDef * ++virDomainVarstoreDefNew(void) ++{ ++ virDomainVarstoreDef *def = NULL; ++ ++ def = g_new0(virDomainVarstoreDef, 1); ++ ++ return def; ++} ++ ++void ++virDomainVarstoreDefFree(virDomainVarstoreDef *varstore) ++{ ++ if (!varstore) ++ return; ++ ++ g_free(varstore->path); ++ g_free(varstore->template); ++ g_free(varstore); ++} ++ + + static void + virDomainResctrlMonDefFree(virDomainResctrlMonDef *domresmon) +@@ -4034,6 +4055,7 @@ virDomainOSDefClear(virDomainOSDef *os) + virDomainOSACPITableDefFree(os->acpiTables[i]); + g_free(os->acpiTables); + virDomainLoaderDefFree(os->loader); ++ virDomainVarstoreDefFree(os->varstore); + g_free(os->bootloader); + g_free(os->bootloaderArgs); + } +@@ -17983,6 +18005,17 @@ virDomainLoaderDefParseXMLLoader(virDomainLoaderDef *loader, + } + + ++static int ++virDomainVarstoreDefParseXML(virDomainVarstoreDef *varstore, ++ xmlNodePtr varstoreNode) ++{ ++ varstore->path = virXMLPropString(varstoreNode, "path"); ++ varstore->template = virXMLPropString(varstoreNode, "template"); ++ ++ return 0; ++} ++ ++ + static int + virDomainLoaderDefParseXML(virDomainLoaderDef *loader, + xmlNodePtr loaderNode, +@@ -18430,16 +18463,29 @@ virDomainDefParseBootLoaderOptions(virDomainDef *def, + xmlNodePtr loaderNode = virXPathNode("./os/loader[1]", ctxt); + xmlNodePtr nvramNode = virXPathNode("./os/nvram[1]", ctxt); + xmlNodePtr nvramSourceNode = virXPathNode("./os/nvram/source[1]", ctxt); ++ xmlNodePtr varstoreNode = virXPathNode("./os/varstore[1]", ctxt); + +- if (!loaderNode && !nvramNode) +- return 0; +- +- def->os.loader = virDomainLoaderDefNew(); +- +- if (virDomainLoaderDefParseXML(def->os.loader, +- loaderNode, nvramNode, nvramSourceNode, +- ctxt, xmlopt, flags) < 0) ++ if (nvramNode && varstoreNode) { ++ virReportError(VIR_ERR_XML_ERROR, "%s", ++ _("Cannot have both and ")); + return -1; ++ } ++ ++ if (loaderNode || nvramNode) { ++ def->os.loader = virDomainLoaderDefNew(); ++ ++ if (virDomainLoaderDefParseXML(def->os.loader, ++ loaderNode, nvramNode, nvramSourceNode, ++ ctxt, xmlopt, flags) < 0) ++ return -1; ++ } ++ ++ if (varstoreNode) { ++ def->os.varstore = virDomainVarstoreDefNew(); ++ ++ if (virDomainVarstoreDefParseXML(def->os.varstore, varstoreNode) < 0) ++ return -1; ++ } + + return 0; + } +@@ -28062,6 +28108,20 @@ virDomainLoaderDefFormat(virBuffer *buf, + return 0; + } + ++static int ++virDomainVarstoreDefFormat(virBuffer *buf, ++ virDomainVarstoreDef *varstore) ++{ ++ g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER; ++ ++ virBufferEscapeString(&attrBuf, " template='%s'", varstore->template); ++ virBufferEscapeString(&attrBuf, " path='%s'", varstore->path); ++ ++ virXMLFormatElementEmpty(buf, "varstore", &attrBuf, NULL); ++ ++ return 0; ++} ++ + static void + virDomainKeyWrapDefFormat(virBuffer *buf, virDomainKeyWrapDef *keywrap) + { +@@ -29523,6 +29583,11 @@ virDomainDefFormatInternalSetRootName(virDomainDef *def, + if (def->os.loader && + virDomainLoaderDefFormat(buf, def->os.loader, xmlopt, flags) < 0) + return -1; ++ ++ if (def->os.varstore && ++ virDomainVarstoreDefFormat(buf, def->os.varstore) < 0) ++ return -1; ++ + virBufferEscapeString(buf, "%s\n", + def->os.kernel); + virBufferEscapeString(buf, "%s\n", +diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h +index 69a8e79c6d..ead3b07475 100644 +--- a/src/conf/domain_conf.h ++++ b/src/conf/domain_conf.h +@@ -2420,6 +2420,14 @@ struct _virDomainLoaderDef { + virDomainLoaderDef *virDomainLoaderDefNew(void); + void virDomainLoaderDefFree(virDomainLoaderDef *loader); + ++struct _virDomainVarstoreDef { ++ char *path; ++ char *template; ++}; ++ ++virDomainVarstoreDef *virDomainVarstoreDefNew(void); ++void virDomainVarstoreDefFree(virDomainVarstoreDef *varstore); ++ + typedef enum { + VIR_DOMAIN_IOAPIC_NONE = 0, + VIR_DOMAIN_IOAPIC_QEMU, +@@ -2573,6 +2581,7 @@ struct _virDomainOSDef { + size_t nacpiTables; + virDomainOSACPITableDef **acpiTables; + virDomainLoaderDef *loader; ++ virDomainVarstoreDef *varstore; + char *bootloader; + char *bootloaderArgs; + int smbios_mode; +diff --git a/src/conf/schemas/domaincommon.rng b/src/conf/schemas/domaincommon.rng +index 92f82c8fbf..7215db3fc1 100644 +--- a/src/conf/schemas/domaincommon.rng ++++ b/src/conf/schemas/domaincommon.rng +@@ -349,7 +349,10 @@ + + + +- ++ ++ ++ ++ + + + +@@ -456,6 +459,23 @@ + + + ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ + + + +diff --git a/src/conf/virconftypes.h b/src/conf/virconftypes.h +index 6e2573035a..0596791a4d 100644 +--- a/src/conf/virconftypes.h ++++ b/src/conf/virconftypes.h +@@ -164,6 +164,8 @@ typedef struct _virDomainLeaseDef virDomainLeaseDef; + + typedef struct _virDomainLoaderDef virDomainLoaderDef; + ++typedef struct _virDomainVarstoreDef virDomainVarstoreDef; ++ + typedef struct _virDomainMemballoonDef virDomainMemballoonDef; + + typedef struct _virDomainMemoryDef virDomainMemoryDef; +diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms +index effe44fe57..1308fa2e51 100644 +--- a/src/libvirt_private.syms ++++ b/src/libvirt_private.syms +@@ -718,6 +718,8 @@ virDomainTPMProfileRemoveDisabledTypeToString; + virDomainTPMVersionTypeFromString; + virDomainTPMVersionTypeToString; + virDomainUSBDeviceDefForeach; ++virDomainVarstoreDefFree; ++virDomainVarstoreDefNew; + virDomainVideoDefaultRAM; + virDomainVideoDefClear; + virDomainVideoDefFree; +-- +2.53.0 diff --git a/centos-10/SOURCES/libvirt-conf-Update-validation-to-consider-varstore-element.patch b/centos-10/SOURCES/libvirt-conf-Update-validation-to-consider-varstore-element.patch new file mode 100644 index 0000000..c48c277 --- /dev/null +++ b/centos-10/SOURCES/libvirt-conf-Update-validation-to-consider-varstore-element.patch @@ -0,0 +1,378 @@ +From f47031d4e6439d1daf5711d4117c0fa647196944 Mon Sep 17 00:00:00 2001 +Message-ID: +From: Andrea Bolognani +Date: Thu, 22 Jan 2026 19:27:03 +0100 +Subject: [PATCH] conf: Update validation to consider varstore element +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The code is reworked quite significantly, but most of the +existing checks are preserved. Those that aren't, notably the +one that allowed pflash as the only acceptable non-stateless +firmware type, are intentionally removed because they will no +longer reflect reality once support for the uefi-vars QEMU +device is introduced. + +As a side effect, reworking the function in this fashion +resolves a subtle bug: due to the early exits that were being +performed when the loader element was missing, the checks at +the bottom of the function (related to the shim and kernel +elements) were effectively never performed. This is no longer +the case. + +Signed-off-by: Andrea Bolognani +Reviewed-by: Michal Privoznik +Acked-by: Gerd Hoffmann +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 1c2dbdf3ac5bed84caeacf585d5143dcf32df75e) + +https://issues.redhat.com/browse/RHEL-82645 + +Signed-off-by: Andrea Bolognani +--- + src/conf/domain_validate.c | 100 +++++++----------- + ...-auto-bios-not-stateless.x86_64-latest.err | 2 +- + ...-auto-bios-not-stateless.x86_64-latest.xml | 35 ++++++ + ...firmware-auto-bios-nvram.x86_64-latest.err | 2 +- + ...nual-bios-not-stateless.x86_64-latest.args | 32 ++++++ + ...anual-bios-not-stateless.x86_64-latest.err | 1 - + ...anual-bios-not-stateless.x86_64-latest.xml | 28 +++++ + ...nual-efi-nvram-stateless.x86_64-latest.err | 2 +- + ...nvram-template-stateless.x86_64-latest.err | 2 +- + ...ware-manual-efi-rw-nvram.x86_64-latest.err | 2 +- + tests/qemuxmlconftest.c | 7 +- + 11 files changed, 144 insertions(+), 69 deletions(-) + create mode 100644 tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.xml + create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.args + delete mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.err + create mode 100644 tests/qemuxmlconfdata/firmware-manual-bios-not-stateless.x86_64-latest.xml + +diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c +index 7346a61731..163095d55c 100644 +--- a/src/conf/domain_validate.c ++++ b/src/conf/domain_validate.c +@@ -1723,95 +1723,46 @@ virDomainDefOSValidate(const virDomainDef *def, + virDomainXMLOption *xmlopt) + { + virDomainLoaderDef *loader = def->os.loader; ++ virDomainVarstoreDef *varstore = def->os.varstore; ++ virDomainOsDefFirmware firmware = def->os.firmware; ++ int *firmwareFeatures = def->os.firmwareFeatures; ++ bool usesNvram = loader && (loader->nvram || loader->nvramTemplate || loader->nvramTemplateFormat); + +- if (def->os.firmware) { ++ if (firmware) { + if (xmlopt && !(xmlopt->config.features & VIR_DOMAIN_DEF_FEATURE_FW_AUTOSELECT)) { + virReportError(VIR_ERR_XML_DETAIL, "%s", + _("firmware auto selection not implemented for this driver")); + return -1; + } + +- if (def->os.firmwareFeatures && +- def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] == VIR_TRISTATE_BOOL_YES && +- def->os.firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] == VIR_TRISTATE_BOOL_NO) { ++ if (firmwareFeatures && ++ firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_ENROLLED_KEYS] == VIR_TRISTATE_BOOL_YES && ++ firmwareFeatures[VIR_DOMAIN_OS_DEF_FIRMWARE_FEATURE_SECURE_BOOT] == VIR_TRISTATE_BOOL_NO) { + virReportError(VIR_ERR_XML_DETAIL, "%s", + _("firmware feature 'enrolled-keys' cannot be enabled when firmware feature 'secure-boot' is disabled")); + return -1; + } +- +- if (!loader) +- return 0; +- +- if (loader->nvram && def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { +- virReportError(VIR_ERR_XML_DETAIL, +- _("firmware type '%1$s' does not support nvram"), +- virDomainOsDefFirmwareTypeToString(def->os.firmware)); +- return -1; +- } + } else { +- if (def->os.firmwareFeatures) { ++ if (firmwareFeatures) { + virReportError(VIR_ERR_XML_DETAIL, "%s", + _("cannot use feature-based firmware autoselection when firmware autoselection is disabled")); + return -1; + } + +- if (!loader) +- return 0; +- +- if (!loader->path) { ++ if (loader && !loader->path) { + virReportError(VIR_ERR_XML_DETAIL, "%s", + _("no loader path specified and firmware auto selection disabled")); + return -1; + } + } + +- if (loader->readonly == VIR_TRISTATE_BOOL_NO) { +- if (loader->type == VIR_DOMAIN_LOADER_TYPE_ROM) { ++ if (loader && loader->type == VIR_DOMAIN_LOADER_TYPE_ROM) { ++ if (loader->readonly == VIR_TRISTATE_BOOL_NO) { + virReportError(VIR_ERR_XML_DETAIL, "%s", + _("ROM loader type cannot be used as read/write")); + return -1; + } + +- if (loader->nvramTemplate) { +- virReportError(VIR_ERR_XML_DETAIL, "%s", +- _("NVRAM template is not permitted when loader is read/write")); +- return -1; +- } +- +- if (loader->nvram) { +- virReportError(VIR_ERR_XML_DETAIL, "%s", +- _("NVRAM is not permitted when loader is read/write")); +- return -1; +- } +- } +- +- if (loader->stateless == VIR_TRISTATE_BOOL_YES) { +- if (loader->nvramTemplate) { +- virReportError(VIR_ERR_XML_DETAIL, "%s", +- _("NVRAM template is not permitted when loader is stateless")); +- return -1; +- } +- +- if (loader->nvram) { +- virReportError(VIR_ERR_XML_DETAIL, "%s", +- _("NVRAM is not permitted when loader is stateless")); +- return -1; +- } +- } else if (loader->stateless == VIR_TRISTATE_BOOL_NO) { +- if (def->os.firmware == VIR_DOMAIN_OS_DEF_FIRMWARE_NONE) { +- if (def->os.loader->type != VIR_DOMAIN_LOADER_TYPE_PFLASH) { +- virReportError(VIR_ERR_XML_DETAIL, "%s", +- _("Only pflash loader type permits NVRAM")); +- return -1; +- } +- } else if (def->os.firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { +- virReportError(VIR_ERR_XML_DETAIL, "%s", +- _("Only EFI firmware permits NVRAM")); +- return -1; +- } +- } +- +- if (loader->type == VIR_DOMAIN_LOADER_TYPE_ROM) { + if (loader->format && + loader->format != VIR_STORAGE_FILE_RAW) { + virReportError(VIR_ERR_XML_DETAIL, +@@ -1821,6 +1772,33 @@ virDomainDefOSValidate(const virDomainDef *def, + } + } + ++ if (usesNvram && varstore) { ++ virReportError(VIR_ERR_XML_DETAIL, "%s", ++ _("Only one of NVRAM/varstore can be used")); ++ return -1; ++ } ++ ++ if (usesNvram || varstore) { ++ if (firmware && firmware != VIR_DOMAIN_OS_DEF_FIRMWARE_EFI) { ++ virReportError(VIR_ERR_XML_DETAIL, ++ _("Firmware type '%1$s' does not support variable storage (NVRAM/varstore)"), ++ virDomainOsDefFirmwareTypeToString(firmware)); ++ return -1; ++ } ++ ++ if (loader && loader->stateless == VIR_TRISTATE_BOOL_YES) { ++ virReportError(VIR_ERR_XML_DETAIL, "%s", ++ _("Variable storage (NVRAM/varstore) is not permitted when loader is stateless")); ++ return -1; ++ } ++ ++ if (loader && loader->readonly == VIR_TRISTATE_BOOL_NO) { ++ virReportError(VIR_ERR_XML_DETAIL, "%s", ++ _("Variable storage (NVRAM/varstore) is not permitted when loader is read/write")); ++ return -1; ++ } ++ } ++ + if (def->os.shim && !def->os.kernel) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("shim only allowed with kernel option")); +diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.err b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.err +index b058f970a4..743fe27a97 100644 +--- a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.err ++++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.err +@@ -1 +1 @@ +-Only EFI firmware permits NVRAM ++operation failed: Unable to find 'bios' firmware that is compatible with the current configuration +diff --git a/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.xml b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.xml +new file mode 100644 +index 0000000000..062835e351 +--- /dev/null ++++ b/tests/qemuxmlconfdata/firmware-auto-bios-not-stateless.x86_64-latest.xml +@@ -0,0 +1,35 @@ ++ ++ guest ++ 63840878-0deb-4095-97e6-fc444d9bc9fa ++ 1048576 ++ 1048576 ++ 1 ++ ++ hvm ++ ++ ++ ++ ++ ++ ++ ++ qemu64 ++ ++ ++ destroy ++ restart ++ destroy ++ ++ /usr/bin/qemu-system-x86_64 ++ ++ ++
++ ++ ++ ++ ++