Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.98. libvirt

Updated libvirt packages that fix a number of bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Bug Fixes

Previously, due to several issues, IPv6 was not handled properly during migration. With this update, migrations now succeed in the described scenario.
Without manual configuration, the remote driver did not support connection to the session instance of the libvirtd daemon. This behavior could confuse users, who attempted to use such a configuration. With this update, connections that do not have the necessary manual configuration are not allowed by libvirt.
Previously, the libvirt library was missing driver implementation for the ESX environment. As a consequence, a user could not configure any network for an ESX guest. The network driver has been implemented and a user now can configure networks for ESX guests as expected.
Previously, libvirt reported raw QEMU errors when creating of snapshots failed, and the error message provided was confusing. With this update, libvirt now gives a clear error message when QEMU is not capable of making snapshots.
The AMD family 15h processors CPU architecture consists of modules, which are represented both as separate cores and separate threads. Management applications needed to choose between one of the approaches, and libvirt did not provide enough information to do this. In addition, the management applications were not able to represent the modules in an AMD family 15h processors core according to their needs. The capabilities XML output now contains more information about the processor topology, so that the management applications can extract the information they need.
Previously, the libvirtd daemon was unable to execute an s3 or s4 operation for a Microsoft Windows guest which ran the guest agent service. Consequently, this resulted in the domain s4 fail error message, due to the domain being destroyed. With this update, the guest is destroyed successfully and libvirtd no longer crashes.
A virtual machine (VM) can be saved into a compressed file. Previously, when decompression of that file failed while libvirt was trying to resume the VM, libvirt removed the VM from the list of running VMs. However, it did not remove the corresponding QEMU process. With this update, the QEMU process is killed in such cases. Moreover, non-fatal decompression errors are now ignored and a VM can be successfully resumed if such an error occurs.
Updating a network interface using the virDomainUpdateDeviceFlags API failed when a boot order was set for that interface. The update failed even if the boot order was set in the provided device XML. virDomainUpdateDeviceFlags API has been fixed to correctly parse boot order specification from the provided device XML and updating network interfaces with boot orders now works as expected.
The libvirt library allows users to set Quality of Service (QoS) on a domain's Network Interface Controller (NIC). However, due to a bug in the implementation, certain values were not set correctly. As a consequence, the real throughput did not correspond with the one set in a domain XML. The underlying source code has been modified to set the correct values from the XML and the throughput now corresponds with the one set in the XML as expected.
Hot unplug of vCPUs is not supported by QEMU in Red Hat Enterprise Linux 6. Therefore, an attempt to use this functionality failed, but the count of processors as remembered by the libvirt library was updated to the new number and remembered. With this update, libvrit now verifies if QEMU actually unplugged the CPUs so that the internal information is updated only when the unplug was successful.
Previously, when a migration failed, the destination host started to relabel files because it was no longer using them. However, this behavior impacted the source host, which was still running. As a consequence, guests could lose the ability to write to disks. This update applies a patch to fix this bug so that files that are still in use are no longer relabeled in the described scenario.
Python bindings for the libvirt library contained incorrect implementation of the getDomain() and getConnect() methods in the virDomainSnapshot class. Consequently, the Python client terminated unexpectedly with a segmentation fault. Python bindings now provide the proper domain() and connect() accessors that fetch Python objects stored internally within the virDomainSnapshot instance and crashes no longer occur.
Previously, the libvirt library added a cache of storage file backing chains, rather than rediscovering the backing chain details on every operation. This cache was then used to decide which files to label for sVirt, but when libvirt switched over to use the cache, the code only populated when the kernel control groups (cgroups) were in use. On setups that did not use cgroups, sVirt was unable to properly label backing chain files due to the lack of backing chain cache information. This behavior caused a regression observed by guests being prevented from running. Now, populating the cache was moved earlier in the process, to be independent of cgroups, the cache results in more efficient sVirt operations, and now works whether or not cgroups are in effect.
Occasionally, when users ran multiple virsh create ordestroy loops, a race condition could occur and the libvirtd daemon terminated unexpectedly with a segmentation fault. False error messages regarding the domain having already been destroyed to the caller also occurred. With this update, the outlined script is run and completes without libvirtd crashing.
Previously, the libvirt library followed relative backing chains differently than QEMU. This resulted in missing sVirt permissions when libvirt could not follow the chain. With this update, relative backing files are now treated identically in libvirt and QEMU, and VDSM use of relative backing files functions properly.
When the kernel control group (cgroups) were enabled, moving tasks among cgroups could, in rare occurrences, result in a race condition. Consequently, a guest could fail to start after repeating the start and stop commands tens of times using the virsh utility. With this update, the code that handles groups of threads has been optimized to prevent races while moving from one cgroup to another and guests now start as expected in the described scenario.
Various memory leaks in the libvirtd daemon were discovered when users ran Coverity and Valgrind leak detection tools. This update addresses these issues, and libvirtd no longer leaks memory in the described scenario.
Previously, when users started the guest with a sharable block CD-Rom, the libvirtd daemon failed unexpectedly due to accessing memory that had been already freed. This update addresses the aforementioned issue, and libvirtd no longer crashes in the described scenario.
Due to a race condition in the libvirt client library, any application using libvirt could terminate unexpectedly with a segmentation fault. This happened when one thread executed the connection close callback, while another one freed the connection object, and the connection callback thread then accessed memory that had been already freed. This update fixes the possibility of freeing the callback data when they are still being accessed.
When asked to create a logical volume with zero allocation, the libvirt library ran the lvcreate command to create a volume with no extends, which is not permitted. Creation of logical volumes with zero allocation failed and libvirt returned an error message that did not mention the correct error. Now, rather than asking for no extends, libvirt tries to create the volume with a minimal number of extends. The code has been also fixed to provide the correct error message when the volume creation process failes. As a result, logical volumes with zero allocation can now be successfully created using libvirt.
When auto-port and port were not specified, but the tlsPort attribute was set to -1, the tlsPort parameter specified in the QEMU command line was set to 1 instead of a valid port. Consequently, QEMU failed, because it was unable to bind a socket on the port. This update replaces the current QEMU driver code for managing port reservations with the new virPortAllocator APIs, and QEMU is now able to bind a socket on the port.
The libvirt library could abort migration when domain's disks used unsafe cache settings even though they were not stored on a shared storage and libvirt was explicitly asked to copy all storage. As a consequence, migration without a shared storage was only possible with the VIR_MIGRATE_UNSAFE flag enabled. With this update, the test for safe disk cache settings is now limited only to shared storage because any setting is safe for locally stored disk images.
Previously, the libvirt library was not tolerant of missing unpriv_sgio support in running kernel even though it was not necessary. Consequently, after upgrading the host system to Red Hat Enterprise Linux 6.5, users were unable to start domains using shareable block disk devices unless they rebooted the host into the new kernel. With this update, the check for unpriv_sgio support is only performed when it is really needed. As as result, libvirt is now able to start all domains that do not strictly require unpriv_sgio support regardless of host kernel support for it.
Due to a bug in the libvirt code, two APIs, vidDomainBlockStatsFlags() and vidDomainDetachDeviceFlags(), were executed concurrently. As a consequence, the libvirtd daemon terminated unexpectedly. The underlying source code has been modified to make these APIs mutually exclusive so that the daemon no longer crashes in such a case.
When a virtual machine (VM) with a managed save image was started with the --force-boot parameter that removed the managed save image, a flag holding the managed save state was not cleared. This caused that incorrect information was displayed and some operations regarding managed stave state failed. This bug has been fixed and the flag is now correctly cleared in the described scenario.
At the end of migration, libvirt was waiting for the Simple Protocol For Computing Environments (SPICE) data to be migrated to the destination QEMU, before it resumed the domain on the destination host. This significantly increased the waiting time when the domain was not running on any host. With this update, the underlying code has been modified to not to wait until the end of the SPICE migration. As a result, the resume is done as soon as possible without any significant delay.
Previously, the listen attribute in QEMU cookie files was discarded. Consequently, if the user had different networks in use, one for management and migration, and one for Virtual Network Computing (VNC) and SPICE, the remote host name was passed to QEMU via the client_migrate_info flag. This caused the SPICE client to be disconnected upon migration of a virtual machine. With this update, the remote listen address is passed instead and the SPICE client is no longer disconnected in the described scenario.
Due to the use-after-free bug in the logical storage back end, the libvirtd daemon could terminate unexpectedly when deleting the logical storage pool. The underlying source code has been modified and the daemon now works as expected when deleting logical volumes.
Due to a race condition in the client side of libvirt's RPC implementation, a client connection that was closed by the server could be freed, even though other threads were still waiting for APIs sent through this connection to finish. As a consequence, the other threads could have accessed memory that had already been freed and the client terminated unexpectedly with a segmentation fault. With this update the connection is freed only after all threads process their API calls and report errors to their callers.
Previously, a lock used when dealing with transient networks was incorrect. Consequently, when the define API was used on a transient network, the network object lock was not unlocked as expected. The underlying source code has been modified and the object lock is now unlocked correctly.
Previously, the libvirt library made control group (cgroup) requests on files that it should not have. With older kernels, such nonsensical cgroup requests were ignored; however, newer kernels are stricter, resulting in libvirt logging spurious warnings and failures to the libvirtd and audit logs. The audit log failures displayed by the ausearch tool were similar to the following:
root [date] - failed cgroup allow path rw /dev/kqemu
With this update, libvirt no longer attempts the nonsensical cgroup actions, leaving only valid attempts in the libvirtd and audit logs.
Previously, the libvirt library used the incorrect variable when constructing audit messages. This led to invalid audit messages, causing the ausearch utility to format certain entries as having path=(null) instead of the correct path. This could prevent ausearch from locating events related to cgroup device Access Control Lists (ACL) modifications for guests managed by libvirt. With this update, the audit messages are generated correctly, preventing loss of audit coverage.
Previously, the vol-download command was described incorrectly in the virsh(1) manual page. With this update, the command description has been fixed.
When SELinux was disabled on a host, or the QEMU driver was configured not to use it, and the domain XML configuration contained an explicit seclabel option, the code parsed the seclabel option, but ignored it later when it was generating labels on domain start, and created a new and empty seclabel entry [seclabeltype='none'/]. Consequently, a migration between two hosts running Red Hat Enterprise Linux 6.5 failed with the following error message:
libvirtError: XML error: missing security model when using multiple labels
With this update, if the seclabel entry already exists, a new one is no longer created, and the migration works as expected in the described scenario.
Previously, there was an Application Binary Interface (ABI) inconsistency in messages of the kernel netlink protocol between certain versions of Red Hat Enterprise Linux. When the libvirt library sent a netlink NLM_F_REQUEST message and the libvirt binary had been built using kernel header files from a different version of the kernel than the version of the machine running libvirt, errors were returned. Consequently, Peripheral Component Interconnect (PCI) passthrough device assignments of SR-IOV network devices failed when they used the [interface type='hostdev'] option, or when the libvirt network was set with the [forward mode='hostdev'] option. In such a case, the following error message or a similar one was returned:
error dumping (eth3) (3) interface: Invalid argument
With this update, libvirt retries the NLM_F_REQUEST message formatted appropriately for all versions of the kernel. Now, a single libvirt binary successfully assigns SR-IOV network devices to a guest using PCI passthrough on a host running any version of Red Hat Enterprise Linux 6 kernel.
Previously, the vol-name command of the virsh utility printed a NULL string when there was no option for specifying the pool. Consequently, an error message was returned, which could confuse users. The command has been modified to not require to specify an option in case where it is not needed. As a result, the error message is no longer returned in the described scenario.
The QEMU driver currently does not support increasing of the maximum memory size. However, this ability was documented in the virsh(1) manual page. With this update, the manual page has been corrected.
Previously, part of the code refactoring to fix another bug, left a case where locks were cleaned up incorrectly. As a consequence, the libvirtd daemon could terminate unexpectedly on certain migration to file scenarios. After this update, the lock cleanup paths were fixed and libvirtd no longer crashed when saving a domain to a file.
The libvirt library uses side files to store the internal state of managed domains in order to re-read the state upon the libvirtd service restart. However, if a domain state was saved in an inconsistent state, the state was not re-read and the corresponding domain was lost. As a consequence, the domain could disappear. After this update, when the libvirtd service is saving the internal state of a domain, the consistent internal state is saved and domains which may break it are disallowed from starting. As a result, the domain is no longer forgotten.
Previously, attempts to clone a storage volume that was not in the RAW format from a directory pool, file system pool, or NFS pool, to a LVM pool, using the virsh vol-create-from command, failed with an unknown file format error message. This update fixes this bug by treating output block devices as the RAW file format and storage volumes can now be cloned as expected.
Under certain conditions, when a connection was closed, guests set to be automatically destroyed failed to be destroyed. As a consequence, the libvirtd daemon terminated unexpectedly. A series of patches addressing various crash scenarios has been provided and libvirtd no longer crashes while auto-destroying guests.
When running the libvirt test suite on a machine under a heavy load, the test could end up in a deadlock. Since the test suite was run during an RPM build, the build never finished if a deadlock occurred. This update fixes the handling of an event loop used in the test suite, and the test suite no longer hangs in the described scenario.
Previously, the VirtualHW application version 9 was not set as supported even though the corresponding ESX version 5.1 was set to be supported earlier. As a consequence, when a connection was made to an ESX 5.1 server with a guest using virtualHW version 9, the following error was displayed:
internal error Expecting VMX entry 'virtualHW.version' to be 4, 7 or 8 but found 9
This update adds VirtualHW version 9 into the list of supported versions and the aforementioned error message is no longer displayed in this scenario.
Libvirt's internal data structures which hold information about the topology of the host and guest, are limited in size to avoid the possibility of a denial-of-service (DoS) attack on the daemon. However, these limits were too strict and did not take into account the possibility that hosts with 4096 CPUs might be used with libvirt. After this update, the limits have been increased to allow scalability even on larger systems.
Prior to this update, the F_DUPFD_CLOEXEC operation with the fcntl() function expected a single argument, specifying the minimum file descriptor (FD) number, but none was provided. Consequently, random stack data were accessed as the FD number and a libvirt live migration could then terminate unexpectedly. This update ensures that the argument is provided in the described scenario, thus fixing this bug.
Previously, the libvirtd daemon set up supplemental groups of child processes by making a call between the fork() and exec() functions to the getpwuid_r()function, which could cause a mutual exclusion (mutex). As a consequence, if another thread was already holding the getpwuid_r mutex at the time libvirtd called the fork() function, the forked child process deadlocked, which in turn caused libvirtd to become unresponsive. The code to compute the set of supplemental groups has been refactored so that no mutex is required after fork. As a result, the deadlock scenario is no longer possible.
Previously, the libvirt library did not update the pool information after adding, removing, or resizing a volume. As a consequence, the user had to refresh the pool using the "virsh pool-refresh" command to get the correct pool information after these actions. After this update, the pool information is automatically updated after adding, removing, or resizing a volume.
Previously, the virsh utility considered the "--pool" argument of the "vol-create" and "vol-create-as" commands to be a pool name. As a consequence, vol-create and vol-create-as virsh commands did not work when a pool was specified by its Universally Unique Identifier (UUID), even though they were documented to accept both name and UUID for pool specification. With this update, virsh has been fixed to look up a pool both by name and UUID. As a result, both virsh commands now work according to their documentation.
Previously, if the user had not specified a Virtual Network Computing (VNC) address in their domain XML, the one from the qemu.conf file was used. However, upon migrating, there was no difference between cases where the listen address was set by user in the XML directly or copied from the qemu.conf file. As a consequence, a domain could not be migrated. After this update, if the listen address is copied from qemu.conf, it is not transferred to the destination. As a result, a domain can be migrated successfully.
Previously, the libvirt library's logging function that was passed to the libudev library did not handle strings with multiple parameters correctly. As a consequence, the libvirtd daemon could terminate unexpectedly when libudev logged a message. After this update, libvirt now handles multiple parameters correctly. As a result, libvirtd no longer crashes when libudev logs messages.
Previously, the libvirt library only loaded one Certification Authority (CA) certificate from the cacert.pem file even though the file contained several chained CA certificates. As a consequence, libvirt failed to validate client and server certificates when they were both signed by intermediate CA certificates, sharing a common ancestor CA. After this update, the underlying code has been fixed to load all CA certificates. As a result, the CA certificate validation code correctly works when a client and server certificates are both signed by intermediate CA certificate, sharing a common ancestor CA.
Previously, due to loader Hypervisor versions, many features were available only for guests with only one display. As a consequence, guests with two displays could not properly be defined on the QEMU hypervisor and some other features were not properly taking the second display into consideration. With this update, the ability to define more display types and all one-display assumptions were fixed in all relevant code. As a result, domains with multiple displays can now be defined, properly migrated, and started.
The SPICE protocol can be set to listen on the given IP address or obtain the listening IP address from the given network. QEMU does not allow changing the SPICE listening IP address at runtime, therefore the libvirt library verifies this IP address with every user's update of SPICE settings on a guest. A regression bug in the libvirt code caused libvirt to incorrectly evaluate this listening IP address check if the user had SPICE set to listen on the given network because the user's XLM request contained both, the listening IP address and network address. Consequently, the user's operation was rejected. With this update, libvirt considers also the type of the listening IP address when comparing an IP address from the user's request with the current listening IP address. The user is now able to update SPICE settings on a guest as expected in this scenario.
When migrating, the libvirtd daemon leaked migration Uniform Resource Identifier (URI) on a destination guest. A patch has been provided to fix this bug and the migration URI is now freed correctly.
Prior to this update, the libvirtd daemon leaked memory in the virCgroupMoveTask() function. A fix has been provided which prevents libvirtd from incorrect management of memory allocations.
Previously, the libvirtd daemon was accessing one byte before the array in the virCgroupGetValueStr() function. This bug has been fixed and libvirtd now stays within array bounds.
Previously, the libvirt library depended on a "change" notification from the kernel to indicate that it should change the name of the device driver bound to a device. However, this change notification was not sent. As a consequence, the output from the "virsh nodedev-dumpxml" command always showed the device driver that was bound to the device at the time libvirt was started and not the currently-bound driver. This bug has been fixed and libvirt now manually updates the driver name every time a "nodedev-dumpxml" command is executed, rather than depending on a change notification. As a result, the driver name form the output of "nodedev-dumpxml" is always correct.
Previously, if an incorrect device name was given in the <pf> element of a libvirt network definition, libvirt terminated unexpectedly when a guest attempted to create an interface using that network. With this update, libvirt now validates the <pf> device name to verify that it exists and that it is an sriov-capable network device. As a result, libvirt no longer crashes when a network with incorrect <pf> is referenced. Instead, it logs an appropriate error message and prevents the operation.
Previously, the virStorageBackendFileSystemMount() function returned success even if the mount command had failed. As a consequence, libvirt showed the pool as running even though it was unusable. After this update, an error is displayed if the mount command has failed. As a result, libvirt no longer displays a success message when the mount command fails.
Due to an omission in the libvirt code, the VLAN tag for a hostdev-based network (a network which is a pool of SRIOV virtual functions to be assigned to guests via PCI device assignment) was not being properly set in the hardware device. With this update, the missing code has been provided and a VLAN tag set in the network definition is now properly presented to the devices as they are assigned to guests.
Previously, the libvirt library was erroneously attempting to use the same alias name for multiple hostdev network devices. As a consequence, it was impossible to start a guest that had more than one hostdev network device in its configuration. With this update, libvirt now ensures that each device has a different alias name. As a result, it is now possible to start a guest with multiple hostdev network devices in its configuration.
The description of the blockcopy command in the virsh(1) manual page was identical to the description of the blockpull command. The correct descriptions have been provided with this update.
Previously, when parsing the domain XML with an "auto" numatune placement and the "nodeset" option was specified, the nodeset bitmap was freed twice. As a consequence, the libvirtd daemon terminated unexpectedly due to the double freeing. After this update, libvirtd now sets the pointer to NULL after freeing it. As a result, libvirtd no longer crashes in this scenario.
Previously, due to code movement, there was an invalid job used for querying for the SPICE migration status. As a consequence, when migrating a domain with a Simple Protocol for Independent Computing Environments (SPICE) seamless migration and using the domjobinfo command to request information on the same domain at the same time, the libvirtd daemon terminated unexpectedly. After this update, the job has been set properly and libvirtd no longer crashes in this scenario.
Whereas the status command of libvirt-guests init script returned the 0 value when libvirt-guests service was stopped, Linux Standard Base (LSB) required a different value (3) in such case. Consequently, other scripts relying on the return value could not distinguish whether the service was running or not. The libvirt-guests script has been fixed to conform with LSB and the service libvirt-guests status command now returns the correct value in the described scenario.
Previously, the libvirt library contained a heuristic to determine the limit for maximum memory usage by a QEMU process. If the limit was reached, the kernel just killed the QEMU process and the domain was killed as well. This, however, cannot be guessed correctly. As a consequence, domains were killed randomly. With this update, the heuristic has been dropped and domains are not killed by the kernel anymore.


This enhancement adds the ability to specify a share policy for domain's Virtual Network Computing (VNC) console. Latest changes in QEMU behavior from shared to exclusive VNC caused certain deployments, which used only shared VPN, to stop working. With a new attribute, sharePolicy, users are able to change the policy from exclusive to share and such deployments now work correctly.
This enhancement introduces QEMU's native GlusterFS support. Users are now able to add a disk image stored on the GlusterFS volumes to a QEMU domain as a network disk.
Due to security reasons, the libvirt library uses by default only ports larger than 1023 (unprivileged ports) for Network Address Translation (NAT) of network traffic from guests. However, sometimes the guests need access to network services that are only available if a privileged port is used. This enhancement provides a new element, <nat>, which allows the user to specify both a port or an address range to use for NAT of network traffic.
This update adds a missing description about the migrateuri parameter of the migrate command to the virsh(1) manual page.
With this enhancement, the libvirt library now supports the ram_size parameter. Users are now able to set the RAM memory when using multiple heads in one Peripheral Component Interconnect (PCI) device.
The QEMU guest agent now supports enabling and disabling of guest CPUs. With this enhancement, support for this feature has been added to the libvirt library so that users are now able to use libvirt APIs to disable CPUs in a guest for performance and scalability reasons.
Domain Name System (DNS) servers and especially root DNS servers, discourage forwarding of DNS requests that are not fully qualified domain names, that is, which include the domain as well as the host name. Also, the dnsmasq processes started by libvirt to service guests on its virtual networks prohibit forwarding such requests. However, there are certain circumstances where this is desirable. This update adds the permission for upstream forwarding of (DNS) requests with unqualified domain names. The libvirt library now provides an option in its network configuration to allow forwarding of DNS requests with non-qualified hostnames. The "forwardPlainNames='yes'" option must be added as an attribute to the <dns> element of a network, after which such forwards are allowed.
Support for locking a domain's memory in the host's memory has been added to the libvirt library. This update enables users to avoid domain's memory pages to be swapped, and thus to avoid the latency in domain execution caused by swapping. Users can now configure domains to always be present in the host memory.
QEMU I/O throttling provides a fine-grained I/O control in virtual machines and provides an abstraction layer on top of the underlying storage devices.
BZ#826315, BZ#822306
A new pvpanic virtual device can be wired into the virtualization stack and a guest panic can cause libvirt to send a notification event to management applications. This feature is introduced in Red Hat Enterprise Linux 6.5 as a Technology Preview. Note that enabling the use of this device requires the use of additional qemu command line options; this release does not include any supported way for libvirt to set those options.
Previously, the virDomainDeviceUpdateFlags() function in the libvirt library allowed users to update some configuration on a domain device while the domain was still running. Consequently, when updating Network Interface Controller (NIC), the QoS could not be changed because of a missing implementation. With this update, the missing implementation has been added, and QoS can now be updated on a NIC.
Users of libvirt are advised to upgrade to these updated packages, which fix these bugs and add these enhancements. After installing the updated packages, libvirtd will be restarted automatically.
Updated libvirt packages that fix one bug are now available for Red Hat Enterprise Linux 6.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems.

Bug Fix

When two clients tried to start the same transient domain, libvirt may have not properly detected that the same domain had already been being started. Consequently, more than one QEMU process could run for the same domain while libvirt did not know about them. With this update, libvirt has been fixed to properly check whether the same domain is not already being started, and thus avoids starting more than one QEMU process for the same domain.
Users of libvirt are advised to upgrade to these updated packages, which fix this bug. After installing the updated packages, libvirtd will be restarted automatically.