RHEA-2009:1269 - Product Enhancement Advisory

Topic

Updated libvirt packages that upgrade the libvirt library to upstream
version 0.6.3, add KVM hypervisor and PCI pass-through support, and fix a
number of bugs and add various enhancements are now available for Red Hat
Enterprise Linux 5.

Description

The libvirt library is a C API for managing and interacting with the
virtualization capabilities of Linux and other operating systems. In
addition, libvirt provides tools for remotely managing virtualized systems.

These updated packages upgrade the libvirt library for Red Hat Enterprise
Linux 5 to upstream version 0.6.3, which contains a large number of
enhancements and bug fixes over the previous version. Importantly, with
this libvirt update, Red Hat Enterprise Linux 5.4 is the first release to
provide support for the KVM hypervisor. Also present in this update are PCI
pass-through ability and PCI hot plug support. See the "enhancements"
section below for details. (BZ#475821)

For a more complete list of changes and bug fixes in libvirt releases,
refer to the link in the "References" section of this errata.

These updated packages fix the following notable bugs:

• the "virsh" and "xm" commands passed incorrectly passed the option

"type=vbd" when either attaching or detaching TAP devices, which caused the
command to fail. With this update, the correct type, "type=tap", is passed
when TAP devices are attached or detached. (BZ#475791)

• attempting to create a domain on a node using an iSCSI volume pool

managed by libvirt failed with this error message:

libvir: Remote error : socket closed unexpectedly
error: Failed to create domain from create_guest.xml

This has been fixed in these updated packages so that creating guests on an
iSCSI volume pool succeeds as expected. (BZ#483310)

• after a failure to start a KVM domain, libvirt occasionally reported that

it was unable to connect to the hypervisor, with the result that "virsh"
commands could not be run again until a connection was reestablished. With
this update, this situation is prevented from occurring. (BZ#483835)

• occasionally, libvirt lost track of running domains, the command "virsh

list" did not list those domains, and pid files still existed for the
processes representing those domains. A fix to the libvirt event loop now
ensures that libvirt is able to keep track of all running domains on the
host. (BZ#499250)

• due to a domain ID-handling error, the command "virsh destroy

[domain-id]" could potentially terminate domains with IDs similar to the
target. This has been corrected so that "virsh destroy [domain-id]"
terminates only the target domain. (BZ#500158)

• running the command "virsh dominfo [domain-id]" to acquire information

about a running Xen domain resulted in this error message:

error: this function is not supported by the hypervisor:
virNodeGetSecurityModel

This update fixes the dominfo subcommand so that it does not return an
error message if the security model API is unimplemented. (BZ#506688)

• right-clicking on a running domain in the virt-manager application and

then choosing Shutdown -> Force Off incorrectly caused that domain ID to
disappear from the virt-manager list of VMs. In addition, domains created
with the virt-manager or virt-install applications were not listed in the
GUI window until virt-manager was restarted or the newly-created guest was
started. This issue was related to inotify support and has been fixed in
these updated packages. (BZ#508278)

In addition, these updated packages provide the following enhancements:

• PCI pass-through is a virtualization-related ability that is enabled by

AMD's IOMMU and Intel's VT-d technologies. With PCI pass-through, PCI
devices can be "passed through" the hypervisor (that is, bypassing it and
locking it out) to an unprivileged domain, thereby allowing near-native
performance of hardware devices, such as network cards, in guest domains.
With this update, PCI pass-through is enabled for both Xen and KVM virtual
machines. (BZ#471156, BZ#513317, BZ#496925, BZ#481757, BZ#481747)

Users are advised to upgrade to these updated libvirt packages, which
resolve these issues and add these enhancements.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386

Fixes

• BZ - 278931 - Invalid config files and ordinary text files in /etc/xen cause libvirt error messages
• BZ - 348861 - libvirt error message (virt-manager) "out of memory/invalid argument in __VirtGetDomain" on guest save/migration
• BZ - 450849 - virsh does not print a proper error when trying to connect to console on remote vm
• BZ - 465593 - Using `virsh` does not properly parse vifname parameter from domU configuration!
• BZ - 466891 - Feature Request: Inclusion of serial port redirection to a file in rhel
• BZ - 475791 - [RHEL5.4]: libvirt/ virsh passes incorrect type=vbd when detaching TAP devices
• BZ - 477275 - virsh domblkstat gives wrong error message when the target device doesn't exist in the guest
• BZ - 483837 - virsh version - libvir: QEMU error : internal error Cannot find QEMU binary
• BZ - 484340 - Creating new virtual networks via virt-manager causes SELinux violations
• BZ - 484665 - THe <clock offset='localtime'/> is not honoured for RHEL-5 Xen
• BZ - 489250 - virsh migrate is not allowing for authentication credentials when connecting to the destination
• BZ - 489283 - virsh save $shutted-off-domain will get invalid domain pointer in no domain with matching id -1
• BZ - 489286 - libvir: error: invalid connection pointer in virConnectClose
• BZ - 490412 - libvir: error: this function is not supported by the hypervisor: virNodeDeviceLookupByName
• BZ - 490572 - three methods having the same name createXML() in the libvirt.py
• BZ - 496616 - libvirt: a pool with the wrong config was defined in pool list
• BZ - 496925 - [Various 5.4 feat] Support NPIV in libvirt
• BZ - 497051 - virsh detach-device ''Segmentation fault' error
• BZ - 499577 - RHEL 5.4 vt-d: libvirt's qemu driver interprets the <hostdev> "managed" attribute incorrectly
• BZ - 500158 - 'virsh destroy' destroys multiple VMs
• BZ - 502095 - RHEL5.4: libvirt QEMU driver is using old pci_add/pci_del syntax
• BZ - 503178 - libvirtd crashes on tls connection
• BZ - 503481 - Errors reported after setting network bridge autostart for second time.
• BZ - 503729 - virsh freecell outputs incorrect unit of measurement
• BZ - 504046 - libvirt must look in /usr/libexec for qemu-kvm binary as priority over /usr/bin
• BZ - 504119 - Storage driver is built without QCow2 support due to missing qemu-img BuildRequires
• BZ - 504285 - destroy node device and create node device from xml has "Segmentation fault"
• BZ - 504775 - Remote driver is broken for automatic TLS URIs, and does not report certificate file problems
• BZ - 506688 - virsh dominfo prints an error on every invocation with Xen driver
• BZ - 508278 - A running vm will disappear after forced off
• BZ - 509261 - nodedev-dumpxml can hang libvirtd
• BZ - 513317 - PCI passthrough with kvm guest cause libvirtd dead
• BZ - 514921 - libvirt does not properly detect FLR support

CVEs

(none)

References

• http://libvirt.org/news.html