From patchwork Fri Dec 9 21:48:02 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 6289 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4NTPlW4lyhz3wkR for ; Fri, 9 Dec 2022 21:48:07 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail02.haj.ipfire.org", Issuer "R3" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4NTPlV7150zRK; Fri, 9 Dec 2022 21:48:06 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4NTPlV6CB5z2yxp; Fri, 9 Dec 2022 21:48:06 +0000 (UTC) Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) client-signature ECDSA (P-384)) (Client CN "mail01.haj.ipfire.org", Issuer "R3" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4NTPlT6P7Rz2xPW for ; Fri, 9 Dec 2022 21:48:05 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4NTPlT2r1zzQv; Fri, 9 Dec 2022 21:48:05 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1670622485; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=P7Mc7K1WTyDoXT10r8uD1D9RPEjmw4leJoDGsLpCCWQ=; b=fxKARCm6kbDFpIWsSCEwlONyilSfuQ10Qe5z8GNgz4kSZu3+gkGhDRfg/eXU827I37Cs2B kppeDRncvQUFgUCw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1670622485; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=P7Mc7K1WTyDoXT10r8uD1D9RPEjmw4leJoDGsLpCCWQ=; b=a2UU7f257Hj1ub8x+pJtW1x2DJ5k7yRGnNMXXZdGlWIG399T4Awr5C+cT/UGZ9nmSdakAg UKTqYlxld0M+d/cqZQ2IT8cME5Xkr1kAH6pBIkWo7CUt/9tHBtzBB4QsGi9R696Iean/cf loUH9B+gk76pYH9mFl/6Z2XHvGYIpeVfndpK9+gjQu7O6kie/xNAhR/FEwxapATglzzJ2c 0ApuPI1QMrHuV5gMQyGhg37ev0Cdd5xYg2bFeWylyq2fcfcucNYSfHNUGKluZPQqunhsZk RfokFyqZZKfDlbK8qz+ZLeQi3RxhtrROf5PUwXkyba0p0QaFieCcnkkFBvtw/Q== From: Adolf Belka To: development@lists.ipfire.org Subject: [PATCH] libvirt: Update version to 8.10.0 Date: Fri, 9 Dec 2022 22:48:02 +0100 Message-Id: <20221209214802.3317143-1-adolf.belka@ipfire.org> MIME-Version: 1.0 X-BeenThere: development@lists.ipfire.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: IPFire development talk List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: development-bounces@lists.ipfire.org Sender: "Development" - Update from version 8.9.0 to 8.10.0 - Update of rootfile - Changelog v8.10.0 (2022-12-01) **New features** * Tool for validating SEV firmware boot measurement of QEMU VMs The ``virt-qemu-sev-validate`` program will compare a reported SEV/SEV-ES domain launch measurement, to a computed launch measurement. This determines whether the domain has been tampered with during launch. * Support for SGX EPC (enclave page cache) Users can add a ```` device to lauch a VM with ``Intel Software Guard Extensions``. * Support migration of vTPM state of QEMU vms on shared storage Pass ``--migration`` option if appropriate in order for ``swtpm`` to properly migrate on shared storage. **Improvements** * Mark close callback (un-)register API as high priority High priority APIs use a separate thread pool thus can help in eliminating problems with stuck VMs. Marking the close callback API as high priority allows ``virsh`` to properly connect to the daemon in case the normal priority workers are stuck allowing other high priority API usage. * Updated x86 CPU features The following features for the x86 platform were added: ``v-vmsave-vmload``, ``vgif``, ``avx512-vp2intersect``, ``avx512-fp16``, ``serialize``, ``tsx-ldtrk``, ``arch-lbr``, ``xfd``, ``intel-pt-lip``, ``avic``, ``sgx``, ``sgxlc``, ``sgx-exinfo``, ``sgx1``, ``sgx2``, ``sgx-debug``, ``sgx-mode64``, ``sgx-provisionkey``, ``sgx-tokenkey``, ``sgx-kss``, ``bus-lock-detect``, ``pks``, ``amx``. * Add support for ``hv-avic`` Hyper-V enlightenment ``qemu-6.2`` introduced support for the ``hv-avic`` enlightenment which allows to use Hyper-V SynIC with hardware APICv/AVIC enabled. * qemu: Run memory preallocation with numa-pinned threads Run the thread allocating memory in the proper NUMA node to reduce overhead. * RPM packaging changes - add optional dependancy of ``libvirt-daemon`` on ``libvirt-client`` The ``libvirt-guests.`` tool requires the ``virsh`` client to work properly, but we don't want to require the installation of the daemon if the tool is not used. - relax required ``python3-libvirt`` version for ``libvirt-client-qemu`` The ``virt-qemu-qmp-proxy`` tool requires python but doesn't strictly need the newest version. Remove the strict versioning requirement in order to prevent cyclic dependency when building. **Bug fixes** * Skip initialization of ``cache`` capabilities if host doesn't support them Hypervisor drivers would fail to initialize on ``aarch64`` hosts with following error :: virStateInitialize:657 : Initialisation of cloud-hypervisor state driver failed: no error which prevented the startup of the daemon. * Allow incoming connections to guests on routed networks w/firewalld A change in handling of implicit rules in ``firewalld 1.0.0`` broke incomming connections to VMs when using ``routed`` network. This is fixed by adding a new ``libvirt-routed`` zone configured to once again allow incoming sessions to guests on routed networks. * Fix infinite loop in nodedev driver Certain udev entries might be of a size that makes libudev emit EINVAL which caused a busy loop burning CPU. Fix it by ignoring the return code. Signed-off-by: Adolf Belka Reviewed-by: Peter Müller --- config/rootfiles/packages/libvirt | 10 ++++++---- lfs/libvirt | 6 +++--- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/config/rootfiles/packages/libvirt b/config/rootfiles/packages/libvirt index 5682b73c8..8b3819aa5 100644 --- a/config/rootfiles/packages/libvirt +++ b/config/rootfiles/packages/libvirt @@ -60,6 +60,7 @@ usr/bin/virt-pki-query-dn usr/bin/virt-pki-validate usr/bin/virt-qemu-qmp-proxy usr/bin/virt-qemu-run +usr/bin/virt-qemu-sev-validate usr/bin/virt-ssh-helper usr/bin/virt-xml-validate #usr/include/libvirt @@ -84,16 +85,16 @@ usr/bin/virt-xml-validate #usr/lib/libvirt #usr/lib/libvirt-admin.so usr/lib/libvirt-admin.so.0 -usr/lib/libvirt-admin.so.0.8009.0 +usr/lib/libvirt-admin.so.0.8010.0 #usr/lib/libvirt-lxc.so usr/lib/libvirt-lxc.so.0 -usr/lib/libvirt-lxc.so.0.8009.0 +usr/lib/libvirt-lxc.so.0.8010.0 #usr/lib/libvirt-qemu.so usr/lib/libvirt-qemu.so.0 -usr/lib/libvirt-qemu.so.0.8009.0 +usr/lib/libvirt-qemu.so.0.8010.0 #usr/lib/libvirt.so usr/lib/libvirt.so.0 -usr/lib/libvirt.so.0.8009.0 +usr/lib/libvirt.so.0.8010.0 #usr/lib/libvirt/connection-driver usr/lib/libvirt/connection-driver/libvirt_driver_ch.so usr/lib/libvirt/connection-driver/libvirt_driver_interface.so @@ -317,6 +318,7 @@ usr/share/libvirt/schemas/nodedev.rng usr/share/libvirt/schemas/nwfilter.rng usr/share/libvirt/schemas/nwfilter_params.rng usr/share/libvirt/schemas/nwfilterbinding.rng +usr/share/libvirt/schemas/privatedata.rng usr/share/libvirt/schemas/secret.rng usr/share/libvirt/schemas/storagecommon.rng usr/share/libvirt/schemas/storagepool.rng diff --git a/lfs/libvirt b/lfs/libvirt index aa28ef2dc..bb7abbb28 100644 --- a/lfs/libvirt +++ b/lfs/libvirt @@ -26,7 +26,7 @@ include Config SUMMARY = Server side daemon and supporting files for libvirt -VER = 8.9.0 +VER = 8.10.0 THISAPP = libvirt-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -35,7 +35,7 @@ DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) SUP_ARCH = x86_64 aarch64 PROG = libvirt -PAK_VER = 30 +PAK_VER = 31 DEPS = ebtables libpciaccess libtirpc libyajl ncat qemu @@ -49,7 +49,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 537b6badb6171110e99561613fb1318144991107139401296248afb747ae6f9cfafcd17b2292b8d8dcc9188ff4206035ea814efa6c129bae50c0518f61be9b81 +$(DL_FILE)_BLAKE2 = 6c99428dd74ae1e535d0918bb48da0a851b03e9dfc38f96fca060a33b6be6c23c8b4a789695e8cf930536c156c8a893e18753a58c8a827f464b83a61b47c4846 install : $(TARGET) check : $(patsubst %,$(DIR_CHK)/%,$(objects))