[Libvirt-announce] Release of libvirt-4.5.0

Daniel Veillard veillard at redhat.com
Mon Jul 2 20:35:50 UTC 2018 

  As planned the release is out, it is tagged in git and I have pushed
the signed tarball and rpms to the usual place:

   ftp://libvirt.org/libvirt/

I also made a release of the python bindings 4.5.0 also tagged in git with
signed tarball and rpms at:

   ftp://libvirt.org/libvirt/python


 This release has a distinct flavour around security, with one added feature
and improvement in that direction but also removal of some features which might
prove insecure. Beside that a potential crasher was fixed so user are invited
to update to this new version:

New features:

- qemu: Provide TPM emulator support
  Support QEMU's TPM emulator based on swtpm. Each QEMU guest gets its
  own virtual TPM.

- bhyve: Support specifying guest CPU topology
  Bhyve's guest CPU topology could be specified using the <cpu><topology
  ../></cpu> element.

- qemu: Add support for extended TSEG size
  Support specifying extended TSEG size for SMM in QEMU.

- qemu: Add support for SEV guests
  SEV (Secure Encrypted Virtualization) is a feature available on AMD
  CPUs that encrypts the guest memory and makes it inaccessible even to
  the host OS.

Removed features:

- Remove support for qcow/default encrypted volumes
  Disallow using a qcow encrypted volume for the guest and disallow
  creation of the qcow or default encrypted volume from the storage
  driver. Support for qcow encrypted volumes has been phasing out since
  QEMU 2.3 and by QEMU 2.9 creation of a qcow encrypted volume via
  qemu-img required usage of secret objects, but that support was never
  added to libvirt.

- Make GnuTLS mandatory
  Building without GnuTLS is no longer possible.

- qemu: Remove allow_disk_format_probing configuration option
  The option represented a security risk when used with malicious disk
  images, so users were recommended against enabling it; with this
  release, it's been removed altogether.

Improvements:

- capabilities: Provide info about host IOMMU support
  Capabilities XML now provide information about host IOMMU support.

- virsh: Add --all to domblkinfo command
  Alter the domblkinfo command to add the option --all in order to
  display the size details of each domain block device from one command
  in a output table.

- qemu: Allow concurrent access to monitor and guest agent
  Historically libvirt prevented concurrent accesses to the qemu monitor
  and the guest agent. Therefore two independent calls (one querying the
  monitor and the other querying guest agent) would serialize which hurts
  performance. The code was reworked to allow two independent calls run
  at the same time.

- qemu: Allow configuring the page size for HPT pSeries guests
  For HPT pSeries guests, the size of the host pages used to back guest
  memory and the usable guest page sizes are connected; the new setting
  can be used to request that a certain page size is available in the
  guest.

- Add support to use an raw input volume for encryption
  It is now possible to provide a raw input volume as input for to
  generate a luks encrypted volume via either virsh vol-create-from or
  virStorageVolCreateXMLFrom.

- qemu: Add support for vsock hot (un)plug and cold (un)plug

- qemu: Add support for NBD over TLS
  NBD volumes can now be accessed securely.

- qemu: Implement FD passing for Unix sockets
  Instead of having QEMU open the socket and then connecting to it, which
  is inherently racy, starting with QEMU 2.12 we can open the socket
  ourselves and pass it to QEMU, avoiding race conditions.

- virsh: Introduce --nowait option for domstat command
  When this option is specified, virsh will try to fetch the guest stats
  but abort instead of stalling if they can't be retrieved right away.

Bug fixes:

- qemu: Fix a potential libvirtd crash on VM reconnect
  Initialization of the driver worker pool needs to come before libvirtd
  trying to reconnect to all machines, since one of the QEMU processes
  migh have already emitted events which need to be handled prior to us
  getting to the worker pool initialization.

- qemu: Fix domain resume after failed migration
  Recent versions of QEMU activate block devices before the guest CPU has
  been started, which makes it impossible to roll back a failed
  migration. Use the late-block-activate migration capability if
  supported to avoid the issue.

- vmx: Permit guests to have an odd number of vCPUs
  An odd number of vCPUs greater than 1 was forbidden in the past, but
  current versions of ESXi have lifted that restriction.

  Thanks everybody for your contributions to this release, be it with
code, ideas, bug reports, patch reviews, documentation, etc...

   Enjoy the release !

Daniel


-- 
Daniel Veillard      | Red Hat Developers Tools http://developer.redhat.com/
veillard at redhat.com  | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | virtualization library  http://libvirt.org/

More information about the Libvirt-announce mailing list