-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-10.1
-
libvirt-11.5.0-4.el10
-
None
-
Moderate
-
ZStream
-
rhel-virt-core-libvirt-1
-
26
-
None
-
False
-
False
-
-
None
-
None
-
Regression Exception
-
Pass
-
Manual
-
Unspecified
-
Unspecified
-
Unspecified
-
None
We have a serious bug with TLS usage for live migration in QEMU which results in the source QEMU VM crashing if live migration RAM transfer volume exceeds a certain threshold. This is easily triggered with a 16 GB, 4 VPU VM using the 'stress-ng' program and is impacting a number of OpenStack customers.
https://issues.redhat.com/browse/RHEL-98671
While we can workaround it with an override of /etc/crypto-policies on the target host, we need a solution with greater flexibility and precision.
Specifically we need libvirt to be able to set the 'priority' field in the QEMU 'tls-creds-x509' objects it loads into QEMU, based on settings in /etc/libvirt/qemu.conf
This will allow the workaround to be targetted exclusively to live migration and configured on either source or target hosts, as best suits the user. It will also be easier to undo the effects once a GNUTLS fix arrives, since qemu.conf can be updated without needing to restart all QEMU processes.
The first proposed patches are in:
and this will probably want to be backported to active EUS streams in 9.x at least.
- is related to
-
-
- Planning
-
- links to
-
RHBA-2025:148139
libvirt bug fix and enhancement update