libvirt: libvirt releases
A rogue guest could continuously reboot itself and cause libvirtd on the host to deadlock or crash, resulting in a denial of service condition.
For strict mode of <numatune/> it can't be guaranteed that memory is moved completely onto new set of nodes (e.g. QEMU might have locked pieces of its memory) thus breaking the strict promise. If live migration of QEMU memory between NUMA nodes is desired, users are advised to use restrictive mode instead.
The blockdev-mirror block job supports a mode where writes from the VM are synchronously propagated to the destination of the copy. This ensures that the job will converge under heavy I/O.
Implement the mode for the copy blockjob as VIR_DOMAIN_BLOCK_COPY_SYNCHRONOUS_WRITES flag exposed via virsh blockcopy --synchronous-writes and for non-shared storage migration as VIR_MIGRATE_NON_SHARED_SYNCHRONOUS_WRITES exposed via virsh migrate --copy-storage-synchronous-writes .
New API virDomainSetLaunchSecurityState() and virsh command domsetlaunchsecstate are added to support injecting a launch secret in a domain's memory.
