Michal Privoznik [Wed, 11 Mar 2026 13:33:46 +0000 (14:33 +0100)]
qemuhotplugtest: Use fake drivers
Hotplugging a device may require talking to other drivers (e.g.
network), similar to when starting a domain anew
(qemuxmlconftest). Register fake drivers for future benefit of
the test.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Wed, 11 Mar 2026 13:33:57 +0000 (14:33 +0100)]
virnetworkportxml2xmldata: Use different PCI address in plug-hostdev-pci.xml
Inside of plug-hostdev-pci.xml there's a PCI address of an
allocated PCI device for an <interface type='network'/>.
Currently, there's some made up address. But this specific file
is going to be used from qemuhotplugtest soon and as such it
needs an PCI address that virpcimock creates. Switch it to
0000:06:12.2.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Tue, 10 Mar 2026 18:42:12 +0000 (19:42 +0100)]
qemuxmlconftest: Separate fake drivers into a separate file
One of the tests that qemuxmlconftest does is generate cmd line
for given domain XML. This process might involve talking to other
drivers (secret/storage/nwfilter/network). To produce predictable
output the test comes with fake implementation of APIs of those
drivers. Well, move that implementation into a separate file so
that it can be reused by other tests (notably, qemuhotplugtest is
going to use it).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Tue, 10 Mar 2026 16:05:12 +0000 (17:05 +0100)]
tests: Drop WITH_QEMU from qemu specific tests binaries/libraries
Inside of tests/meson.build there is a section that builds QEMU
related tests conditionally (for instance
qemudomaincheckpointxml2xmltest). It makes no sense to have the
same check inside source file. Or even provide alternative
implementation for cases when building without QEMU
(EXIT_AM_SKIP). When building without QEMU driver the test is not
even compiled, so EXIT_AM_SKIP is dead code.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Thu, 29 Jan 2026 14:10:06 +0000 (15:10 +0100)]
networkxmlconftest: s/fail/cleanup/
Inside of testCompareXMLtoXMLFiles() the 'fail' label is used in
both successful and error runs. If that's the case, our coding
standard mandates the label to be named 'cleanup'. Change it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Fri, 30 Jan 2026 14:47:19 +0000 (15:47 +0100)]
src: Drop NULL check before calling virBufferEscapeString()
There's no need to check if any of the three arguments passed to
virBufferEscapeString() is NULL as the function does so itself.
Well, in a few places we're comparing the last argument against
NULL. Drop the comparison then.
Generated using the following spatch:
@@
expression X, Y, E;
@@
- if (E) virBufferEscapeString(X, Y, E);
+ virBufferEscapeString(X, Y, E);
@@
expression X, Y, E;
@@
- if (E) {
virBufferEscapeString(X, Y, E);
- }
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Jonathon Jongsma [Wed, 11 Feb 2026 22:25:51 +0000 (16:25 -0600)]
hyperv: Implement domainSnapshotLookupByName()
Unfortunately Hyper-V does not enforce any uniqueness constraints on
snapshot names (called ElementName in Hyper-V). So it's possible for
multiple snapshots of the same domain to have identical ElementNames.
Since libvirt uses the domain and snapshot name as a unique key to
reference a snapshot, we can't use the hyperv ElementName as the
snapshot name in libvirt.
So instead I've decided to use the InstanceId of the snapshot as the
snapshot name and use the ElementName as the snapshot description. This
results in a worse user experience (since the snapshot names end up
being something like "Microsoft:$(UUID)"), but guarantees that we will
be able to uniquely reference every snapshot.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Xiaotian Feng [Wed, 25 Feb 2026 07:48:21 +0000 (07:48 +0000)]
qemu: Enable AMD IOMMU XTSUP by default
Add QEMU_CAPS_AMD_IOMMU_XTSUP capability and enable xtsup
by default for AMD IOMMU when a Q35 domain has >255 vCPUs,
similar to Intel EIM auto-enable logic. Also ensure intremap is
turned on when required.
Signed-off-by: Xiaotian Feng <xiaotian.feng@amd.com> Reviewed-by: Ankit Soni <Ankit.Soni@amd.com> Tested-by: Ankit Soni <Ankit.Soni@amd.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Xiaotian Feng [Wed, 25 Feb 2026 07:48:20 +0000 (07:48 +0000)]
conf: support >255 vcpu w/ amd-iommu xtsup
Rename QEMU_MAX_VCPUS_WITHOUT_EIM to QEMU_MAX_VCPUS_WITHOUT_X2APIC to
clarify the limit is tied to APIC ID width.
Validation now accepts either:
- intel-iommu with eim='on', or
- amd-iommu with xtsup='on'
for guests with more than 255 vCPUs on x86/q35.
Update error messages to mention x2APIC mode instead of extended
interrupt mode. This reflects that AMD platforms can satisfy the same
requirement via xtsup property on amd-iommu.
Signed-off-by: Xiaotian Feng <xiaotian.feng@amd.com> Reviewed-by: Ankit Soni <Ankit.Soni@amd.com> Tested-by: Ankit Soni <Ankit.Soni@amd.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Leander Kohler [Fri, 27 Feb 2026 12:39:19 +0000 (13:39 +0100)]
rpc: free saved close error in virNetClientDispose
virNetClientMarkClose() may cache the current error in client->error via
virSaveLastError() when a client is marked for close.
That error is normally released in virNetClientCloseLocked(), but some
teardown paths can dispose the client object without reaching that
cleanup. In that case, client->error remains allocated and ASan reports
a leak.
Free client->error in virNetClientDispose() as a final cleanup fallback.
This was observed during virtchd shutdown in test_disk_is_locked, with
the leak originating from:
virDomainInterfaceDeleteDevice() -> remoteConnectClose() ->
virNetClientMarkClose() -> virSaveLastError()
On-behalf-of: SAP leander.kohler@sap.com Signed-off-by: Leander Kohler <leander.kohler@cyberus-technology.de> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Wed, 11 Mar 2026 11:21:17 +0000 (12:21 +0100)]
tests: Create fake root dirs later
In one of previous commits the virTestMain() function was changed
to actually create fake HOME, XDG_RUNTIME_DIR, ... directories
instead of setting spoofed values in the environment. But
alongside with this, the call to virTestFakeRootDirInit() was
moved (to location where environment was poisoned). And this
would not matter if it wasn't for mocking. Because what we ended
up with is virTestFakeRootDirInit() is called and then
(optionally) the process re-execs itself (with mocks loaded).
This means that previously created root dirs are never cleaned
up and just pollute builddir.
Therefore, restore original location from which the function was
called.
Fixes: 79d97d2b4f0b55ea80f8330144953e2b93927e25 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Jiri Denemark [Wed, 11 Mar 2026 10:31:06 +0000 (11:31 +0100)]
Introduce EXPAND_CPU_FEATURES flag for domain capabilities
The new VIR_CONNECT_GET_DOMAIN_CAPABILITIES_EXPAND_CPU_FEATURES flag for
virConnectGetDomainCapabilities can be used to request the host-model
CPU definition to include all supported features (normally only extra
features relative to the selected CPU model are listed).
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Peter Krempa [Mon, 9 Mar 2026 16:38:28 +0000 (17:38 +0100)]
util: Move 'virProcessLimitResourceToLabel' into same preprocessor if-block as only caller
'virProcessLimitResourceToLabel' is called only from
'virProcessGetLimitFromProc' but the latter has different conditions
when it's compiled. In certain cases this could lead to build failures.
Fixes: 90fe839f8a0 Closes: https://gitlab.com/libvirt/libvirt/-/work_items/848 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Peter Krempa [Mon, 9 Mar 2026 14:07:39 +0000 (15:07 +0100)]
qemu: processShutdownCompletedEvent: Remove inactive VM object after shutdown
When the qemu process can't be successfully killed (e.g. when it's stuck
in a long system call) libvirt creates a watch and waits for the monitor
socket to go away before cleaning up the domain.
The cleanup code in 'processShutdownCompletedEvent' called
'qemuProcessStop' but didn't call also 'qemuDomainRemoveInactive' which
would break if a transient VM would undergo the delayed cleanup as we'd
still have it's VM object around.
Fixes: e62c26a20dced58ea342d9cb8f5e9164dc3bb023 Closes: https://gitlab.com/libvirt/libvirt/-/work_items/853 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Thu, 5 Mar 2026 14:39:02 +0000 (15:39 +0100)]
qemu: hotplug: Don't access disk definititon after it was freed after media change
A special case in qemuDomainAttachDeviceDiskLive causes disk media to be
changed. This code has different semantics than the real hotplug code
where the hotplugged device definition is absorbed into the domain
definition and thus the pointer is still valid. On media change we just
use the disk source and discard everything else from the disk
definition.
Later in qemuDomainAttachDeviceLive we then attempt to extract the alias
of the attached device for emiting an event. Since in case of media
change the main definition was freed this causes an use-after-free on
the disk data pointer.
To address this the media change code will clear the disk definition
pointer from the device wrapper and the caller will extract the device
alias only when the disk definition pointer is non-NULL.
The semantics of the event will not change because the device alias
wouldn't be assigned for the media change code at all.
The use-after-free is observable via valgrind when attempting a media
change via 'virsh attach-device', as otherwise in most cases it doesn't
cause any ill efect as only the pointer to a NULL string is accessed:
==2763495== Invalid read of size 8
==2763495== at 0xEA4102A: qemuDomainAttachDeviceLive (qemu_hotplug.c:3455)
==2763495== by 0xEA28ECD: qemuDomainAttachDeviceLiveAndConfig (qemu_driver.c:7408)
==2763495== by 0xEA28ECD: qemuDomainAttachDeviceFlags (qemu_driver.c:7456)
==2763495== by 0x4BC5BE6: virDomainAttachDevice (libvirt-domain.c:8951)
==2763495== by 0x402579D: remoteDispatchDomainAttachDevice (remote_daemon_dispatch_stubs.h:3763)
[snip]
==2763495== Address 0x6df57c8 is 360 bytes inside a block of size 608 free'd
==2763495== at 0x48F7E43: free (vg_replace_malloc.c:990)
==2763495== by 0x4EC7EC4: g_free (in /usr/lib64/libglib-2.0.so.0.8600.3)
==2763495== by 0xEA4101E: qemuDomainAttachDeviceDiskLive (qemu_hotplug.c:1150)
==2763495== by 0xEA4101E: qemuDomainAttachDeviceLive (qemu_hotplug.c:3453)
==2763495== by 0xEA28ECD: qemuDomainAttachDeviceLiveAndConfig (qemu_driver.c:7408)
==2763495== by 0xEA28ECD: qemuDomainAttachDeviceFlags (qemu_driver.c:7456)
==2763495== by 0x4BC5BE6: virDomainAttachDevice (libvirt-domain.c:8951)
[snip]
Closes: https://gitlab.com/libvirt/libvirt/-/issues/859 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Instead of trying to figure out every single place where hostdev is used
as struct directly and allocating empty private data check if iommufd
is configured as that will happen only for <hostdev> device where the
private data are correctly allocated.
This patch is best viewed with `git show -w`.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
qemuhotplugtest: Run "interface-hostdev" test cases only on Linux
In one of my previous commits, I've introduced
"interface-hostdev" attach and detach test cases to
qemuhotplugtest. And they work flawlessly, on Linux. But on
anything else they fail because our virpci.c module is basically
just a bunch of stub functions that do nothing but report an
error, rendering my changes to virpcimock futile.
BTW: this is similar to what I had done in v12.1.0-rc1~199.
Fixes: f9bb819fc4841dbdff801629bf58f9fd6d7d93eb Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Thu, 26 Feb 2026 10:01:54 +0000 (11:01 +0100)]
qemuhotplugtest: Introduce interface-hostdev test case
While our qemuhotplugtest already does a PCI hotplug and unlpug
("hostdev-pci") there is another way to hotplug a PCI device,
esp. if it's a NIC: <interface type='hostdev'/>. This has been
missing and as shown in v12.1.0-rc1-4-gfe782ed334 can be
potentially dangerous as some different paths are taken.
Introduce a test case for interface-hostdev.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Thu, 26 Feb 2026 14:51:59 +0000 (15:51 +0100)]
virpcimock: Create net/ subdir for devices
A PCI device that is a network interface card also has 'net/'
subdir with interface name it corresponds to. For instance:
# ls -l /sys/bus/pci/devices/0000\:00\:1f.6/net/
total 0
drwxr-xr-x 5 root root 0 Feb 26 16:51 eth0
Allow setting interface name for PCI devices.
Now, in real life the net/$IFNAME/ is a directory, but since our
code opens net/ dir and then just reads dentries creating file
instead of full blown dir is okay.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Laine Stump [Thu, 11 Dec 2025 05:22:30 +0000 (00:22 -0500)]
tests: stop mocking virGetUserRuntimeDirectory()
The same functionality has been achieved by setting the
XDG_RUNTIME_DIR environment variable during the setup of the "fake
root" directory in testutils.c
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Wed, 10 Dec 2025 17:20:09 +0000 (12:20 -0500)]
tests: point $HOME and $XDG_* into usable fake root directory
A long time ago we added some lines to "poison" the environment of
test programs (specifically $HOME and $XDG_*) with nonexisting
unusable paths so that any test program attempting to use the normal
settings of those variables (which point into the filesystem of the
system running the test) would fail (rather than silently messing up
the test system).
At some later time, someone wrote tests for hostdev devices that
required that virGetUserRuntimeDirectory() (which normally uses either
$XDG_RUNTIME_DIR or $HOME) return a directory that could actually be
used as a part of the test; this was solved by mocking
virGetUserRuntimeDirectory() to return a path underneath
$LIBVIRT_FAKE_ROOT_DIR (which is created each time a test starts).
Much much later, I wanted to add validation of the directory returned
by virGetUserRuntimeDirectory(), but when this validation was added,
the poisoned values that had been set (back in paragraph one "a long
time ago") caused this validation to fail.
My first attempt to fix this was to make the mocked
virGetUserRuntimeDirectory() more generally available, and turn it on
for all the tests that failed. But then I realized that a better
solution would be to instead "nourish" (rather than "poison" - get
it?) $HOME and $XDG_* with directories created under
$LIBVIRT_FAKE_ROOT_DIR. This way we are actually testing the real
virGetUserRuntimeDirectory() and any future validation, and also make
some other tests cover more actual code in the future.
In this patch the poisoning of the environment is removed, the call to
the function creating the fake root dir is moved up to that location,
and as a part of creating the fake root dir, we also set the
aforementioned environment variables and create the directories
associated with them (since the tests assume that they already exist).
The now-redundant original mock of virGetUserRuntimeDirectory() will
be removed in another patch.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Mon, 15 Dec 2025 20:56:47 +0000 (15:56 -0500)]
consistently use glib g_getenv() instead of libc getenv()
We've been using glib g_setenv() since commit 2c3353242337bb50fe5abc9454fd5fc98236d4ef in December 2019 (switching
away from the gnulib version of setenv()). Most (but not all) of the
calls to get environment variables have remained using libc's getenv()
though, even though there is a g_getenv() wrapper in glib to match the
g_setenv() wrapper.
While getenv() doesn't have the thread safety problems of setenv(),
it's still recommended that users of g_setenv() also use g_getenv()
(for consistency, and because the glib functions handle UTF-8 properly
while libc getenv() may or may not depending on the setting of LANG in
the environment).
This patch changes all calls to getenv() to use g_getenv() instead,
with the exceptions of:
1) the call to getenv() in virt-login-shell.c (because
virt-login-shell runs setuid root, and we don't want glib or any other
gigantic library anywhere near a setuid program). In a few cases a
char * needs to be made const, and the return from getenv() needs to
be g_strdup()ed if it must stick around for any amount of time (since
the buffer returned from g_getenv() might be recycled/re-used if there
is another call to g_getenv()/g_setenv()).
2) the call to getenv() in libvirt_nss_log.c because it is compiled
into a loadable module that will be loaded into a process after the
process's normal startup, and so any initialization that might be
required for a glib function to operate properly may not be called.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Wed, 10 Dec 2025 05:43:04 +0000 (00:43 -0500)]
util: make completely separate functions for WIN32 versions of virGetUser*Directory()
This will make it easier to, e.g., add sanity checks to the Linux
versions of these functions without potentially causing regressions on
a platform that isn't widely tested
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Wed, 10 Dec 2025 04:25:36 +0000 (23:25 -0500)]
util: rename virGetUserDirectory(ByUID) to virGetUserHomeDirectory(ByUID)
All the other wrapper functions for glib g_get_user_*_dir() have the
type of directory (the "*" in that wildcarded name) in the libvirt
function name. These functions, on the other hand, call
g_get_home_dir(), but the libvirt API is called
virGetUserDirectory*(). Let's make it *a bit* closer to consistent (at
least the libvirt API names will be consistent with each other, even
if glib isn't).
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Thu, 12 Feb 2026 16:23:10 +0000 (11:23 -0500)]
qemu: support setting default route for passt interfaces inside the guest
libvirt's <interface> element has for a long time supported adding
<route> sub-elements to specify arbitrary routes to be added to the
guest OS networking, but historically this has only worked for LXC
guests. If you tried to add <route> to the interface of a QEMU guest,
it would be rejected.
passt networking doesn't support setting *any arbitrary* route but it
does support setting a default route (using the passt commandline
"--gateway" parameter). A default route is really just a "route with
unspecified destination/prefix", so a default route can be specified
in libvirt XML with:
<route gateway='192.168.0.1'/>
Attempts to give a specified destination, prefix, or metric will
result in a validation error.
Resolves: https://issues.redhat.com/browse/RHEL-46602 Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Tue, 24 Feb 2026 07:14:38 +0000 (02:14 -0500)]
conf/util: fix non-specification of IP route destination address
The Linux/libnl version of virNetDevIPRouteAdd() has always had code
that would use "0.0.0.0" (or "::" for IPv6) for the route's
destination address if none was specified, but 1) our validation code
has always required it to be specified anyway, 2) the FreeBSD version
of virnertDevIPRouteAdd() expected that it would be specified, and 3)
virNetDevIPRouteFormat() also expected route->address to be
valid. This patch fixes those 3 deficiencies, so that this XML now
works:
Laine Stump [Wed, 11 Feb 2026 23:31:42 +0000 (18:31 -0500)]
qemu: only limit IPv4 prefix for slirp
The slirp backend is limited in what the netmask/prefix of a
user-specified IP address can be, but passt doesn't have these
artificial limitations - any valid prefix is okay with passt, so we
shouldn't reject them
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Tue, 3 Feb 2026 21:24:09 +0000 (16:24 -0500)]
qemu: delete passt "repair" socket when appropriate
When using a vhost-user connection between passt and QEMU, passt will
autocreate a socket called ${socketname}.repair, but doesn't delete
this socket when it exits, so to be a good citizen, libvirt should
delete it when we are tearing down the passt device plumbing.
Resolves: https://issues.redhat.com/browse/RHEL-80285 Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Jim Fehlig [Fri, 6 Mar 2026 16:56:16 +0000 (09:56 -0700)]
test: Default to ROM type for loader
Commit 1504b7f687 moved the corresponding logic from the generic
postparse code to drivers but failed to update the test driver,
which causes failures in virt-manager's test suite.
Fixes: 1504b7f687bdfc679377e605d076776b18533468 Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Bhyve supports NUMA domains configuration using the '-n'
command line argument:
-n id,size,cpus[,domain_policy]
Here, "id" is a numeric NUMA domain id, "size" is the total VM
memory size with units format similar to the "-m" switch,
"cpus" is a cpuset, and "domain_policy" is an optional
domainset(9) memory allocation policy. The "domain_policy"
is currently not used by the libvirt driver.
This argument is repeated for every NUMA domain to be configured, e.g.:
Jonathon Jongsma [Fri, 27 Feb 2026 20:34:58 +0000 (14:34 -0600)]
hyperv: fix flags passed to virDomainDefParseString()
This function expects flags that are bitwise-or values of the
VIR_DOMAIN_DEF_PARSE_* constants, but we were passing two flags that
were not part of this flag set:
- 1 < VIR_DOMAIN_VIRT_HYPERV
- VIR_DOMAIN_XML_INACTIVE
Replace VIR_DOMAIN_XML_INACTIVE with VIR_DOMAIN_DEF_PARSE_INACTIVE
(which fortunately happens to be the exact same value). Remove flag
"1 < VIR_DOMAIN_VIRT_HYPERV", which turns out to the the same value
as the flag VIR_DOMAIN_DEF_PARSE_ABI_UPDATE_MIGRATION, which seems
unnecessary and undesirable here.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Jonathon Jongsma [Fri, 27 Feb 2026 17:56:00 +0000 (11:56 -0600)]
hyperv: ensure we don't define multiple domains with the same name
Right now if we run `virsh define domain.xml` multiple times, it will
result in multiple domains being defined with the same name. This
violates libvirt assumptions about name uniqueness, so prevent this from
happening by returning an error.
There's not much we can do about vms that may have been created outside
of libvirt that might have the same name (unless we switch to using
something like the UUID as the name for hyperv domains, which would
not be very user-friendly), but at least we can not contribute to the
problem.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Jonathon Jongsma [Fri, 27 Feb 2026 17:47:00 +0000 (11:47 -0600)]
hyperv: improve error message when redefining domain
The current error message results in something like the following when
running `virsh define` for an existing domain:
`domain Domain already exists with UUID '$UUID' exists already`
Improve the error message and make it behave like the esx driver and
indicate that we do not yet support redefining existing domains in hyperv.
Also avoid using the public LookupByUUID() API to check for existance,
which requires unnecessarily allocating and de-allocating a virDomainPtr
object.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
util: json: fix memory leak in virJSONValueFromJsonC()
In the 'json_type_object' and/ro 'json_type_array' cases, the
error path uses 'g_free()', which doesn't release other nested
memory allocations. Replace it with 'virJSONValueFree()' to
properly free the entire 'virJSONValue' structure.
Fixes: 9e6555fd90988948a05e83466b1903bb95b36f39 Fixes: da66bf53b09ee8f5facacae700638a9a6f3a2477 Signed-off-by: Elizaveta Tereshkina <teryoshkina.ea@gmail.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Pavel Hrdina [Fri, 27 Feb 2026 16:55:34 +0000 (17:55 +0100)]
qemu: Fix IOMMUFD and VFIO security labels
When IOMMUFD support was introduced it incorrectly tried to label
`/dev/iommu` and `/dev/vfio/devices/vfioX` but they are not added to
QEMU namespace because libvirt opens FDs and passes these FDs to QEMU.
We need to label these FDs instead.
Fixes: 7d2f91f9cb572ab95d0916bdd1a46dd198874529 Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
A recent commit caused the virFDStreamRead method to loop reading data
until the provided buffer is full. Unfortunately the EOF handling was
not quite correct.
* When seeing a virFDStreamMsg with length zero, it would still
loop trying to read more and then get an error that the thread
has quit.
* When seeing a virFDStreamMsg with length zero on subsequent
iterations, it would discard this message, which would in turn
prevent the caller from ever seeing the 'ret == 0' return value
indicating EOF. The caller would then try to read again and get
an error about the stream being closed.
Fixes: e23fd0b7fd36c41e6db49df4f4962762d3ef6ab0 Reported-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Tested-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
fdstream: don't set return value if looping to read more data
The 'ret' variable should only have a value assigned once we have
completely finished reading data, otherwise an error on a subsequent
iteration will report an error but not return a negative value.
Fixes: e23fd0b7fd36c41e6db49df4f4962762d3ef6ab0 Reported-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Tested-by: Roman Bogorodskiy <bogorodskiy@gmail.com> Reviewed-by: Ján Tomko <jtomko@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Pavel Hrdina [Thu, 26 Feb 2026 09:18:23 +0000 (10:18 +0100)]
domain_conf: initialize network hostdev private data
Currently virDomainNetDef and virDomainActualNetDef use
virDomainHostdevDef directly as structure and the code doesn't call
virDomainHostdevDefNew() that would initialize private data.
This is hackish quick fix to solve a crash that happens in two
scenarios:
1. attaching any interface with hostdev backend
0x0000fffbfc0e2a90 in qemuDomainAttachHostPCIDevice (driver=0xfffbb4006750, vm=0xfffbf001f790, hostdev=0xfffbf400b150) at ../src/qemu/qemu_hotplug.c:1652
1652 if ((ret = qemuFDPassDirectTransferMonitor(hostdevPriv->vfioDeviceFd, priv->mon)) < 0)
2. starting VM with interface with hostdev backend using iommufd
0x00007f6638d5b9ca in qemuProcessOpenVfioDeviceFd (hostdev=hostdev@entry=0x7f6634425ee0) at ../src/qemu/qemu_process.c:7719
7719 hostdevPriv->vfioDeviceFd = qemuFDPassDirectNew(name, &vfioDeviceFd);
Proper fix for this issue is to refactor network code to use pointer and to
use virDomainHostdevDefNew().
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Stefan Kober [Wed, 25 Feb 2026 12:50:16 +0000 (13:50 +0100)]
util: fix use-after-free in virIdentityGetSystem
We have a g_autoptr ret in the virIdentityGetSystem function. In the
happy path it is properly returned by doing: return g_steal_pointer(&ret);
There are 2 early return paths, were we do the following: "return ret;"
This leads to the g_autoptr being cleaned up after we leave the
function, as we do not properly "steal" it.
When later using the return value we have a use-after-free, which has
led to segfaults in some cases.
As this is a regression introduced in v5.9.0-rc1~269, we change
the behavior to properly return NULL in those cases.
Fixes: c6825d88137cb8e4debdf4310e45ee23cb5698c0
On-behalf-of: SAP stefan.kober@sap.com Signed-off-by: Stefan Kober <stefan.kober@cyberus-technology.de> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Jiri Denemark [Mon, 23 Feb 2026 15:23:10 +0000 (16:23 +0100)]
qemu: Fix job handling when domain dies in post-copy migration
When a domain is in post-copy migration phase, we need to keep the job
active if something fails to protect the domain from changes.
Unfortunately, there is a race between migration code and
qemuProcessStop that can cause the job to stay active even when the
domain is gone and thus preventing the domain from being started again
(until virtqemud is restarted). The race is caused by unlocking the vm
object when calling virConnectUnregisterCloseCallback. While the domain
is unlocked qemuProcessStop can finish its work and the domain may no
longer be active when we get the lock back. The post-copy path does not
properly check if a domain is still active.
Instead of adding the virDomainObjIsActive check in all places where
this could happen, we can add it in virDomainObjIsPostcopy and
virDomainObjIsFailedPostcopy and let the code take the pre-copy cleanup
path. Clearly an inactive domain can never be in (failed) post-copy
migration.
https://issues.redhat.com/browse/RHEL-145179
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
news: Document support for uefi-vars device and firmwares
Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
projects / thirdparty / libvirt.git / log
