Peter Krempa [Mon, 23 Mar 2026 21:33:49 +0000 (22:33 +0100)]
qemuDomainGetBlockInfo: Add debug statement when updating disk physical size
Update of the physical size fetches it from stat()-ing the file on disk,
which is not visible in the logs so the information can't be pieced back
together as it's the case with the data fetched from the qemu monitor.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 23 Mar 2026 16:23:48 +0000 (17:23 +0100)]
qemuDomainGetStatsBlockExportDisk: Export stats also for 'dataStore'
For qcow2 disk images backed by another storage for storing the actual
blocks (the 'data-file' feature) we forgot to export stats in the bulk
stats API.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Wed, 18 Mar 2026 07:54:16 +0000 (08:54 +0100)]
qemuMigrationSrcBeginPhase: Don't call 'qemuBlockNodesEnsureActive' with offline VM
Commits 7b5566ce67b18a and f879d5f40385358 ( v11.8.0-92-gf879d5f403 )
moved around code for re-activating block backends after migration.
While previously it was done when migration failed now we do it when we
need qemu to do some block operations.
'qemuBlockNodesEnsureActive' is thus called also when 'VIR_MIGRATE_OFFLINE'
is used. This doesn't cause failure similar to previous patch only due
to a conincidence as 'qemuCaps' wasn't initialized yet and thus we
assume that QEMU doesn't support 'blockdev-set-active' and skip all
monitor code.
Make the code more robust and explicit by calling
'qemuBlockNodesEnsureActive' only on active VMs during migration.
Fixes: 7b5566ce67b18a2bebe68fdb07e046f25185f8d3 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Peter Krempa [Mon, 23 Mar 2026 21:39:58 +0000 (22:39 +0100)]
qemuMigrationSrcBeginXML: Don't call 'qemuMigrationSrcBeginPhaseBlockDirtyBitmaps' with offline VM
Commit a4f610ff3fe190058f1 made the call to
'qemuMigrationSrcBeginPhaseBlockDirtyBitmaps' inside
'qemuMigrationSrcBeginXML' unconditional. This unfortunately means that
it was called also with 'VIR_MIGRATE_OFFLINE'.
Attempting to enter the monitor in such case results in an error:
error: operation failed: domain is no longer running
The migration parameter allows enumerating disks selected for migration
where the hypervisor may assume that the user pre-cleared the
destination images of the block copy so that all offsets read 0x00 and
thus optimize clearing of such targets.
This patch adds the 'VIR_MIGRATE_PARAM_MIGRATE_DISKS_TARGET_ZERO'
parameter and also plumbs it for the qemu driver (mirrors plumbing for
'migrate_disks_detect_zeroes').
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
The 'target-is-zero' option of 'blockdev-mirror' allows telling qemu to
skip zeroing the mirror target if the user certifies that it's empty. It
was introduced in qemu-10.1.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Any QEMU we support requires use of NBD for disk migration which is not
supported with tunnelled migration. This is validated in
'qemuMigrationSrcBeginPhase'. Passing the list of disks to migrate is
thus pointless. Remove the argument.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Fri, 20 Mar 2026 14:12:54 +0000 (15:12 +0100)]
qemu: conf: Don't use VIR_ERR_INTERNAL_ERROR for config file parsing errors
When parsing port ranges for the port allocator VIR_ERR_INTERNAL_ERROR
is not the right error code for errors on the user-supplied numbers. Use
VIR_ERR_CONF_SYNTAX instead.
Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Peter Krempa [Mon, 23 Mar 2026 07:50:56 +0000 (08:50 +0100)]
qemuBuildFSStr: Properly format 'readonly' attribute
Short-form booleans are deprecated in qemu since qemu 6.0. Switch to the
proper 'readonly=on' format.
Closes: https://gitlab.com/libvirt/libvirt/-/work_items/864 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Tue, 10 Mar 2026 15:55:47 +0000 (16:55 +0100)]
scripts: dtrace2systemtap: Fix argument name extraction regex to avoid '*' in names
When commit d249170bf609d2c modified the arguments of
'virNetTLSContextNew' which has a systemtap probe defined the
'dtrace2systemtap' script was no longer to correctly generate the
definitions for it.
First problem which stemmed from mis-detecting the string array
argumment as string, which would use 'user_string' to extract it was
fixed in cb33103c4afbce681.
After that the generated probe is still not correct because it doesn't
strip all the '*' from pointers and thus for double pointers it
generates the following invalid definition:
Lucas Amaral [Mon, 23 Feb 2026 22:52:22 +0000 (19:52 -0300)]
qemu: add automatic port allocation for pull-mode backup NBD servers
Previously, users had to manually specify a TCP port when starting
a pull-mode backup with an NBD server. A TODO comment in
qemuBackupPrepare() noted this limitation and pointed toward using
virPortAllocator, as done for migration, VNC, and SPICE ports.
When a pull-mode backup is started without specifying a TCP port,
a port is now acquired automatically from the configured range via
virPortAllocatorAcquire(). The port is released when the backup
ends or if startup fails.
Signed-off-by: Lucas Amaral <lucaaamaral@gmail.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Lucas Amaral [Mon, 23 Feb 2026 22:52:22 +0000 (19:52 -0300)]
qemu: conf: add setup for automatic port allocation for pull-mode backup NBD servers
Add backup_port_min and backup_port_max configuration options to
qemu.conf, defaulting to 10809-10872 (10809 is the IANA-assigned
NBD port; range of 64 matches the migration port pattern).
Signed-off-by: Lucas Amaral <lucaaamaral@gmail.com> Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Mon, 16 Mar 2026 14:29:32 +0000 (15:29 +0100)]
qemu: Implement iommufd fdgroup
When fdgroup is used for iommufd we will start QEMU with -object iommufd
even if the VM has no host device. When virDomainFDAssociate() is used
the FD libvirt is holding is closed with connection.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Fri, 13 Mar 2026 14:28:17 +0000 (15:28 +0100)]
conf: Add iommufd fdgroup support
This will allow management applications running libvirt without
necessary permissions to pass FD for /dev/iommu with per-process
locked memory accounting enabled.
Kernel uses per-user locked memory accounting by default which may
cause error while starting multiple VMs with host devices using IOMMUFD.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Wed, 18 Mar 2026 16:59:01 +0000 (17:59 +0100)]
qemu: Implement iommufd
Ideally this should be done in qemuDomainHostdevDefPostParse but that
would require a lot of refactoring mainly due to how interface backed by
hostdev works.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Fri, 13 Mar 2026 10:57:57 +0000 (11:57 +0100)]
conf: Introduce domain iommufd element
In addition to configuring IOMMUFD for each host device add
configuration for the whole VM. This will be extended to add support for
passing FD to libvirt from management applications.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Fri, 13 Mar 2026 11:25:13 +0000 (12:25 +0100)]
src: Use virHostdevIsPCIDeviceWith* to check for IOMMUFD
Use virHostdevIsPCIDeviceWithIOMMUFD where we need to check if hostdev
is PCI device using IOMMUFD and virHostdevIsPCIDeviceWithoutIOMMUFD
where we need to check if hostdev is PCI device not using IOMMUFD.
Fixes: 7d2f91f9cb572ab95d0916bdd1a46dd198874529 Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Wed, 18 Mar 2026 11:52:05 +0000 (12:52 +0100)]
qemu: Expand call to qemuDomainNeedsVFIO
The function qemuDomainNeedsVFIO() was originally used by other parts
of qemu code to figure out if the VM needs /dev/vfio/vfio.
Later it was also used by code calculating locked memory limit for all
architectures, and after that change again and used only for PPC64.
Now it needs to be changed again due to IOMMUFD support, the
/dev/vfio/vfio device is used by QEMU only if IOMMUFD is not used
but for accounting we still need consider all PCI host devices
because if IOMMUFD is used it still requires increasing locked
memory limit.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Pavel Hrdina [Wed, 18 Mar 2026 10:57:43 +0000 (11:57 +0100)]
hypervisor: Fix virHostdevNeedsVFIO detection
Function virHostdevNeedsVFIO is used only in QEMU to figure out if the
host device needs access to /dev/vfio/vfio, for PCI host devices that is
true only if libvirt is not using IOMMUFD.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Michal Privoznik [Tue, 17 Mar 2026 16:20:32 +0000 (17:20 +0100)]
network: Don't enable ip_forward for VIR_NETWORK_FORWARD_OPEN
For a network that's <forward mode="open"/> there are no firewall
rules added. We should not assume that users will configure NAT,
and if they do it should be their responsibility to enable IP
forwarding too.
Resolves: https://gitlab.com/libvirt/libvirt/-/work_items/863 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Tue, 10 Mar 2026 15:10:13 +0000 (16:10 +0100)]
qemuhotplug: Introduce interface-network-hostdev
Inspired by commit of v12.1.0-37-g25662b3700.
We already have a test case for <interface type='hostdev'/>, but
what we are missing is <interface type='network'/> where the
network is of a <forward mode='hostdev'/>. Apparently, we had a
crasher there too.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Wed, 11 Mar 2026 13:33:46 +0000 (14:33 +0100)]
qemuhotplugtest: Use fake drivers
Hotplugging a device may require talking to other drivers (e.g.
network), similar to when starting a domain anew
(qemuxmlconftest). Register fake drivers for future benefit of
the test.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Wed, 11 Mar 2026 13:33:57 +0000 (14:33 +0100)]
virnetworkportxml2xmldata: Use different PCI address in plug-hostdev-pci.xml
Inside of plug-hostdev-pci.xml there's a PCI address of an
allocated PCI device for an <interface type='network'/>.
Currently, there's some made up address. But this specific file
is going to be used from qemuhotplugtest soon and as such it
needs an PCI address that virpcimock creates. Switch it to
0000:06:12.2.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Tue, 10 Mar 2026 18:42:12 +0000 (19:42 +0100)]
qemuxmlconftest: Separate fake drivers into a separate file
One of the tests that qemuxmlconftest does is generate cmd line
for given domain XML. This process might involve talking to other
drivers (secret/storage/nwfilter/network). To produce predictable
output the test comes with fake implementation of APIs of those
drivers. Well, move that implementation into a separate file so
that it can be reused by other tests (notably, qemuhotplugtest is
going to use it).
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Tue, 10 Mar 2026 16:05:12 +0000 (17:05 +0100)]
tests: Drop WITH_QEMU from qemu specific tests binaries/libraries
Inside of tests/meson.build there is a section that builds QEMU
related tests conditionally (for instance
qemudomaincheckpointxml2xmltest). It makes no sense to have the
same check inside source file. Or even provide alternative
implementation for cases when building without QEMU
(EXIT_AM_SKIP). When building without QEMU driver the test is not
even compiled, so EXIT_AM_SKIP is dead code.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Thu, 29 Jan 2026 14:10:06 +0000 (15:10 +0100)]
networkxmlconftest: s/fail/cleanup/
Inside of testCompareXMLtoXMLFiles() the 'fail' label is used in
both successful and error runs. If that's the case, our coding
standard mandates the label to be named 'cleanup'. Change it.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Fri, 30 Jan 2026 14:47:19 +0000 (15:47 +0100)]
src: Drop NULL check before calling virBufferEscapeString()
There's no need to check if any of the three arguments passed to
virBufferEscapeString() is NULL as the function does so itself.
Well, in a few places we're comparing the last argument against
NULL. Drop the comparison then.
Generated using the following spatch:
@@
expression X, Y, E;
@@
- if (E) virBufferEscapeString(X, Y, E);
+ virBufferEscapeString(X, Y, E);
@@
expression X, Y, E;
@@
- if (E) {
virBufferEscapeString(X, Y, E);
- }
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Jonathon Jongsma [Wed, 11 Feb 2026 22:25:51 +0000 (16:25 -0600)]
hyperv: Implement domainSnapshotLookupByName()
Unfortunately Hyper-V does not enforce any uniqueness constraints on
snapshot names (called ElementName in Hyper-V). So it's possible for
multiple snapshots of the same domain to have identical ElementNames.
Since libvirt uses the domain and snapshot name as a unique key to
reference a snapshot, we can't use the hyperv ElementName as the
snapshot name in libvirt.
So instead I've decided to use the InstanceId of the snapshot as the
snapshot name and use the ElementName as the snapshot description. This
results in a worse user experience (since the snapshot names end up
being something like "Microsoft:$(UUID)"), but guarantees that we will
be able to uniquely reference every snapshot.
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Xiaotian Feng [Wed, 25 Feb 2026 07:48:21 +0000 (07:48 +0000)]
qemu: Enable AMD IOMMU XTSUP by default
Add QEMU_CAPS_AMD_IOMMU_XTSUP capability and enable xtsup
by default for AMD IOMMU when a Q35 domain has >255 vCPUs,
similar to Intel EIM auto-enable logic. Also ensure intremap is
turned on when required.
Signed-off-by: Xiaotian Feng <xiaotian.feng@amd.com> Reviewed-by: Ankit Soni <Ankit.Soni@amd.com> Tested-by: Ankit Soni <Ankit.Soni@amd.com> Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Xiaotian Feng [Wed, 25 Feb 2026 07:48:20 +0000 (07:48 +0000)]
conf: support >255 vcpu w/ amd-iommu xtsup
Rename QEMU_MAX_VCPUS_WITHOUT_EIM to QEMU_MAX_VCPUS_WITHOUT_X2APIC to
clarify the limit is tied to APIC ID width.
Validation now accepts either:
- intel-iommu with eim='on', or
- amd-iommu with xtsup='on'
for guests with more than 255 vCPUs on x86/q35.
Update error messages to mention x2APIC mode instead of extended
interrupt mode. This reflects that AMD platforms can satisfy the same
requirement via xtsup property on amd-iommu.
Signed-off-by: Xiaotian Feng <xiaotian.feng@amd.com> Reviewed-by: Ankit Soni <Ankit.Soni@amd.com> Tested-by: Ankit Soni <Ankit.Soni@amd.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Leander Kohler [Fri, 27 Feb 2026 12:39:19 +0000 (13:39 +0100)]
rpc: free saved close error in virNetClientDispose
virNetClientMarkClose() may cache the current error in client->error via
virSaveLastError() when a client is marked for close.
That error is normally released in virNetClientCloseLocked(), but some
teardown paths can dispose the client object without reaching that
cleanup. In that case, client->error remains allocated and ASan reports
a leak.
Free client->error in virNetClientDispose() as a final cleanup fallback.
This was observed during virtchd shutdown in test_disk_is_locked, with
the leak originating from:
virDomainInterfaceDeleteDevice() -> remoteConnectClose() ->
virNetClientMarkClose() -> virSaveLastError()
On-behalf-of: SAP leander.kohler@sap.com Signed-off-by: Leander Kohler <leander.kohler@cyberus-technology.de> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Michal Privoznik [Wed, 11 Mar 2026 11:21:17 +0000 (12:21 +0100)]
tests: Create fake root dirs later
In one of previous commits the virTestMain() function was changed
to actually create fake HOME, XDG_RUNTIME_DIR, ... directories
instead of setting spoofed values in the environment. But
alongside with this, the call to virTestFakeRootDirInit() was
moved (to location where environment was poisoned). And this
would not matter if it wasn't for mocking. Because what we ended
up with is virTestFakeRootDirInit() is called and then
(optionally) the process re-execs itself (with mocks loaded).
This means that previously created root dirs are never cleaned
up and just pollute builddir.
Therefore, restore original location from which the function was
called.
Fixes: 79d97d2b4f0b55ea80f8330144953e2b93927e25 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
Jiri Denemark [Wed, 11 Mar 2026 10:31:06 +0000 (11:31 +0100)]
Introduce EXPAND_CPU_FEATURES flag for domain capabilities
The new VIR_CONNECT_GET_DOMAIN_CAPABILITIES_EXPAND_CPU_FEATURES flag for
virConnectGetDomainCapabilities can be used to request the host-model
CPU definition to include all supported features (normally only extra
features relative to the selected CPU model are listed).
Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Peter Krempa [Mon, 9 Mar 2026 16:38:28 +0000 (17:38 +0100)]
util: Move 'virProcessLimitResourceToLabel' into same preprocessor if-block as only caller
'virProcessLimitResourceToLabel' is called only from
'virProcessGetLimitFromProc' but the latter has different conditions
when it's compiled. In certain cases this could lead to build failures.
Fixes: 90fe839f8a0 Closes: https://gitlab.com/libvirt/libvirt/-/work_items/848 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Roman Bogorodskiy <bogorodskiy@gmail.com>
Peter Krempa [Mon, 9 Mar 2026 14:07:39 +0000 (15:07 +0100)]
qemu: processShutdownCompletedEvent: Remove inactive VM object after shutdown
When the qemu process can't be successfully killed (e.g. when it's stuck
in a long system call) libvirt creates a watch and waits for the monitor
socket to go away before cleaning up the domain.
The cleanup code in 'processShutdownCompletedEvent' called
'qemuProcessStop' but didn't call also 'qemuDomainRemoveInactive' which
would break if a transient VM would undergo the delayed cleanup as we'd
still have it's VM object around.
Fixes: e62c26a20dced58ea342d9cb8f5e9164dc3bb023 Closes: https://gitlab.com/libvirt/libvirt/-/work_items/853 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Peter Krempa [Thu, 5 Mar 2026 14:39:02 +0000 (15:39 +0100)]
qemu: hotplug: Don't access disk definititon after it was freed after media change
A special case in qemuDomainAttachDeviceDiskLive causes disk media to be
changed. This code has different semantics than the real hotplug code
where the hotplugged device definition is absorbed into the domain
definition and thus the pointer is still valid. On media change we just
use the disk source and discard everything else from the disk
definition.
Later in qemuDomainAttachDeviceLive we then attempt to extract the alias
of the attached device for emiting an event. Since in case of media
change the main definition was freed this causes an use-after-free on
the disk data pointer.
To address this the media change code will clear the disk definition
pointer from the device wrapper and the caller will extract the device
alias only when the disk definition pointer is non-NULL.
The semantics of the event will not change because the device alias
wouldn't be assigned for the media change code at all.
The use-after-free is observable via valgrind when attempting a media
change via 'virsh attach-device', as otherwise in most cases it doesn't
cause any ill efect as only the pointer to a NULL string is accessed:
==2763495== Invalid read of size 8
==2763495== at 0xEA4102A: qemuDomainAttachDeviceLive (qemu_hotplug.c:3455)
==2763495== by 0xEA28ECD: qemuDomainAttachDeviceLiveAndConfig (qemu_driver.c:7408)
==2763495== by 0xEA28ECD: qemuDomainAttachDeviceFlags (qemu_driver.c:7456)
==2763495== by 0x4BC5BE6: virDomainAttachDevice (libvirt-domain.c:8951)
==2763495== by 0x402579D: remoteDispatchDomainAttachDevice (remote_daemon_dispatch_stubs.h:3763)
[snip]
==2763495== Address 0x6df57c8 is 360 bytes inside a block of size 608 free'd
==2763495== at 0x48F7E43: free (vg_replace_malloc.c:990)
==2763495== by 0x4EC7EC4: g_free (in /usr/lib64/libglib-2.0.so.0.8600.3)
==2763495== by 0xEA4101E: qemuDomainAttachDeviceDiskLive (qemu_hotplug.c:1150)
==2763495== by 0xEA4101E: qemuDomainAttachDeviceLive (qemu_hotplug.c:3453)
==2763495== by 0xEA28ECD: qemuDomainAttachDeviceLiveAndConfig (qemu_driver.c:7408)
==2763495== by 0xEA28ECD: qemuDomainAttachDeviceFlags (qemu_driver.c:7456)
==2763495== by 0x4BC5BE6: virDomainAttachDevice (libvirt-domain.c:8951)
[snip]
Closes: https://gitlab.com/libvirt/libvirt/-/issues/859 Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Instead of trying to figure out every single place where hostdev is used
as struct directly and allocating empty private data check if iommufd
is configured as that will happen only for <hostdev> device where the
private data are correctly allocated.
This patch is best viewed with `git show -w`.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com> Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
qemuhotplugtest: Run "interface-hostdev" test cases only on Linux
In one of my previous commits, I've introduced
"interface-hostdev" attach and detach test cases to
qemuhotplugtest. And they work flawlessly, on Linux. But on
anything else they fail because our virpci.c module is basically
just a bunch of stub functions that do nothing but report an
error, rendering my changes to virpcimock futile.
BTW: this is similar to what I had done in v12.1.0-rc1~199.
Fixes: f9bb819fc4841dbdff801629bf58f9fd6d7d93eb Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Michal Privoznik [Thu, 26 Feb 2026 10:01:54 +0000 (11:01 +0100)]
qemuhotplugtest: Introduce interface-hostdev test case
While our qemuhotplugtest already does a PCI hotplug and unlpug
("hostdev-pci") there is another way to hotplug a PCI device,
esp. if it's a NIC: <interface type='hostdev'/>. This has been
missing and as shown in v12.1.0-rc1-4-gfe782ed334 can be
potentially dangerous as some different paths are taken.
Introduce a test case for interface-hostdev.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Michal Privoznik [Thu, 26 Feb 2026 14:51:59 +0000 (15:51 +0100)]
virpcimock: Create net/ subdir for devices
A PCI device that is a network interface card also has 'net/'
subdir with interface name it corresponds to. For instance:
# ls -l /sys/bus/pci/devices/0000\:00\:1f.6/net/
total 0
drwxr-xr-x 5 root root 0 Feb 26 16:51 eth0
Allow setting interface name for PCI devices.
Now, in real life the net/$IFNAME/ is a directory, but since our
code opens net/ dir and then just reads dentries creating file
instead of full blown dir is okay.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Laine Stump <laine@redhat.com>
Laine Stump [Thu, 11 Dec 2025 05:22:30 +0000 (00:22 -0500)]
tests: stop mocking virGetUserRuntimeDirectory()
The same functionality has been achieved by setting the
XDG_RUNTIME_DIR environment variable during the setup of the "fake
root" directory in testutils.c
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Wed, 10 Dec 2025 17:20:09 +0000 (12:20 -0500)]
tests: point $HOME and $XDG_* into usable fake root directory
A long time ago we added some lines to "poison" the environment of
test programs (specifically $HOME and $XDG_*) with nonexisting
unusable paths so that any test program attempting to use the normal
settings of those variables (which point into the filesystem of the
system running the test) would fail (rather than silently messing up
the test system).
At some later time, someone wrote tests for hostdev devices that
required that virGetUserRuntimeDirectory() (which normally uses either
$XDG_RUNTIME_DIR or $HOME) return a directory that could actually be
used as a part of the test; this was solved by mocking
virGetUserRuntimeDirectory() to return a path underneath
$LIBVIRT_FAKE_ROOT_DIR (which is created each time a test starts).
Much much later, I wanted to add validation of the directory returned
by virGetUserRuntimeDirectory(), but when this validation was added,
the poisoned values that had been set (back in paragraph one "a long
time ago") caused this validation to fail.
My first attempt to fix this was to make the mocked
virGetUserRuntimeDirectory() more generally available, and turn it on
for all the tests that failed. But then I realized that a better
solution would be to instead "nourish" (rather than "poison" - get
it?) $HOME and $XDG_* with directories created under
$LIBVIRT_FAKE_ROOT_DIR. This way we are actually testing the real
virGetUserRuntimeDirectory() and any future validation, and also make
some other tests cover more actual code in the future.
In this patch the poisoning of the environment is removed, the call to
the function creating the fake root dir is moved up to that location,
and as a part of creating the fake root dir, we also set the
aforementioned environment variables and create the directories
associated with them (since the tests assume that they already exist).
The now-redundant original mock of virGetUserRuntimeDirectory() will
be removed in another patch.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Mon, 15 Dec 2025 20:56:47 +0000 (15:56 -0500)]
consistently use glib g_getenv() instead of libc getenv()
We've been using glib g_setenv() since commit 2c3353242337bb50fe5abc9454fd5fc98236d4ef in December 2019 (switching
away from the gnulib version of setenv()). Most (but not all) of the
calls to get environment variables have remained using libc's getenv()
though, even though there is a g_getenv() wrapper in glib to match the
g_setenv() wrapper.
While getenv() doesn't have the thread safety problems of setenv(),
it's still recommended that users of g_setenv() also use g_getenv()
(for consistency, and because the glib functions handle UTF-8 properly
while libc getenv() may or may not depending on the setting of LANG in
the environment).
This patch changes all calls to getenv() to use g_getenv() instead,
with the exceptions of:
1) the call to getenv() in virt-login-shell.c (because
virt-login-shell runs setuid root, and we don't want glib or any other
gigantic library anywhere near a setuid program). In a few cases a
char * needs to be made const, and the return from getenv() needs to
be g_strdup()ed if it must stick around for any amount of time (since
the buffer returned from g_getenv() might be recycled/re-used if there
is another call to g_getenv()/g_setenv()).
2) the call to getenv() in libvirt_nss_log.c because it is compiled
into a loadable module that will be loaded into a process after the
process's normal startup, and so any initialization that might be
required for a glib function to operate properly may not be called.
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Wed, 10 Dec 2025 05:43:04 +0000 (00:43 -0500)]
util: make completely separate functions for WIN32 versions of virGetUser*Directory()
This will make it easier to, e.g., add sanity checks to the Linux
versions of these functions without potentially causing regressions on
a platform that isn't widely tested
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Wed, 10 Dec 2025 04:25:36 +0000 (23:25 -0500)]
util: rename virGetUserDirectory(ByUID) to virGetUserHomeDirectory(ByUID)
All the other wrapper functions for glib g_get_user_*_dir() have the
type of directory (the "*" in that wildcarded name) in the libvirt
function name. These functions, on the other hand, call
g_get_home_dir(), but the libvirt API is called
virGetUserDirectory*(). Let's make it *a bit* closer to consistent (at
least the libvirt API names will be consistent with each other, even
if glib isn't).
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Laine Stump [Thu, 12 Feb 2026 16:23:10 +0000 (11:23 -0500)]
qemu: support setting default route for passt interfaces inside the guest
libvirt's <interface> element has for a long time supported adding
<route> sub-elements to specify arbitrary routes to be added to the
guest OS networking, but historically this has only worked for LXC
guests. If you tried to add <route> to the interface of a QEMU guest,
it would be rejected.
passt networking doesn't support setting *any arbitrary* route but it
does support setting a default route (using the passt commandline
"--gateway" parameter). A default route is really just a "route with
unspecified destination/prefix", so a default route can be specified
in libvirt XML with:
<route gateway='192.168.0.1'/>
Attempts to give a specified destination, prefix, or metric will
result in a validation error.
Resolves: https://issues.redhat.com/browse/RHEL-46602 Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Laine Stump [Tue, 24 Feb 2026 07:14:38 +0000 (02:14 -0500)]
conf/util: fix non-specification of IP route destination address
The Linux/libnl version of virNetDevIPRouteAdd() has always had code
that would use "0.0.0.0" (or "::" for IPv6) for the route's
destination address if none was specified, but 1) our validation code
has always required it to be specified anyway, 2) the FreeBSD version
of virnertDevIPRouteAdd() expected that it would be specified, and 3)
virNetDevIPRouteFormat() also expected route->address to be
valid. This patch fixes those 3 deficiencies, so that this XML now
works:
Laine Stump [Wed, 11 Feb 2026 23:31:42 +0000 (18:31 -0500)]
qemu: only limit IPv4 prefix for slirp
The slirp backend is limited in what the netmask/prefix of a
user-specified IP address can be, but passt doesn't have these
artificial limitations - any valid prefix is okay with passt, so we
shouldn't reject them
Signed-off-by: Laine Stump <laine@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
projects / thirdparty / libvirt.git / log
