From 81d5674f22493a8b380b652c5a8cd3fb695c7910 Mon Sep 17 00:00:00 2001
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 18 Dec 2025 16:07:19 +0100
Subject: [PATCH] libvirt-11.10.0-2.el10

- tests: add test for a single per-device smmuv3 (RHEL-74200)
- qemu: Use pci_bus to identify multi-smmuv3 model (RHEL-74200)
- qemu: tpm: Account for possible migration without actually sharing storage (RHEL-132534)
- tests: Test virFileIsSharedFSOverride (RHEL-102925)
- util: Fix race condition in virFileIsSharedFSType (RHEL-102925)
- util: Fix race condition in virFileIsSharedFSOverride (RHEL-102925)
- util: Rework virFileIsSharedFSOverride using virFileCheckParents (RHEL-102925)

Resolves: RHEL-102925, RHEL-132534, RHEL-74200
---
 ...i_bus-to-identify-multi-smmuv3-model.patch |  69 ++++++
 ...ion-without-actually-sharing-storage.patch | 119 +++++++++++
 ...tests-Test-virFileIsSharedFSOverride.patch | 111 ++++++++++
 ...-test-for-a-single-per-device-smmuv3.patch | 201 ++++++++++++++++++
 ...ndition-in-virFileIsSharedFSOverride.patch | 114 ++++++++++
 ...e-condition-in-virFileIsSharedFSType.patch | 144 +++++++++++++
 ...FSOverride-using-virFileCheckParents.patch |  84 ++++++++
 libvirt.spec                                  |  22 +-
 8 files changed, 863 insertions(+), 1 deletion(-)
 create mode 100644 libvirt-qemu-Use-pci_bus-to-identify-multi-smmuv3-model.patch
 create mode 100644 libvirt-qemu-tpm-Account-for-possible-migration-without-actually-sharing-storage.patch
 create mode 100644 libvirt-tests-Test-virFileIsSharedFSOverride.patch
 create mode 100644 libvirt-tests-add-test-for-a-single-per-device-smmuv3.patch
 create mode 100644 libvirt-util-Fix-race-condition-in-virFileIsSharedFSOverride.patch
 create mode 100644 libvirt-util-Fix-race-condition-in-virFileIsSharedFSType.patch
 create mode 100644 libvirt-util-Rework-virFileIsSharedFSOverride-using-virFileCheckParents.patch

diff --git a/libvirt-qemu-Use-pci_bus-to-identify-multi-smmuv3-model.patch b/libvirt-qemu-Use-pci_bus-to-identify-multi-smmuv3-model.patch
new file mode 100644
index 0000000..17ab1ad
--- /dev/null
+++ b/libvirt-qemu-Use-pci_bus-to-identify-multi-smmuv3-model.patch
@@ -0,0 +1,69 @@
+From 933524784d813b24aa0970992b820698f1e03180 Mon Sep 17 00:00:00 2001
+Message-ID: <933524784d813b24aa0970992b820698f1e03180.1766070439.git.jdenemar@redhat.com>
+From: Nathan Chen via Devel <devel@lists.libvirt.org>
+Date: Tue, 2 Dec 2025 11:59:47 -0800
+Subject: [PATCH] qemu: Use pci_bus to identify multi-smmuv3 model
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Use presence of non-negative pci_bus to identify multi-smmuv3
+IOMMU model, instead of the niommus attribute. This allows for
+specifying a single arm-smmuv3 on the qemu command line,
+instead of both the virt-machine smmuv3 and arm-smmuv3
+being specified at the same time.
+
+Signed-off-by: Nathan Chen <nathanc@nvidia.com>
+Fixes: e70c4d54d365 conf: Support multiple device-pluggable smmuv3 IOMMUs
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit da4305b7bc8d3bd52c60db1905db88e43ebd9868)
+
+https://issues.redhat.com/browse/RHEL-74200
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/qemu/qemu_command.c                                         | 2 +-
+ src/qemu/qemu_postparse.c                                       | 2 +-
+ .../iommu-smmuv3-pci-bus-single.aarch64-latest.args             | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index b69fe23236..fb89dbec27 100644
+--- a/src/qemu/qemu_command.c
++++ b/src/qemu/qemu_command.c
+@@ -7192,7 +7192,7 @@ qemuBuildMachineCommandLine(virCommand *cmd,
+     if (qemuAppendDomainFeaturesMachineParam(&buf, def, qemuCaps) < 0)
+         return -1;
+ 
+-    if (def->niommus == 1) {
++    if (def->iommus && def->iommus[0]->pci_bus < 0) {
+         switch (def->iommus[0]->model) {
+         case VIR_DOMAIN_IOMMU_MODEL_SMMUV3:
+             virBufferAddLit(&buf, ",iommu=smmuv3");
+diff --git a/src/qemu/qemu_postparse.c b/src/qemu/qemu_postparse.c
+index dc5ade829a..840d6a1174 100644
+--- a/src/qemu/qemu_postparse.c
++++ b/src/qemu/qemu_postparse.c
+@@ -1559,7 +1559,7 @@ qemuDomainDefEnableDefaultFeatures(virDomainDef *def,
+      * domain already has IOMMU without inremap. This will be fixed in
+      * qemuDomainIOMMUDefPostParse() but there domain definition can't be
+      * modified so change it now. */
+-    if (def->iommus && def->niommus == 1 &&
++    if (def->iommus && def->iommus[0]->pci_bus < 0 &&
+         (def->iommus[0]->intremap == VIR_TRISTATE_SWITCH_ON ||
+          qemuDomainNeedsIOMMUWithEIM(def)) &&
+         def->features[VIR_DOMAIN_FEATURE_IOAPIC] == VIR_DOMAIN_IOAPIC_NONE) {
+diff --git a/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.args b/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.args
+index 976467e641..34e7bda1c5 100644
+--- a/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.args
++++ b/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.args
+@@ -10,7 +10,7 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
+ -name guest=guest,debug-threads=on \
+ -S \
+ -object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
+--machine virt,usb=off,gic-version=2,iommu=smmuv3,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=off \
++-machine virt,usb=off,gic-version=2,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=off \
+ -accel tcg \
+ -cpu cortex-a15 \
+ -m size=1048576k \
+-- 
+2.52.0
diff --git a/libvirt-qemu-tpm-Account-for-possible-migration-without-actually-sharing-storage.patch b/libvirt-qemu-tpm-Account-for-possible-migration-without-actually-sharing-storage.patch
new file mode 100644
index 0000000..d51a8c1
--- /dev/null
+++ b/libvirt-qemu-tpm-Account-for-possible-migration-without-actually-sharing-storage.patch
@@ -0,0 +1,119 @@
+From 8e9dc8aed52c98c3683949dfe1127061bd9df47a Mon Sep 17 00:00:00 2001
+Message-ID: <8e9dc8aed52c98c3683949dfe1127061bd9df47a.1766070439.git.jdenemar@redhat.com>
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Mon, 1 Dec 2025 11:35:32 +0100
+Subject: [PATCH] qemu: tpm: Account for possible migration without actually
+ sharing storage
+
+The current logic in 'qemuTPMEmulatorBuildCommand' skips all setup if
+the *location* of the data is on what we'd consider shared storage.
+
+This means that if the location is not actually shared (e.g. it's shared
+betweeh some other hosts than the two doing the migration) and the path
+wasn't ever used (e.g. by migrating out) from the host where we're
+migrating into the complete setup of the location would be skipped even
+when it doesn't exist.
+
+Fix the logic by skipping only some of the setup steps so that
+'qemuTPMEmulatorCreateStorage' can still create the storage if it
+doesn't exist.
+
+The rest of the code then needs to take the 'created' flag returned from
+'qemuTPMEmulatorCreateStorage' into account.
+
+Fixes: 68103e9daf633b789428fedef56f816c92f6ee75
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit d56d0560946770d4364a4918cc289e6a7fe5d15c)
+https://issues.redhat.com/browse/RHEL-132534
+---
+ src/qemu/qemu_tpm.c | 29 ++++++++++++++++++++---------
+ 1 file changed, 20 insertions(+), 9 deletions(-)
+
+diff --git a/src/qemu/qemu_tpm.c b/src/qemu/qemu_tpm.c
+index 4c9445d72c..660410bcba 100644
+--- a/src/qemu/qemu_tpm.c
++++ b/src/qemu/qemu_tpm.c
+@@ -158,6 +158,7 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir,
+ /**
+  * qemuTPMEmulatorCreateStorage:
+  * @tpm: TPM definition for an emulator type
++ * @sharedStorageMigration: VM is being migrated with possibly shared storage
+  * @created: a pointer to a bool that will be set to true if the
+  *           storage was created because it did not exist yet
+  * @swtpm_user: The uid that needs to be able to access the directory
+@@ -169,6 +170,7 @@ qemuTPMEmulatorGetPid(const char *swtpmStateDir,
+  */
+ static int
+ qemuTPMEmulatorCreateStorage(virDomainTPMDef *tpm,
++                             bool sharedStorageMigration,
+                              bool *created,
+                              uid_t swtpm_user,
+                              gid_t swtpm_group)
+@@ -187,8 +189,17 @@ qemuTPMEmulatorCreateStorage(virDomainTPMDef *tpm,
+     *created = false;
+ 
+     if (!virFileExists(source_path) ||
+-        virDirIsEmpty(source_path, true) > 0)
++        virDirIsEmpty(source_path, true) > 0) {
+         *created = true;
++    } else {
++        /* If the location exists and is shared, we don't need to create it
++         * during migration */
++        if (sharedStorageMigration) {
++            VIR_DEBUG("Skipping TPM storage creation. Path '%s' already exists and is on shared storage.",
++                      source_path);
++            return 0;
++        }
++    }
+ 
+     if (virDirCreate(source_path, 0700, swtpm_user, swtpm_group,
+                      VIR_DIR_CREATE_ALLOW_EXIST) < 0) {
+@@ -809,16 +820,13 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
+         run_setup = true;
+     }
+ 
+-    /* Do not create storage and run swtpm_setup on incoming migration over
+-     * shared storage
+-     */
+     on_shared_storage = virFileIsSharedFS(tpm->data.emulator.source_path,
+                                           cfg->sharedFilesystems) == 1;
+-    if (incomingMigration && on_shared_storage)
+-        create_storage = false;
+ 
+     if (create_storage) {
+-        if (qemuTPMEmulatorCreateStorage(tpm, &created,
++        if (qemuTPMEmulatorCreateStorage(tpm,
++                                         incomingMigration && on_shared_storage,
++                                         &created,
+                                          cfg->swtpm_user, cfg->swtpm_group) < 0)
+             return NULL;
+         run_setup = created;
+@@ -885,6 +893,9 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
+     /* If swtpm supports it and the TPM state is stored on shared storage,
+      * start swtpm with --migration release-lock-outgoing so it can migrate
+      * across shared storage if needed.
++     *
++     * Note that if 'created' is true, the location didn't exist so the storage
++     * is not actually shared.
+      */
+     QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_storage = false;
+     if (on_shared_storage &&
+@@ -892,13 +903,13 @@ qemuTPMEmulatorBuildCommand(virDomainTPMDef *tpm,
+ 
+         virCommandAddArg(cmd, "--migration");
+         virCommandAddArgFormat(cmd, "release-lock-outgoing%s",
+-                               incomingMigration ? ",incoming": "");
++                               incomingMigration && !created ? ",incoming": "");
+         QEMU_DOMAIN_TPM_PRIVATE(tpm)->swtpm.can_migrate_shared_storage = true;
+     } else {
+         /* Report an error if there's an incoming migration across shared
+          * storage and swtpm does not support the --migration option.
+          */
+-        if (incomingMigration && on_shared_storage) {
++        if (incomingMigration && on_shared_storage && !created) {
+             virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED,
+                            _("%1$s (on destination side) does not support the --migration option needed for migration with shared storage"),
+                            swtpm);
+-- 
+2.52.0
diff --git a/libvirt-tests-Test-virFileIsSharedFSOverride.patch b/libvirt-tests-Test-virFileIsSharedFSOverride.patch
new file mode 100644
index 0000000..d247e7d
--- /dev/null
+++ b/libvirt-tests-Test-virFileIsSharedFSOverride.patch
@@ -0,0 +1,111 @@
+From 0bb3bb84670dbd45c6eca2d108b2d4d5a7754ef4 Mon Sep 17 00:00:00 2001
+Message-ID: <0bb3bb84670dbd45c6eca2d108b2d4d5a7754ef4.1766070439.git.jdenemar@redhat.com>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Dec 2025 15:09:15 +0100
+Subject: [PATCH] tests: Test virFileIsSharedFSOverride
+
+Technically virFileIsSharedFSOverride is available on any OS, but we
+need a mocked realpath() to test it. Because the virfilemock library
+also mocks statfs() which is only available on Linux, we don't even try
+to load the library anywhere else. Thus we need to skip testing
+virFileIsSharedFSOverride on non-Linux too.
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit 121d179e068b584f62ea2c029d89a44e67c909c0)
+
+https://issues.redhat.com/browse/RHEL-102925
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ tests/virfiletest.c | 69 +++++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 69 insertions(+)
+
+diff --git a/tests/virfiletest.c b/tests/virfiletest.c
+index e05925a321..ccd76a3fac 100644
+--- a/tests/virfiletest.c
++++ b/tests/virfiletest.c
+@@ -329,6 +329,55 @@ testFileIsSharedFSType(const void *opaque G_GNUC_UNUSED)
+ }
+ 
+ 
++static const char *shared_filesystems[] = {
++    "/run/user/501/gvfs",
++    "/nfs",
++    "/gluster",
++    "/ceph/multi",
++    "/gpfs/data/blaf",
++    "/quobyte",
++    NULL,
++};
++
++static int
++testFileIsSharedFSOverride(const void *opaque G_GNUC_UNUSED)
++{
++#ifndef __linux__
++    return EXIT_AM_SKIP;
++#else
++    const struct testFileIsSharedFSType *data = opaque;
++    g_autofree char *mtabFile = NULL;
++    bool actual;
++    int ret = -1;
++
++    /* mtab is used by mocked realpath to decide whether a given path exists */
++    mtabFile = g_strdup_printf(abs_srcdir "/virfiledata/%s", data->mtabFile);
++
++    if (!g_setenv("LIBVIRT_MTAB", mtabFile, true)) {
++        fprintf(stderr, "Unable to set env variable\n");
++        goto cleanup;
++    }
++
++    actual = virFileIsSharedFSOverride(data->filename,
++                                       (char * const *) shared_filesystems);
++
++    if (actual != data->expected) {
++        fprintf(stderr, "FS of '%s' is %s. Expected: %s\n",
++                data->filename,
++                actual ? "shared" : "not shared",
++                data->expected ? "shared" : "not shared");
++        goto cleanup;
++    }
++
++    ret = 0;
++
++ cleanup:
++    g_unsetenv("LIBVIRT_MTAB");
++    return ret;
++#endif
++}
++
++
+ static int
+ mymain(void)
+ {
+@@ -439,6 +488,26 @@ mymain(void)
+     DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/gpfs/data", true);
+     DO_TEST_FILE_IS_SHARED_FS_TYPE("mounts3.txt", "/quobyte", true);
+ 
++#define DO_TEST_FILE_IS_SHARED_FS_OVERRIDE(mtab, file, exp) \
++    do { \
++        struct testFileIsSharedFSType data = { \
++            .mtabFile = mtab, .filename = file, .expected = exp \
++        }; \
++        if (virTestRun(virTestCounterNext(), testFileIsSharedFSOverride, &data) < 0) \
++            ret = -1; \
++    } while (0)
++
++    virTestCounterReset("testFileIsSharedFSOverride ");
++    DO_TEST_FILE_IS_SHARED_FS_OVERRIDE("mounts2.txt", "/boot/vmlinuz", false);
++    DO_TEST_FILE_IS_SHARED_FS_OVERRIDE("mounts2.txt", "/run/user/501/gvfs/some/file", true);
++    DO_TEST_FILE_IS_SHARED_FS_OVERRIDE("mounts3.txt", "/nfs/file", true);
++    DO_TEST_FILE_IS_SHARED_FS_OVERRIDE("mounts3.txt", "/gluster/file", true);
++    DO_TEST_FILE_IS_SHARED_FS_OVERRIDE("mounts3.txt", "/some/symlink/file", true);
++    DO_TEST_FILE_IS_SHARED_FS_OVERRIDE("mounts3.txt", "/ceph/file", false);
++    DO_TEST_FILE_IS_SHARED_FS_OVERRIDE("mounts3.txt", "/ceph/multi/file", true);
++    DO_TEST_FILE_IS_SHARED_FS_OVERRIDE("mounts3.txt", "/gpfs/data", false);
++    DO_TEST_FILE_IS_SHARED_FS_OVERRIDE("mounts3.txt", "/quobyte", true);
++
+     return ret != 0 ? EXIT_FAILURE : EXIT_SUCCESS;
+ }
+ 
+-- 
+2.52.0
diff --git a/libvirt-tests-add-test-for-a-single-per-device-smmuv3.patch b/libvirt-tests-add-test-for-a-single-per-device-smmuv3.patch
new file mode 100644
index 0000000..2941140
--- /dev/null
+++ b/libvirt-tests-add-test-for-a-single-per-device-smmuv3.patch
@@ -0,0 +1,201 @@
+From d30c21439f3847ecc229db9355eb802f0256a3f0 Mon Sep 17 00:00:00 2001
+Message-ID: <d30c21439f3847ecc229db9355eb802f0256a3f0.1766070438.git.jdenemar@redhat.com>
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 5 Dec 2025 08:50:51 +0100
+Subject: [PATCH] tests: add test for a single per-device smmuv3
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 45ff1c002629dadd9d94b91742ffb985b0fe027f)
+
+https://issues.redhat.com/browse/RHEL-74200
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ ...-smmuv3-pci-bus-single.aarch64-latest.args | 40 +++++++++++++
+ ...u-smmuv3-pci-bus-single.aarch64-latest.xml | 59 +++++++++++++++++++
+ .../iommu-smmuv3-pci-bus-single.xml           | 46 +++++++++++++++
+ tests/qemuxmlconftest.c                       |  1 +
+ 4 files changed, 146 insertions(+)
+ create mode 100644 tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.args
+ create mode 100644 tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.xml
+ create mode 100644 tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.xml
+
+diff --git a/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.args b/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.args
+new file mode 100644
+index 0000000000..976467e641
+--- /dev/null
++++ b/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.args
+@@ -0,0 +1,40 @@
++LC_ALL=C \
++PATH=/bin \
++HOME=/var/lib/libvirt/qemu/domain--1-guest \
++USER=test \
++LOGNAME=test \
++XDG_DATA_HOME=/var/lib/libvirt/qemu/domain--1-guest/.local/share \
++XDG_CACHE_HOME=/var/lib/libvirt/qemu/domain--1-guest/.cache \
++XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
++/usr/bin/qemu-system-aarch64 \
++-name guest=guest,debug-threads=on \
++-S \
++-object '{"qom-type":"secret","id":"masterKey0","format":"raw","file":"/var/lib/libvirt/qemu/domain--1-guest/master-key.aes"}' \
++-machine virt,usb=off,gic-version=2,iommu=smmuv3,dump-guest-core=off,memory-backend=mach-virt.ram,acpi=off \
++-accel tcg \
++-cpu cortex-a15 \
++-m size=1048576k \
++-object '{"qom-type":"memory-backend-ram","id":"mach-virt.ram","size":1073741824}' \
++-overcommit mem-lock=off \
++-smp 1,sockets=1,cores=1,threads=1 \
++-uuid 1ccfd97d-5eb4-478a-bbe6-88d254c16db7 \
++-display none \
++-no-user-config \
++-nodefaults \
++-chardev socket,id=charmonitor,fd=1729,server=on,wait=off \
++-mon chardev=charmonitor,id=monitor,mode=control \
++-rtc base=utc \
++-no-shutdown \
++-boot strict=on \
++-device '{"driver":"pxb-pcie","bus_nr":252,"id":"pci.1","bus":"pcie.0","addr":"0x1"}' \
++-device '{"driver":"pxb-pcie","bus_nr":248,"id":"pci.2","bus":"pcie.0","addr":"0x2"}' \
++-device '{"driver":"pcie-root-port","port":0,"chassis":21,"id":"pci.3","bus":"pci.1","addr":"0x0"}' \
++-device '{"driver":"pcie-root-port","port":168,"chassis":22,"id":"pci.4","bus":"pci.2","addr":"0x0"}' \
++-device '{"driver":"arm-smmuv3","primary-bus":"pci.1","id":"iommu0"}' \
++-audiodev '{"id":"audio1","driver":"none"}' \
++-object '{"qom-type":"rng-random","id":"objrng0","filename":"/dev/urandom"}' \
++-device '{"driver":"virtio-rng-pci","rng":"objrng0","id":"rng0","bus":"pci.3","addr":"0x0"}' \
++-object '{"qom-type":"rng-random","id":"objrng1","filename":"/dev/urandom"}' \
++-device '{"driver":"virtio-rng-pci","rng":"objrng1","id":"rng1","bus":"pci.4","addr":"0x0"}' \
++-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
++-msg timestamp=on
+diff --git a/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.xml b/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.xml
+new file mode 100644
+index 0000000000..e6071fd71b
+--- /dev/null
++++ b/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.aarch64-latest.xml
+@@ -0,0 +1,59 @@
++<domain type='qemu'>
++  <name>guest</name>
++  <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <currentMemory unit='KiB'>1048576</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='aarch64' machine='virt'>hvm</type>
++    <boot dev='hd'/>
++  </os>
++  <features>
++    <gic version='2'/>
++  </features>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>cortex-a15</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-aarch64</emulator>
++    <controller type='usb' index='0' model='none'/>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <controller type='pci' index='1' model='pcie-expander-bus'>
++      <model name='pxb-pcie'/>
++      <target busNr='252'/>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
++    </controller>
++    <controller type='pci' index='2' model='pcie-expander-bus'>
++      <model name='pxb-pcie'/>
++      <target busNr='248'/>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
++    </controller>
++    <controller type='pci' index='3' model='pcie-root-port'>
++      <model name='pcie-root-port'/>
++      <target chassis='21' port='0x0'/>
++      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
++    </controller>
++    <controller type='pci' index='4' model='pcie-root-port'>
++      <model name='pcie-root-port'/>
++      <target chassis='22' port='0xa8'/>
++      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
++    </controller>
++    <audio id='1' type='none'/>
++    <memballoon model='none'/>
++    <rng model='virtio'>
++      <backend model='random'>/dev/urandom</backend>
++      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
++    </rng>
++    <rng model='virtio'>
++      <backend model='random'>/dev/urandom</backend>
++      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
++    </rng>
++    <iommu model='smmuv3'>
++      <driver pciBus='1'/>
++    </iommu>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.xml b/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.xml
+new file mode 100644
+index 0000000000..6f40a19740
+--- /dev/null
++++ b/tests/qemuxmlconfdata/iommu-smmuv3-pci-bus-single.xml
+@@ -0,0 +1,46 @@
++<domain type='qemu'>
++  <name>guest</name>
++  <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
++  <memory unit='KiB'>1048576</memory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='aarch64' machine='virt'>hvm</type>
++  </os>
++  <devices>
++    <emulator>/usr/bin/qemu-system-aarch64</emulator>
++    <controller type='usb' model='none'/>
++    <memballoon model='none'/>
++    <controller type='pci' index='0' model='pcie-root'/>
++    <controller type='pci' index='1' model='pcie-expander-bus'>
++      <model name='pxb-pcie'/>
++      <target busNr='252'/>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
++    </controller>
++    <controller type='pci' index='2' model='pcie-expander-bus'>
++      <model name='pxb-pcie'/>
++      <target busNr='248'/>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
++    </controller>
++    <controller type='pci' index='3' model='pcie-root-port'>
++      <model name='pcie-root-port'/>
++      <target chassis='21' port='0x0'/>
++      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
++    </controller>
++    <controller type='pci' index='4' model='pcie-root-port'>
++      <model name='pcie-root-port'/>
++      <target chassis='22' port='0xa8'/>
++      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
++    </controller>
++    <rng model='virtio'>
++      <backend model='random'>/dev/urandom</backend>
++      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
++    </rng>
++    <rng model='virtio'>
++      <backend model='random'>/dev/urandom</backend>
++      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
++    </rng>
++    <iommu model='smmuv3'>
++      <driver pciBus='1'/>
++    </iommu>
++  </devices>
++</domain>
+diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
+index de03c58c8a..9a3257ea55 100644
+--- a/tests/qemuxmlconftest.c
++++ b/tests/qemuxmlconftest.c
+@@ -3039,6 +3039,7 @@ mymain(void)
+     DO_TEST_CAPS_LATEST_ABI_UPDATE("intel-iommu-eim-autoadd-v2");
+     DO_TEST_CAPS_ARCH_LATEST("iommu-smmuv3", "aarch64");
+     DO_TEST_CAPS_ARCH_LATEST("iommu-smmuv3-pci-bus", "aarch64");
++    DO_TEST_CAPS_ARCH_LATEST("iommu-smmuv3-pci-bus-single", "aarch64");
+     DO_TEST_CAPS_LATEST("virtio-iommu-x86_64");
+     DO_TEST_CAPS_ARCH_LATEST("virtio-iommu-aarch64", "aarch64");
+     DO_TEST_CAPS_LATEST_PARSE_ERROR("virtio-iommu-wrong-machine");
+-- 
+2.52.0
diff --git a/libvirt-util-Fix-race-condition-in-virFileIsSharedFSOverride.patch b/libvirt-util-Fix-race-condition-in-virFileIsSharedFSOverride.patch
new file mode 100644
index 0000000..e411669
--- /dev/null
+++ b/libvirt-util-Fix-race-condition-in-virFileIsSharedFSOverride.patch
@@ -0,0 +1,114 @@
+From bcf71678b891cb8862b85be2fd44d2dc61686f94 Mon Sep 17 00:00:00 2001
+Message-ID: <bcf71678b891cb8862b85be2fd44d2dc61686f94.1766070439.git.jdenemar@redhat.com>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Dec 2025 16:51:25 +0100
+Subject: [PATCH] util: Fix race condition in virFileIsSharedFSOverride
+
+Switch virFileIsSharedFSOverride to use virFileCheckParents to avoid a
+race which could result in virFileCanonicalizePath to be called on a
+path that does not exist anymore.
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit 3a44f0c23d75519a9a374f790f4b91ab7b65a138)
+
+https://issues.redhat.com/browse/RHEL-102925
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/util/virfile.c | 59 +++++++++++++++++-----------------------------
+ 1 file changed, 22 insertions(+), 37 deletions(-)
+
+diff --git a/src/util/virfile.c b/src/util/virfile.c
+index 95fc8ff0e6..52d711d2a9 100644
+--- a/src/util/virfile.c
++++ b/src/util/virfile.c
+@@ -3502,33 +3502,6 @@ virFileCheckParents(const char *path,
+ }
+ 
+ 
+-static char *
+-virFileGetExistingParent(const char *path)
+-{
+-    g_autofree char *dirpath = g_strdup(path);
+-    char *p = NULL;
+-
+-    /* Try less and less of the path until we get to a directory we can access.
+-     * Even if we don't have 'x' permission on any directory in the path on the
+-     * NFS server (assuming it's NFS), we will be able to stat the mount point.
+-     */
+-    while (!virFileExists(dirpath) && p != dirpath) {
+-        if (!(p = strrchr(dirpath, '/'))) {
+-            virReportSystemError(EINVAL,
+-                                 _("Invalid relative path '%1$s'"), path);
+-            return NULL;
+-        }
+-
+-        if (p == dirpath)
+-            *(p + 1) = '\0';
+-        else
+-            *p = '\0';
+-    }
+-
+-    return g_steal_pointer(&dirpath);
+-}
+-
+-
+ #ifdef __linux__
+ 
+ # ifndef NFS_SUPER_MAGIC
+@@ -3875,6 +3848,17 @@ virFileGetDefaultHugepage(virHugeTLBFS *fs,
+ }
+ 
+ 
++static bool
++virFileCheckParentsCanonicalize(const char *path,
++                                void *opaque)
++{
++    char **canonical = opaque;
++
++    *canonical = virFileCanonicalizePath(path);
++    return !!*canonical;
++}
++
++
+ /**
+  * virFileIsSharedFSOverride:
+  * @path: Path to check
+@@ -3888,24 +3872,25 @@ virFileIsSharedFSOverride(const char *path,
+                           char *const *overrides)
+ {
+     g_autofree char *dirpath = NULL;
+-    g_autofree char *existing = NULL;
+     char *p = NULL;
++    int rc;
+ 
+     if (!path || path[0] != '/' || !overrides)
+         return false;
+ 
+     /* We only care about the longest existing sub-path. Further components
+-     * may will later be created by libvirt will not magically become a shared
+-     * filesystem. */
+-    if (!(existing = virFileGetExistingParent(path)))
++     * that may later be created by libvirt will not magically become a shared
++     * filesystem. Overrides have been canonicalized ahead of time, so we need
++     * to do the same for the provided path or we'll never be able to find a
++     * match if symlinks are involved.
++     */
++    rc = virFileCheckParents(path, NULL,
++                             virFileCheckParentsCanonicalize, &dirpath);
++    if (rc == -1)
+         return false;
+ 
+-    /* Overrides have been canonicalized ahead of time, so we need to
+-     * do the same for the provided path or we'll never be able to
+-     * find a match if symlinks are involved */
+-    if (!(dirpath = virFileCanonicalizePath(existing))) {
+-        VIR_DEBUG("Cannot canonicalize parent '%s' of path '%s'",
+-                  existing, path);
++    if (rc != 0) {
++        VIR_DEBUG("Cannot canonicalize path '%s'", path);
+         return false;
+     }
+ 
+-- 
+2.52.0
diff --git a/libvirt-util-Fix-race-condition-in-virFileIsSharedFSType.patch b/libvirt-util-Fix-race-condition-in-virFileIsSharedFSType.patch
new file mode 100644
index 0000000..834392a
--- /dev/null
+++ b/libvirt-util-Fix-race-condition-in-virFileIsSharedFSType.patch
@@ -0,0 +1,144 @@
+From 0ef9c539a38510d35daec578dae8491f8a1c651c Mon Sep 17 00:00:00 2001
+Message-ID: <0ef9c539a38510d35daec578dae8491f8a1c651c.1766070439.git.jdenemar@redhat.com>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Dec 2025 16:47:14 +0100
+Subject: [PATCH] util: Fix race condition in virFileIsSharedFSType
+
+virFileIsSharedFSType could end up calling statfs on a path that no
+longer exists and return an error. If this happens for a path on a
+shared filesystem, the caller may incorrectly consider the path as
+non-shared.
+
+Specifically, when starting a domain with TPM enabled and deciding
+whether its vTPM state is stored on a shared storage, the race could
+cause qemuTPMEmulatorBuildCommand to consider the state to be
+non-shared. This means swtpm would be started without --migration even
+when the state is actually stored on a shared storage and any attempt to
+migrate such domain would fail with
+
+    Operation not supported: the running swtpm does not support
+    migration with shared storage
+
+In fact, any caller of virFileGetExistingParent contained an inherent
+TOCTOU race condition as the existing parent of a given path return by
+virFileGetExistingParent may no longer exist at the time the caller
+wants to check it.
+
+This patch introduces a new virFileCheckParents API which is almost
+identical to virFileGetExistingParent, but uses a supplied callback to
+check each path. This new API is used in virFileIsSharedFSType to avoid
+the race. The old function will later be completely removed once all
+callers are switched to the new one.
+
+Fixes: 05526b50909ff50c16e13a0b5580d41de74e3d59
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit b6addd42bece693debbf2e95551a2b4d2e1b453f)
+
+https://issues.redhat.com/browse/RHEL-102925
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/util/virfile.c | 71 ++++++++++++++++++++++++++++++++++++++++++++--
+ 1 file changed, 69 insertions(+), 2 deletions(-)
+
+diff --git a/src/util/virfile.c b/src/util/virfile.c
+index a5c9fbe0d9..95fc8ff0e6 100644
+--- a/src/util/virfile.c
++++ b/src/util/virfile.c
+@@ -3445,6 +3445,63 @@ virFileRemoveLastComponent(char *path)
+ }
+ 
+ 
++/* Check callback for virFileCheckParents */
++typedef bool (*virFileCheckParentsCallback)(const char *dirpath,
++                                            void *opaque);
++
++/**
++ * virFileCheckParents:
++ * @path: path to check
++ * @parent: where to store the closest parent satisfying the check
++ * @check: callback called on parent paths
++ * @opaque: data for the @check callback
++ *
++ * Calls @check on the @path and its parent paths until it returns true or a
++ * root directory is reached. When @check returns true, the @parent (if
++ * non-NULL) will be set to a copy of the corresponding path. The caller is
++ * responsible for freeing it.
++ *
++ * Returns  0 on success (@parent set),
++ *         -1 on invalid input,
++ *         -2 when no path (including "/") satisfies the @check.
++ */
++static int
++virFileCheckParents(const char *path,
++                    char **parent,
++                    virFileCheckParentsCallback check,
++                    void *opaque)
++{
++    g_autofree char *dirpath = g_strdup(path);
++    char *p = NULL;
++    bool checkOK;
++
++    checkOK = check(dirpath, opaque);
++
++    while (!checkOK && p != dirpath) {
++        if (!(p = strrchr(dirpath, G_DIR_SEPARATOR))) {
++            virReportSystemError(EINVAL,
++                                 _("Invalid absolute path '%1$s'"), path);
++            return -1;
++        }
++
++        if (p == dirpath)
++            *(p + 1) = '\0';
++        else
++            *p = '\0';
++
++        checkOK = check(dirpath, opaque);
++    }
++
++    if (!checkOK)
++        return -2;
++
++    if (parent)
++        *parent = g_steal_pointer(&dirpath);
++
++    return 0;
++}
++
++
+ static char *
+ virFileGetExistingParent(const char *path)
+ {
+@@ -3599,6 +3656,14 @@ static const struct virFileSharedFsData virFileSharedFs[] = {
+ };
+ 
+ 
++static bool
++virFileCheckParentsStatFS(const char *path,
++                          void *opaque)
++{
++    return statfs(path, (struct statfs *) opaque) == 0;
++}
++
++
+ int
+ virFileIsSharedFSType(const char *path,
+                       unsigned int fstypes)
+@@ -3607,11 +3672,13 @@ virFileIsSharedFSType(const char *path,
+     struct statfs sb;
+     long long f_type = 0;
+     size_t i;
++    int rc;
+ 
+-    if (!(dirpath = virFileGetExistingParent(path)))
++    if ((rc = virFileCheckParents(path, &dirpath,
++                                  virFileCheckParentsStatFS, &sb)) == -1)
+         return -1;
+ 
+-    if (statfs(dirpath, &sb) < 0) {
++    if (rc != 0) {
+         virReportSystemError(errno,
+                              _("cannot determine filesystem for '%1$s'"),
+                              path);
+-- 
+2.52.0
diff --git a/libvirt-util-Rework-virFileIsSharedFSOverride-using-virFileCheckParents.patch b/libvirt-util-Rework-virFileIsSharedFSOverride-using-virFileCheckParents.patch
new file mode 100644
index 0000000..67e6c90
--- /dev/null
+++ b/libvirt-util-Rework-virFileIsSharedFSOverride-using-virFileCheckParents.patch
@@ -0,0 +1,84 @@
+From 9a8eedf3c0eca3075cf27ebae2d872df6627f3dd Mon Sep 17 00:00:00 2001
+Message-ID: <9a8eedf3c0eca3075cf27ebae2d872df6627f3dd.1766070439.git.jdenemar@redhat.com>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Fri, 5 Dec 2025 16:52:32 +0100
+Subject: [PATCH] util: Rework virFileIsSharedFSOverride using
+ virFileCheckParents
+
+The newly introduced virFileCheckParents is generic enough to be used
+for checking whether a specific path or any of its parents is included
+in the overrides array.
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry picked from commit eedf9ed68b45585569865604bf2a403670feaf3e)
+
+https://issues.redhat.com/browse/RHEL-102925
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/util/virfile.c | 35 ++++++++++++-----------------------
+ 1 file changed, 12 insertions(+), 23 deletions(-)
+
+diff --git a/src/util/virfile.c b/src/util/virfile.c
+index 52d711d2a9..05b2fa8168 100644
+--- a/src/util/virfile.c
++++ b/src/util/virfile.c
+@@ -3859,6 +3859,14 @@ virFileCheckParentsCanonicalize(const char *path,
+ }
+ 
+ 
++static bool
++virFileCheckParentsInOverrides(const char *path,
++                               void *opaque)
++{
++    return g_strv_contains((const char *const *) opaque, path);
++}
++
++
+ /**
+  * virFileIsSharedFSOverride:
+  * @path: Path to check
+@@ -3872,7 +3880,6 @@ virFileIsSharedFSOverride(const char *path,
+                           char *const *overrides)
+ {
+     g_autofree char *dirpath = NULL;
+-    char *p = NULL;
+     int rc;
+ 
+     if (!path || path[0] != '/' || !overrides)
+@@ -3894,29 +3901,11 @@ virFileIsSharedFSOverride(const char *path,
+         return false;
+     }
+ 
+-    if (g_strv_contains((const char *const *) overrides, dirpath))
+-        return true;
++    if (virFileCheckParents(dirpath, NULL, virFileCheckParentsInOverrides,
++                            (void *) overrides) < 0)
++        return false;
+ 
+-    /* Continue until we've scanned the entire path */
+-    while (p != dirpath) {
+-
+-        /* Find the last slash */
+-        if ((p = strrchr(dirpath, '/')) == NULL)
+-            break;
+-
+-        /* Truncate the path by overwriting the slash that we've just
+-         * found with a null byte. If it is the very first slash in
+-         * the path, we need to handle things slightly differently */
+-        if (p == dirpath)
+-            *(p+1) = '\0';
+-        else
+-            *p = '\0';
+-
+-        if (g_strv_contains((const char *const *) overrides, dirpath))
+-            return true;
+-    }
+-
+-    return false;
++    return true;
+ }
+ 
+ 
+-- 
+2.52.0
diff --git a/libvirt.spec b/libvirt.spec
index 65d626c..1111cb8 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -294,7 +294,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 11.10.0
-Release: 1%{?dist}%{?extra_release}
+Release: 2%{?dist}%{?extra_release}
 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
 URL: https://libvirt.org/
 
@@ -302,6 +302,14 @@ URL: https://libvirt.org/
     %define mainturl stable_updates/
 %endif
 Source: https://download.libvirt.org/%{?mainturl}libvirt-%{version}.tar.xz
+Patch1: libvirt-tests-add-test-for-a-single-per-device-smmuv3.patch
+Patch2: libvirt-qemu-Use-pci_bus-to-identify-multi-smmuv3-model.patch
+Patch3: libvirt-qemu-tpm-Account-for-possible-migration-without-actually-sharing-storage.patch
+Patch4: libvirt-tests-Test-virFileIsSharedFSOverride.patch
+Patch5: libvirt-util-Fix-race-condition-in-virFileIsSharedFSType.patch
+Patch6: libvirt-util-Fix-race-condition-in-virFileIsSharedFSOverride.patch
+Patch7: libvirt-util-Rework-virFileIsSharedFSOverride-using-virFileCheckParents.patch
+
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -1168,6 +1176,9 @@ MinGW Windows libvirt virtualization library.
 %prep
 %autosetup -S git_am -N
 
+%autopatch
+
+
 %build
 %if 0%{?fedora} >= %{min_fedora} || 0%{?rhel} >= %{min_rhel}
     %define supported_platform 1
@@ -2689,6 +2700,15 @@ exit 0
 %endif
 
 %changelog
+* Thu Dec 18 2025 Jiri Denemark <jdenemar@redhat.com> - 11.10.0-2
+- tests: add test for a single per-device smmuv3 (RHEL-74200)
+- qemu: Use pci_bus to identify multi-smmuv3 model (RHEL-74200)
+- qemu: tpm: Account for possible migration without actually sharing storage (RHEL-132534)
+- tests: Test virFileIsSharedFSOverride (RHEL-102925)
+- util: Fix race condition in virFileIsSharedFSType (RHEL-102925)
+- util: Fix race condition in virFileIsSharedFSOverride (RHEL-102925)
+- util: Rework virFileIsSharedFSOverride using virFileCheckParents (RHEL-102925)
+
 * Mon Dec  1 2025 Jiri Denemark <jdenemar@redhat.com> - 11.10.0-1
 - Rebased to libvirt-11.10.0 (RHEL-104238)
 - The rebase also fixes the following bugs: