[BUG] input-linux: grab toggle doesn't propagate to mouse when keyboard is declared before mouse

Sat, 23 May 2026 14:41:24 -0700 

|Hello,

I found a bug in ui/input-linux.c affecting evdev grab toggle propagation
between keyboard and mouse devices.

## Summary

When using evdev passthrough with input-linux objects, the grab toggle
(e.g. ctrl-ctrl) only releases the keyboard but not the mouse, leaving
the mouse permanently grabbed by the VM.

## Root cause

In input_linux_complete(), the initialization order is:

    input_linux_toggle_grab(il);           /* initial grab */
    QTAILQ_INSERT_TAIL(&inputs, il, next); /* insert into list */

When the keyboard is declared before the mouse in the VM configuration,
the keyboard initializes first: it grabs and inserts itself into inputs.
At this point, the mouse is not yet in the list.

The exact failure condition was confirmed via strace: when keyboard is
declared before mouse, toggling only produces EVIOCGRAB(0) on the
keyboard fd. The mouse fd receives no ioctl at all, meaning it is never
reached by the propagation loop in input_linux_toggle_grab().

Declaring the mouse before the keyboard in the XML fixes the issue:
both fds correctly receive EVIOCGRAB(0) on toggle.

The exact reason why insertion order affects runtime toggle propagation
requires further investigation, but the fix is confirmed to work.

## Suggested fix

In input_linux_complete(), insert the device into inputs BEFORE calling
input_linux_toggle_grab(), so that all devices are visible to each other
during initialization:

    /* current (buggy) */
    input_linux_toggle_grab(il);
    QTAILQ_INSERT_TAIL(&inputs, il, next);

    /* suggested fix */
    QTAILQ_INSERT_TAIL(&inputs, il, next);
    input_linux_toggle_grab(il);

## Steps to reproduce

1. Configure two input-linux evdev devices in libvirt XML:
   - keyboard: grab='all', grabToggle='ctrl-ctrl', repeat='on'
   - mouse: no grab_all
   - keyboard declared BEFORE mouse in XML
2. Start VM
3. Press left ctrl + right ctrl to toggle
4. Keyboard returns to host, mouse stays grabbed by VM

## Expected behavior

Toggle releases both keyboard and mouse simultaneously.

## Actual behavior

Only keyboard is toggled. Mouse remains permanently grabbed by VM.
Confirmed via strace: only fd for keyboard receives EVIOCGRAB(0),
mouse fd receives no ioctl at toggle time.

## Environment

- QEMU version: 10.0.8 (Debian 1:10.0.8+ds-0+deb13u1+b2)
- Host OS: Debian Trixie
- libvirt version: 11.3.0
- Host CPU: AMD (iGPU), Guest GPU: NVIDIA GeForce RTX 5060 (PCIe passthrough) 

|

|Regards|

|Sébastien Brat|

Reply via email to