Rebased to version 0.9.6.4

CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz #905173)
Rebased to version 0.9.6.3
2013-01-28 15:17:26 -05:00 · 2012-10-07 19:25:58 -04:00 · 2012-08-13 19:00:59 -04:00 · 2012-06-19 09:49:03 -04:00 · 2012-06-15 17:29:11 -04:00 · 2012-03-30 21:08:32 +08:00
22 changed files with 2148 additions and 3899 deletions
@@ -2,4 +2,7 @@
 *.rpm
 i686
 x86_64
-libvirt-*.tar.xz
+libvirt-*.tar.gz
+/libvirt-0.8.4.tar.gz
+/libvirt-0.8.5.tar.gz
+/libvirt-0.8.7.tar.gz
@@ -1,32 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 21 May 2018 23:05:07 +0100
-Subject: [PATCH] cpu: define the 'ssbd' CPUID feature bit (CVE-2018-3639)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-New microcode introduces the "Speculative Store Bypass Disable"
-CPUID feature bit. This needs to be exposed to guest OS to allow
-them to protect against CVE-2018-3639.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 1dbca2eccad58d91a5fd33962854f1a653638182)
---
- src/cpu/cpu_map.xml | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
-index 00a43b172c..245aec3309 100644
--- a/src/cpu/cpu_map.xml
-+++ b/src/cpu/cpu_map.xml
-@@ -298,6 +298,9 @@
-     <feature name='spec-ctrl'>
-       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
-     </feature>
-+    <feature name='ssbd'>
-+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x80000000'/>
-+    </feature>
- 
-     <!-- Processor Extended State Enumeration sub leaf 1 -->
-     <feature name='xsaveopt'>
@@ -1,65 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 5 Mar 2018 12:46:16 +0000
-Subject: [PATCH] tests: force use of "NORMAL" TLS priority in test suite
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When generating certificates we rely on GNUTLS' built-in default setup
-for the ciphers used in the certs. We then currently run with the distro
-specific TLS priority setup which can be much stronger, to the extent
-that the certificates we generate are considered untrustworthy. We don't
-care about the quality of the ciphers we use in the test suite, so just
-force the priority to "NORMAL" which should ensure our certs are
-accepted by GNUTLS.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- tests/virnettlscontexttest.c | 4 ++--
- tests/virnettlssessiontest.c | 4 ++--
- 2 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c
-index 089c10e964..86647f3014 100644
--- a/tests/virnettlscontexttest.c
-+++ b/tests/virnettlscontexttest.c
-@@ -72,7 +72,7 @@ static int testTLSContextInit(const void *opaque)
-                                          data->crt,
-                                          KEYFILE,
-                                          NULL,
-                                         NULL,
-+                                         "NORMAL",
-                                          true,
-                                          true);
-     } else {
-@@ -80,7 +80,7 @@ static int testTLSContextInit(const void *opaque)
-                                          NULL,
-                                          data->crt,
-                                          KEYFILE,
-                                         NULL,
-+                                         "NORMAL",
-                                          true,
-                                          true);
-     }
-diff --git a/tests/virnettlssessiontest.c b/tests/virnettlssessiontest.c
-index 6d639e5b16..7e85607181 100644
--- a/tests/virnettlssessiontest.c
-+++ b/tests/virnettlssessiontest.c
-@@ -113,7 +113,7 @@ static int testTLSSessionInit(const void *opaque)
-                                            data->servercrt,
-                                            KEYFILE,
-                                            data->wildcards,
-                                           NULL,
-+                                           "NORMAL",
-                                            false,
-                                            true);
- 
-@@ -121,7 +121,7 @@ static int testTLSSessionInit(const void *opaque)
-                                            NULL,
-                                            data->clientcrt,
-                                            KEYFILE,
-                                           NULL,
-+                                           "NORMAL",
-                                            false,
-                                            true);
- 
@@ -1,42 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 21 May 2018 23:05:08 +0100
-Subject: [PATCH] cpu: define the 'virt-ssbd' CPUID feature bit (CVE-2018-3639)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Some AMD processors only support a non-architectural means of
-enabling Speculative Store Bypass Disable. To allow simplified
-handling in virtual environments, hypervisors will expose an
-architectural definition through CPUID bit 0x80000008_EBX[25].
-This needs to be exposed to guest OS running on AMD x86 hosts to
-allow them to protect against CVE-2018-3639.
-
-Note that since this CPUID bit won't be present in the host CPUID
-results on physical hosts, it will not be enabled automatically
-in guests configured with "host-model" CPU unless using QEMU
-version >= 2.9.0. Thus for older versions of QEMU, this feature
-must be manually enabled using policy=force. Guests using the
-"host-passthrough" CPU mode do not need special handling.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 9267342206ce17f6933d57a3128cdc504d5945c9)
---
- src/cpu/cpu_map.xml | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
-index 245aec3309..96daa0f9af 100644
--- a/src/cpu/cpu_map.xml
-+++ b/src/cpu/cpu_map.xml
-@@ -433,6 +433,9 @@
-     <feature name='ibpb'>
-       <cpuid eax_in='0x80000008' ebx='0x00001000'/>
-     </feature>
-+    <feature name='virt-ssbd'>
-+      <cpuid eax_in='0x80000008' ebx='0x02000000'/>
-+    </feature>
- 
-     <!-- models -->
-     <model name='486'>
@@ -1,31 +0,0 @@
-From: Jim Fehlig <jfehlig@suse.com>
-Date: Wed, 14 Mar 2018 16:42:39 -0600
-Subject: [PATCH] lockd: fix typo in virtlockd-admin.socket
-
-Commit ce7ae55ea1 introduced a typo in virtlockd-admin socket file
-
-/usr/lib/systemd/system/virtlockd-admin.socket:7: Unknown lvalue
-'Server' in section 'Socket'
-
-Change 'Server' to 'Service'.
-
-Signed-off-by: Jim Fehlig <jfehlig@suse.com>
-Reviewed-by: Erik Skultety <eskultet@redhat.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- src/locking/virtlockd-admin.socket.in | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
-index 1fa0a3dc33..2a7500f3d0 100644
--- a/src/locking/virtlockd-admin.socket.in
-+++ b/src/locking/virtlockd-admin.socket.in
-@@ -4,7 +4,7 @@ Before=libvirtd.service
- 
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
-Server=virtlockd.service
-+Service=virtlockd.service
- 
- [Install]
- WantedBy=sockets.target
@@ -1,105 +0,0 @@
-From: Laine Stump <laine@laine.org>
-Date: Wed, 25 Apr 2018 17:12:03 -0400
-Subject: [PATCH] nwfilter: increase pcap buffer size to be compatible with
- TPACKET_V3
-
-When an nwfilter rule sets the parameter CTRL_IP_LEARNING to "dhcp",
-this turns on the "dhcpsnoop" thread, which uses libpcap to monitor
-traffic on the domain's tap device and extract the IP address from the
-DHCP response.
-
-If libpcap on the host is built with HAVE_TPACKET3 defined (to enable
-support for TPACKET_V3), the dhcpsnoop code's initialization of the
-libpcap socket would fail with the following error:
-
-  virNWFilterSnoopDHCPOpen:1134 : internal error: pcap_setfilter: can't remove kernel filter: Bad file descriptor
-
-It turns out that this was because TPACKET_V3 requires a larger buffer
-size than libvirt was setting (we were setting it to 128k). Changing
-the buffer size to 256k eliminates the error, and the dhcpsnoop thread
-once again works properly.
-
-A fuller explanation of why TPACKET_V3 requires such a large buffer,
-for future git spelunkers:
-
-libpcap calls setsockopt(... SOL_PACKET, PACKET_RX_RING...) to setup a
-ring buffer for receiving packets; two of the attributes sent to this
-API are called tp_frame_size, and tp_frame_nr. If libpcap was built
-with HAVE_TPACKET3 defined, tp_trame_size is set to MAXIMUM_SNAPLEN
-(defined in libpcap sources as 262144) and tp_frame_nr is set to:
-
- [the buffer size we set, i.e. PCAP_BUFFERSIZE i.e. 262144] / tp_frame_size.
-
-So if PCAP_BUFFERSIZE < MAXIMUM_SNAPLEN, then tp_frame_nr (the number
-of frames in the ring buffer) is 0, which is nonsensical. This same
-value is later used as a multiplier to determine the size for a call
-to malloc() (which would also fail).
-
-(NB: if HAVE_TPACKET3 is *not* defined, then tp_frame_size is set to
-the snaplen set by the user (in our case 576) plus a small amount to
-account for ethernet headers, so 256k is far more than adequate)
-
-Since the TPACKET_V3 code in libpcap actually reads multiple packets
-into each frame, it's not a problem to have only a single frame
-(especially when we are monitoring such infrequent traffic), so it's
-okay to set this relatively small buffer size (in comparison to the
-default, which is 2MB), which is important since every guest using
-dhcp snooping in a nwfilter rule will hold 2 of these buffers for the
-entire life of the guest.
-
-Thanks to Christian Ehrhardt for discovering that buffer size was the
-problem (this was not at all obvious from the error that was logged!)
-
-Resolves: https://bugzilla.redhat.com/1547237
-Fixes: https://bugs.launchpad.net/libvirt/+bug/1758037
-
-Signed-off-by: Laine Stump <laine@laine.org>
-Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> (V1)
-Reviewed-by: John Ferlan <jferlan@redhat.com>
-Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
-Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
- src/nwfilter/nwfilter_dhcpsnoop.c | 22 +++++++++++++++++++---
- 1 file changed, 19 insertions(+), 3 deletions(-)
-
-diff --git a/src/nwfilter/nwfilter_dhcpsnoop.c b/src/nwfilter/nwfilter_dhcpsnoop.c
-index 6069e70460..50cfb944a2 100644
--- a/src/nwfilter/nwfilter_dhcpsnoop.c
-+++ b/src/nwfilter/nwfilter_dhcpsnoop.c
-@@ -256,10 +256,21 @@ struct _virNWFilterDHCPDecodeJob {
- # define DHCP_BURST_INTERVAL_S  10 /* sec */
- 
- /*
- * libpcap 1.5 requires a 128kb buffer
- * 128 kb is bigger than (DHCP_PKT_BURST * PCAP_PBUFSIZE / 2)
-+ * NB: Any libpcap built with HAVE_TPACKET3 will require
-+ * PCAP_BUFFERSIZE to be at least 262144 (although
-+ * pcap_set_buffer_size() with a lower value will succeed, and the
-+ * error will only show up later when pcap_setfilter() is called).
-+ *
-+ * It is possible that in the future libpcap could increase the
-+ * minimum size even further, but due to the fact that each guest
-+ * using dhcp snooping keeps 2 pcap sockets open (and thus 2 buffers
-+ * allocated) for the life of the guest, we want to minimize the
-+ * length of the buffer, so instead of leaving it at the default size
-+ * (2MB), we are setting it to the minimum viable size and including
-+ * this clue in the source to help quickly resolve the problem when/if
-+ * it reoccurs.
-  */
-# define PCAP_BUFFERSIZE        (128 * 1024)
-+# define PCAP_BUFFERSIZE        (256 * 1024)
- 
- # define MAX_QUEUED_JOBS        (DHCP_PKT_BURST + 2 * DHCP_PKT_RATE)
- 
-@@ -1114,6 +1125,11 @@ virNWFilterSnoopDHCPOpen(const char *ifname, virMacAddr *mac,
-         goto cleanup_nohandle;
-     }
- 
-+    /* IMPORTANT: If there is any failure of *any* pcap_* function
-+     * during setup of the socket, look to the comment where
-+     * PCAP_BUFFERSIZE is defined. It may be too small, even if the
-+     * generated error doesn't imply that.
-+     */
-     if (pcap_set_snaplen(handle, PCAP_PBUFSIZE) < 0 ||
-         pcap_set_buffer_size(handle, PCAP_BUFFERSIZE) < 0 ||
-         pcap_activate(handle) < 0) {
@@ -1,253 +0,0 @@
-From: Vincent Bernat <vincent@bernat.im>
-Date: Tue, 10 Apr 2018 08:27:15 +0200
-Subject: [PATCH] util: don't check for parallel iteration in hash-related
- functions
-
-This is the responsability of the caller to apply the correct lock
-before using these functions. Moreover, the use of a simple boolean
-was still racy: two threads may check the boolean and "lock" it
-simultaneously.
-
-Users of functions from src/util/virhash.c have to be checked for
-correctness. Lookups and iteration should hold a RO
-lock. Modifications should hold a RW lock.
-
-Most important uses seem to be covered. Callers have now a greater
-responsability, notably the ability to execute some operations while
-iterating were reliably forbidden before are now accepted.
-
-Signed-off-by: Vincent Bernat <vincent@bernat.im>
-(cherry picked from commit 4d7384eb9ddef2008cb0cc165eb808f74bc83d6b)
---
- src/util/virhash.c  | 37 --------------------
- tests/virhashtest.c | 83 ---------------------------------------------
- 2 files changed, 120 deletions(-)
-
-diff --git a/src/util/virhash.c b/src/util/virhash.c
-index 0ffbfcce2c..475c2b0281 100644
--- a/src/util/virhash.c
-+++ b/src/util/virhash.c
-@@ -41,12 +41,6 @@ VIR_LOG_INIT("util.hash");
- 
- /* #define DEBUG_GROW */
- 
-#define virHashIterationError(ret) \
-    do { \
-        VIR_ERROR(_("Hash operation not allowed during iteration")); \
-        return ret; \
-    } while (0)
-
- /*
-  * A single entry in the hash table
-  */
-@@ -66,10 +60,6 @@ struct _virHashTable {
-     uint32_t seed;
-     size_t size;
-     size_t nbElems;
-    /* True iff we are iterating over hash entries. */
-    bool iterating;
-    /* Pointer to the current entry during iteration. */
-    virHashEntryPtr current;
-     virHashDataFree dataFree;
-     virHashKeyCode keyCode;
-     virHashKeyEqual keyEqual;
-@@ -339,9 +329,6 @@ virHashAddOrUpdateEntry(virHashTablePtr table, const void *name,
-     if ((table == NULL) || (name == NULL))
-         return -1;
- 
-    if (table->iterating)
-        virHashIterationError(-1);
-
-     key = virHashComputeKey(table, name);
- 
-     /* Check for duplicate entry */
-@@ -551,9 +538,6 @@ virHashRemoveEntry(virHashTablePtr table, const void *name)
-     nextptr = table->table + virHashComputeKey(table, name);
-     for (entry = *nextptr; entry; entry = entry->next) {
-         if (table->keyEqual(entry->name, name)) {
-            if (table->iterating && table->current != entry)
-                virHashIterationError(-1);
-
-             if (table->dataFree)
-                 table->dataFree(entry->payload, entry->name);
-             if (table->keyFree)
-@@ -593,18 +577,11 @@ virHashForEach(virHashTablePtr table, virHashIterator iter, void *data)
-     if (table == NULL || iter == NULL)
-         return -1;
- 
-    if (table->iterating)
-        virHashIterationError(-1);
-
-    table->iterating = true;
-    table->current = NULL;
-     for (i = 0; i < table->size; i++) {
-         virHashEntryPtr entry = table->table[i];
-         while (entry) {
-             virHashEntryPtr next = entry->next;
-            table->current = entry;
-             ret = iter(entry->payload, entry->name, data);
-            table->current = NULL;
- 
-             if (ret < 0)
-                 goto cleanup;
-@@ -615,7 +592,6 @@ virHashForEach(virHashTablePtr table, virHashIterator iter, void *data)
- 
-     ret = 0;
-  cleanup:
-    table->iterating = false;
-     return ret;
- }
- 
-@@ -643,11 +619,6 @@ virHashRemoveSet(virHashTablePtr table,
-     if (table == NULL || iter == NULL)
-         return -1;
- 
-    if (table->iterating)
-        virHashIterationError(-1);
-
-    table->iterating = true;
-    table->current = NULL;
-     for (i = 0; i < table->size; i++) {
-         virHashEntryPtr *nextptr = table->table + i;
- 
-@@ -667,7 +638,6 @@ virHashRemoveSet(virHashTablePtr table,
-             }
-         }
-     }
-    table->iterating = false;
- 
-     return count;
- }
-@@ -723,23 +693,16 @@ void *virHashSearch(const virHashTable *ctable,
-     if (table == NULL || iter == NULL)
-         return NULL;
- 
-    if (table->iterating)
-        virHashIterationError(NULL);
-
-    table->iterating = true;
-    table->current = NULL;
-     for (i = 0; i < table->size; i++) {
-         virHashEntryPtr entry;
-         for (entry = table->table[i]; entry; entry = entry->next) {
-             if (iter(entry->payload, entry->name, data)) {
-                table->iterating = false;
-                 if (name)
-                     *name = table->keyCopy(entry->name);
-                 return entry->payload;
-             }
-         }
-     }
-    table->iterating = false;
- 
-     return NULL;
- }
-diff --git a/tests/virhashtest.c b/tests/virhashtest.c
-index 3b85b62c30..e9c03c1afb 100644
--- a/tests/virhashtest.c
-+++ b/tests/virhashtest.c
-@@ -221,32 +221,6 @@ testHashRemoveForEachAll(void *payload ATTRIBUTE_UNUSED,
- }
- 
- 
-const int testHashCountRemoveForEachForbidden = ARRAY_CARDINALITY(uuids);
-
-static int
-testHashRemoveForEachForbidden(void *payload ATTRIBUTE_UNUSED,
-                               const void *name,
-                               void *data)
-{
-    virHashTablePtr hash = data;
-    size_t i;
-
-    for (i = 0; i < ARRAY_CARDINALITY(uuids_subset); i++) {
-        if (STREQ(uuids_subset[i], name)) {
-            int next = (i + 1) % ARRAY_CARDINALITY(uuids_subset);
-
-            if (virHashRemoveEntry(hash, uuids_subset[next]) == 0) {
-                VIR_TEST_VERBOSE(
-                        "\nentry \"%s\" should not be allowed to be removed",
-                        uuids_subset[next]);
-            }
-            break;
-        }
-    }
-    return 0;
-}
-
-
- static int
- testHashRemoveForEach(const void *data)
- {
-@@ -303,61 +277,6 @@ testHashSteal(const void *data ATTRIBUTE_UNUSED)
- }
- 
- 
-static int
-testHashIter(void *payload ATTRIBUTE_UNUSED,
-             const void *name ATTRIBUTE_UNUSED,
-             void *data ATTRIBUTE_UNUSED)
-{
-    return 0;
-}
-
-static int
-testHashForEachIter(void *payload ATTRIBUTE_UNUSED,
-                    const void *name ATTRIBUTE_UNUSED,
-                    void *data)
-{
-    virHashTablePtr hash = data;
-
-    if (virHashAddEntry(hash, uuids_new[0], NULL) == 0)
-        VIR_TEST_VERBOSE("\nadding entries in ForEach should be forbidden");
-
-    if (virHashUpdateEntry(hash, uuids_new[0], NULL) == 0)
-        VIR_TEST_VERBOSE("\nupdating entries in ForEach should be forbidden");
-
-    if (virHashSteal(hash, uuids_new[0]) != NULL)
-        VIR_TEST_VERBOSE("\nstealing entries in ForEach should be forbidden");
-
-    if (virHashSteal(hash, uuids_new[0]) != NULL)
-        VIR_TEST_VERBOSE("\nstealing entries in ForEach should be forbidden");
-
-    if (virHashForEach(hash, testHashIter, NULL) >= 0)
-        VIR_TEST_VERBOSE("\niterating through hash in ForEach"
-                " should be forbidden");
-    return 0;
-}
-
-static int
-testHashForEach(const void *data ATTRIBUTE_UNUSED)
-{
-    virHashTablePtr hash;
-    int ret = -1;
-
-    if (!(hash = testHashInit(0)))
-        return -1;
-
-    if (virHashForEach(hash, testHashForEachIter, hash)) {
-        VIR_TEST_VERBOSE("\nvirHashForEach didn't go through all entries");
-        goto cleanup;
-    }
-
-    ret = 0;
-
- cleanup:
-    virHashFree(hash);
-    return ret;
-}
-
-
- static int
- testHashRemoveSetIter(const void *payload ATTRIBUTE_UNUSED,
-                       const void *name,
-@@ -628,9 +547,7 @@ mymain(void)
-     DO_TEST("Remove", Remove);
-     DO_TEST_DATA("Remove in ForEach", RemoveForEach, Some);
-     DO_TEST_DATA("Remove in ForEach", RemoveForEach, All);
-    DO_TEST_DATA("Remove in ForEach", RemoveForEach, Forbidden);
-     DO_TEST("Steal", Steal);
-    DO_TEST("Forbidden ops in ForEach", ForEach);
-     DO_TEST("RemoveSet", RemoveSet);
-     DO_TEST("Search", Search);
-     DO_TEST("GetItems", GetItems);
@@ -1,64 +0,0 @@
-From: Matthias Bolte <matthias.bolte@googlemail.com>
-Date: Thu, 2 Aug 2018 17:33:37 +0200
-Subject: [PATCH] esx: Fix double-free and freeing static strings in
- esxDomainSetAutostart
-
-Since commit ae83e02f3dd7fe99fed5d8159a35b666fafeafd5#l3393 the
-newPowerInfo pointer itself is used to track the ownership of the
-AutoStartPowerInfo object to make Coverity understand the code better.
-This broke the code that unset some members of the AutoStartPowerInfo
-object that should not be freed the normal way.
-
-Instead, transfer ownership of the AutoStartPowerInfo object to the
-HostAutoStartManagerConfig object before filling in the values that
-need special handling. This allows to free the AutoStartPowerInfo
-directly without having to deal with the special values, or to let
-the old (now restored) logic handle the special values again.
-
-Signed-off-by: Matthias Bolte <matthias.bolte@googlemail.com>
-Tested-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>
-Reviewed-by: John Ferlan <jferlan@redhat.com>
-(cherry picked from commit 3ad77f853230f870efa396636e008292c7f2b1c0)
---
- src/esx/esx_driver.c | 14 ++++----------
- 1 file changed, 4 insertions(+), 10 deletions(-)
-
-diff --git a/src/esx/esx_driver.c b/src/esx/esx_driver.c
-index b065cdc513..9a7006c6e5 100644
--- a/src/esx/esx_driver.c
-+++ b/src/esx/esx_driver.c
-@@ -3422,7 +3422,10 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart)
-     if (esxVI_AutoStartPowerInfo_Alloc(&newPowerInfo) < 0 ||
-         esxVI_Int_Alloc(&newPowerInfo->startOrder) < 0 ||
-         esxVI_Int_Alloc(&newPowerInfo->startDelay) < 0 ||
-        esxVI_Int_Alloc(&newPowerInfo->stopDelay) < 0) {
-+        esxVI_Int_Alloc(&newPowerInfo->stopDelay) < 0 ||
-+        esxVI_AutoStartPowerInfo_AppendToList(&spec->powerInfo,
-+                                              newPowerInfo) < 0) {
-+        esxVI_AutoStartPowerInfo_Free(&newPowerInfo);
-         goto cleanup;
-     }
- 
-@@ -3434,13 +3437,6 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart)
-     newPowerInfo->stopDelay->value = -1; /* use system default */
-     newPowerInfo->stopAction = (char *)"none";
- 
-    if (esxVI_AutoStartPowerInfo_AppendToList(&spec->powerInfo,
-                                              newPowerInfo) < 0) {
-        goto cleanup;
-    }
-
-    newPowerInfo = NULL;
-
-     if (esxVI_ReconfigureAutostart
-           (priv->primary,
-            priv->primary->hostSystem->configManager->autoStartManager,
-@@ -3462,8 +3458,6 @@ esxDomainSetAutostart(virDomainPtr domain, int autostart)
-     esxVI_AutoStartDefaults_Free(&defaults);
-     esxVI_AutoStartPowerInfo_Free(&powerInfoList);
- 
-    esxVI_AutoStartPowerInfo_Free(&newPowerInfo);
-
-     return result;
- }
- 
@@ -1,55 +0,0 @@
-From 8d6ab7976fa691763fc05a154f2bab865d435b00 Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 5 Apr 2019 11:33:32 +0200
-Subject: [PATCH 1/4] cpu_x86: Do not cache microcode version
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The microcode version checks are used to invalidate cached CPU data we
-get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
-was only read when libvirtd started and cached for the daemon's
-lifetime. However, the CPU microcode can change anytime (updating the
-microcode package can automatically upload it to the CPU) and we need to
-stop caching it to avoid using stale CPU model data.
-
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)
---
- src/cpu/cpu_x86.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
-index b2398c5ad2..38cab15c59 100644
--- a/src/cpu/cpu_x86.c
-+++ b/src/cpu/cpu_x86.c
-@@ -154,7 +154,6 @@ struct _virCPUx86Map {
- };
- 
- static virCPUx86MapPtr cpuMap;
-static unsigned int microcodeVersion;
- 
- int virCPUx86DriverOnceInit(void);
- VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
-@@ -1413,8 +1412,6 @@ virCPUx86DriverOnceInit(void)
-     if (!(cpuMap = virCPUx86LoadMap()))
-         return -1;
- 
-    microcodeVersion = virHostCPUGetMicrocodeVersion();
-
-     return 0;
- }
- 
-@@ -2454,7 +2451,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
-         goto cleanup;
- 
-     ret = x86DecodeCPUData(cpu, cpuData, models);
-    cpu->microcodeVersion = microcodeVersion;
-+    cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
- 
-  cleanup:
-     virCPUx86DataFree(cpuData);
-- 
-2.21.0
-
@@ -1,155 +0,0 @@
-From cb6bcb0312a33a0b6a48d0ee1f368c9080e4a13d Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 12 Apr 2019 21:21:05 +0200
-Subject: [PATCH 2/4] qemu: Don't cache microcode version
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-My earlier commit be46f61326 was incomplete. It removed caching of
-microcode version in the CPU driver, which means the capabilities XML
-will see the correct microcode version. But it is also cached in the
-QEMU capabilities cache where it is used to detect whether we need to
-reprobe QEMU. By missing the second place, the original commit
-be46f61326 made the situation even worse since libvirt would report
-correct microcode version while still using the old host CPU model
-(visible in domain capabilities XML).
-
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9)
-
-CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
-
-Conflicts:
-	src/qemu/qemu_capabilities.c
-            - virQEMUCapsCacheLookupByArch refactoring (commits
-              7948ad4129a and 1a3de67001c) are missing
-            - commit a7424faff0f "Force QMP capability probing" is
-              missing downstream
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- src/qemu/qemu_capabilities.c | 12 ++++++++----
- src/qemu/qemu_capabilities.h |  3 +--
- src/qemu/qemu_driver.c       |  9 +--------
- tests/testutilsqemu.c        |  2 +-
- 4 files changed, 11 insertions(+), 15 deletions(-)
-
-diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
-index b5eb8cf46a..17eb6579bf 100644
--- a/src/qemu/qemu_capabilities.c
-+++ b/src/qemu/qemu_capabilities.c
-@@ -5343,7 +5343,7 @@ virQEMUCapsNewData(const char *binary,
-                                            priv->libDir,
-                                            priv->runUid,
-                                            priv->runGid,
-                                           priv->microcodeVersion,
-+                                           virHostCPUGetMicrocodeVersion(),
-                                            priv->kernelVersion,
-                                            false);
- }
-@@ -5427,8 +5427,7 @@ virFileCachePtr
- virQEMUCapsCacheNew(const char *libDir,
-                     const char *cacheDir,
-                     uid_t runUid,
-                    gid_t runGid,
-                    unsigned int microcodeVersion)
-+                    gid_t runGid)
- {
-     char *capsCacheDir = NULL;
-     virFileCachePtr cache = NULL;
-@@ -5452,7 +5451,6 @@ virQEMUCapsCacheNew(const char *libDir,
- 
-     priv->runUid = runUid;
-     priv->runGid = runGid;
-    priv->microcodeVersion = microcodeVersion;
- 
-     if (uname(&uts) == 0 &&
-         virAsprintf(&priv->kernelVersion, "%s %s", uts.release, uts.version) < 0)
-@@ -5473,8 +5471,11 @@ virQEMUCapsPtr
- virQEMUCapsCacheLookup(virFileCachePtr cache,
-                        const char *binary)
- {
-+    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
-     virQEMUCapsPtr ret = NULL;
- 
-+    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
-+
-     ret = virFileCacheLookup(cache, binary);
- 
-     VIR_DEBUG("Returning caps %p for %s", ret, binary);
-@@ -5520,10 +5521,13 @@ virQEMUCapsPtr
- virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
-                              virArch arch)
- {
-+    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
-     virQEMUCapsPtr ret = NULL;
-     virArch target;
-     struct virQEMUCapsSearchData data = { .arch = arch };
- 
-+    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
-+
-     ret = virFileCacheLookupByFunc(cache, virQEMUCapsCompareArch, &data);
-     if (!ret) {
-         /* If the first attempt at finding capabilities has failed, try
-diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
-index c2ec2be193..7fd51f5fa0 100644
--- a/src/qemu/qemu_capabilities.h
-+++ b/src/qemu/qemu_capabilities.h
-@@ -524,8 +524,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr qemuCaps,
- virFileCachePtr virQEMUCapsCacheNew(const char *libDir,
-                                     const char *cacheDir,
-                                     uid_t uid,
-                                    gid_t gid,
-                                    unsigned int microcodeVersion);
-+                                    gid_t gid);
- virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache,
-                                       const char *binary);
- virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache,
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 96454c17c0..bb38904090 100644
--- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -610,8 +610,6 @@ qemuStateInitialize(bool privileged,
-     char *hugepagePath = NULL;
-     char *memoryBackingPath = NULL;
-     size_t i;
-    virCPUDefPtr hostCPU = NULL;
-    unsigned int microcodeVersion = 0;
- 
-     if (VIR_ALLOC(qemu_driver) < 0)
-         return -1;
-@@ -831,15 +829,10 @@ qemuStateInitialize(bool privileged,
-         run_gid = cfg->group;
-     }
- 
-    if ((hostCPU = virCPUProbeHost(virArchFromHost())))
-        microcodeVersion = hostCPU->microcodeVersion;
-    virCPUDefFree(hostCPU);
-
-     qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
-                                                      cfg->cacheDir,
-                                                      run_uid,
-                                                     run_gid,
-                                                     microcodeVersion);
-+                                                     run_gid);
-     if (!qemu_driver->qemuCapsCache)
-         goto error;
- 
-diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
-index f8182033fc..2c7124bf26 100644
--- a/tests/testutilsqemu.c
-+++ b/tests/testutilsqemu.c
-@@ -603,7 +603,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
- 
-     /* Using /dev/null for libDir and cacheDir automatically produces errors
-      * upon attempt to use any of them */
-    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0, 0);
-+    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
-     if (!driver->qemuCapsCache)
-         goto error;
- 
-- 
-2.21.0
-
@@ -1,886 +0,0 @@
-From 36151b10d3e1f8f92f4ad6b8200ce5355b7f96f0 Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 5 Apr 2019 11:19:30 +0200
-Subject: [PATCH 3/4] cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 5cd9db3ac11e88846cbcf95fad9f6fae9d880dee)
-
-CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-
-Conflicts:
-	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-            - intel-pt feature is missing
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- tests/cputest.c                               |   1 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml |   7 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml  |   8 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml    |  27 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml     |  28 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml     |  11 +
- .../x86_64-cpuid-Xeon-E3-1225-v5.json         | 652 ++++++++++++++++++
- .../x86_64-cpuid-Xeon-E3-1225-v5.sig          |   4 +
- .../x86_64-cpuid-Xeon-E3-1225-v5.xml          |  47 ++
- 9 files changed, 785 insertions(+)
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
-
-diff --git a/tests/cputest.c b/tests/cputest.c
-index 1e79edbef7..2df1d28e39 100644
--- a/tests/cputest.c
-+++ b/tests/cputest.c
-@@ -1189,6 +1189,7 @@ mymain(void)
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Phenom-B95", JSON_HOST);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Ryzen-7-1800X-Eight-Core", JSON_HOST);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-5110", JSON_NONE);
-+    DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1225-v5", JSON_MODELS);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1245-v5", JSON_MODELS);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2609-v3", JSON_MODELS);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2623-v4", JSON_MODELS);
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
-new file mode 100644
-index 0000000000..ce51903e53
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
-@@ -0,0 +1,7 @@
-+<!-- Features disabled by QEMU -->
-+<cpudata arch='x86'>
-+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0800c1fc' edx='0xb0600000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x02000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
-+</cpudata>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-new file mode 100644
-index 0000000000..0deca9fba6
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-@@ -0,0 +1,8 @@
-+<!-- Features enabled by QEMU -->
-+<cpudata arch='x86'>
-+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
-+  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
-+</cpudata>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-new file mode 100644
-index 0000000000..141c01c841
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-@@ -0,0 +1,27 @@
-+<cpu mode='custom' match='exact'>
-+  <model fallback='forbid'>Skylake-Client-IBRS</model>
-+  <vendor>Intel</vendor>
-+  <feature policy='require' name='ds'/>
-+  <feature policy='require' name='acpi'/>
-+  <feature policy='require' name='ss'/>
-+  <feature policy='require' name='ht'/>
-+  <feature policy='require' name='tm'/>
-+  <feature policy='require' name='pbe'/>
-+  <feature policy='require' name='dtes64'/>
-+  <feature policy='require' name='monitor'/>
-+  <feature policy='require' name='ds_cpl'/>
-+  <feature policy='require' name='vmx'/>
-+  <feature policy='require' name='smx'/>
-+  <feature policy='require' name='est'/>
-+  <feature policy='require' name='tm2'/>
-+  <feature policy='require' name='xtpr'/>
-+  <feature policy='require' name='pdcm'/>
-+  <feature policy='require' name='osxsave'/>
-+  <feature policy='require' name='tsc_adjust'/>
-+  <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='stibp'/>
-+  <feature policy='require' name='ssbd'/>
-+  <feature policy='require' name='xsaves'/>
-+  <feature policy='require' name='pdpe1gb'/>
-+  <feature policy='require' name='invtsc'/>
-+</cpu>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-new file mode 100644
-index 0000000000..53bfc9728d
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-@@ -0,0 +1,28 @@
-+<cpu>
-+  <arch>x86_64</arch>
-+  <model>Skylake-Client-IBRS</model>
-+  <vendor>Intel</vendor>
-+  <feature name='ds'/>
-+  <feature name='acpi'/>
-+  <feature name='ss'/>
-+  <feature name='ht'/>
-+  <feature name='tm'/>
-+  <feature name='pbe'/>
-+  <feature name='dtes64'/>
-+  <feature name='monitor'/>
-+  <feature name='ds_cpl'/>
-+  <feature name='vmx'/>
-+  <feature name='smx'/>
-+  <feature name='est'/>
-+  <feature name='tm2'/>
-+  <feature name='xtpr'/>
-+  <feature name='pdcm'/>
-+  <feature name='osxsave'/>
-+  <feature name='tsc_adjust'/>
-+  <feature name='clflushopt'/>
-+  <feature name='stibp'/>
-+  <feature name='ssbd'/>
-+  <feature name='xsaves'/>
-+  <feature name='pdpe1gb'/>
-+  <feature name='invtsc'/>
-+</cpu>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-new file mode 100644
-index 0000000000..1f321db273
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-@@ -0,0 +1,11 @@
-+<cpu mode='custom' match='exact'>
-+  <model fallback='forbid'>Skylake-Client-IBRS</model>
-+  <vendor>Intel</vendor>
-+  <feature policy='require' name='ss'/>
-+  <feature policy='require' name='hypervisor'/>
-+  <feature policy='require' name='tsc_adjust'/>
-+  <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='stibp'/>
-+  <feature policy='require' name='ssbd'/>
-+  <feature policy='require' name='pdpe1gb'/>
-+</cpu>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
-new file mode 100644
-index 0000000000..084747556b
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
-@@ -0,0 +1,652 @@
-+{
-+  "return": {
-+    "model": {
-+      "name": "base",
-+      "props": {
-+        "phys-bits": 0,
-+        "core-id": -1,
-+        "xlevel": 2147483656,
-+        "cmov": true,
-+        "ia64": false,
-+        "aes": true,
-+        "mmx": true,
-+        "rdpid": false,
-+        "arat": true,
-+        "gfni": false,
-+        "pause-filter": false,
-+        "xsavec": true,
-+        "intel-pt": false,
-+        "osxsave": false,
-+        "hv-frequencies": false,
-+        "tsc-frequency": 0,
-+        "xd": true,
-+        "hv-vendor-id": "",
-+        "kvm-asyncpf": true,
-+        "kvm_asyncpf": true,
-+        "perfctr_core": false,
-+        "perfctr-core": false,
-+        "mpx": true,
-+        "pbe": false,
-+        "decodeassists": false,
-+        "avx512cd": false,
-+        "sse4_1": true,
-+        "sse4.1": true,
-+        "sse4-1": true,
-+        "family": 6,
-+        "legacy-cache": true,
-+        "vmware-cpuid-freq": true,
-+        "avx512f": false,
-+        "msr": true,
-+        "mce": true,
-+        "mca": true,
-+        "hv-runtime": false,
-+        "xcrypt": false,
-+        "thread-id": -1,
-+        "min-level": 13,
-+        "xgetbv1": true,
-+        "cid": false,
-+        "hv-relaxed": false,
-+        "hv-crash": false,
-+        "ds": false,
-+        "fxsr": true,
-+        "xsaveopt": true,
-+        "xtpr": false,
-+        "avx512vl": false,
-+        "avx512-vpopcntdq": false,
-+        "phe": false,
-+        "extapic": false,
-+        "3dnowprefetch": true,
-+        "avx512vbmi2": false,
-+        "cr8legacy": false,
-+        "stibp": true,
-+        "cpuid-0xb": true,
-+        "xcrypt-en": false,
-+        "kvm_pv_eoi": true,
-+        "apic-id": 4294967295,
-+        "pn": false,
-+        "dca": false,
-+        "vendor": "GenuineIntel",
-+        "pku": false,
-+        "smx": false,
-+        "cmp_legacy": false,
-+        "cmp-legacy": false,
-+        "node-id": -1,
-+        "avx512-4fmaps": false,
-+        "vmcb_clean": false,
-+        "vmcb-clean": false,
-+        "3dnowext": false,
-+        "hle": true,
-+        "npt": false,
-+        "memory": "/machine/unattached/system[0]",
-+        "clwb": false,
-+        "lbrv": false,
-+        "adx": true,
-+        "ss": true,
-+        "pni": true,
-+        "svm_lock": false,
-+        "svm-lock": false,
-+        "pfthreshold": false,
-+        "smep": true,
-+        "smap": true,
-+        "x2apic": true,
-+        "avx512vbmi": false,
-+        "avx512vnni": false,
-+        "hv-stimer": false,
-+        "i64": true,
-+        "flushbyasid": false,
-+        "f16c": true,
-+        "ace2-en": false,
-+        "pat": true,
-+        "pae": true,
-+        "sse": true,
-+        "phe-en": false,
-+        "kvm_nopiodelay": true,
-+        "kvm-nopiodelay": true,
-+        "tm": false,
-+        "kvmclock-stable-bit": true,
-+        "hypervisor": true,
-+        "socket-id": -1,
-+        "pcommit": false,
-+        "syscall": true,
-+        "level": 13,
-+        "avx512dq": false,
-+        "svm": false,
-+        "full-cpuid-auto-level": true,
-+        "hv-reset": false,
-+        "invtsc": false,
-+        "sse3": true,
-+        "sse2": true,
-+        "ssbd": true,
-+        "est": false,
-+        "avx512ifma": false,
-+        "tm2": false,
-+        "kvm-pv-eoi": true,
-+        "cx8": true,
-+        "kvm_mmu": false,
-+        "kvm-mmu": false,
-+        "sse4_2": true,
-+        "sse4.2": true,
-+        "sse4-2": true,
-+        "pge": true,
-+        "fill-mtrr-mask": true,
-+        "avx512bitalg": false,
-+        "nodeid_msr": false,
-+        "pdcm": false,
-+        "movbe": true,
-+        "model": 94,
-+        "nrip_save": false,
-+        "nrip-save": false,
-+        "kvm_pv_unhalt": true,
-+        "ssse3": true,
-+        "sse4a": false,
-+        "invpcid": true,
-+        "pdpe1gb": true,
-+        "tsc-deadline": true,
-+        "fma": true,
-+        "cx16": true,
-+        "de": true,
-+        "enforce": false,
-+        "stepping": 3,
-+        "xsave": true,
-+        "clflush": true,
-+        "skinit": false,
-+        "tsc": true,
-+        "tce": false,
-+        "fpu": true,
-+        "ibs": false,
-+        "ds_cpl": false,
-+        "ds-cpl": false,
-+        "host-phys-bits": true,
-+        "fma4": false,
-+        "la57": false,
-+        "osvw": false,
-+        "check": true,
-+        "hv-spinlocks": -1,
-+        "pmu": false,
-+        "pmm": false,
-+        "apic": true,
-+        "spec-ctrl": true,
-+        "min-xlevel2": 0,
-+        "tsc-adjust": true,
-+        "tsc_adjust": true,
-+        "kvm-steal-time": true,
-+        "kvm_steal_time": true,
-+        "kvmclock": true,
-+        "l3-cache": true,
-+        "lwp": false,
-+        "ibpb": false,
-+        "xop": false,
-+        "avx": true,
-+        "ospke": false,
-+        "ace2": false,
-+        "avx512bw": false,
-+        "acpi": false,
-+        "hv-vapic": false,
-+        "fsgsbase": true,
-+        "ht": false,
-+        "nx": true,
-+        "pclmulqdq": true,
-+        "mmxext": false,
-+        "vaes": false,
-+        "popcnt": true,
-+        "xsaves": false,
-+        "tcg-cpuid": true,
-+        "lm": true,
-+        "umip": false,
-+        "pse": true,
-+        "avx2": true,
-+        "sep": true,
-+        "pclmuldq": true,
-+        "virt-ssbd": false,
-+        "x-hv-max-vps": -1,
-+        "nodeid-msr": false,
-+        "md-clear": true,
-+        "kvm": true,
-+        "misalignsse": false,
-+        "min-xlevel": 2147483656,
-+        "kvm-pv-unhalt": true,
-+        "bmi2": true,
-+        "bmi1": true,
-+        "realized": false,
-+        "tsc_scale": false,
-+        "tsc-scale": false,
-+        "topoext": false,
-+        "hv-vpindex": false,
-+        "xlevel2": 0,
-+        "clflushopt": true,
-+        "kvm-no-smi-migration": false,
-+        "monitor": false,
-+        "avx512er": false,
-+        "pmm-en": false,
-+        "pcid": true,
-+        "3dnow": false,
-+        "erms": true,
-+        "lahf-lm": true,
-+        "lahf_lm": true,
-+        "vpclmulqdq": false,
-+        "fxsr-opt": false,
-+        "hv-synic": false,
-+        "xstore": false,
-+        "fxsr_opt": false,
-+        "kvm-hint-dedicated": false,
-+        "rtm": true,
-+        "lmce": true,
-+        "hv-time": false,
-+        "perfctr-nb": false,
-+        "perfctr_nb": false,
-+        "ffxsr": false,
-+        "rdrand": true,
-+        "rdseed": true,
-+        "avx512-4vnniw": false,
-+        "vmx": false,
-+        "vme": true,
-+        "dtes64": false,
-+        "mtrr": true,
-+        "rdtscp": true,
-+        "pse36": true,
-+        "kvm-pv-tlb-flush": false,
-+        "tbm": false,
-+        "wdt": false,
-+        "pause_filter": false,
-+        "sha-ni": false,
-+        "model-id": "Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz",
-+        "abm": true,
-+        "avx512pf": false,
-+        "xstore-en": false
-+      }
-+    }
-+  },
-+  "id": "model-expansion"
-+}
-+
-+{
-+  "return": [
-+    {
-+      "name": "max",
-+      "typename": "max-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": false
-+    },
-+    {
-+      "name": "host",
-+      "typename": "host-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": false
-+    },
-+    {
-+      "name": "base",
-+      "typename": "base-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": true,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "qemu64",
-+      "typename": "qemu64-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "qemu32",
-+      "typename": "qemu32-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "phenom",
-+      "typename": "phenom-x86_64-cpu",
-+      "unavailable-features": [
-+        "mmxext",
-+        "fxsr-opt",
-+        "3dnowext",
-+        "3dnow",
-+        "sse4a",
-+        "npt"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "pentium3",
-+      "typename": "pentium3-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "pentium2",
-+      "typename": "pentium2-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "pentium",
-+      "typename": "pentium-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "n270",
-+      "typename": "n270-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "kvm64",
-+      "typename": "kvm64-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "kvm32",
-+      "typename": "kvm32-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "cpu64-rhel6",
-+      "typename": "cpu64-rhel6-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "coreduo",
-+      "typename": "coreduo-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "core2duo",
-+      "typename": "core2duo-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "athlon",
-+      "typename": "athlon-x86_64-cpu",
-+      "unavailable-features": [
-+        "mmxext",
-+        "3dnowext",
-+        "3dnow"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Westmere",
-+      "typename": "Westmere-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Westmere-IBRS",
-+      "typename": "Westmere-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Server",
-+      "typename": "Skylake-Server-x86_64-cpu",
-+      "unavailable-features": [
-+        "avx512f",
-+        "avx512dq",
-+        "clwb",
-+        "avx512cd",
-+        "avx512bw",
-+        "avx512vl",
-+        "avx512f",
-+        "avx512f",
-+        "avx512f"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Server-IBRS",
-+      "typename": "Skylake-Server-IBRS-x86_64-cpu",
-+      "unavailable-features": [
-+        "avx512f",
-+        "avx512dq",
-+        "clwb",
-+        "avx512cd",
-+        "avx512bw",
-+        "avx512vl",
-+        "avx512f",
-+        "avx512f",
-+        "avx512f"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Client",
-+      "typename": "Skylake-Client-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Client-IBRS",
-+      "typename": "Skylake-Client-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "SandyBridge",
-+      "typename": "SandyBridge-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "SandyBridge-IBRS",
-+      "typename": "SandyBridge-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Penryn",
-+      "typename": "Penryn-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G5",
-+      "typename": "Opteron_G5-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a",
-+        "misalignsse",
-+        "xop",
-+        "fma4",
-+        "tbm"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G4",
-+      "typename": "Opteron_G4-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a",
-+        "misalignsse",
-+        "xop",
-+        "fma4"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G3",
-+      "typename": "Opteron_G3-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a",
-+        "misalignsse"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G2",
-+      "typename": "Opteron_G2-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G1",
-+      "typename": "Opteron_G1-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Nehalem",
-+      "typename": "Nehalem-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Nehalem-IBRS",
-+      "typename": "Nehalem-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "IvyBridge",
-+      "typename": "IvyBridge-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "IvyBridge-IBRS",
-+      "typename": "IvyBridge-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell",
-+      "typename": "Haswell-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell-noTSX",
-+      "typename": "Haswell-noTSX-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell-noTSX-IBRS",
-+      "typename": "Haswell-noTSX-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell-IBRS",
-+      "typename": "Haswell-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "EPYC",
-+      "typename": "EPYC-x86_64-cpu",
-+      "unavailable-features": [
-+        "sha-ni",
-+        "mmxext",
-+        "fxsr-opt",
-+        "cr8legacy",
-+        "sse4a",
-+        "misalignsse",
-+        "osvw"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "EPYC-IBPB",
-+      "typename": "EPYC-IBPB-x86_64-cpu",
-+      "unavailable-features": [
-+        "sha-ni",
-+        "mmxext",
-+        "fxsr-opt",
-+        "cr8legacy",
-+        "sse4a",
-+        "misalignsse",
-+        "osvw",
-+        "ibpb"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Conroe",
-+      "typename": "Conroe-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell",
-+      "typename": "Broadwell-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell-noTSX",
-+      "typename": "Broadwell-noTSX-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell-noTSX-IBRS",
-+      "typename": "Broadwell-noTSX-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell-IBRS",
-+      "typename": "Broadwell-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "486",
-+      "typename": "486-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    }
-+  ],
-+  "id": "definitions"
-+}
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
-new file mode 100644
-index 0000000000..7e57c2ded6
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
-@@ -0,0 +1,4 @@
-+0506e3
-+family:     6 (0x06)
-+model:     94 (0x5e)
-+stepping:   3 (0x03)
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
-new file mode 100644
-index 0000000000..437429d61d
--- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
-@@ -0,0 +1,47 @@
-+<!-- Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz -->
-+<cpudata arch='x86'>
-+  <cpuid eax_in='0x00000000' ecx_in='0x00' eax='0x00000016' ebx='0x756e6547' ecx='0x6c65746e' edx='0x49656e69'/>
-+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x000506e3' ebx='0x06100800' ecx='0x7ffafbff' edx='0xbfebfbff'/>
-+  <cpuid eax_in='0x00000002' ecx_in='0x00' eax='0x76036301' ebx='0x00f0b6ff' ecx='0x00000000' edx='0x00c30000'/>
-+  <cpuid eax_in='0x00000003' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x00' eax='0x1c004121' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x01' eax='0x1c004122' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x02' eax='0x1c004143' ebx='0x00c0003f' ecx='0x000003ff' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x03' eax='0x1c03c163' ebx='0x03c0003f' ecx='0x00001fff' edx='0x00000006'/>
-+  <cpuid eax_in='0x00000005' ecx_in='0x00' eax='0x00000040' ebx='0x00000040' ecx='0x00000003' edx='0x00142120'/>
-+  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x000027f7' ebx='0x00000002' ecx='0x00000009' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x029c6fbf' ecx='0x00000000' edx='0x9c002400'/>
-+  <cpuid eax_in='0x00000008' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000009' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000a' ecx_in='0x00' eax='0x07300804' ebx='0x00000000' ecx='0x00000000' edx='0x00000603'/>
-+  <cpuid eax_in='0x0000000b' ecx_in='0x00' eax='0x00000001' ebx='0x00000001' ecx='0x00000100' edx='0x00000006'/>
-+  <cpuid eax_in='0x0000000b' ecx_in='0x01' eax='0x00000004' ebx='0x00000004' ecx='0x00000201' edx='0x00000006'/>
-+  <cpuid eax_in='0x0000000c' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x00' eax='0x0000001f' ebx='0x00000440' ecx='0x00000440' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x0000000f' ebx='0x000003c0' ecx='0x00000100' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x02' eax='0x00000100' ebx='0x00000240' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x03' eax='0x00000040' ebx='0x000003c0' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x04' eax='0x00000040' ebx='0x00000400' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x08' eax='0x00000080' ebx='0x00000000' ecx='0x00000001' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000e' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000f' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000010' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000011' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000012' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000013' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000014' ecx_in='0x00' eax='0x00000001' ebx='0x0000000f' ecx='0x00000007' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000014' ecx_in='0x01' eax='0x02490002' ebx='0x003f3fff' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000015' ecx_in='0x00' eax='0x00000002' ebx='0x00000114' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000016' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000000' ecx_in='0x00' eax='0x80000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
-+  <cpuid eax_in='0x80000002' ecx_in='0x00' eax='0x65746e49' ebx='0x2952286c' ecx='0x6f655820' edx='0x2952286e'/>
-+  <cpuid eax_in='0x80000003' ecx_in='0x00' eax='0x55504320' ebx='0x2d334520' ecx='0x35323231' edx='0x20357620'/>
-+  <cpuid eax_in='0x80000004' ecx_in='0x00' eax='0x2e332040' ebx='0x48473033' ecx='0x0000007a' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000005' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000006' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x01006040' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
-+  <cpuid eax_in='0x80000008' ecx_in='0x00' eax='0x00003027' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80860000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
-+  <cpuid eax_in='0xc0000000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
-+</cpudata>
-- 
-2.21.0
-
@@ -1,105 +0,0 @@
-From 7bde733e906a9eb513448fd58201a333a1793811 Mon Sep 17 00:00:00 2001
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 5 Apr 2019 15:11:20 +0200
-Subject: [PATCH 4/4] cpu_map: Define md-clear CPUID bit
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
-
-The bit is set when microcode provides the mechanism to invoke a flush
-of various exploitable CPU buffers by invoking the VERW instruction.
-
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85)
-
-Conflicts:
-	src/cpu_map/x86_features.xml
-            - no CPU map split downstream
-
-	tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
-	tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
-            - test data missing downstream
-
-	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-	tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-            - intel-pt feature is missing downstream
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- src/cpu/cpu_map.xml                                        | 3 +++
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +-
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml   | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml    | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml    | 1 +
- 5 files changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/src/cpu/cpu_map.xml b/src/cpu/cpu_map.xml
-index 96daa0f9af..250e241df9 100644
--- a/src/cpu/cpu_map.xml
-+++ b/src/cpu/cpu_map.xml
-@@ -295,6 +295,9 @@
-     <feature name='avx512-4fmaps'>
-       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
-     </feature>
-+    <feature name='md-clear'> <!-- md_clear -->
-+      <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
-+    </feature>
-     <feature name='spec-ctrl'>
-       <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/>
-     </feature>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-index 0deca9fba6..74763a462b 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-@@ -2,7 +2,7 @@
- <cpudata arch='x86'>
-   <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
-   <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
-   <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-   <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
- </cpudata>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-index 141c01c841..3b3472742e 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-@@ -19,6 +19,7 @@
-   <feature policy='require' name='osxsave'/>
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='md-clear'/>
-   <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='xsaves'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-index 53bfc9728d..df4f97417c 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-@@ -20,6 +20,7 @@
-   <feature name='osxsave'/>
-   <feature name='tsc_adjust'/>
-   <feature name='clflushopt'/>
-+  <feature name='md-clear'/>
-   <feature name='stibp'/>
-   <feature name='ssbd'/>
-   <feature name='xsaves'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-index 1f321db273..a5591278df 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-@@ -5,6 +5,7 @@
-   <feature policy='require' name='hypervisor'/>
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='md-clear'/>
-   <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='pdpe1gb'/>
-- 
-2.21.0
-
@@ -1,56 +0,0 @@
-From 4cb90fa2335b75a0fc39440853bd681955b326a4 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 14 May 2019 21:09:59 +0100
-Subject: [PATCH] cputest: remove stibp flag from test data
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-stibp flag doesn't exist in this maint branch.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 -
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml  | 1 -
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml  | 1 -
- 3 files changed, 3 deletions(-)
-
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-index 3b3472742e..29c1fdb80a 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-@@ -20,7 +20,6 @@
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-   <feature policy='require' name='md-clear'/>
-  <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='xsaves'/>
-   <feature policy='require' name='pdpe1gb'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-index df4f97417c..2003ca9ef6 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-@@ -21,7 +21,6 @@
-   <feature name='tsc_adjust'/>
-   <feature name='clflushopt'/>
-   <feature name='md-clear'/>
-  <feature name='stibp'/>
-   <feature name='ssbd'/>
-   <feature name='xsaves'/>
-   <feature name='pdpe1gb'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-index a5591278df..d6529c59a3 100644
--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-@@ -6,7 +6,6 @@
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-   <feature policy='require' name='md-clear'/>
-  <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='pdpe1gb'/>
- </cpu>
-- 
-2.21.0
-
@@ -1,58 +0,0 @@
-From 39fb5ab3125d1669344bab94ccb71bce814d9ae2 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Apr 2019 17:26:13 +0100
-Subject: [PATCH 1/3] admin: reject clients unless their UID matches the
- current UID
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The admin protocol RPC messages are only intended for use by the user
-running the daemon. As such they should not be allowed for any client
-UID that does not match the server UID.
-
-Fixes CVE-2019-10132
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
---
- src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
-index b78ff902c0..9f25813ae3 100644
--- a/src/admin/admin_server_dispatch.c
-+++ b/src/admin/admin_server_dispatch.c
-@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                    void *opaque)
- {
-     struct daemonAdmClientPrivate *priv;
-+    uid_t clientuid;
-+    gid_t clientgid;
-+    pid_t clientpid;
-+    unsigned long long timestamp;
-+
-+    if (virNetServerClientGetUNIXIdentity(client,
-+                                          &clientuid,
-+                                          &clientgid,
-+                                          &clientpid,
-+                                          &timestamp) < 0)
-+        return NULL;
-+
-+    VIR_DEBUG("New client pid %lld uid %lld",
-+              (long long)clientpid,
-+              (long long)clientuid);
-+
-+    if (geteuid() != clientuid) {
-+        virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
-+                                 (long long)clientpid,
-+                                 (long long)clientuid);
-+        return NULL;
-+    }
- 
-     if (VIR_ALLOC(priv) < 0)
-         return NULL;
-- 
-2.21.0
-
@@ -1,51 +0,0 @@
-From 41f06e6095e17b61b2af35821d204afc5c34777c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Apr 2019 16:51:37 +0100
-Subject: [PATCH 2/3] locking: restrict sockets to mode 0600
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virtlockd daemon's only intended client is the libvirtd daemon. As
-such it should never allow clients from other user accounts to connect.
-The code already enforces this and drops clients from other UIDs, but
-we can get earlier (and thus stronger) protection against DoS by setting
-the socket permissions to 0600
-
-Fixes CVE-2019-10132
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1)
---
- src/locking/virtlockd-admin.socket.in | 1 +
- src/locking/virtlockd.socket.in       | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
-index 2a7500f3d0..f674c492f7 100644
--- a/src/locking/virtlockd-admin.socket.in
-+++ b/src/locking/virtlockd-admin.socket.in
-@@ -5,6 +5,7 @@ Before=libvirtd.service
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
- Service=virtlockd.service
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
-index 45e0f20235..d701b27516 100644
--- a/src/locking/virtlockd.socket.in
-+++ b/src/locking/virtlockd.socket.in
-@@ -4,6 +4,7 @@ Before=libvirtd.service
- 
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-sock
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-- 
-2.21.0
-
@@ -1,51 +0,0 @@
-From f0e014133104cdb5af5c7d96a7aa6dc0f1bbb03c Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Apr 2019 17:27:41 +0100
-Subject: [PATCH 3/3] logging: restrict sockets to mode 0600
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virtlogd daemon's only intended client is the libvirtd daemon. As
-such it should never allow clients from other user accounts to connect.
-The code already enforces this and drops clients from other UIDs, but
-we can get earlier (and thus stronger) protection against DoS by setting
-the socket permissions to 0600
-
-Fixes CVE-2019-10132
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f)
---
- src/logging/virtlogd-admin.socket.in | 1 +
- src/logging/virtlogd.socket.in       | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in
-index 595e6c4c4b..5c41dfeb7b 100644
--- a/src/logging/virtlogd-admin.socket.in
-+++ b/src/logging/virtlogd-admin.socket.in
-@@ -5,6 +5,7 @@ Before=libvirtd.service
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock
- Service=virtlogd.service
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
-index 22b9360c8d..ae48cdab9a 100644
--- a/src/logging/virtlogd.socket.in
-+++ b/src/logging/virtlogd.socket.in
-@@ -4,6 +4,7 @@ Before=libvirtd.service
- 
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlogd-sock
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-- 
-2.21.0
-
@@ -0,0 +1,184 @@
+From a9311c363defcba7479fdabfb4862bcf851a6b7c Mon Sep 17 00:00:00 2001
+From: Alon Levy <alevy@redhat.com>
+Date: Tue, 8 May 2012 20:42:44 +0300
+Subject: [PATCH] domain_conf: add "default" to list of valid spice channels
+
+qemu's behavior in this case is to change the spice server behavior to
+require secure connection to any channel not otherwise specified as
+being in plaintext mode. libvirt doesn't currently allow requesting this
+(via plaintext-channel=<channel name>).
+
+RHBZ: 819499
+
+Signed-off-by: Alon Levy <alevy@redhat.com>
+(cherry picked from commit ba97e4edc6aa439a4f1e70855cf4503181efdb7f)
+
+Conflicts:
+
+	src/conf/domain_conf.c
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ docs/formatdomain.html.in                          |    7 +++++++
+ docs/schemas/domaincommon.rng                      |    9 +++++++++
+ src/conf/domain_conf.c                             |   20 ++++++++++++++++++++
+ src/conf/domain_conf.h                             |    1 +
+ src/qemu/qemu_command.c                            |   13 +++++++++++++
+ .../qemuxml2argv-graphics-spice.args               |    2 +-
+ .../qemuxml2argv-graphics-spice.xml                |    2 +-
+ 7 files changed, 52 insertions(+), 2 deletions(-)
+
+diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
+index d082697..db5fa9b 100644
+--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
+@@ -2308,6 +2308,13 @@ qemu-kvm -net nic,model=? /dev/null
+               <span class="since">Since 0.9.3</span>
+               NB, this may not be supported by all hypervisors.
+               <span class="since">"spice" since 0.8.6</span>.
+              The <code>defaultMode</code> attribute sets the default channel
+              security policy, valid values are <code>secure</code>,
+              <code>insecure</code> and the default <code>any</code>
+              (which is secure if possible, but falls back to insecure
+              rather than erroring out if no secure path is
+              available). <span class="since">"defaultMode" since
+              0.9.12</span>.
+             </p>
+             <p>
+               When SPICE has both a normal and TLS secured TCP port
+diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
+index fe81c26..0d6edc8 100644
+--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
+@@ -1388,6 +1388,15 @@
+               </choice>
+             </attribute>
+           </optional>
+          <optional>
+            <attribute name="defaultMode">
+              <choice>
+                <value>any</value>
+                <value>secure</value>
+                <value>insecure</value>
+              </choice>
+            </attribute>
+          </optional>
+           <interleave>
+             <ref name="listenElements"/>
+             <zeroOrMore>
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 9cc1644..963768e 100644
+--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
+@@ -4689,6 +4689,8 @@ virDomainGraphicsDefParseXML(xmlNodePtr node,
+         char *port = virXMLPropString(node, "port");
+         char *tlsPort;
+         char *autoport;
+        char *defaultMode;
+        int defaultModeVal;
+ 
+         if (port) {
+             if (virStrToLong_i(port, NULL, 10, &def->data.spice.port) < 0) {
+@@ -4726,6 +4728,20 @@ virDomainGraphicsDefParseXML(xmlNodePtr node,
+             VIR_FREE(autoport);
+         }
+ 
+        def->data.spice.defaultMode = VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY;
+
+        if ((defaultMode = virXMLPropString(node, "defaultMode")) != NULL) {
+            if ((defaultModeVal = virDomainGraphicsSpiceChannelModeTypeFromString(defaultMode)) < 0) {
+                virDomainReportError(VIR_ERR_INTERNAL_ERROR,
+                                     _("unknown default spice channel mode %s"),
+                                     defaultMode);
+                VIR_FREE(defaultMode);
+                goto error;
+            }
+            def->data.spice.defaultMode = defaultModeVal;
+            VIR_FREE(defaultMode);
+        }
+
+         def->data.spice.keymap = virXMLPropString(node, "keymap");
+ 
+         if (virDomainGraphicsAuthDefParseXML(node, &def->data.spice.auth,
+@@ -10311,6 +10327,10 @@ virDomainGraphicsDefFormat(virBufferPtr buf,
+             virBufferEscapeString(buf, " keymap='%s'",
+                                   def->data.spice.keymap);
+ 
+        if (def->data.spice.defaultMode != VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY)
+            virBufferAsprintf(buf, " defaultMode='%s'",
+              virDomainGraphicsSpiceChannelModeTypeToString(def->data.spice.defaultMode));
+
+         virDomainGraphicsAuthDefFormatAttr(buf, &def->data.spice.auth, flags);
+         break;
+ 
+diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
+index d40fda6..f6df0ea 100644
+--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
+@@ -921,6 +921,7 @@ struct _virDomainGraphicsDef {
+             virDomainGraphicsAuthDef auth;
+             unsigned int autoport :1;
+             int channels[VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST];
+            int defaultMode; /* enum virDomainGraphicsSpiceChannelMode */
+             int image;
+             int jpeg;
+             int zlib;
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index 366913b..ee192d3 100644
+--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
+@@ -4720,6 +4720,7 @@ qemuBuildCommandLine(virConnectPtr conn,
+         const char *listenAddr = NULL;
+         char *netAddr = NULL;
+         int ret;
+        int defaultMode = def->graphics[0]->data.spice.defaultMode;
+ 
+         if (!qemuCapsGet(qemuCaps, QEMU_CAPS_SPICE)) {
+             qemuReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+@@ -4781,6 +4782,18 @@ qemuBuildCommandLine(virConnectPtr conn,
+             virBufferAsprintf(&opt, ",x509-dir=%s",
+                               driver->spiceTLSx509certdir);
+ 
+        switch (defaultMode) {
+        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_SECURE:
+            virBufferAsprintf(&opt, ",tls-channel=default");
+            break;
+        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_INSECURE:
+            virBufferAsprintf(&opt, ",plaintext-channel=default");
+            break;
+        case VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_ANY:
+            /* nothing */
+            break;
+        }
+
+         for (i = 0 ; i < VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST ; i++) {
+             int mode = def->graphics[0]->data.spice.channels[i];
+             switch (mode) {
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
+index c9fdb99..698e39c 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
+@@ -2,7 +2,7 @@ LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=spice \
+ /usr/bin/qemu -S -M pc -m 214 -smp 1 -nodefaults -monitor \
+ unix:/tmp/test-monitor,server,nowait -no-acpi -boot c -hda \
+ /dev/HostVG/QEMUGuest1 -usb -spice port=5903,tls-port=5904,addr=127.0.0.1,\
+-x509-dir=/etc/pki/libvirt-spice,tls-channel=main,plaintext-channel=inputs,\
+x509-dir=/etc/pki/libvirt-spice,tls-channel=default,tls-channel=main,plaintext-channel=inputs,\
+ image-compression=auto_glz,jpeg-wan-compression=auto,zlib-glz-wan-compression=auto,\
+ playback-compression=on,streaming-video=filter,disable-copy-paste -vga \
+ qxl -global qxl.vram_size=18874368 -device qxl,id=video1,vram_size=33554432,bus=pci.0,addr=0x4 \
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
+index 5313b3a..29f20ab 100644
+--- a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.xml
+@@ -21,7 +21,7 @@
+     </disk>
+     <controller type='ide' index='0'/>
+     <input type='mouse' bus='ps2'/>
+-    <graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1'>
+    <graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1' defaultMode='secure'>
+       <listen type='address' address='127.0.0.1'/>
+       <channel name='main' mode='secure'/>
+       <channel name='inputs' mode='insecure'/>
+-- 
+1.7.7.6
+
@@ -0,0 +1,196 @@
+From b8c86d80df4ba6c682f05974892f5d7ab8f317a9 Mon Sep 17 00:00:00 2001
+From: Alon Levy <alevy@redhat.com>
+Date: Tue, 8 May 2012 16:00:28 +0300
+Subject: [PATCH] domain_conf: add "usbredir" to list of valid spice channels
+
+Add "usbredir" channel to list of recognized spice channels.
+
+RHBZ: 819498
+
+Signed-off-by: Alon Levy <alevy@redhat.com>
+(cherry picked from commit 4e78ffb63489071c4100678ed88d3111284555e8)
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ docs/formatdomain.html.in                          |    8 ++-
+ docs/schemas/domaincommon.rng                      |    1 +
+ src/conf/domain_conf.c                             |    3 +-
+ src/conf/domain_conf.h                             |    1 +
+ .../qemuxml2argv-graphics-spice-usb-redir.args     |   16 ++++++
+ .../qemuxml2argv-graphics-spice-usb-redir.xml      |   53 ++++++++++++++++++++
+ tests/qemuxml2argvtest.c                           |    6 ++
+ 7 files changed, 84 insertions(+), 4 deletions(-)
+ create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.args
+ create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.xml
+
+diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in
+index 390476d..d082697 100644
+--- a/docs/formatdomain.html.in
+++ b/docs/formatdomain.html.in
+@@ -2317,9 +2317,11 @@ qemu-kvm -net nic,model=? /dev/null
+               main &lt;graphics&gt; element. Valid channel names
+               include <code>main</code>, <code>display</code>,
+               <code>inputs</code>, <code>cursor</code>,
+-              <code>playback</code>, <code>record</code>;
+-              and <span class="since">since
+-              0.8.8</span>: <code>smartcard</code>.
+              <code>playback</code>, <code>record</code>
+              (all <span class="since"> since 0.8.6</span>);
+              <code>smartcard</code> (<span class="since">since
+              0.8.8</span>); and <code>usbredir</code>
+              (<span class="since">since 0.9.12</span>).
+             </p>
+             <pre>
+   &lt;graphics type='spice' port='-1' tlsPort='-1' autoport='yes'&gt;
+diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
+index 9f8d292..fe81c26 100644
+--- a/docs/schemas/domaincommon.rng
+++ b/docs/schemas/domaincommon.rng
+@@ -1401,6 +1401,7 @@
+                     <value>playback</value>
+                     <value>record</value>
+                     <value>smartcard</value>
+                    <value>usbredir</value>
+                   </choice>
+                 </attribute>
+                 <attribute name="mode">
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 2f9da71..9cc1644 100644
+--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
+@@ -389,7 +389,8 @@ VIR_ENUM_IMPL(virDomainGraphicsSpiceChannelName,
+               "cursor",
+               "playback",
+               "record",
+-              "smartcard");
+              "smartcard",
+              "usbredir");
+ 
+ VIR_ENUM_IMPL(virDomainGraphicsSpiceChannelMode,
+               VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_MODE_LAST,
+diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
+index f2cd8eb..d40fda6 100644
+--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
+@@ -797,6 +797,7 @@ enum virDomainGraphicsSpiceChannelName {
+     VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_PLAYBACK,
+     VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_RECORD,
+     VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_SMARTCARD,
+    VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_USBREDIR,
+ 
+     VIR_DOMAIN_GRAPHICS_SPICE_CHANNEL_LAST
+ };
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.args b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.args
+new file mode 100644
+index 0000000..35e51a7
+--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.args
+@@ -0,0 +1,16 @@
+LC_ALL=C PATH=/bin HOME=/home/test USER=test LOGNAME=test QEMU_AUDIO_DRV=spice /usr/bin/qemu -S -M pc -m 214 -smp 1 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/tmp/test-monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=readline -no-acpi -boot c \
+-device ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x4.0x7 \
+-device ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x4 \
+-device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x4.0x1 \
+-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x4.0x2 \
+-spice port=5903,tls-port=5904,addr=127.0.0.1,\
+x509-dir=/etc/pki/libvirt-spice,tls-channel=main,plaintext-channel=inputs,\
+tls-channel=usbredir,\
+image-compression=auto_glz,jpeg-wan-compression=auto,zlib-glz-wan-compression=auto,\
+playback-compression=on,streaming-video=filter,disable-copy-paste \
+-vga cirrus \
+-chardev socket,id=charredir0,host=localhost,port=4000 \
+-device usb-redir,chardev=charredir0,id=redir0 \
+-chardev spicevmc,id=charredir1,name=usbredir \
+-device usb-redir,chardev=charredir1,id=redir1,bus=usb.0,port=4 \
+-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3
+diff --git a/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.xml b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.xml
+new file mode 100644
+index 0000000..1dc23bd
+--- /dev/null
+++ b/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.xml
+@@ -0,0 +1,53 @@
+<domain type='qemu'>
+  <name>QEMUGuest1</name>
+  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+  <memory unit='KiB'>219136</memory>
+  <currentMemory unit='KiB'>219136</currentMemory>
+  <vcpu>1</vcpu>
+  <os>
+    <type arch='i686' machine='pc'>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>destroy</on_crash>
+  <devices>
+    <emulator>/usr/bin/qemu</emulator>
+    <graphics type='spice' port='5903' tlsPort='5904' autoport='no' listen='127.0.0.1'>
+      <listen type='address' address='127.0.0.1'/>
+      <channel name='main' mode='secure'/>
+      <channel name='inputs' mode='insecure'/>
+      <channel name='usbredir' mode='secure'/>
+      <image compression='auto_glz'/>
+      <jpeg compression='auto'/>
+      <zlib compression='auto'/>
+      <playback compression='on'/>
+      <streaming mode='filter'/>
+      <clipboard copypaste='no'/>
+    </graphics>
+    <controller type='usb' index='0' model='ich9-ehci1'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x7'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci1'>
+      <master startport='0'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0' multifunction='on'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci2'>
+      <master startport='2'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x1'/>
+    </controller>
+    <controller type='usb' index='0' model='ich9-uhci3'>
+      <master startport='4'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x2'/>
+    </controller>
+    <redirdev bus='usb' type='tcp'>
+      <source mode='connect' host='localhost' service='4000'/>
+      <protocol type='raw'/>
+    </redirdev>
+    <redirdev bus='usb' type='spicevmc'>
+      <address type='usb' bus='0' port='4'/>
+    </redirdev>
+    <memballoon model='virtio'/>
+  </devices>
+</domain>
+diff --git a/tests/qemuxml2argvtest.c b/tests/qemuxml2argvtest.c
+index 1dc6a01..d5475c5 100644
+--- a/tests/qemuxml2argvtest.c
+++ b/tests/qemuxml2argvtest.c
+@@ -405,6 +405,12 @@ mymain(void)
+             QEMU_CAPS_VGA, QEMU_CAPS_VGA_QXL,
+             QEMU_CAPS_DEVICE, QEMU_CAPS_SPICE,
+             QEMU_CAPS_DEVICE_QXL_VGA);
+    DO_TEST("graphics-spice-usb-redir", false,
+            QEMU_CAPS_VGA, QEMU_CAPS_SPICE,
+            QEMU_CAPS_CHARDEV, QEMU_CAPS_DEVICE, QEMU_CAPS_NODEFCONFIG,
+            QEMU_CAPS_PCI_MULTIFUNCTION, QEMU_CAPS_USB_HUB,
+            QEMU_CAPS_ICH9_USB_EHCI1, QEMU_CAPS_USB_REDIR,
+            QEMU_CAPS_CHARDEV_SPICEVMC);
+ 
+     DO_TEST("input-usbmouse", false, NONE);
+     DO_TEST("input-usbtablet", false, NONE);
+-- 
+1.7.7.6
+
+diff -rup libvirt-0.9.6.1/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.xml foo/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.xml
+--- libvirt-0.9.6.1/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.xml	2012-06-15 17:10:09.086979189 -0400
+++ foo/tests/qemuxml2argvdata/qemuxml2argv-graphics-spice-usb-redir.xml	2012-06-15 17:21:08.788770706 -0400
+@@ -1,8 +1,8 @@
+ <domain type='qemu'>
+   <name>QEMUGuest1</name>
+   <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
+-  <memory unit='KiB'>219136</memory>
+-  <currentMemory unit='KiB'>219136</currentMemory>
+  <memory>219136</memory>
+  <currentMemory>219136</currentMemory>
+   <vcpu>1</vcpu>
+   <os>
+     <type arch='i686' machine='pc'>hvm</type>
@@ -0,0 +1,136 @@
+From 57f08fb47b0938a9e8969b857380926fa6966ca8 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Wed, 14 Mar 2012 01:41:35 -0400
+Subject: [PATCH] Emit graphics events when a SPICE client
+ connects/disconnects
+
+Wire up the domain graphics event notifications for SPICE. Adapted
+from a RHEL-only patch written by Dan Berrange that used custom
+__com.redhat_SPICE events - equivalent events are now available in
+upstream QEMU (including a SPICE_CONNECTED event, which was missing in
+the __COM.redhat_SPICE version).
+
+* src/qemu/qemu_monitor_json.c: Wire up SPICE graphics events
+(cherry picked from commit 89ae6a5a30bd91cfb2365544f9dd2e6c2a36ecca)
+
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+---
+ src/qemu/qemu_monitor_json.c |   56 +++++++++++++++++++++++++++++++++++++++---
+ 1 files changed, 52 insertions(+), 4 deletions(-)
+
+diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
+index e38c2ed..d4a3b7b 100644
+--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
+@@ -57,6 +57,9 @@ static void qemuMonitorJSONHandleVNCConnect(qemuMonitorPtr mon, virJSONValuePtr
+ static void qemuMonitorJSONHandleVNCInitialize(qemuMonitorPtr mon, virJSONValuePtr data);
+ static void qemuMonitorJSONHandleVNCDisconnect(qemuMonitorPtr mon, virJSONValuePtr data);
+ static void qemuMonitorJSONHandleBlockJob(qemuMonitorPtr mon, virJSONValuePtr data);
+static void qemuMonitorJSONHandleSPICEConnect(qemuMonitorPtr mon, virJSONValuePtr data);
+static void qemuMonitorJSONHandleSPICEInitialize(qemuMonitorPtr mon, virJSONValuePtr data);
+static void qemuMonitorJSONHandleSPICEDisconnect(qemuMonitorPtr mon, virJSONValuePtr data);
+ 
+ struct {
+     const char *type;
+@@ -73,6 +76,9 @@ struct {
+     { "VNC_INITIALIZED", qemuMonitorJSONHandleVNCInitialize, },
+     { "VNC_DISCONNECTED", qemuMonitorJSONHandleVNCDisconnect, },
+     { "BLOCK_JOB_COMPLETED", qemuMonitorJSONHandleBlockJob, },
+    { "SPICE_CONNECTED", qemuMonitorJSONHandleSPICEConnect, },
+    { "SPICE_INITIALIZED", qemuMonitorJSONHandleSPICEInitialize, },
+    { "SPICE_DISCONNECTED", qemuMonitorJSONHandleSPICEDisconnect, },
+ };
+ 
+ 
+@@ -617,7 +623,7 @@ VIR_ENUM_DECL(qemuMonitorGraphicsAddressFamily)
+ VIR_ENUM_IMPL(qemuMonitorGraphicsAddressFamily, VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV6 + 1,
+               "ipv4", "ipv6");
+ 
+-static void qemuMonitorJSONHandleVNC(qemuMonitorPtr mon, virJSONValuePtr data, int phase)
+static void qemuMonitorJSONHandleGraphics(qemuMonitorPtr mon, virJSONValuePtr data, int phase)
+ {
+     const char *localNode, *localService, *localFamily;
+     const char *remoteNode, *remoteService, *remoteFamily;
+@@ -636,14 +642,38 @@ static void qemuMonitorJSONHandleVNC(qemuMonitorPtr mon, virJSONValuePtr data, i
+     }
+ 
+     authScheme = virJSONValueObjectGetString(server, "auth");
+    if (!authScheme) {
+        VIR_WARN("missing auth scheme in graphics event");
+        return;
+    }
+ 
+     localFamily = virJSONValueObjectGetString(server, "family");
+    if (!localFamily) {
+        VIR_WARN("missing local address family in graphics event");
+        return;
+    }
+     localNode = virJSONValueObjectGetString(server, "host");
+    if (!localNode) {
+        VIR_WARN("missing local hostname in graphics event");
+        return;
+    }
+     localService = virJSONValueObjectGetString(server, "service");
+    if (!localService)
+        localService = ""; /* Spice has multiple ports, so this isn't provided */
+ 
+     remoteFamily = virJSONValueObjectGetString(client, "family");
+    if (!remoteFamily) {
+        VIR_WARN("missing remote address family in graphics event");
+        return;
+    }
+     remoteNode = virJSONValueObjectGetString(client, "host");
+    if (!remoteNode) {
+        VIR_WARN("missing remote hostname in graphics event");
+        return;
+    }
+     remoteService = virJSONValueObjectGetString(client, "service");
+    if (!remoteService)
+        remoteService = ""; /* Spice has multiple ports, so this isn't provided */
+ 
+     saslUsername = virJSONValueObjectGetString(client, "sasl_username");
+     x509dname = virJSONValueObjectGetString(client, "x509_dname");
+@@ -665,19 +695,37 @@ static void qemuMonitorJSONHandleVNC(qemuMonitorPtr mon, virJSONValuePtr data, i
+ 
+ static void qemuMonitorJSONHandleVNCConnect(qemuMonitorPtr mon, virJSONValuePtr data)
+ {
+-    qemuMonitorJSONHandleVNC(mon, data, VIR_DOMAIN_EVENT_GRAPHICS_CONNECT);
+    qemuMonitorJSONHandleGraphics(mon, data, VIR_DOMAIN_EVENT_GRAPHICS_CONNECT);
+ }
+ 
+ 
+ static void qemuMonitorJSONHandleVNCInitialize(qemuMonitorPtr mon, virJSONValuePtr data)
+ {
+-    qemuMonitorJSONHandleVNC(mon, data, VIR_DOMAIN_EVENT_GRAPHICS_INITIALIZE);
+    qemuMonitorJSONHandleGraphics(mon, data, VIR_DOMAIN_EVENT_GRAPHICS_INITIALIZE);
+ }
+ 
+ 
+ static void qemuMonitorJSONHandleVNCDisconnect(qemuMonitorPtr mon, virJSONValuePtr data)
+ {
+-    qemuMonitorJSONHandleVNC(mon, data, VIR_DOMAIN_EVENT_GRAPHICS_DISCONNECT);
+    qemuMonitorJSONHandleGraphics(mon, data, VIR_DOMAIN_EVENT_GRAPHICS_DISCONNECT);
+}
+
+
+static void qemuMonitorJSONHandleSPICEConnect(qemuMonitorPtr mon, virJSONValuePtr data)
+{
+    qemuMonitorJSONHandleGraphics(mon, data, VIR_DOMAIN_EVENT_GRAPHICS_CONNECT);
+}
+
+
+static void qemuMonitorJSONHandleSPICEInitialize(qemuMonitorPtr mon, virJSONValuePtr data)
+{
+    qemuMonitorJSONHandleGraphics(mon, data, VIR_DOMAIN_EVENT_GRAPHICS_INITIALIZE);
+}
+
+
+static void qemuMonitorJSONHandleSPICEDisconnect(qemuMonitorPtr mon, virJSONValuePtr data)
+{
+    qemuMonitorJSONHandleGraphics(mon, data, VIR_DOMAIN_EVENT_GRAPHICS_DISCONNECT);
+ }
+ 
+ static void qemuMonitorJSONHandleBlockJob(qemuMonitorPtr mon, virJSONValuePtr data)
+-- 
+1.7.7.6
+
@@ -0,0 +1,156 @@
+From eaf056bf995558ecf6620ce031287f3aa81b66de Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@laine.org>
+Date: Tue, 6 Dec 2011 12:47:28 -0500
+Subject: [PATCH 1/2] qemu: replace deprecated fedora-13 machine type with
+ pc-0.14
+
+This addresses https://bugzilla.redhat.com/show_bug.cgi?id=754772 .
+It should only be applied to Fedora builds of libvirt, F15 and
+later, so there is no upstream equivalent patch.
+
+Background:
+
+During the lifetime of Fedora 13, some features were backported into
+the F13 build of qemu-kvm from upstream. These features were part of
+the functionality of machine type "pc-0.13" in upstream qemu-kvm, so a
+special "fedora-13" machine type was created for the F13 qemu-kvm.
+Since "fedora-13" became the new "canonical machine type", all new
+domains created with F13 libvirt tools by default contained that
+machine type in their configuration file.
+
+In Fedora 14, a patch was made to qemu to treat the fedora-13 machine
+type as equivalent to "pc-0.13". When Fedora 15 was released, this was
+inadvertently changed to make it equivalent to "pc-0.14".
+
+With the release of Fedora 16, qemu-kvm initially removed support for
+this machine type, which caused failure of many guest configurations
+to start. qemu-kvm subsequently re-added the patch to support
+fedora-13 (as equivalent to pc-0.14), but with the promise that they
+could remove it with the release of Fedora 17. (see
+https://bugzilla.redhat.com/show_bug.cgi?id=748218 ).
+
+Solution:
+
+In order to create a repeat of the recent problems, prior to F17
+existing guest configurations need to be updated to change fedora-13
+to pc-0.14 (which has been determined to be equivalent for all
+practical purposes in both F15 and F16). That's what this patch does:
+
+1) Each time libvirtd is started, it calls virDomainLoadAllConfigs()
+which calls virDomainLoadConfig(); this function has been modified to
+check for os.machine == "fedora-13", and change it to "pc-0.14" then
+write the updated config back to disk.
+
+2) Also, any other time a domain definition is parsed, the parsed
+version in memory is changed to turn "fedora-13" into "pc-0.14". This
+handles domains that had been saved to disk prior to the upgrade, and
+are subsequently restarted.
+
+3) Finally, whenever a domain definition is formatted into a string,
+any occurrence of fedora-13 is replaced with pc-0.14 *directly in the
+virDomainDef* (to avoid multiple warning messages for the same object
+when it's formatted multiple times). This should deal with those cases
+where a domain was running at the time of upgrade, and is later
+saved/snapshotted.
+
+I had considered doing this with some sed commands in the specfile,
+but that wouldn't do anything to help the xml saved in image files.
+
+(Also, one of the xml tests was using the machine type "fedora-13",
+and since that machine type is treated specially by the rest of this
+patch, it was failing. That has been changed in a separate patch,
+which must be applied with this patch, and which *is* also upstream).
+---
+ src/conf/domain_conf.c |   62 +++++++++++++++++++++++++++++++++++++++++++++--
+ 1 files changed, 59 insertions(+), 3 deletions(-)
+
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 318f523..7906bb8 100644
+--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
+@@ -7500,7 +7500,25 @@ virDomainDefPtr virDomainDefParseString(virCapsPtr caps,
+                                         unsigned int expectedVirtTypes,
+                                         unsigned int flags)
+ {
+-    return virDomainDefParse(xmlStr, NULL, caps, expectedVirtTypes, flags);
+    virDomainDefPtr def
+        = virDomainDefParse(xmlStr, NULL, caps, expectedVirtTypes, flags);
+
+    /* Fedora-specific HACK - treat fedora-13 and pc-0.14 as equivalent.
+     * This handles the case of domains that had been saved to an image file
+     * prior to upgrade (save or snapshot), then restarted/reverted.
+     */
+    if (def && STREQ_NULLABLE(def->os.machine, "fedora-13")) {
+        VIR_FREE(def->os.machine);
+        if (!(def->os.machine = strdup("pc-0.14"))) {
+            virReportOOMError();
+            virDomainDefFree(def);
+            def = NULL;
+        } else {
+            VIR_WARN("Replacing deprecated 'fedora-13' machine type "
+                     "with equivalent 'pc-0.14' in domain %s xml", def->name);
+        }
+   }
+    return def;
+ }
+ 
+ virDomainDefPtr virDomainDefParseFile(virCapsPtr caps,
+@@ -10648,8 +10666,30 @@ virDomainDefFormatInternal(virDomainDefPtr def,
+     virBufferAddLit(buf, "    <type");
+     if (def->os.arch)
+         virBufferAsprintf(buf, " arch='%s'", def->os.arch);
+-    if (def->os.machine)
+-        virBufferAsprintf(buf, " machine='%s'", def->os.machine);
+    if (def->os.machine) {
+        /* Fedora-specific HACK - replace "fedora-13" with "pc-0.14"
+         * (in the original DomainDef as well as in the xml output).
+         * This will catch XML being written to save/migration images
+         * of domains that were running when libvirtd was restarted at
+         * the time of upgrade.
+         */
+        if (STREQ_NULLABLE(def->os.machine, "fedora-13")) {
+            virBufferAddLit(buf, " machine='pc-0.14'");
+            VIR_WARN("substituting machine type 'fedora-13' with 'pc-0.14' "
+                     "in domain %s", def->name);
+            /* It's not exactly nice to modify the source object,
+             * but sometimes virDomainFormat is called > 100 times for the
+             * same object, which would result in far too many warning logs.
+             */
+            VIR_FREE(def->os.machine);
+            if (!(def->os.machine = strdup("pc-0.14"))) {
+                virReportOOMError();
+                goto cleanup;
+            }
+        } else {
+            virBufferAsprintf(buf, " machine='%s'", def->os.machine);
+        }
+    }
+     /*
+      * HACK: For xen driver we previously used bogus 'linux' as the
+      * os type for paravirt, whereas capabilities declare it to
+@@ -11100,6 +11140,22 @@ static virDomainObjPtr virDomainLoadConfig(virCapsPtr caps,
+                                       VIR_DOMAIN_XML_INACTIVE)))
+         goto error;
+ 
+    /* Fedora-specific HACK - replace "fedora-13" with "pc-0.14".
+     * This updates all config files at the first restart of libvirt
+     * after upgrade.
+     */
+    if (STREQ_NULLABLE(def->os.machine, "fedora-13")) {
+        VIR_FREE(def->os.machine);
+        if (!(def->os.machine = strdup("pc-0.14"))) {
+            virReportOOMError();
+            goto error;
+        }
+        VIR_WARN("Replacing deprecated 'fedora-13' machine type "
+                 "with equivalent 'pc-0.14' in domain %s configuration file", name);
+        if (virDomainSaveConfig(configDir, def) < 0)
+            goto error;
+    }
+
+     if ((autostartLink = virDomainConfigFile(autostartDir, name)) == NULL)
+         goto error;
+ 
+-- 
+1.7.7.4
+
@@ -1 +1 @@
-SHA512 (libvirt-4.1.0.tar.xz) = 62d1a228adf3270cc6defe3cbf92dac8c4ce2c434c4d97219571ccef799a4f6304cfd1ba9938338356641285f53ac71145d7b398523021c5ea1dc8e3d49cf894
+c374a6f0426e787576d8e5d3fcc3c7a1  libvirt-0.9.6.4.tar.gz
Author	SHA1	Message	Date
Cole Robinson	4e59fd390c	Rebased to version 0.9.6.4 CVE-2013-0170 libvirt: use-after-free in virNetMessageFree() (bz #893450, bz #905173)	2013-01-28 15:17:26 -05:00
Cole Robinson	66c6e81b12	Rebased to version 0.9.6.3 CVE-2012-4423 Fix null dereference (bz #857135, bz #857133)	2012-10-07 19:25:58 -04:00
Cole Robinson	397698b913	Rebased to version 0.9.6.2 Fix crash in virTypedParameterArrayClear (bz 844745, bz 844734)	2012-08-13 19:00:59 -04:00
Cole Robinson	4b8c90d47a	Remove unapplied patches	2012-06-19 09:49:03 -04:00
Cole Robinson	21b5b71da6	Rebased to version 0.9.6.1 Various stream fixes and improvements (bz 743900) Fix state syncing when xen domain shuts down (bz 746007) Don't show <console> for xen dom0 (bz 752271) Fix selinux denial on /usr/libexec/pt_chown from LXC (bz 785411) Don't flood LXC log file (bz 785431) Fix several double close bugs (bz 827127) Fix PCI assignment for USB2.0 controllers (bz 822160)	2012-06-15 17:29:11 -04:00
Osier Yang	159aa2a963	release 0.9.6-6 - Bug 786890 fix typo of chkconfig comandline for specfile	2012-03-30 21:08:32 +08:00
Cole Robinson	afd84ddc60	Fix crash when migrating many guests with vdsm (bz 785789) Fix libvirtd hang in vmware guest (bz 796451) Don't start HAL in init script (bz 789234) Fix storage lookup errors with empty lvm pool (bz 782261) Fix test failures with new gnutls	2012-03-04 10:53:29 -05:00
Laine Stump	ac5ee8c94d	release 0.9.6-4 of libvirt, take 2 - eliminate crash of shunloadtest encountered during build - "fedora-13" machine type patch was missing a hunk. - specfile needed to BuildRequires: autoconf tools because the new virtime APIs require re-running autoconf.	2011-12-19 15:14:56 -05:00
Laine Stump	1dd1aab12e	release 0.9.6-3 - replace "fedora-13" machine type with "pc-0.14" to prepare systems for removal of "fedora-13" from qemu - Bug 754772 - don't add iptables rules for externally managed networks - Buf 765964 / CVE-2011-4600 - specfile changes - Bug 761329 don't use chkconfig --list - Bug 758896 mark directories in /var/run as ghosts - Bug 738725 fix logic bug in deciding to turn on cgconfig - Bug 754909 add dmidecode as a prerequisite - new async-safe time API + make logging async signal sage wrt. time stamp generation - Bug 757382	2011-12-18 16:41:29 -05:00
Dan Horák	8461092bcd	xenlight available only on Xen arches (#745020 )	2011-10-11 10:28:38 +02:00
Laine Stump	f050abb9f1	release 0.9.6-2 * Make PCI multifunction support more manual - Bug 742836 * Builds on F15 should still use cgconfig - Bug 738725	2011-10-03 09:50:58 -04:00
Daniel Veillard	5248901265	Upstream release of 0.9.6 Fix the qemu reboot bug from 0.9.5 and a few others bug fixes	2011-09-22 07:31:49 -04:00
Daniel Veillard	4ad26eac7d	Upstream release of libvirt-0.9.5	2011-09-20 08:36:31 -04:00
Daniel Veillard	9e06dca287	Upstream release of 0.9.4	2011-08-03 10:41:37 +01:00