* Wed Sep 30 2009 Mark McLoughlin <markmc@redhat.com> - 0.6.2-18

- Fix qemu-kvm version detection so GSO is enabled for virtio_net (#526472)

.cvsignore

@@ -0,0 +1,8 @@
+.build*.log
+*.rpm
+i686
+x86_64
+libvirt-*.tar.gz
+libvirt-0.6.0.tar.gz
+libvirt-0.6.1.tar.gz
+libvirt-0.6.2.tar.gz

.gitignore

@@ -1,5 +0,0 @@
-.build*.log
-*.rpm
-i686
-x86_64
-libvirt-*.tar.xz

0001-storage-split-off-code-for-calling-rbd_list.patch

@@ -1,145 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 18 Mar 2019 10:58:48 +0000
-Subject: [PATCH] storage: split off code for calling rbd_list
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The rbd_list method has a quite unpleasant signature returning an
-array of strings in a single buffer instead of an array. It is
-being deprecated in favour of rbd_list2. To maintain clarity of
-code when supporting both APIs in parallel, split the rbd_list
-code out into a separate method.
-
-In splitting this we now honour the rbd_list failures.
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 28c8403ed07896d6d7e06d7726ed904027206719)
----
- src/storage/storage_backend_rbd.c | 83 +++++++++++++++++++++----------
- 1 file changed, 58 insertions(+), 25 deletions(-)
-
-diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
-index 2b7af1db23..0865163756 100644
---- a/src/storage/storage_backend_rbd.c
-+++ b/src/storage/storage_backend_rbd.c
-@@ -565,19 +565,68 @@ volStorageBackendRBDRefreshVolInfo(virStorageVolDefPtr vol,
-     return ret;
- }
- 
-+
-+static char **
-+virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
-+{
-+    char **names = NULL;
-+    size_t nnames = 0;
-+    int rc;
-+    size_t max_size = 1024;
-+    VIR_AUTOFREE(char *) namebuf = NULL;
-+    const char *name;
-+
-+    while (true) {
-+        if (VIR_ALLOC_N(namebuf, max_size) < 0)
-+            goto error;
-+
-+        rc = rbd_list(ptr->ioctx, namebuf, &max_size);
-+        if (rc >= 0)
-+            break;
-+        if (rc != -ERANGE) {
-+            virReportSystemError(-rc, "%s", _("Unable to list RBD images"));
-+            goto error;
-+        }
-+        VIR_FREE(namebuf);
-+    }
-+
-+    for (name = namebuf; name < namebuf + max_size;) {
-+        VIR_AUTOFREE(char *) namedup = NULL;
-+
-+        if (STREQ(name, ""))
-+            break;
-+
-+        if (VIR_STRDUP(namedup, name) < 0)
-+            goto error;
-+
-+        if (VIR_APPEND_ELEMENT(names, nnames, namedup) < 0)
-+            goto error;
-+
-+        name += strlen(name) + 1;
-+    }
-+
-+    if (VIR_EXPAND_N(names, nnames, 1) < 0)
-+        goto error;
-+
-+    return names;
-+
-+ error:
-+    virStringListFreeCount(names, nnames);
-+    return NULL;
-+}
-+
-+
- static int
- virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool)
- {
--    size_t max_size = 1024;
-     int ret = -1;
--    int len = -1;
-     int r = 0;
--    char *name;
-     virStoragePoolDefPtr def = virStoragePoolObjGetDef(pool);
-     virStorageBackendRBDStatePtr ptr = NULL;
-     struct rados_cluster_stat_t clusterstat;
-     struct rados_pool_stat_t poolstat;
--    VIR_AUTOFREE(char *) names = NULL;
-+    char **names = NULL;
-+    size_t i;
- 
-     if (!(ptr = virStorageBackendRBDNewState(pool)))
-         goto cleanup;
-@@ -602,33 +651,16 @@ virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool)
-               def->source.name, clusterstat.kb, clusterstat.kb_avail,
-               poolstat.num_bytes);
- 
--    while (true) {
--        if (VIR_ALLOC_N(names, max_size) < 0)
--            goto cleanup;
--
--        len = rbd_list(ptr->ioctx, names, &max_size);
--        if (len >= 0)
--            break;
--        if (len != -ERANGE) {
--            VIR_WARN("%s", "A problem occurred while listing RBD images");
--            goto cleanup;
--        }
--        VIR_FREE(names);
--    }
-+    if (!(names = virStorageBackendRBDGetVolNames(ptr)))
-+        goto cleanup;
- 
--    for (name = names; name < names + max_size;) {
-+    for (i = 0; names[i] != NULL; i++) {
-         VIR_AUTOPTR(virStorageVolDef) vol = NULL;
- 
--        if (STREQ(name, ""))
--            break;
--
-         if (VIR_ALLOC(vol) < 0)
-             goto cleanup;
- 
--        if (VIR_STRDUP(vol->name, name) < 0)
--            goto cleanup;
--
--        name += strlen(name) + 1;
-+        VIR_STEAL_PTR(vol->name, names[i]);
- 
-         r = volStorageBackendRBDRefreshVolInfo(vol, pool, ptr);
- 
-@@ -661,6 +693,7 @@ virStorageBackendRBDRefreshPool(virStoragePoolObjPtr pool)
-     ret = 0;
- 
-  cleanup:
-+    virStringListFree(names);
-     virStorageBackendRBDFreeState(&ptr);
-     return ret;
- }

0002-storage-add-support-for-new-rbd_list2-method.patch

@@ -1,92 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 18 Mar 2019 11:11:38 +0000
-Subject: [PATCH] storage: add support for new rbd_list2 method
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The rbd_list method has been deprecated in Ceph >= 14.0.0
-in favour of the new rbd_list2 method which populates an
-array of structs.
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 3aa190f2a43a632b542a6ba751a6c3ab4d51f1dd)
----
- m4/virt-storage-rbd.m4            |  1 +
- src/storage/storage_backend_rbd.c | 43 +++++++++++++++++++++++++++++++
- 2 files changed, 44 insertions(+)
-
-diff --git a/m4/virt-storage-rbd.m4 b/m4/virt-storage-rbd.m4
-index 17e2115309..f3d9d04908 100644
---- a/m4/virt-storage-rbd.m4
-+++ b/m4/virt-storage-rbd.m4
-@@ -33,6 +33,7 @@ AC_DEFUN([LIBVIRT_STORAGE_CHECK_RBD], [
-       old_LIBS="$LIBS"
-       LIBS="$LIBS $LIBRBD_LIBS"
-       AC_CHECK_FUNCS([rbd_get_features],[],[LIBRBD_FOUND=no])
-+      AC_CHECK_FUNCS([rbd_list2])
-       LIBS="$old_LIBS"
-     fi
- 
-diff --git a/src/storage/storage_backend_rbd.c b/src/storage/storage_backend_rbd.c
-index 0865163756..bfc3419f9c 100644
---- a/src/storage/storage_backend_rbd.c
-+++ b/src/storage/storage_backend_rbd.c
-@@ -566,6 +566,48 @@ volStorageBackendRBDRefreshVolInfo(virStorageVolDefPtr vol,
- }
- 
- 
-+#ifdef HAVE_RBD_LIST2
-+static char **
-+virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
-+{
-+    char **names = NULL;
-+    size_t nnames = 0;
-+    int rc;
-+    rbd_image_spec_t *images = NULL;
-+    size_t nimages = 16;
-+    size_t i;
-+
-+    while (true) {
-+        if (VIR_ALLOC_N(images, nimages) < 0)
-+            goto error;
-+
-+        rc = rbd_list2(ptr->ioctx, images, &nimages);
-+        if (rc >= 0)
-+            break;
-+        if (rc != -ERANGE) {
-+            virReportSystemError(-rc, "%s", _("Unable to list RBD images"));
-+            goto error;
-+        }
-+    }
-+
-+    if (VIR_ALLOC_N(names, nimages + 1) < 0)
-+        goto error;
-+    nnames = nimages;
-+
-+    for (i = 0; i < nimages; i++)
-+        VIR_STEAL_PTR(names[i], images->name);
-+
-+    return names;
-+
-+ error:
-+    virStringListFreeCount(names, nnames);
-+    rbd_image_spec_list_cleanup(images, nimages);
-+    VIR_FREE(images);
-+    return NULL;
-+}
-+
-+#else /* ! HAVE_RBD_LIST2 */
-+
- static char **
- virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
- {
-@@ -614,6 +656,7 @@ virStorageBackendRBDGetVolNames(virStorageBackendRBDStatePtr ptr)
-     virStringListFreeCount(names, nnames);
-     return NULL;
- }
-+#endif /* ! HAVE_RBD_LIST2 */
- 
- 
- static int

0003-network-improve-error-report-when-firewall-chain-cre.patch

@@ -1,133 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 18 Mar 2019 17:31:21 +0000
-Subject: [PATCH] network: improve error report when firewall chain creation
- fails
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-During startup we create some top level chains in which all
-virtual network firewall rules will be placed. The upfront
-creation is done to avoid slowing down creation of individual
-virtual networks by checking for chain existance every time.
-
-There are some factors which can cause this upfront creation
-to fail and while a message will get into the libvirtd log
-this won't be seen by users who later try to start a virtual
-network. Instead they'll just get a message saying that the
-libvirt top level chain does not exist. This message is
-accurate, but unhelpful for solving the root cause.
-
-This patch thus saves any error during daemon startup and
-reports it when trying to create a virtual network later.
-
-Reviewed-by: Andrea Bolognani <abologna@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 9f4e35dc73ec9e940aa61bc7c140c2b800218ef3)
----
- src/network/bridge_driver.c          |  3 +--
- src/network/bridge_driver_linux.c    | 31 +++++++++++++++++++++-------
- src/network/bridge_driver_nop.c      |  3 +--
- src/network/bridge_driver_platform.h |  2 +-
- 4 files changed, 27 insertions(+), 12 deletions(-)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index b3ca5b8a15..1da60f0a21 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -2108,8 +2108,7 @@ static void
- networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
- {
-     VIR_INFO("Reloading iptables rules");
--    if (networkPreReloadFirewallRules(startup) < 0)
--        return;
-+    networkPreReloadFirewallRules(startup);
-     virNetworkObjListForEach(driver->networks,
-                              networkReloadFirewallRulesHelper,
-                              NULL);
-diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
-index b10d0a6c4d..c899f4b6d0 100644
---- a/src/network/bridge_driver_linux.c
-+++ b/src/network/bridge_driver_linux.c
-@@ -35,11 +35,25 @@ VIR_LOG_INIT("network.bridge_driver_linux");
- 
- #define PROC_NET_ROUTE "/proc/net/route"
- 
--int networkPreReloadFirewallRules(bool startup)
-+static virErrorPtr errInit;
-+
-+void networkPreReloadFirewallRules(bool startup)
- {
--    int ret = iptablesSetupPrivateChains();
--    if (ret < 0)
--        return -1;
-+    int rc;
-+
-+    /* We create global rules upfront as we don't want
-+     * the perf hit of conditionally figuring out whether
-+     * to create them each time a network is started.
-+     *
-+     * Any errors here are saved to be reported at time
-+     * of starting the network though as that makes them
-+     * more likely to be seen by a human
-+     */
-+    rc = iptablesSetupPrivateChains();
-+    if (rc < 0) {
-+        errInit = virSaveLastError();
-+        virResetLastError();
-+    }
- 
-     /*
-      * If this is initial startup, and we just created the
-@@ -54,10 +68,8 @@ int networkPreReloadFirewallRules(bool startup)
-      * rules will be present. Thus we can safely just tell it
-      * to always delete from the builin chain
-      */
--    if (startup && ret == 1)
-+    if (startup && rc == 1)
-         iptablesSetDeletePrivate(false);
--
--    return 0;
- }
- 
- 
-@@ -671,6 +683,11 @@ int networkAddFirewallRules(virNetworkDefPtr def)
-     virFirewallPtr fw = NULL;
-     int ret = -1;
- 
-+    if (errInit) {
-+        virSetError(errInit);
-+        return -1;
-+    }
-+
-     if (def->bridgeZone) {
- 
-         /* if a firewalld zone has been specified, fail/log an error
-diff --git a/src/network/bridge_driver_nop.c b/src/network/bridge_driver_nop.c
-index a0e57012f9..ea9db338cb 100644
---- a/src/network/bridge_driver_nop.c
-+++ b/src/network/bridge_driver_nop.c
-@@ -19,9 +19,8 @@
- 
- #include <config.h>
- 
--int networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
-+void networkPreReloadFirewallRules(bool startup ATTRIBUTE_UNUSED)
- {
--    return 0;
- }
- 
- 
-diff --git a/src/network/bridge_driver_platform.h b/src/network/bridge_driver_platform.h
-index baeb22bc3e..95fd64bdc7 100644
---- a/src/network/bridge_driver_platform.h
-+++ b/src/network/bridge_driver_platform.h
-@@ -58,7 +58,7 @@ struct _virNetworkDriverState {
- typedef struct _virNetworkDriverState virNetworkDriverState;
- typedef virNetworkDriverState *virNetworkDriverStatePtr;
- 
--int networkPreReloadFirewallRules(bool startup);
-+void networkPreReloadFirewallRules(bool startup);
- void networkPostReloadFirewallRules(bool startup);
- 
- int networkCheckRouteCollision(virNetworkDefPtr def);

0004-network-split-setup-of-ipv4-and-ipv6-top-level-chain.patch

@@ -1,149 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 18 Mar 2019 16:49:32 +0000
-Subject: [PATCH] network: split setup of ipv4 and ipv6 top level chains
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-During startup libvirtd creates top level chains for both ipv4
-and ipv6 protocols. If this fails for any reason then startup
-of virtual networks is blocked.
-
-The default virtual network, however, only requires use of ipv4
-and some servers have ipv6 disabled so it is expected that ipv6
-chain creation will fail. There could equally be servers with
-no ipv4, only ipv6.
-
-This patch thus makes error reporting a little more fine grained
-so that it works more sensibly when either ipv4 or ipv6 is
-disabled on the server. Only the protocols that are actually
-used by the virtual network have errors reported.
-
-Reviewed-by: Andrea Bolognani <abologna@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 686803a1a2e1e0641916b1c9e2c7e3910fe598d4)
----
- src/network/bridge_driver_linux.c | 34 +++++++++++++++++++++++++------
- src/util/viriptables.c            | 14 ++++---------
- src/util/viriptables.h            |  2 +-
- 3 files changed, 33 insertions(+), 17 deletions(-)
-
-diff --git a/src/network/bridge_driver_linux.c b/src/network/bridge_driver_linux.c
-index c899f4b6d0..50fc197134 100644
---- a/src/network/bridge_driver_linux.c
-+++ b/src/network/bridge_driver_linux.c
-@@ -35,10 +35,12 @@ VIR_LOG_INIT("network.bridge_driver_linux");
- 
- #define PROC_NET_ROUTE "/proc/net/route"
- 
--static virErrorPtr errInit;
-+static virErrorPtr errInitV4;
-+static virErrorPtr errInitV6;
- 
- void networkPreReloadFirewallRules(bool startup)
- {
-+    bool created = false;
-     int rc;
- 
-     /* We create global rules upfront as we don't want
-@@ -49,11 +51,21 @@ void networkPreReloadFirewallRules(bool startup)
-      * of starting the network though as that makes them
-      * more likely to be seen by a human
-      */
--    rc = iptablesSetupPrivateChains();
-+    rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV4);
-     if (rc < 0) {
--        errInit = virSaveLastError();
-+        errInitV4 = virSaveLastError();
-         virResetLastError();
-     }
-+    if (rc)
-+        created = true;
-+
-+    rc = iptablesSetupPrivateChains(VIR_FIREWALL_LAYER_IPV6);
-+    if (rc < 0) {
-+        errInitV6 = virSaveLastError();
-+        virResetLastError();
-+    }
-+    if (rc)
-+        created = true;
- 
-     /*
-      * If this is initial startup, and we just created the
-@@ -68,7 +80,7 @@ void networkPreReloadFirewallRules(bool startup)
-      * rules will be present. Thus we can safely just tell it
-      * to always delete from the builin chain
-      */
--    if (startup && rc == 1)
-+    if (startup && created)
-         iptablesSetDeletePrivate(false);
- }
- 
-@@ -683,8 +695,18 @@ int networkAddFirewallRules(virNetworkDefPtr def)
-     virFirewallPtr fw = NULL;
-     int ret = -1;
- 
--    if (errInit) {
--        virSetError(errInit);
-+    if (errInitV4 &&
-+        (virNetworkDefGetIPByIndex(def, AF_INET, 0) ||
-+         virNetworkDefGetRouteByIndex(def, AF_INET, 0))) {
-+        virSetError(errInitV4);
-+        return -1;
-+    }
-+
-+    if (errInitV6 &&
-+        (virNetworkDefGetIPByIndex(def, AF_INET6, 0) ||
-+         virNetworkDefGetRouteByIndex(def, AF_INET6, 0) ||
-+         def->ipv6nogw)) {
-+        virSetError(errInitV6);
-         return -1;
-     }
- 
-diff --git a/src/util/viriptables.c b/src/util/viriptables.c
-index d67b640a3b..0e3c0ad73a 100644
---- a/src/util/viriptables.c
-+++ b/src/util/viriptables.c
-@@ -127,7 +127,7 @@ iptablesPrivateChainCreate(virFirewallPtr fw,
- 
- 
- int
--iptablesSetupPrivateChains(void)
-+iptablesSetupPrivateChains(virFirewallLayer layer)
- {
-     virFirewallPtr fw = NULL;
-     int ret = -1;
-@@ -143,17 +143,11 @@ iptablesSetupPrivateChains(void)
-     };
-     bool changed = false;
-     iptablesGlobalChainData data[] = {
--        { VIR_FIREWALL_LAYER_IPV4, "filter",
-+        { layer, "filter",
-           filter_chains, ARRAY_CARDINALITY(filter_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV4, "nat",
-+        { layer, "nat",
-           natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV4, "mangle",
--          natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV6, "filter",
--          filter_chains, ARRAY_CARDINALITY(filter_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV6, "nat",
--          natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
--        { VIR_FIREWALL_LAYER_IPV6, "mangle",
-+        { layer, "mangle",
-           natmangle_chains, ARRAY_CARDINALITY(natmangle_chains), &changed },
-     };
-     size_t i;
-diff --git a/src/util/viriptables.h b/src/util/viriptables.h
-index 903f390f89..e680407ec8 100644
---- a/src/util/viriptables.h
-+++ b/src/util/viriptables.h
-@@ -24,7 +24,7 @@
- # include "virsocketaddr.h"
- # include "virfirewall.h"
- 
--int              iptablesSetupPrivateChains      (void);
-+int              iptablesSetupPrivateChains      (virFirewallLayer layer);
- 
- void             iptablesSetDeletePrivate        (bool pvt);
- 

0005-network-avoid-trying-to-create-global-firewall-rules.patch

@@ -1,46 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Wed, 13 Mar 2019 16:21:15 +0000
-Subject: [PATCH] network: avoid trying to create global firewall rules if
- unprivileged
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The unprivileged libvirtd does not have permission to create firewall
-rules, or bridge devices, or do anything to the host network in
-general. Historically we still activate the network driver though and
-let the network start API call fail.
-
-The startup code path which reloads firewall rules on active networks
-would thus effectively be a no-op when unprivileged as it is impossible
-for there to be any active networks
-
-With the change to use a global set of firewall chains, however, we now
-have code that is run unconditionally.
-
-Ideally we would not register the network driver at all when
-unprivileged, but the entanglement with the virt drivers currently makes
-that impractical. As a temporary hack, we just make the firewall reload
-into a no-op.
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 5d010c3df6152cf5fb00f1f67d22151241f4a8a2)
----
- src/network/bridge_driver.c | 4 ++++
- 1 file changed, 4 insertions(+)
-
-diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
-index 1da60f0a21..0e1d5efd8e 100644
---- a/src/network/bridge_driver.c
-+++ b/src/network/bridge_driver.c
-@@ -2108,6 +2108,10 @@ static void
- networkReloadFirewallRules(virNetworkDriverStatePtr driver, bool startup)
- {
-     VIR_INFO("Reloading iptables rules");
-+    /* Ideally we'd not even register the driver when unprivilegd
-+     * but until we untangle the virt driver that's not viable */
-+    if (!driver->privileged)
-+        return;
-     networkPreReloadFirewallRules(startup);
-     virNetworkObjListForEach(driver->networks,
-                              networkReloadFirewallRulesHelper,

0006-qemu-Allow-creating-ppc64-guests-with-graphics-and-n.patch

@@ -1,57 +0,0 @@
-From: Andrea Bolognani <abologna@redhat.com>
-Date: Wed, 27 Feb 2019 18:41:35 +0100
-Subject: [PATCH] qemu: Allow creating ppc64 guests with graphics and no USB
- mouse
-
-The existing behavior for ppc64 guests is to always add a USB
-keyboard and mouse combo if graphics are present; unfortunately,
-this means any attempt to use a USB tablet will cause both pointing
-devices to show up in the guest, which in turn will result in poor
-user experience.
-
-We can't just stop adding the USB mouse or start adding a USB tablet
-instead, because existing applications and users might rely on the
-current behavior; however, we can avoid adding the USB mouse if a USB
-tablet is already present, thus allowing users and applications to
-create guests that contain a single pointing device.
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1683681
-
-Signed-off-by: Andrea Bolognani <abologna@redhat.com>
-Reviewed-by: Cole Robinson <crobinso@redhat.com>
-(cherry picked from commit 186bb479d0f409dc75175bea48a760838c479a6c)
----
- src/qemu/qemu_domain.c | 20 ++++++++++++++++++++
- 1 file changed, 20 insertions(+)
-
-diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
-index 59fe1eb401..915795ab84 100644
---- a/src/qemu/qemu_domain.c
-+++ b/src/qemu/qemu_domain.c
-@@ -3476,6 +3476,26 @@ qemuDomainDefAddDefaultDevices(virDomainDefPtr def,
-         virQEMUCapsGet(qemuCaps, QEMU_CAPS_VIRTIO_S390) && def->memballoon)
-         def->memballoon->model = VIR_DOMAIN_MEMBALLOON_MODEL_NONE;
- 
-+    if (addDefaultUSBMouse) {
-+        bool hasUSBTablet = false;
-+        size_t j;
-+
-+        for (j = 0; j < def->ninputs; j++) {
-+            if (def->inputs[j]->type == VIR_DOMAIN_INPUT_TYPE_TABLET &&
-+                def->inputs[j]->bus == VIR_DOMAIN_INPUT_BUS_USB) {
-+                hasUSBTablet = true;
-+                break;
-+            }
-+        }
-+
-+        /* Historically, we have automatically added USB keyboard and
-+         * mouse to some guests. While the former device is generally
-+         * safe to have, adding the latter is undesiderable if a USB
-+         * tablet is already present in the guest */
-+        if (hasUSBTablet)
-+            addDefaultUSBMouse = false;
-+    }
-+
-     if (addDefaultUSBKBD &&
-         def->ngraphics > 0 &&
-         virDomainDefMaybeAddInput(def,

0007-util-implement-virCgroupV2-Set-Get-CpusetMems.patch

@@ -1,53 +0,0 @@
-From: Pavel Hrdina <phrdina@redhat.com>
-Date: Tue, 19 Feb 2019 15:42:51 +0100
-Subject: [PATCH] util: implement virCgroupV2(Set|Get)CpusetMems
-
-Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
-(cherry picked from commit 74e7da060543a87610b42fc6ba26a45b0a6e3974)
----
- src/util/vircgroupv2.c | 25 +++++++++++++++++++++++++
- 1 file changed, 25 insertions(+)
-
-diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
-index e0fa8e1cc0..4cfbd52f2d 100644
---- a/src/util/vircgroupv2.c
-+++ b/src/util/vircgroupv2.c
-@@ -1561,6 +1561,28 @@ virCgroupV2GetCpuacctStat(virCgroupPtr group,
- }
- 
- 
-+static int
-+virCgroupV2SetCpusetMems(virCgroupPtr group,
-+                         const char *mems)
-+{
-+    return virCgroupSetValueStr(group,
-+                                VIR_CGROUP_CONTROLLER_CPUSET,
-+                                "cpuset.mems",
-+                                mems);
-+}
-+
-+
-+static int
-+virCgroupV2GetCpusetMems(virCgroupPtr group,
-+                         char **mems)
-+{
-+    return virCgroupGetValueStr(group,
-+                                VIR_CGROUP_CONTROLLER_CPUSET,
-+                                "cpuset.mems",
-+                                mems);
-+}
-+
-+
- virCgroupBackend virCgroupV2Backend = {
-     .type = VIR_CGROUP_BACKEND_TYPE_V2,
- 
-@@ -1620,6 +1642,9 @@ virCgroupBackend virCgroupV2Backend = {
- 
-     .getCpuacctUsage = virCgroupV2GetCpuacctUsage,
-     .getCpuacctStat = virCgroupV2GetCpuacctStat,
-+
-+    .setCpusetMems = virCgroupV2SetCpusetMems,
-+    .getCpusetMems = virCgroupV2GetCpusetMems,
- };
- 
- 

0008-util-implement-virCgroupV2-Set-Get-CpusetMemoryMigra.patch

@@ -1,50 +0,0 @@
-From: Pavel Hrdina <phrdina@redhat.com>
-Date: Tue, 19 Feb 2019 15:53:34 +0100
-Subject: [PATCH] util: implement virCgroupV2(Set|Get)CpusetMemoryMigrate
-
-Cgroups v2 don't have memory_migrate interface and the migration is
-enabled by default.
-
-Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
-(cherry picked from commit 77c1cf4da2f761a91756c09fa4fd37ae1802e650)
----
- src/util/vircgroupv2.c | 19 +++++++++++++++++++
- 1 file changed, 19 insertions(+)
-
-diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
-index 4cfbd52f2d..f3aa6ebc48 100644
---- a/src/util/vircgroupv2.c
-+++ b/src/util/vircgroupv2.c
-@@ -1583,6 +1583,23 @@ virCgroupV2GetCpusetMems(virCgroupPtr group,
- }
- 
- 
-+static int
-+virCgroupV2SetCpusetMemoryMigrate(virCgroupPtr group ATTRIBUTE_UNUSED,
-+                                  bool migrate ATTRIBUTE_UNUSED)
-+{
-+    return 0;
-+}
-+
-+
-+static int
-+virCgroupV2GetCpusetMemoryMigrate(virCgroupPtr group ATTRIBUTE_UNUSED,
-+                                  bool *migrate)
-+{
-+    *migrate = true;
-+    return 0;
-+}
-+
-+
- virCgroupBackend virCgroupV2Backend = {
-     .type = VIR_CGROUP_BACKEND_TYPE_V2,
- 
-@@ -1645,6 +1662,8 @@ virCgroupBackend virCgroupV2Backend = {
- 
-     .setCpusetMems = virCgroupV2SetCpusetMems,
-     .getCpusetMems = virCgroupV2GetCpusetMems,
-+    .setCpusetMemoryMigrate = virCgroupV2SetCpusetMemoryMigrate,
-+    .getCpusetMemoryMigrate = virCgroupV2GetCpusetMemoryMigrate,
- };
- 
- 

0009-util-implement-virCgroupV2-Set-Get-CpusetCpus.patch

@@ -1,52 +0,0 @@
-From: Pavel Hrdina <phrdina@redhat.com>
-Date: Tue, 19 Feb 2019 15:55:38 +0100
-Subject: [PATCH] util: implement virCgroupV2(Set|Get)CpusetCpus
-
-Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
-(cherry picked from commit 3b72c84ff1c1b8b393ba9c2ccb004f8eb1ebda95)
----
- src/util/vircgroupv2.c | 24 ++++++++++++++++++++++++
- 1 file changed, 24 insertions(+)
-
-diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
-index f3aa6ebc48..25afab1cad 100644
---- a/src/util/vircgroupv2.c
-+++ b/src/util/vircgroupv2.c
-@@ -1600,6 +1600,28 @@ virCgroupV2GetCpusetMemoryMigrate(virCgroupPtr group ATTRIBUTE_UNUSED,
- }
- 
- 
-+static int
-+virCgroupV2SetCpusetCpus(virCgroupPtr group,
-+                         const char *cpus)
-+{
-+    return virCgroupSetValueStr(group,
-+                                VIR_CGROUP_CONTROLLER_CPUSET,
-+                                "cpuset.cpus",
-+                                cpus);
-+}
-+
-+
-+static int
-+virCgroupV2GetCpusetCpus(virCgroupPtr group,
-+                         char **cpus)
-+{
-+    return virCgroupGetValueStr(group,
-+                                VIR_CGROUP_CONTROLLER_CPUSET,
-+                                "cpuset.cpus",
-+                                cpus);
-+}
-+
-+
- virCgroupBackend virCgroupV2Backend = {
-     .type = VIR_CGROUP_BACKEND_TYPE_V2,
- 
-@@ -1664,6 +1686,8 @@ virCgroupBackend virCgroupV2Backend = {
-     .getCpusetMems = virCgroupV2GetCpusetMems,
-     .setCpusetMemoryMigrate = virCgroupV2SetCpusetMemoryMigrate,
-     .getCpusetMemoryMigrate = virCgroupV2GetCpusetMemoryMigrate,
-+    .setCpusetCpus = virCgroupV2SetCpusetCpus,
-+    .getCpusetCpus = virCgroupV2GetCpusetCpus,
- };
- 
- 

0010-util-enable-cgroups-v2-cpuset-controller-for-threads.patch

@@ -1,30 +0,0 @@
-From: Pavel Hrdina <phrdina@redhat.com>
-Date: Wed, 20 Feb 2019 13:50:23 +0100
-Subject: [PATCH] util: enable cgroups v2 cpuset controller for threads
-
-When we create cgroup for qemu threads we need to enable cpuset
-controller in order to use it.
-
-Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
-(cherry picked from commit a6aedcf39bd3212a3cd624b765bb724fd36d6a8a)
----
- src/util/vircgroupv2.c | 6 ++++++
- 1 file changed, 6 insertions(+)
-
-diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c
-index 25afab1cad..4084929c5a 100644
---- a/src/util/vircgroupv2.c
-+++ b/src/util/vircgroupv2.c
-@@ -400,6 +400,12 @@ virCgroupV2MakeGroup(virCgroupPtr parent ATTRIBUTE_UNUSED,
-                                             VIR_CGROUP_CONTROLLER_CPU) < 0) {
-                 return -1;
-             }
-+
-+            if (virCgroupV2HasController(parent, VIR_CGROUP_CONTROLLER_CPUSET) &&
-+                virCgroupV2EnableController(parent,
-+                                            VIR_CGROUP_CONTROLLER_CPUSET) < 0) {
-+                return -1;
-+            }
-         } else {
-             size_t i;
-             for (i = 0; i < VIR_CGROUP_CONTROLLER_LAST; i++) {

0011-cpu_x86-Do-not-cache-microcode-version.patch

@@ -1,51 +0,0 @@
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 5 Apr 2019 11:33:32 +0200
-Subject: [PATCH] cpu_x86: Do not cache microcode version
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The microcode version checks are used to invalidate cached CPU data we
-get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
-was only read when libvirtd started and cached for the daemon's
-lifetime. However, the CPU microcode can change anytime (updating the
-microcode package can automatically upload it to the CPU) and we need to
-stop caching it to avoid using stale CPU model data.
-
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)
----
- src/cpu/cpu_x86.c | 5 +----
- 1 file changed, 1 insertion(+), 4 deletions(-)
-
-diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
-index d3a88da21d..470de83a87 100644
---- a/src/cpu/cpu_x86.c
-+++ b/src/cpu/cpu_x86.c
-@@ -165,7 +165,6 @@ struct _virCPUx86Map {
- };
- 
- static virCPUx86MapPtr cpuMap;
--static unsigned int microcodeVersion;
- 
- int virCPUx86DriverOnceInit(void);
- VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
-@@ -1332,8 +1331,6 @@ virCPUx86DriverOnceInit(void)
-     if (!(cpuMap = virCPUx86LoadMap()))
-         return -1;
- 
--    microcodeVersion = virHostCPUGetMicrocodeVersion();
--
-     return 0;
- }
- 
-@@ -2373,7 +2370,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
-         goto cleanup;
- 
-     ret = x86DecodeCPUData(cpu, cpuData, models);
--    cpu->microcodeVersion = microcodeVersion;
-+    cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
- 
-  cleanup:
-     virCPUx86DataFree(cpuData);

0012-qemu-Don-t-cache-microcode-version.patch

@@ -1,143 +0,0 @@
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Fri, 12 Apr 2019 21:21:05 +0200
-Subject: [PATCH] qemu: Don't cache microcode version
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-My earlier commit be46f61326 was incomplete. It removed caching of
-microcode version in the CPU driver, which means the capabilities XML
-will see the correct microcode version. But it is also cached in the
-QEMU capabilities cache where it is used to detect whether we need to
-reprobe QEMU. By missing the second place, the original commit
-be46f61326 made the situation even worse since libvirt would report
-correct microcode version while still using the old host CPU model
-(visible in domain capabilities XML).
-
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9)
----
- src/qemu/qemu_capabilities.c | 12 ++++++++----
- src/qemu/qemu_capabilities.h |  3 +--
- src/qemu/qemu_driver.c       |  9 +--------
- tests/testutilsqemu.c        |  2 +-
- 4 files changed, 11 insertions(+), 15 deletions(-)
-
-diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
-index b48bcbebee..e5b1c90253 100644
---- a/src/qemu/qemu_capabilities.c
-+++ b/src/qemu/qemu_capabilities.c
-@@ -4487,7 +4487,7 @@ virQEMUCapsNewData(const char *binary,
-                                            priv->libDir,
-                                            priv->runUid,
-                                            priv->runGid,
--                                           priv->microcodeVersion,
-+                                           virHostCPUGetMicrocodeVersion(),
-                                            priv->kernelVersion);
- }
- 
-@@ -4570,8 +4570,7 @@ virFileCachePtr
- virQEMUCapsCacheNew(const char *libDir,
-                     const char *cacheDir,
-                     uid_t runUid,
--                    gid_t runGid,
--                    unsigned int microcodeVersion)
-+                    gid_t runGid)
- {
-     char *capsCacheDir = NULL;
-     virFileCachePtr cache = NULL;
-@@ -4595,7 +4594,6 @@ virQEMUCapsCacheNew(const char *libDir,
- 
-     priv->runUid = runUid;
-     priv->runGid = runGid;
--    priv->microcodeVersion = microcodeVersion;
-     priv->kvmUsable = VIR_TRISTATE_BOOL_ABSENT;
- 
-     if (uname(&uts) == 0 &&
-@@ -4617,8 +4615,11 @@ virQEMUCapsPtr
- virQEMUCapsCacheLookup(virFileCachePtr cache,
-                        const char *binary)
- {
-+    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
-     virQEMUCapsPtr ret = NULL;
- 
-+    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
-+
-     ret = virFileCacheLookup(cache, binary);
- 
-     VIR_DEBUG("Returning caps %p for %s", ret, binary);
-@@ -4672,6 +4673,7 @@ virQEMUCapsPtr
- virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
-                              virArch arch)
- {
-+    virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
-     virQEMUCapsPtr ret = NULL;
-     const char *binaryFilters[] = {
-         "qemu-system-",
-@@ -4684,6 +4686,8 @@ virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
-     size_t i;
-     size_t j;
- 
-+    priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
-+
-     for (i = 0; i < ARRAY_CARDINALITY(binaryFilters); i++) {
-         for (j = 0; j < ARRAY_CARDINALITY(archs); j++) {
-             struct virQEMUCapsSearchData data = {
-diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
-index ba84052bca..a6a655ac0f 100644
---- a/src/qemu/qemu_capabilities.h
-+++ b/src/qemu/qemu_capabilities.h
-@@ -587,8 +587,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr qemuCaps,
- virFileCachePtr virQEMUCapsCacheNew(const char *libDir,
-                                     const char *cacheDir,
-                                     uid_t uid,
--                                    gid_t gid,
--                                    unsigned int microcodeVersion);
-+                                    gid_t gid);
- virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache,
-                                       const char *binary);
- virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache,
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 36426cd65a..75d31efd14 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -585,8 +585,6 @@ qemuStateInitialize(bool privileged,
-     char *hugepagePath = NULL;
-     char *memoryBackingPath = NULL;
-     size_t i;
--    virCPUDefPtr hostCPU = NULL;
--    unsigned int microcodeVersion = 0;
- 
-     if (VIR_ALLOC(qemu_driver) < 0)
-         return -1;
-@@ -809,15 +807,10 @@ qemuStateInitialize(bool privileged,
-         run_gid = cfg->group;
-     }
- 
--    if ((hostCPU = virCPUProbeHost(virArchFromHost())))
--        microcodeVersion = hostCPU->microcodeVersion;
--    virCPUDefFree(hostCPU);
--
-     qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
-                                                      cfg->cacheDir,
-                                                      run_uid,
--                                                     run_gid,
--                                                     microcodeVersion);
-+                                                     run_gid);
-     if (!qemu_driver->qemuCapsCache)
-         goto error;
- 
-diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
-index 1736bad032..e30c0599ad 100644
---- a/tests/testutilsqemu.c
-+++ b/tests/testutilsqemu.c
-@@ -740,7 +740,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
- 
-     /* Using /dev/null for libDir and cacheDir automatically produces errors
-      * upon attempt to use any of them */
--    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0, 0);
-+    driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
-     if (!driver->qemuCapsCache)
-         goto error;
- 

0013-cputest-Add-data-for-Intel-R-Xeon-R-CPU-E3-1225-v5.patch

@@ -1,876 +0,0 @@
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Tue, 9 Apr 2019 12:35:51 +0200
-Subject: [PATCH] cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-(cherry picked from commit 5cd9db3ac11e88846cbcf95fad9f6fae9d880dee)
----
- tests/cputest.c                               |   1 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml |   7 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml  |   8 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml    |  28 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml     |  29 +
- .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml     |  11 +
- .../x86_64-cpuid-Xeon-E3-1225-v5.json         | 652 ++++++++++++++++++
- .../x86_64-cpuid-Xeon-E3-1225-v5.sig          |   4 +
- .../x86_64-cpuid-Xeon-E3-1225-v5.xml          |  47 ++
- 9 files changed, 787 insertions(+)
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
- create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
-
-diff --git a/tests/cputest.c b/tests/cputest.c
-index b75d864d8e..5866ca9edb 100644
---- a/tests/cputest.c
-+++ b/tests/cputest.c
-@@ -1184,6 +1184,7 @@ mymain(void)
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Phenom-B95", JSON_HOST);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Ryzen-7-1800X-Eight-Core", JSON_HOST);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-5110", JSON_NONE);
-+    DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1225-v5", JSON_MODELS);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1245-v5", JSON_MODELS);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2609-v3", JSON_MODELS);
-     DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2623-v4", JSON_MODELS);
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
-new file mode 100644
-index 0000000000..ce51903e53
---- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml
-@@ -0,0 +1,7 @@
-+<!-- Features disabled by QEMU -->
-+<cpudata arch='x86'>
-+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0800c1fc' edx='0xb0600000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x02000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
-+</cpudata>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-new file mode 100644
-index 0000000000..0deca9fba6
---- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-@@ -0,0 +1,8 @@
-+<!-- Features enabled by QEMU -->
-+<cpudata arch='x86'>
-+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
-+  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
-+</cpudata>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-new file mode 100644
-index 0000000000..70a0fc3286
---- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-@@ -0,0 +1,28 @@
-+<cpu mode='custom' match='exact'>
-+  <model fallback='forbid'>Skylake-Client-IBRS</model>
-+  <vendor>Intel</vendor>
-+  <feature policy='require' name='ds'/>
-+  <feature policy='require' name='acpi'/>
-+  <feature policy='require' name='ss'/>
-+  <feature policy='require' name='ht'/>
-+  <feature policy='require' name='tm'/>
-+  <feature policy='require' name='pbe'/>
-+  <feature policy='require' name='dtes64'/>
-+  <feature policy='require' name='monitor'/>
-+  <feature policy='require' name='ds_cpl'/>
-+  <feature policy='require' name='vmx'/>
-+  <feature policy='require' name='smx'/>
-+  <feature policy='require' name='est'/>
-+  <feature policy='require' name='tm2'/>
-+  <feature policy='require' name='xtpr'/>
-+  <feature policy='require' name='pdcm'/>
-+  <feature policy='require' name='osxsave'/>
-+  <feature policy='require' name='tsc_adjust'/>
-+  <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='intel-pt'/>
-+  <feature policy='require' name='stibp'/>
-+  <feature policy='require' name='ssbd'/>
-+  <feature policy='require' name='xsaves'/>
-+  <feature policy='require' name='pdpe1gb'/>
-+  <feature policy='require' name='invtsc'/>
-+</cpu>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-new file mode 100644
-index 0000000000..bbdfb6aa61
---- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-@@ -0,0 +1,29 @@
-+<cpu>
-+  <arch>x86_64</arch>
-+  <model>Skylake-Client-IBRS</model>
-+  <vendor>Intel</vendor>
-+  <feature name='ds'/>
-+  <feature name='acpi'/>
-+  <feature name='ss'/>
-+  <feature name='ht'/>
-+  <feature name='tm'/>
-+  <feature name='pbe'/>
-+  <feature name='dtes64'/>
-+  <feature name='monitor'/>
-+  <feature name='ds_cpl'/>
-+  <feature name='vmx'/>
-+  <feature name='smx'/>
-+  <feature name='est'/>
-+  <feature name='tm2'/>
-+  <feature name='xtpr'/>
-+  <feature name='pdcm'/>
-+  <feature name='osxsave'/>
-+  <feature name='tsc_adjust'/>
-+  <feature name='clflushopt'/>
-+  <feature name='intel-pt'/>
-+  <feature name='stibp'/>
-+  <feature name='ssbd'/>
-+  <feature name='xsaves'/>
-+  <feature name='pdpe1gb'/>
-+  <feature name='invtsc'/>
-+</cpu>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-new file mode 100644
-index 0000000000..1f321db273
---- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-@@ -0,0 +1,11 @@
-+<cpu mode='custom' match='exact'>
-+  <model fallback='forbid'>Skylake-Client-IBRS</model>
-+  <vendor>Intel</vendor>
-+  <feature policy='require' name='ss'/>
-+  <feature policy='require' name='hypervisor'/>
-+  <feature policy='require' name='tsc_adjust'/>
-+  <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='stibp'/>
-+  <feature policy='require' name='ssbd'/>
-+  <feature policy='require' name='pdpe1gb'/>
-+</cpu>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
-new file mode 100644
-index 0000000000..084747556b
---- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json
-@@ -0,0 +1,652 @@
-+{
-+  "return": {
-+    "model": {
-+      "name": "base",
-+      "props": {
-+        "phys-bits": 0,
-+        "core-id": -1,
-+        "xlevel": 2147483656,
-+        "cmov": true,
-+        "ia64": false,
-+        "aes": true,
-+        "mmx": true,
-+        "rdpid": false,
-+        "arat": true,
-+        "gfni": false,
-+        "pause-filter": false,
-+        "xsavec": true,
-+        "intel-pt": false,
-+        "osxsave": false,
-+        "hv-frequencies": false,
-+        "tsc-frequency": 0,
-+        "xd": true,
-+        "hv-vendor-id": "",
-+        "kvm-asyncpf": true,
-+        "kvm_asyncpf": true,
-+        "perfctr_core": false,
-+        "perfctr-core": false,
-+        "mpx": true,
-+        "pbe": false,
-+        "decodeassists": false,
-+        "avx512cd": false,
-+        "sse4_1": true,
-+        "sse4.1": true,
-+        "sse4-1": true,
-+        "family": 6,
-+        "legacy-cache": true,
-+        "vmware-cpuid-freq": true,
-+        "avx512f": false,
-+        "msr": true,
-+        "mce": true,
-+        "mca": true,
-+        "hv-runtime": false,
-+        "xcrypt": false,
-+        "thread-id": -1,
-+        "min-level": 13,
-+        "xgetbv1": true,
-+        "cid": false,
-+        "hv-relaxed": false,
-+        "hv-crash": false,
-+        "ds": false,
-+        "fxsr": true,
-+        "xsaveopt": true,
-+        "xtpr": false,
-+        "avx512vl": false,
-+        "avx512-vpopcntdq": false,
-+        "phe": false,
-+        "extapic": false,
-+        "3dnowprefetch": true,
-+        "avx512vbmi2": false,
-+        "cr8legacy": false,
-+        "stibp": true,
-+        "cpuid-0xb": true,
-+        "xcrypt-en": false,
-+        "kvm_pv_eoi": true,
-+        "apic-id": 4294967295,
-+        "pn": false,
-+        "dca": false,
-+        "vendor": "GenuineIntel",
-+        "pku": false,
-+        "smx": false,
-+        "cmp_legacy": false,
-+        "cmp-legacy": false,
-+        "node-id": -1,
-+        "avx512-4fmaps": false,
-+        "vmcb_clean": false,
-+        "vmcb-clean": false,
-+        "3dnowext": false,
-+        "hle": true,
-+        "npt": false,
-+        "memory": "/machine/unattached/system[0]",
-+        "clwb": false,
-+        "lbrv": false,
-+        "adx": true,
-+        "ss": true,
-+        "pni": true,
-+        "svm_lock": false,
-+        "svm-lock": false,
-+        "pfthreshold": false,
-+        "smep": true,
-+        "smap": true,
-+        "x2apic": true,
-+        "avx512vbmi": false,
-+        "avx512vnni": false,
-+        "hv-stimer": false,
-+        "i64": true,
-+        "flushbyasid": false,
-+        "f16c": true,
-+        "ace2-en": false,
-+        "pat": true,
-+        "pae": true,
-+        "sse": true,
-+        "phe-en": false,
-+        "kvm_nopiodelay": true,
-+        "kvm-nopiodelay": true,
-+        "tm": false,
-+        "kvmclock-stable-bit": true,
-+        "hypervisor": true,
-+        "socket-id": -1,
-+        "pcommit": false,
-+        "syscall": true,
-+        "level": 13,
-+        "avx512dq": false,
-+        "svm": false,
-+        "full-cpuid-auto-level": true,
-+        "hv-reset": false,
-+        "invtsc": false,
-+        "sse3": true,
-+        "sse2": true,
-+        "ssbd": true,
-+        "est": false,
-+        "avx512ifma": false,
-+        "tm2": false,
-+        "kvm-pv-eoi": true,
-+        "cx8": true,
-+        "kvm_mmu": false,
-+        "kvm-mmu": false,
-+        "sse4_2": true,
-+        "sse4.2": true,
-+        "sse4-2": true,
-+        "pge": true,
-+        "fill-mtrr-mask": true,
-+        "avx512bitalg": false,
-+        "nodeid_msr": false,
-+        "pdcm": false,
-+        "movbe": true,
-+        "model": 94,
-+        "nrip_save": false,
-+        "nrip-save": false,
-+        "kvm_pv_unhalt": true,
-+        "ssse3": true,
-+        "sse4a": false,
-+        "invpcid": true,
-+        "pdpe1gb": true,
-+        "tsc-deadline": true,
-+        "fma": true,
-+        "cx16": true,
-+        "de": true,
-+        "enforce": false,
-+        "stepping": 3,
-+        "xsave": true,
-+        "clflush": true,
-+        "skinit": false,
-+        "tsc": true,
-+        "tce": false,
-+        "fpu": true,
-+        "ibs": false,
-+        "ds_cpl": false,
-+        "ds-cpl": false,
-+        "host-phys-bits": true,
-+        "fma4": false,
-+        "la57": false,
-+        "osvw": false,
-+        "check": true,
-+        "hv-spinlocks": -1,
-+        "pmu": false,
-+        "pmm": false,
-+        "apic": true,
-+        "spec-ctrl": true,
-+        "min-xlevel2": 0,
-+        "tsc-adjust": true,
-+        "tsc_adjust": true,
-+        "kvm-steal-time": true,
-+        "kvm_steal_time": true,
-+        "kvmclock": true,
-+        "l3-cache": true,
-+        "lwp": false,
-+        "ibpb": false,
-+        "xop": false,
-+        "avx": true,
-+        "ospke": false,
-+        "ace2": false,
-+        "avx512bw": false,
-+        "acpi": false,
-+        "hv-vapic": false,
-+        "fsgsbase": true,
-+        "ht": false,
-+        "nx": true,
-+        "pclmulqdq": true,
-+        "mmxext": false,
-+        "vaes": false,
-+        "popcnt": true,
-+        "xsaves": false,
-+        "tcg-cpuid": true,
-+        "lm": true,
-+        "umip": false,
-+        "pse": true,
-+        "avx2": true,
-+        "sep": true,
-+        "pclmuldq": true,
-+        "virt-ssbd": false,
-+        "x-hv-max-vps": -1,
-+        "nodeid-msr": false,
-+        "md-clear": true,
-+        "kvm": true,
-+        "misalignsse": false,
-+        "min-xlevel": 2147483656,
-+        "kvm-pv-unhalt": true,
-+        "bmi2": true,
-+        "bmi1": true,
-+        "realized": false,
-+        "tsc_scale": false,
-+        "tsc-scale": false,
-+        "topoext": false,
-+        "hv-vpindex": false,
-+        "xlevel2": 0,
-+        "clflushopt": true,
-+        "kvm-no-smi-migration": false,
-+        "monitor": false,
-+        "avx512er": false,
-+        "pmm-en": false,
-+        "pcid": true,
-+        "3dnow": false,
-+        "erms": true,
-+        "lahf-lm": true,
-+        "lahf_lm": true,
-+        "vpclmulqdq": false,
-+        "fxsr-opt": false,
-+        "hv-synic": false,
-+        "xstore": false,
-+        "fxsr_opt": false,
-+        "kvm-hint-dedicated": false,
-+        "rtm": true,
-+        "lmce": true,
-+        "hv-time": false,
-+        "perfctr-nb": false,
-+        "perfctr_nb": false,
-+        "ffxsr": false,
-+        "rdrand": true,
-+        "rdseed": true,
-+        "avx512-4vnniw": false,
-+        "vmx": false,
-+        "vme": true,
-+        "dtes64": false,
-+        "mtrr": true,
-+        "rdtscp": true,
-+        "pse36": true,
-+        "kvm-pv-tlb-flush": false,
-+        "tbm": false,
-+        "wdt": false,
-+        "pause_filter": false,
-+        "sha-ni": false,
-+        "model-id": "Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz",
-+        "abm": true,
-+        "avx512pf": false,
-+        "xstore-en": false
-+      }
-+    }
-+  },
-+  "id": "model-expansion"
-+}
-+
-+{
-+  "return": [
-+    {
-+      "name": "max",
-+      "typename": "max-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": false
-+    },
-+    {
-+      "name": "host",
-+      "typename": "host-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": false
-+    },
-+    {
-+      "name": "base",
-+      "typename": "base-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": true,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "qemu64",
-+      "typename": "qemu64-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "qemu32",
-+      "typename": "qemu32-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "phenom",
-+      "typename": "phenom-x86_64-cpu",
-+      "unavailable-features": [
-+        "mmxext",
-+        "fxsr-opt",
-+        "3dnowext",
-+        "3dnow",
-+        "sse4a",
-+        "npt"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "pentium3",
-+      "typename": "pentium3-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "pentium2",
-+      "typename": "pentium2-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "pentium",
-+      "typename": "pentium-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "n270",
-+      "typename": "n270-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "kvm64",
-+      "typename": "kvm64-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "kvm32",
-+      "typename": "kvm32-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "cpu64-rhel6",
-+      "typename": "cpu64-rhel6-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "coreduo",
-+      "typename": "coreduo-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "core2duo",
-+      "typename": "core2duo-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "athlon",
-+      "typename": "athlon-x86_64-cpu",
-+      "unavailable-features": [
-+        "mmxext",
-+        "3dnowext",
-+        "3dnow"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Westmere",
-+      "typename": "Westmere-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Westmere-IBRS",
-+      "typename": "Westmere-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Server",
-+      "typename": "Skylake-Server-x86_64-cpu",
-+      "unavailable-features": [
-+        "avx512f",
-+        "avx512dq",
-+        "clwb",
-+        "avx512cd",
-+        "avx512bw",
-+        "avx512vl",
-+        "avx512f",
-+        "avx512f",
-+        "avx512f"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Server-IBRS",
-+      "typename": "Skylake-Server-IBRS-x86_64-cpu",
-+      "unavailable-features": [
-+        "avx512f",
-+        "avx512dq",
-+        "clwb",
-+        "avx512cd",
-+        "avx512bw",
-+        "avx512vl",
-+        "avx512f",
-+        "avx512f",
-+        "avx512f"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Client",
-+      "typename": "Skylake-Client-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Skylake-Client-IBRS",
-+      "typename": "Skylake-Client-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "SandyBridge",
-+      "typename": "SandyBridge-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "SandyBridge-IBRS",
-+      "typename": "SandyBridge-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Penryn",
-+      "typename": "Penryn-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G5",
-+      "typename": "Opteron_G5-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a",
-+        "misalignsse",
-+        "xop",
-+        "fma4",
-+        "tbm"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G4",
-+      "typename": "Opteron_G4-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a",
-+        "misalignsse",
-+        "xop",
-+        "fma4"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G3",
-+      "typename": "Opteron_G3-x86_64-cpu",
-+      "unavailable-features": [
-+        "sse4a",
-+        "misalignsse"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G2",
-+      "typename": "Opteron_G2-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Opteron_G1",
-+      "typename": "Opteron_G1-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Nehalem",
-+      "typename": "Nehalem-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Nehalem-IBRS",
-+      "typename": "Nehalem-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "IvyBridge",
-+      "typename": "IvyBridge-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "IvyBridge-IBRS",
-+      "typename": "IvyBridge-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell",
-+      "typename": "Haswell-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell-noTSX",
-+      "typename": "Haswell-noTSX-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell-noTSX-IBRS",
-+      "typename": "Haswell-noTSX-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Haswell-IBRS",
-+      "typename": "Haswell-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "EPYC",
-+      "typename": "EPYC-x86_64-cpu",
-+      "unavailable-features": [
-+        "sha-ni",
-+        "mmxext",
-+        "fxsr-opt",
-+        "cr8legacy",
-+        "sse4a",
-+        "misalignsse",
-+        "osvw"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "EPYC-IBPB",
-+      "typename": "EPYC-IBPB-x86_64-cpu",
-+      "unavailable-features": [
-+        "sha-ni",
-+        "mmxext",
-+        "fxsr-opt",
-+        "cr8legacy",
-+        "sse4a",
-+        "misalignsse",
-+        "osvw",
-+        "ibpb"
-+      ],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Conroe",
-+      "typename": "Conroe-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell",
-+      "typename": "Broadwell-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell-noTSX",
-+      "typename": "Broadwell-noTSX-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell-noTSX-IBRS",
-+      "typename": "Broadwell-noTSX-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "Broadwell-IBRS",
-+      "typename": "Broadwell-IBRS-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    },
-+    {
-+      "name": "486",
-+      "typename": "486-x86_64-cpu",
-+      "unavailable-features": [],
-+      "static": false,
-+      "migration-safe": true
-+    }
-+  ],
-+  "id": "definitions"
-+}
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
-new file mode 100644
-index 0000000000..7e57c2ded6
---- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig
-@@ -0,0 +1,4 @@
-+0506e3
-+family:     6 (0x06)
-+model:     94 (0x5e)
-+stepping:   3 (0x03)
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
-new file mode 100644
-index 0000000000..437429d61d
---- /dev/null
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml
-@@ -0,0 +1,47 @@
-+<!-- Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz -->
-+<cpudata arch='x86'>
-+  <cpuid eax_in='0x00000000' ecx_in='0x00' eax='0x00000016' ebx='0x756e6547' ecx='0x6c65746e' edx='0x49656e69'/>
-+  <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x000506e3' ebx='0x06100800' ecx='0x7ffafbff' edx='0xbfebfbff'/>
-+  <cpuid eax_in='0x00000002' ecx_in='0x00' eax='0x76036301' ebx='0x00f0b6ff' ecx='0x00000000' edx='0x00c30000'/>
-+  <cpuid eax_in='0x00000003' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x00' eax='0x1c004121' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x01' eax='0x1c004122' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x02' eax='0x1c004143' ebx='0x00c0003f' ecx='0x000003ff' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000004' ecx_in='0x03' eax='0x1c03c163' ebx='0x03c0003f' ecx='0x00001fff' edx='0x00000006'/>
-+  <cpuid eax_in='0x00000005' ecx_in='0x00' eax='0x00000040' ebx='0x00000040' ecx='0x00000003' edx='0x00142120'/>
-+  <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x000027f7' ebx='0x00000002' ecx='0x00000009' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x029c6fbf' ecx='0x00000000' edx='0x9c002400'/>
-+  <cpuid eax_in='0x00000008' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000009' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000a' ecx_in='0x00' eax='0x07300804' ebx='0x00000000' ecx='0x00000000' edx='0x00000603'/>
-+  <cpuid eax_in='0x0000000b' ecx_in='0x00' eax='0x00000001' ebx='0x00000001' ecx='0x00000100' edx='0x00000006'/>
-+  <cpuid eax_in='0x0000000b' ecx_in='0x01' eax='0x00000004' ebx='0x00000004' ecx='0x00000201' edx='0x00000006'/>
-+  <cpuid eax_in='0x0000000c' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x00' eax='0x0000001f' ebx='0x00000440' ecx='0x00000440' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x0000000f' ebx='0x000003c0' ecx='0x00000100' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x02' eax='0x00000100' ebx='0x00000240' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x03' eax='0x00000040' ebx='0x000003c0' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x04' eax='0x00000040' ebx='0x00000400' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000d' ecx_in='0x08' eax='0x00000080' ebx='0x00000000' ecx='0x00000001' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000e' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x0000000f' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000010' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000011' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000012' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000013' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000014' ecx_in='0x00' eax='0x00000001' ebx='0x0000000f' ecx='0x00000007' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000014' ecx_in='0x01' eax='0x02490002' ebx='0x003f3fff' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000015' ecx_in='0x00' eax='0x00000002' ebx='0x00000114' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x00000016' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000000' ecx_in='0x00' eax='0x80000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
-+  <cpuid eax_in='0x80000002' ecx_in='0x00' eax='0x65746e49' ebx='0x2952286c' ecx='0x6f655820' edx='0x2952286e'/>
-+  <cpuid eax_in='0x80000003' ecx_in='0x00' eax='0x55504320' ebx='0x2d334520' ecx='0x35323231' edx='0x20357620'/>
-+  <cpuid eax_in='0x80000004' ecx_in='0x00' eax='0x2e332040' ebx='0x48473033' ecx='0x0000007a' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000005' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000006' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x01006040' edx='0x00000000'/>
-+  <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/>
-+  <cpuid eax_in='0x80000008' ecx_in='0x00' eax='0x00003027' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-+  <cpuid eax_in='0x80860000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
-+  <cpuid eax_in='0xc0000000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/>
-+</cpudata>

0014-cpu_map-Define-md-clear-CPUID-bit.patch

@@ -1,94 +0,0 @@
-From: Jiri Denemark <jdenemar@redhat.com>
-Date: Tue, 9 Apr 2019 12:35:52 +0200
-Subject: [PATCH] cpu_map: Define md-clear CPUID bit
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
-
-The bit is set when microcode provides the mechanism to invoke a flush
-of various exploitable CPU buffers by invoking the VERW instruction.
-
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
-Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85)
-
-Conflicts:
-        tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml
-        tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml
-            - test data missing downstream
-
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
----
- src/cpu_map/x86_features.xml                               | 3 +++
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +-
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml   | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml    | 1 +
- tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml    | 1 +
- 5 files changed, 7 insertions(+), 1 deletion(-)
-
-diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml
-index 02431bea29..11479f0433 100644
---- a/src/cpu_map/x86_features.xml
-+++ b/src/cpu_map/x86_features.xml
-@@ -317,6 +317,9 @@
-   <feature name='avx512-4fmaps'>
-     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/>
-   </feature>
-+  <feature name='md-clear'> <!-- md_clear -->
-+    <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/>
-+  </feature>
-   <feature name='pconfig'>
-     <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00040000'/>
-   </feature>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-index 0deca9fba6..74763a462b 100644
---- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml
-@@ -2,7 +2,7 @@
- <cpudata arch='x86'>
-   <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/>
-   <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
--  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/>
-+  <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/>
-   <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/>
-   <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/>
- </cpudata>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-index 70a0fc3286..867970d2c7 100644
---- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml
-@@ -20,6 +20,7 @@
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-   <feature policy='require' name='intel-pt'/>
-+  <feature policy='require' name='md-clear'/>
-   <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='xsaves'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-index bbdfb6aa61..e7ced42797 100644
---- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml
-@@ -21,6 +21,7 @@
-   <feature name='tsc_adjust'/>
-   <feature name='clflushopt'/>
-   <feature name='intel-pt'/>
-+  <feature name='md-clear'/>
-   <feature name='stibp'/>
-   <feature name='ssbd'/>
-   <feature name='xsaves'/>
-diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-index 1f321db273..a5591278df 100644
---- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-+++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml
-@@ -5,6 +5,7 @@
-   <feature policy='require' name='hypervisor'/>
-   <feature policy='require' name='tsc_adjust'/>
-   <feature policy='require' name='clflushopt'/>
-+  <feature policy='require' name='md-clear'/>
-   <feature policy='require' name='stibp'/>
-   <feature policy='require' name='ssbd'/>
-   <feature policy='require' name='pdpe1gb'/>

0015-admin-reject-clients-unless-their-UID-matches-the-cu.patch

@@ -1,54 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Apr 2019 17:26:13 +0100
-Subject: [PATCH] admin: reject clients unless their UID matches the current
- UID
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The admin protocol RPC messages are only intended for use by the user
-running the daemon. As such they should not be allowed for any client
-UID that does not match the server UID.
-
-Fixes CVE-2019-10132
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)
----
- src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++
- 1 file changed, 22 insertions(+)
-
-diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c
-index 85e693d76c..6e3b99f97d 100644
---- a/src/admin/admin_server_dispatch.c
-+++ b/src/admin/admin_server_dispatch.c
-@@ -64,6 +64,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED,
-                    void *opaque)
- {
-     struct daemonAdmClientPrivate *priv;
-+    uid_t clientuid;
-+    gid_t clientgid;
-+    pid_t clientpid;
-+    unsigned long long timestamp;
-+
-+    if (virNetServerClientGetUNIXIdentity(client,
-+                                          &clientuid,
-+                                          &clientgid,
-+                                          &clientpid,
-+                                          &timestamp) < 0)
-+        return NULL;
-+
-+    VIR_DEBUG("New client pid %lld uid %lld",
-+              (long long)clientpid,
-+              (long long)clientuid);
-+
-+    if (geteuid() != clientuid) {
-+        virReportRestrictedError(_("Disallowing client %lld with uid %lld"),
-+                                 (long long)clientpid,
-+                                 (long long)clientuid);
-+        return NULL;
-+    }
- 
-     if (VIR_ALLOC(priv) < 0)
-         return NULL;

0016-locking-restrict-sockets-to-mode-0600.patch

@@ -1,47 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Apr 2019 16:51:37 +0100
-Subject: [PATCH] locking: restrict sockets to mode 0600
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virtlockd daemon's only intended client is the libvirtd daemon. As
-such it should never allow clients from other user accounts to connect.
-The code already enforces this and drops clients from other UIDs, but
-we can get earlier (and thus stronger) protection against DoS by setting
-the socket permissions to 0600
-
-Fixes CVE-2019-10132
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1)
----
- src/locking/virtlockd-admin.socket.in | 1 +
- src/locking/virtlockd.socket.in       | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in
-index 2a7500f3d0..f674c492f7 100644
---- a/src/locking/virtlockd-admin.socket.in
-+++ b/src/locking/virtlockd-admin.socket.in
-@@ -5,6 +5,7 @@ Before=libvirtd.service
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
- Service=virtlockd.service
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in
-index 45e0f20235..d701b27516 100644
---- a/src/locking/virtlockd.socket.in
-+++ b/src/locking/virtlockd.socket.in
-@@ -4,6 +4,7 @@ Before=libvirtd.service
- 
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlockd-sock
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target

0017-logging-restrict-sockets-to-mode-0600.patch

@@ -1,47 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Tue, 30 Apr 2019 17:27:41 +0100
-Subject: [PATCH] logging: restrict sockets to mode 0600
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virtlogd daemon's only intended client is the libvirtd daemon. As
-such it should never allow clients from other user accounts to connect.
-The code already enforces this and drops clients from other UIDs, but
-we can get earlier (and thus stronger) protection against DoS by setting
-the socket permissions to 0600
-
-Fixes CVE-2019-10132
-
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f)
----
- src/logging/virtlogd-admin.socket.in | 1 +
- src/logging/virtlogd.socket.in       | 1 +
- 2 files changed, 2 insertions(+)
-
-diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in
-index 595e6c4c4b..5c41dfeb7b 100644
---- a/src/logging/virtlogd-admin.socket.in
-+++ b/src/logging/virtlogd-admin.socket.in
-@@ -5,6 +5,7 @@ Before=libvirtd.service
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock
- Service=virtlogd.service
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target
-diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in
-index 22b9360c8d..ae48cdab9a 100644
---- a/src/logging/virtlogd.socket.in
-+++ b/src/logging/virtlogd.socket.in
-@@ -4,6 +4,7 @@ Before=libvirtd.service
- 
- [Socket]
- ListenStream=@localstatedir@/run/libvirt/virtlogd-sock
-+SocketMode=0600
- 
- [Install]
- WantedBy=sockets.target

0018-api-disallow-virDomainSaveImageGetXMLDesc-on-read-on.patch

@@ -1,81 +0,0 @@
-From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
-Date: Fri, 14 Jun 2019 08:47:42 +0200
-Subject: [PATCH] api: disallow virDomainSaveImageGetXMLDesc on read-only
- connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virDomainSaveImageGetXMLDesc API is taking a path parameter,
-which can point to any path on the system. This file will then be
-read and parsed by libvirtd running with root privileges.
-
-Forbid it on read-only connections.
-
-Fixes: CVE-2019-10161
-Reported-by: Matthias Gerstner <mgerstner@suse.de>
-Signed-off-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit aed6a032cead4386472afb24b16196579e239580)
----
- src/libvirt-domain.c         | 11 ++---------
- src/qemu/qemu_driver.c       |  2 +-
- src/remote/remote_protocol.x |  3 +--
- 3 files changed, 4 insertions(+), 12 deletions(-)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index 072b92b717..ba0aaccdc1 100644
---- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -1073,8 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn, const char *from, const char *dxml,
-  * previously by virDomainSave() or virDomainSaveFlags().
-  *
-  * No security-sensitive data will be included unless @flags contains
-- * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE; this flag is rejected on read-only
-- * connections.
-+ * VIR_DOMAIN_SAVE_IMAGE_XML_SECURE.
-  *
-  * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of
-  * error.  The caller must free() the returned value.
-@@ -1090,13 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *file,
- 
-     virCheckConnectReturn(conn, NULL);
-     virCheckNonNullArgGoto(file, error);
--
--    if ((conn->flags & VIR_CONNECT_RO) &&
--        (flags & VIR_DOMAIN_SAVE_IMAGE_XML_SECURE)) {
--        virReportError(VIR_ERR_OPERATION_DENIED, "%s",
--                       _("virDomainSaveImageGetXMLDesc with secure flag"));
--        goto error;
--    }
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->domainSaveImageGetXMLDesc) {
-         char *ret;
-diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
-index 75d31efd14..b4a52f87a9 100644
---- a/src/qemu/qemu_driver.c
-+++ b/src/qemu/qemu_driver.c
-@@ -7083,7 +7083,7 @@ qemuDomainSaveImageGetXMLDesc(virConnectPtr conn, const char *path,
-     if (fd < 0)
-         goto cleanup;
- 
--    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0)
-+    if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0)
-         goto cleanup;
- 
-     ret = qemuDomainDefFormatXML(driver, def, flags);
-diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
-index 60cc40e04a..a67aba6131 100644
---- a/src/remote/remote_protocol.x
-+++ b/src/remote/remote_protocol.x
-@@ -5234,8 +5234,7 @@ enum remote_procedure {
-     /**
-      * @generate: both
-      * @priority: high
--     * @acl: domain:read
--     * @acl: domain:read_secure:VIR_DOMAIN_SAVE_IMAGE_XML_SECURE
-+     * @acl: domain:write
-      */
-     REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235,
- 

0019-api-disallow-virDomainManagedSaveDefineXML-on-read-o.patch

@@ -1,33 +0,0 @@
-From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
-Date: Fri, 14 Jun 2019 09:14:53 +0200
-Subject: [PATCH] api: disallow virDomainManagedSaveDefineXML on read-only
- connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virDomainManagedSaveDefineXML can be used to alter the domain's
-config used for managedsave or even execute arbitrary emulator binaries.
-Forbid it on read-only connections.
-
-Fixes: CVE-2019-10166
-Reported-by: Matthias Gerstner <mgerstner@suse.de>
-Signed-off-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a)
----
- src/libvirt-domain.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index ba0aaccdc1..ac7c4708b9 100644
---- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -9565,6 +9565,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml,
- 
-     virCheckDomainReturn(domain, -1);
-     conn = domain->conn;
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->domainManagedSaveDefineXML) {
-         int ret;

0020-api-disallow-virConnectGetDomainCapabilities-on-read.patch

@@ -1,31 +0,0 @@
-From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
-Date: Fri, 14 Jun 2019 09:16:14 +0200
-Subject: [PATCH] api: disallow virConnectGetDomainCapabilities on read-only
- connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This API can be used to execute arbitrary emulators.
-Forbid it on read-only connections.
-
-Fixes: CVE-2019-10167
-Signed-off-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26)
----
- src/libvirt-domain.c | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index ac7c4708b9..f7b834dfa6 100644
---- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -11360,6 +11360,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn,
-     virResetLastError();
- 
-     virCheckConnectReturn(conn, NULL);
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->connectGetDomainCapabilities) {
-         char *ret;

0021-api-disallow-virConnect-HypervisorCPU-on-read-only-c.patch

@@ -1,39 +0,0 @@
-From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
-Date: Fri, 14 Jun 2019 09:17:39 +0200
-Subject: [PATCH] api: disallow virConnect*HypervisorCPU on read-only
- connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-These APIs can be used to execute arbitrary emulators.
-Forbid them on read-only connections.
-
-Fixes: CVE-2019-10168
-Signed-off-by: Ján Tomko <jtomko@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit bf6c2830b6c338b1f5699b095df36f374777b291)
----
- src/libvirt-host.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/libvirt-host.c b/src/libvirt-host.c
-index e20d6ee250..2978825d22 100644
---- a/src/libvirt-host.c
-+++ b/src/libvirt-host.c
-@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn,
- 
-     virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR);
-     virCheckNonNullArgGoto(xmlCPU, error);
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->connectCompareHypervisorCPU) {
-         int ret;
-@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn,
- 
-     virCheckConnectReturn(conn, NULL);
-     virCheckNonNullArgGoto(xmlCPUs, error);
-+    virCheckReadOnlyGoto(conn->flags, error);
- 
-     if (conn->driver->connectBaselineHypervisorCPU) {
-         char *cpu;

0022-api-disallow-virDomainGetHostname-for-read-only-conn.patch

@@ -1,32 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Wed, 27 Mar 2019 10:59:58 +0000
-Subject: [PATCH] api: disallow virDomainGetHostname for read-only connections
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The virDomainGetHostname API is fetching guest information and this may
-involve use of an untrusted guest agent. As such its use must be
-forbidden on a read-only connection to libvirt.
-
-Fixes CVE-2019-3886
-Reviewed-by: Jim Fehlig <jfehlig@suse.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 2a07c990bd9143d7a0fe8d1b6b7c763c52185240)
----
- src/libvirt-domain.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
-index f7b834dfa6..c9bff31af5 100644
---- a/src/libvirt-domain.c
-+++ b/src/libvirt-domain.c
-@@ -11025,6 +11025,8 @@ virDomainGetHostname(virDomainPtr domain, unsigned int flags)
-     virCheckDomainReturn(domain, NULL);
-     conn = domain->conn;
- 
-+    virCheckReadOnlyGoto(domain->conn->flags, error);
-+
-     if (conn->driver->domainGetHostname) {
-         char *ret;
-         ret = conn->driver->domainGetHostname(domain, flags);

0023-remote-enforce-ACL-write-permission-for-getting-gues.patch

@@ -1,42 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Wed, 27 Mar 2019 11:22:49 +0000
-Subject: [PATCH] remote: enforce ACL write permission for getting guest time &
- hostname
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Getting the guest time and hostname both require use of guest agent
-commands. These must not be allowed for read-only users, so the
-permissions check must validate "write" permission not "read".
-
-Fixes CVE-2019-3886
-Reviewed-by: Jim Fehlig <jfehlig@suse.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit ae076bb40e0e150aef41361b64001138d04d6c60)
----
- src/remote/remote_protocol.x | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
-index a67aba6131..ff9e34a852 100644
---- a/src/remote/remote_protocol.x
-+++ b/src/remote/remote_protocol.x
-@@ -5504,7 +5504,7 @@ enum remote_procedure {
- 
-     /**
-      * @generate: both
--     * @acl: domain:read
-+     * @acl: domain:write
-      */
-     REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277,
- 
-@@ -5899,7 +5899,7 @@ enum remote_procedure {
- 
-     /**
-      * @generate: none
--     * @acl: domain:read
-+     * @acl: domain:write
-      */
-     REMOTE_PROC_DOMAIN_GET_TIME = 337,
- 

0024-qemu-Set-up-EMULATOR-thread-and-cpuset.mems-before-e.patch

@@ -1,59 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Wed, 10 Apr 2019 17:14:25 +0200
-Subject: [PATCH] qemu: Set up EMULATOR thread and cpuset.mems before
- exec()-ing qemu
-
-It's funny how this went unnoticed for such a long time. Long
-story short, if a domain is configured with
-VIR_DOMAIN_NUMATUNE_MEM_STRICT libvirt doesn't really honour
-that. This is because of 7e72ac787848 after which libvirt allowed
-qemu to allocate memory just anywhere and only after that it used
-some magic involving cpuset.memory_migrate and cpuset.mems to
-move the memory to desired NUMA nodes. This was done in order to
-work around some KVM bug where KVM would fail if there wasn't a
-DMA zone available on the NUMA node. Well, while the work around
-might stopped libvirt tickling the KVM bug it also caused a bug
-on libvirt side: if there is not enough memory on configured NUMA
-node(s) then any attempt to start a domain must fail. Because of
-the way we play with guest memory domains can start just happily.
-
-The solution is to move the child we've just forked into emulator
-cgroup, set up cpuset.mems and exec() qemu only after that.
-
-This basically reverts 7e72ac787848b7434c9 which was a workaround
-for kernel bug. This bug was apparently fixed because I've tested
-this successfully with recent kernel.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 0eaa4716e1b8f6eb59d77049aed3735c3b5fbdd6)
----
- src/qemu/qemu_process.c | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
-index 68c670d3f2..3bcc2ebd71 100644
---- a/src/qemu/qemu_process.c
-+++ b/src/qemu/qemu_process.c
-@@ -6636,6 +6636,10 @@ qemuProcessLaunch(virConnectPtr conn,
-     if (qemuProcessInitCpuAffinity(vm) < 0)
-         goto cleanup;
- 
-+    VIR_DEBUG("Setting emulator tuning/settings");
-+    if (qemuProcessSetupEmulator(vm) < 0)
-+        goto cleanup;
-+
-     VIR_DEBUG("Setting cgroup for external devices (if required)");
-     if (qemuSetupCgroupForExtDevices(vm, driver) < 0)
-         goto cleanup;
-@@ -6727,10 +6731,6 @@ qemuProcessLaunch(virConnectPtr conn,
-     if (qemuProcessDetectIOThreadPIDs(driver, vm, asyncJob) < 0)
-         goto cleanup;
- 
--    VIR_DEBUG("Setting emulator tuning/settings");
--    if (qemuProcessSetupEmulator(vm) < 0)
--        goto cleanup;
--
-     VIR_DEBUG("Setting global CPU cgroup (if required)");
-     if (qemuSetupGlobalCpuCgroup(vm) < 0)
-         goto cleanup;

0025-qemu-blockjob-Fix-saving-of-inactive-XML-after-compl.patch

@@ -1,35 +0,0 @@
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Fri, 17 May 2019 10:15:53 +0200
-Subject: [PATCH] qemu: blockjob: Fix saving of inactive XML after completed
- legacy blockjob
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Commit c257352797 introduced a logic bug where we will never save the
-inactive XML after a blockjob as the variable which was determining
-whether to do so is cleared right before. Thus even if we correctly
-modify the inactive state it will be rolled back when libvirtd is
-restarted.
-
-Reported-by: Thomas Stein <hello@himbee.re>
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit 4d8cc5a07a0dcc0ac99377f66a4649d219705452)
----
- src/qemu/qemu_blockjob.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c
-index fa7e4c8625..f105632a09 100644
---- a/src/qemu/qemu_blockjob.c
-+++ b/src/qemu/qemu_blockjob.c
-@@ -363,7 +363,7 @@ qemuBlockJobEventProcessLegacy(virQEMUDriverPtr driver,
-     if (virDomainSaveStatus(driver->xmlopt, cfg->stateDir, vm, driver->caps) < 0)
-         VIR_WARN("Unable to save status on vm %s after block job", vm->def->name);
- 
--    if (job->newstate == VIR_DOMAIN_BLOCK_JOB_COMPLETED && vm->newDef) {
-+    if (job->state == VIR_DOMAIN_BLOCK_JOB_COMPLETED && vm->newDef) {
-         if (virDomainSaveConfig(cfg->configDir, driver->caps, vm->newDef) < 0)
-             VIR_WARN("Unable to update persistent definition on vm %s "
-                      "after block job", vm->def->name);

Makefile

@@ -4,7 +4,7 @@ NAME := libvirt
 SPECFILE = $(firstword $(wildcard *.spec))
 
 define find-makefile-common
-for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$d/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
+for d in common ../common ../../common ; do if [ -f $$d/Makefile.common ] ; then if [ -f $$d/CVS/Root -a -w $$/Makefile.common ] ; then cd $$d ; cvs -Q update ; fi ; echo "$$d/Makefile.common" ; break ; fi ; done
 endef
 
 MAKEFILE_COMMON := $(shell $(find-makefile-common))

branch

@@ -0,0 +1 @@
+F-11

libvirt-0.6.2-avoid-broken-networking-with-newer-qemu.patch

@@ -0,0 +1,30 @@
+From 6e80c60b89728de28267242f7373ecf553e40bc1 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Thu, 28 May 2009 13:15:57 +0000
+Subject: [PATCH] Avoid broken networking with new QEMU/KVM >= 86
+
+(cherry picked from commit 2afc3bfd8b779ddba974da9d66d6ea337fc91c01)
+
+Fedora-patch: libvirt-0.6.2-avoid-broken-networking-with-newer-qemu.patch
+---
+ src/qemu_conf.c |    4 ++--
+ 1 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index fc0e772..99f13c6 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -658,8 +658,8 @@ qemudNetworkIfaceConnect(virConnectPtr conn,
+     }
+ 
+     snprintf(tapfdstr, sizeof(tapfdstr),
+-             "tap,fd=%d,script=,vlan=%d,ifname=%s",
+-             tapfd, vlan, net->ifname);
++             "tap,fd=%d,vlan=%d",
++             tapfd, vlan);
+ 
+     if (!(retval = strdup(tapfdstr)))
+         goto no_memory;
+-- 
+1.6.2.5
+

libvirt-0.6.2-bring-up-ipless-bridge.patch

@@ -0,0 +1,49 @@
+From 6635abc3bbe54e6b0168182805de92cd70d125e4 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Tue, 12 May 2009 15:31:22 +0000
+Subject: [PATCH] * src/network_driver.c: enable bridges which are not up without an IP address, patch by Ludwig Nussel
+
+(cherry picked from commit e978774ec67f4b062b1f65e5c76a13193a9430eb)
+
+Fedora-patch: libvirt-0.6.2-bring-up-ipless-bridge.patch
+---
+ src/network_driver.c |    9 +++------
+ 1 files changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/src/network_driver.c b/src/network_driver.c
+index a17a769..a163b15 100644
+--- a/src/network_driver.c
++++ b/src/network_driver.c
+@@ -836,8 +836,7 @@ static int networkStartNetworkDaemon(virConnectPtr conn,
+         goto err_delbr;
+     }
+ 
+-    if (network->def->ipAddress &&
+-        (err = brSetInterfaceUp(driver->brctl, network->def->bridge, 1))) {
++    if ((err = brSetInterfaceUp(driver->brctl, network->def->bridge, 1))) {
+         virReportSystemError(conn, err,
+                              _("failed to bring the bridge '%s' up"),
+                              network->def->bridge);
+@@ -878,8 +877,7 @@ static int networkStartNetworkDaemon(virConnectPtr conn,
+     networkRemoveIptablesRules(driver, network);
+ 
+  err_delbr1:
+-    if (network->def->ipAddress &&
+-        (err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) {
++    if ((err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) {
+         char ebuf[1024];
+         networkLog(NETWORK_WARN, _("Failed to bring down bridge '%s' : %s\n"),
+                  network->def->bridge, virStrerror(err, ebuf, sizeof ebuf));
+@@ -920,8 +918,7 @@ static int networkShutdownNetworkDaemon(virConnectPtr conn,
+     networkRemoveIptablesRules(driver, network);
+ 
+     char ebuf[1024];
+-    if (network->def->ipAddress &&
+-        (err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) {
++    if ((err = brSetInterfaceUp(driver->brctl, network->def->bridge, 0))) {
+         networkLog(NETWORK_WARN, _("Failed to bring down bridge '%s' : %s\n"),
+                  network->def->bridge, virStrerror(err, ebuf, sizeof ebuf));
+     }
+-- 
+1.6.2.5
+

libvirt-0.6.2-buf-locale-escape.patch

@@ -0,0 +1,33 @@
+From f793cd9b7220145b6df8086d77db4fdc035d680b Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Tue, 4 Aug 2009 18:13:09 +0100
+Subject: [PATCH] Fix escaping of 8-bit high characters
+
+Fix  https://bugzilla.redhat.com/show_bug.cgi?id=479517
+
+* src/buf.c: Cast to 'unsigned char' before doing compare to
+  avoid rejecting 8-bit high characters
+
+(cherry picked from commit 8feb499ba2c3625632210c997b49f5df515c05d4)
+
+Fedora-patch: libvirt-0.6.2-buf-locale-escape.patch
+---
+ src/buf.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/buf.c b/src/buf.c
+index 259175d..c802aa2 100644
+--- a/src/buf.c
++++ b/src/buf.c
+@@ -304,7 +304,7 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
+             *out++ = 'o';
+             *out++ = 's';
+             *out++ = ';';
+-        } else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') ||
++        } else if (((unsigned char)*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') ||
+                    (*cur == '\r')) {
+             /*
+              * default case, just copy !
+-- 
+1.6.2.5
+

libvirt-0.6.2-detect-newer-qemu-kvm-versions.patch

@@ -0,0 +1,170 @@
+From fe3cb2edefceacc76d0dc9c98b8d3b677a495c32 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Thu, 11 Jun 2009 14:15:49 +0000
+Subject: [PATCH] Detect newer qemu-kvm versions
+
+The KVM version string can be one of the following:
+
+  - qemu-kvm-x.y.z in stable releases
+  - kvm-XX for kvm versions up to kvm-85
+  - qemu-kvm-devel-XX for kvm version kvm-86 and later
+
+There are only a few of places where we need to detect
+differences between KVM versions based on 0.9.1:
+
+  1) VNET_HDR introduced in kvm-74
+
+  2) -incoming tcp introduced in kvm-79
+
+  3) -incoming exec introduced in kvm-80
+
+  4) -incoming stdio in all earlier kvm versions
+
+With qemu-kvm-0.10.x, we can now assume that (1) is available
+if it's a KVM release, (2) and (3) is always available and
+(4) is never available.
+
+So, from now on we should only need to check the qemu version
+number and the "is_kvm" flag for detecting feature availability.
+We only need the KVM version number for older releases.
+
+(cherry picked from commit 04cbe687974b3b46c96fa20180bbb07ffeff69da)
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: libvirt-0.6.2-detect-newer-qemu-kvm-versions.patch
+---
+ src/qemu_conf.c |   44 +++++++++++++++++++++++++++++++-------------
+ 1 files changed, 31 insertions(+), 13 deletions(-)
+
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index e488d74..d76b2b6 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -416,6 +416,7 @@ virCapsPtr qemudCapsInit(void) {
+ 
+ static unsigned int qemudComputeCmdFlags(const char *help,
+                                          unsigned int version,
++                                         unsigned int is_kvm,
+                                          unsigned int kvm_version)
+ {
+     unsigned int flags = 0;
+@@ -441,7 +442,8 @@ static unsigned int qemudComputeCmdFlags(const char *help,
+         flags |= QEMUD_CMD_FLAG_DRIVE_BOOT;
+     if (version >= 9000)
+         flags |= QEMUD_CMD_FLAG_VNC_COLON;
+-    if (kvm_version >= 74)
++
++    if (is_kvm && (version >= 10000 || kvm_version >= 74))
+         flags |= QEMUD_CMD_FLAG_VNET_HDR;
+ 
+     /*
+@@ -454,15 +456,15 @@ static unsigned int qemudComputeCmdFlags(const char *help,
+      * was broken, because it blocked the monitor console
+      * while waiting for data, so pretend it doesn't exist
+      */
+-    if (kvm_version >= 79) {
++    if (version >= 10000) {
++        flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_TCP;
++        flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC;
++    } else if (kvm_version >= 79) {
+         flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_TCP;
+         if (kvm_version >= 80)
+             flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC;
+     } else if (kvm_version > 0) {
+         flags |= QEMUD_CMD_FLAG_MIGRATE_KVM_STDIO;
+-    } else if (version >= 10000) {
+-        flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_TCP;
+-        flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC;
+     }
+ 
+     return flags;
+@@ -472,10 +474,19 @@ static unsigned int qemudComputeCmdFlags(const char *help,
+  * version number. The first bit is easy, just parse
+  * 'QEMU PC emulator version x.y.z'.
+  *
+- * With qemu-kvm, however, that is followed by a kvm-XX
+- * string in parenthesis.
++ * With qemu-kvm, however, that is followed by a string
++ * in parenthesis as follows:
++ *  - qemu-kvm-x.y.z in stable releases
++ *  - kvm-XX for kvm versions up to kvm-85
++ *  - qemu-kvm-devel-XX for kvm version kvm-86 and later
++ *
++ * For qemu-kvm versions before 0.10.z, we need to detect
++ * the KVM version number for some features. With 0.10.z
++ * and later, we just need the QEMU version number and
++ * whether it is KVM QEMU or mainline QEMU.
+  */
+ #define QEMU_VERSION_STR    "QEMU PC emulator version"
++#define QEMU_KVM_VER_PREFIX "(qemu-kvm-"
+ #define KVM_VER_PREFIX      "(kvm-"
+ 
+ #define SKIP_BLANKS(p) do { while ((*(p) == ' ') || (*(p) == '\t')) (p)++; } while (0)
+@@ -483,12 +494,13 @@ static unsigned int qemudComputeCmdFlags(const char *help,
+ static int qemudParseHelpStr(const char *help,
+                              unsigned int *flags,
+                              unsigned int *version,
++                             unsigned int *is_kvm,
+                              unsigned int *kvm_version)
+ {
+     unsigned major, minor, micro;
+     const char *p = help;
+ 
+-    *flags = *version = *kvm_version = 0;
++    *flags = *version = *is_kvm = *kvm_version = 0;
+ 
+     if (!STRPREFIX(p, QEMU_VERSION_STR))
+         goto fail;
+@@ -515,9 +527,13 @@ static int qemudParseHelpStr(const char *help,
+ 
+     SKIP_BLANKS(p);
+ 
+-    if (STRPREFIX(p, KVM_VER_PREFIX)) {
++    if (STRPREFIX(p, QEMU_KVM_VER_PREFIX)) {
++        *is_kvm = 1;
++        p += strlen(QEMU_KVM_VER_PREFIX);
++    } else if (STRPREFIX(p, KVM_VER_PREFIX)) {
+         int ret;
+ 
++        *is_kvm = 1;
+         p += strlen(KVM_VER_PREFIX);
+ 
+         ret = virParseNumber(&p);
+@@ -529,12 +545,14 @@ static int qemudParseHelpStr(const char *help,
+ 
+     *version = (major * 1000 * 1000) + (minor * 1000) + micro;
+ 
+-    *flags = qemudComputeCmdFlags(help, *version, *kvm_version);
++    *flags = qemudComputeCmdFlags(help, *version, *is_kvm, *kvm_version);
+ 
+     qemudDebug("Version %u.%u.%u, cooked version %u, flags %u",
+                major, minor, micro, *version, *flags);
+     if (*kvm_version)
+-        qemudDebug("KVM version %u detected", *kvm_version);
++        qemudDebug("KVM version %d detected", *kvm_version);
++    else if (*is_kvm)
++        qemudDebug("qemu-kvm version %u.%u.%u detected", major, minor, micro);
+ 
+     return 0;
+ 
+@@ -560,7 +578,7 @@ int qemudExtractVersionInfo(const char *qemu,
+     pid_t child;
+     int newstdout = -1;
+     int ret = -1, status;
+-    unsigned int version, kvm_version;
++    unsigned int version, is_kvm, kvm_version;
+     unsigned int flags = 0;
+ 
+     if (retflags)
+@@ -581,7 +599,7 @@ int qemudExtractVersionInfo(const char *qemu,
+         goto cleanup2;
+     }
+ 
+-    if (qemudParseHelpStr(help, &flags, &version, &kvm_version) == -1)
++    if (qemudParseHelpStr(help, &flags, &version, &is_kvm, &kvm_version) == -1)
+         goto cleanup2;
+ 
+     if (retversion)
+-- 
+1.6.2.5
+

libvirt-0.6.2-do-not-log-monitor-output.patch

@@ -0,0 +1,208 @@
+From 182a3cac2b4339e988802eb02279e7ab4c883c67 Mon Sep 17 00:00:00 2001
+From: =?utf-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Thu, 16 Apr 2009 15:56:27 +0000
+Subject: [PATCH] Don't log monitor output to domain log file.
+
+It's logged via the logging system already. Prefix monitor debug output with vm
+name.
+
+(cherry picked from commit 5caa1e0eb050a12fe8ed02cf635bb672a56cdb6f)
+
+Fedora-patch: libvirt-0.6.2-do-not-log-monitor-output.patch
+---
+ src/qemu_driver.c |   60 +++++++++++++++++++++-------------------------------
+ 1 files changed, 24 insertions(+), 36 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 5ca3d20..cb738b2 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1706,27 +1706,11 @@ qemudMonitorCommandExtra(const virDomainObjPtr vm,
+             goto error;
+         }
+     }
+-
+-    /* Log, but ignore failures to write logfile for VM */
+-    if (safewrite(vm->logfile, buf, strlen(buf)) < 0) {
+-        char ebuf[1024];
+-        VIR_WARN(_("Unable to log VM console data: %s\n"),
+-                 virStrerror(errno, ebuf, sizeof ebuf));
+-    }
+-
+     *reply = buf;
+     return 0;
+ 
+  error:
+-    if (buf) {
+-        /* Log, but ignore failures to write logfile for VM */
+-        if (safewrite(vm->logfile, buf, strlen(buf)) < 0) {
+-            char ebuf[1024];
+-            VIR_WARN(_("Unable to log VM console data: %s\n"),
+-                     virStrerror(errno, ebuf, sizeof ebuf));
+-        }
+-        VIR_FREE(buf);
+-    }
++    VIR_FREE(buf);
+     return -1;
+ }
+ 
+@@ -2461,7 +2445,7 @@ static int qemudDomainGetMemoryBalloon(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
+-    DEBUG ("balloon reply: '%s'", reply);
++    DEBUG ("%s: balloon reply: '%s'", vm->def->name, reply);
+     if ((offset = strstr(reply, BALLOON_PREFIX)) != NULL) {
+         unsigned int memMB;
+         char *end;
+@@ -2515,7 +2499,7 @@ static int qemudDomainSetMemoryBalloon(virConnectPtr conn,
+ 
+     /* If the command failed qemu prints: 'unknown command'
+      * No message is printed on success it seems */
+-    DEBUG ("balloon reply: %s", reply);
++    DEBUG ("%s: balloon reply: %s",vm->def->name,  reply);
+     if (strstr(reply, "\nunknown command:")) {
+         /* Don't set error - it is expected memory balloon fails on many qemu */
+         ret = 0;
+@@ -2810,7 +2794,7 @@ static int qemudDomainSave(virDomainPtr dom,
+         goto cleanup;
+     }
+ 
+-    DEBUG ("migrate reply: %s", info);
++    DEBUG ("%s: migrate reply: %s", vm->def->name, info);
+ 
+     /* If the command isn't supported then qemu prints:
+      * unknown command: migrate" */
+@@ -3662,7 +3646,7 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
+     /* If the command failed qemu prints:
+      * device not found, device is locked ...
+      * No message is printed on success it seems */
+-    DEBUG ("ejectable media change reply: %s", reply);
++    DEBUG ("%s: ejectable media change reply: %s", vm->def->name, reply);
+     if (strstr(reply, "\ndevice ")) {
+         qemudReportError (conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+                           _("changing cdrom media failed: %s"), reply);
+@@ -3723,7 +3707,7 @@ static int qemudDomainAttachPciDiskDevice(virConnectPtr conn,
+         return -1;
+     }
+ 
+-    DEBUG ("pci_add reply: %s", reply);
++    DEBUG ("%s: pci_add reply: %s", vm->def->name, reply);
+     /* If the command succeeds qemu prints:
+      * OK bus 0... */
+ #define PCI_ATTACH_OK_MSG "OK bus 0, slot "
+@@ -3791,7 +3775,7 @@ static int qemudDomainAttachUsbMassstorageDevice(virConnectPtr conn,
+         return -1;
+     }
+ 
+-    DEBUG ("attach_usb reply: %s", reply);
++    DEBUG ("%s: attach_usb reply: %s",vm->def->name,  reply);
+     /* If the command failed qemu prints:
+      * Could not add ... */
+     if (strstr(reply, "Could not add ")) {
+@@ -3845,7 +3829,7 @@ static int qemudDomainAttachHostDevice(virConnectPtr conn,
+         return -1;
+     }
+ 
+-    DEBUG ("attach_usb reply: %s", reply);
++    DEBUG ("%s: attach_usb reply: %s", vm->def->name, reply);
+     /* If the command failed qemu prints:
+      * Could not add ... */
+     if (strstr(reply, "Could not add ")) {
+@@ -3984,7 +3968,7 @@ static int qemudDomainDetachPciDiskDevice(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
+-    DEBUG ("pci_del reply: %s", reply);
++    DEBUG ("%s: pci_del reply: %s",vm->def->name,  reply);
+     /* If the command fails due to a wrong slot qemu prints: invalid slot,
+      * nothing is printed on success */
+     if (strstr(reply, "invalid slot")) {
+@@ -4214,7 +4198,7 @@ qemudDomainBlockStats (virDomainPtr dom,
+                           "%s", _("'info blockstats' command failed"));
+         goto cleanup;
+     }
+-    DEBUG ("info blockstats reply: %s", info);
++    DEBUG ("%s: info blockstats reply: %s", vm->def->name, info);
+ 
+     /* If the command isn't supported then qemu prints the supported
+      * info commands, so the output starts "info ".  Since this is
+@@ -4255,21 +4239,25 @@ qemudDomainBlockStats (virDomainPtr dom,
+                 if (STRPREFIX (p, "rd_bytes=")) {
+                     p += 9;
+                     if (virStrToLong_ll (p, &dummy, 10, &stats->rd_bytes) == -1)
+-                        DEBUG ("error reading rd_bytes: %s", p);
++                        DEBUG ("%s: error reading rd_bytes: %s",
++                               vm->def->name, p);
+                 } else if (STRPREFIX (p, "wr_bytes=")) {
+                     p += 9;
+                     if (virStrToLong_ll (p, &dummy, 10, &stats->wr_bytes) == -1)
+-                        DEBUG ("error reading wr_bytes: %s", p);
++                        DEBUG ("%s: error reading wr_bytes: %s",
++                               vm->def->name, p);
+                 } else if (STRPREFIX (p, "rd_operations=")) {
+                     p += 14;
+                     if (virStrToLong_ll (p, &dummy, 10, &stats->rd_req) == -1)
+-                        DEBUG ("error reading rd_req: %s", p);
++                        DEBUG ("%s: error reading rd_req: %s",
++                               vm->def->name, p);
+                 } else if (STRPREFIX (p, "wr_operations=")) {
+                     p += 14;
+                     if (virStrToLong_ll (p, &dummy, 10, &stats->wr_req) == -1)
+-                        DEBUG ("error reading wr_req: %s", p);
++                        DEBUG ("%s: error reading wr_req: %s",
++                               vm->def->name, p);
+                 } else
+-                    DEBUG ("unknown block stat near %s", p);
++                    DEBUG ("%s: unknown block stat near %s", vm->def->name, p);
+ 
+                 /* Skip to next label. */
+                 p = strchr (p, ' ');
+@@ -4481,7 +4469,7 @@ qemudDomainMemoryPeek (virDomainPtr dom,
+         goto cleanup;
+     }
+ 
+-    DEBUG ("memsave reply: %s", info);
++    DEBUG ("%s: memsave reply: %s", vm->def->name, info);
+ 
+     /* Read the memory file into buffer. */
+     if (saferead (fd, buffer, size) == (ssize_t) -1) {
+@@ -4798,7 +4786,7 @@ qemudDomainMigratePerform (virDomainPtr dom,
+                              "%s", _("off-line migration specified, but suspend operation failed"));
+             goto cleanup;
+         }
+-        DEBUG ("stop reply: %s", info);
++        DEBUG ("%s: stop reply: %s", vm->def->name, info);
+         VIR_FREE(info);
+         paused = 1;
+ 
+@@ -4815,7 +4803,7 @@ qemudDomainMigratePerform (virDomainPtr dom,
+         snprintf (cmd, sizeof cmd, "migrate_set_speed %lum", resource);
+         qemudMonitorCommand (vm, cmd, &info);
+ 
+-        DEBUG ("migrate_set_speed reply: %s", info);
++        DEBUG ("%s: migrate_set_speed reply: %s", vm->def->name, info);
+         VIR_FREE (info);
+     }
+ 
+@@ -4834,7 +4822,7 @@ qemudDomainMigratePerform (virDomainPtr dom,
+         goto cleanup;
+     }
+ 
+-    DEBUG ("migrate reply: %s", info);
++    DEBUG ("%s: migrate reply: %s", vm->def->name, info);
+ 
+     /* Now check for "fail" in the output string */
+     if (strstr(info, "fail") != NULL) {
+@@ -4873,7 +4861,7 @@ cleanup:
+                       vm->def->name);
+         }
+         else {
+-            DEBUG ("cont reply: %s", info);
++            DEBUG ("%s: cont reply: %s", vm->def->name, info);
+             VIR_FREE(info);
+         }
+ 
+-- 
+1.6.2.5
+

libvirt-0.6.2-do-not-unnecessarily-try-to-change-a-file-context.patch

@@ -0,0 +1,49 @@
+From 2d299525f5de29d11c6dc4810aa41e893535695b Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 3 Jul 2009 10:27:46 +0000
+Subject: [PATCH] Don't unnecessarily try to change a file context
+
+As pointed out by Tim Waugh here:
+
+  https://bugzilla.redhat.com/507555
+
+We shouldn't bother trying to set the context of a file if it already
+matches what we want.
+
+(Fixed to use STREQ() and not use tabs, as pointed out by danpb)
+
+(cherry picked from commit add254feeaa830dd5af1118c141cb140bf55b5a7)
+
+Fedora-patch: libvirt-0.6.2-do-not-unnecessarily-try-to-change-a-file-context.patch
+---
+ src/security_selinux.c |   11 ++++++++++-
+ 1 files changed, 10 insertions(+), 1 deletions(-)
+
+diff --git a/src/security_selinux.c b/src/security_selinux.c
+index 450fce2..8ebe1fe 100644
+--- a/src/security_selinux.c
++++ b/src/security_selinux.c
+@@ -280,10 +280,19 @@ static int
+ SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
+ {
+     char ebuf[1024];
++    security_context_t econ;
+ 
+     VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
+ 
+-    if(setfilecon(path, tcon) < 0) {
++    if (setfilecon(path, tcon) < 0) {
++        if (getfilecon(path, &econ) >= 0) {
++            if (STREQ(tcon, econ)) {
++                freecon(econ);
++                /* It's alright, there's nothing to change anyway. */
++                return 0;
++            }
++            freecon(econ);
++        }
+         virSecurityReportError(conn, VIR_ERR_ERROR,
+                                _("%s: unable to set security context "
+                                  "'\%s\' on %s: %s."), __func__,
+-- 
+1.6.2.5
+

libvirt-0.6.2-enable-qemu-0-10-migration.patch

@@ -0,0 +1,48 @@
+From 9b41d6550b6bf8d4450bb5b86550eb605cc1fd91 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Fri, 8 May 2009 10:07:15 +0000
+Subject: [PATCH] Enable save/restore/migrate for QEMU >= 0.10.0
+
+(cherry picked from commit 88e22e4e8cb7fc7e1fa1d132778aa1994f4b55b6)
+
+Fedora-patch: libvirt-0.6.2-enable-qemu-0-10-migration.patch
+---
+ src/qemu_conf.c |   10 +++++-----
+ 1 files changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index 6f9e610..929fe00 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -472,16 +472,13 @@ int qemudExtractVersionInfo(const char *qemu,
+ 
+     /*
+      * Handling of -incoming arg with varying features
+-     *  -incoming tcp    (kvm >= 79)
+-     *  -incoming exec   (kvm >= 80)
++     *  -incoming tcp    (kvm >= 79, qemu >= 0.10.0)
++     *  -incoming exec   (kvm >= 80, qemu >= 0.10.0)
+      *  -incoming stdio  (all earlier kvm)
+      *
+      * NB, there was a pre-kvm-79 'tcp' support, but it
+      * was broken, because it blocked the monitor console
+      * while waiting for data, so pretend it doesn't exist
+-     *
+-     * XXX when next QEMU release after 0.9.1 arrives,
+-     * we'll need to add MIGRATE_QEMU_TCP/EXEC here too
+      */
+     if (kvm_version >= 79) {
+         flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_TCP;
+@@ -489,6 +486,9 @@ int qemudExtractVersionInfo(const char *qemu,
+             flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC;
+     } else if (kvm_version > 0) {
+         flags |= QEMUD_CMD_FLAG_MIGRATE_KVM_STDIO;
++    } else if (version >= 10000) {
++        flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_TCP;
++        flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC;
+     }
+ 
+     if (retversion)
+-- 
+1.6.2.5
+

libvirt-0.6.2-event-handling-1.patch

@@ -0,0 +1,147 @@
+From 261ec2c9597b2eb6c7d91589fc66e203f60b6735 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Tue, 12 May 2009 16:41:49 +0000
+Subject: [PATCH] Fix interrupting of main event thread & protect against accidental uniniitalized variables
+
+(cherry picked from commit 0a31be6ba243066378c344882cc1a32802774edb)
+
+Fedora-patch: libvirt-0.6.2-event-handling-1.patch
+---
+ qemud/event.c |   42 +++++++++++++++++++++++++++++++++++-------
+ 1 files changed, 35 insertions(+), 7 deletions(-)
+
+diff --git a/qemud/event.c b/qemud/event.c
+index 0887008..4dc1020 100644
+--- a/qemud/event.c
++++ b/qemud/event.c
+@@ -83,10 +83,10 @@ struct virEventLoop {
+ static struct virEventLoop eventLoop;
+ 
+ /* Unique ID for the next FD watch to be registered */
+-static int nextWatch = 0;
++static int nextWatch = 1;
+ 
+ /* Unique ID for the next timer to be registered */
+-static int nextTimer = 0;
++static int nextTimer = 1;
+ 
+ static void virEventLock(void)
+ {
+@@ -142,15 +142,22 @@ int virEventAddHandleImpl(int fd, int events,
+ 
+ void virEventUpdateHandleImpl(int watch, int events) {
+     int i;
++    EVENT_DEBUG("Update handle w=%d e=%d", watch, events);
++
++    if (watch <= 0) {
++        VIR_WARN("Ignoring invalid update watch %d", watch);
++        return;
++    }
++
+     virEventLock();
+     for (i = 0 ; i < eventLoop.handlesCount ; i++) {
+         if (eventLoop.handles[i].watch == watch) {
+             eventLoop.handles[i].events =
+                     virEventHandleTypeToPollEvent(events);
++            virEventInterruptLocked();
+             break;
+         }
+     }
+-    virEventInterruptLocked();
+     virEventUnlock();
+ }
+ 
+@@ -163,6 +170,12 @@ void virEventUpdateHandleImpl(int watch, int events) {
+ int virEventRemoveHandleImpl(int watch) {
+     int i;
+     EVENT_DEBUG("Remove handle %d", watch);
++
++    if (watch <= 0) {
++        VIR_WARN("Ignoring invalid remove watch %d", watch);
++        return -1;
++    }
++
+     virEventLock();
+     for (i = 0 ; i < eventLoop.handlesCount ; i++) {
+         if (eventLoop.handles[i].deleted)
+@@ -171,11 +184,11 @@ int virEventRemoveHandleImpl(int watch) {
+         if (eventLoop.handles[i].watch == watch) {
+             EVENT_DEBUG("mark delete %d %d", i, eventLoop.handles[i].fd);
+             eventLoop.handles[i].deleted = 1;
++            virEventInterruptLocked();
+             virEventUnlock();
+             return 0;
+         }
+     }
+-    virEventInterruptLocked();
+     virEventUnlock();
+     return -1;
+ }
+@@ -231,6 +244,12 @@ void virEventUpdateTimeoutImpl(int timer, int frequency) {
+     struct timeval tv;
+     int i;
+     EVENT_DEBUG("Updating timer %d timeout with %d ms freq", timer, frequency);
++
++    if (timer <= 0) {
++        VIR_WARN("Ignoring invalid update timer %d", timer);
++        return;
++    }
++
+     if (gettimeofday(&tv, NULL) < 0) {
+         return;
+     }
+@@ -243,10 +262,10 @@ void virEventUpdateTimeoutImpl(int timer, int frequency) {
+                 frequency >= 0 ? frequency +
+                 (((unsigned long long)tv.tv_sec)*1000) +
+                 (((unsigned long long)tv.tv_usec)/1000) : 0;
++            virEventInterruptLocked();
+             break;
+         }
+     }
+-    virEventInterruptLocked();
+     virEventUnlock();
+ }
+ 
+@@ -259,6 +278,12 @@ void virEventUpdateTimeoutImpl(int timer, int frequency) {
+ int virEventRemoveTimeoutImpl(int timer) {
+     int i;
+     EVENT_DEBUG("Remove timer %d", timer);
++
++    if (timer <= 0) {
++        VIR_WARN("Ignoring invalid remove timer %d", timer);
++        return -1;
++    }
++
+     virEventLock();
+     for (i = 0 ; i < eventLoop.timeoutsCount ; i++) {
+         if (eventLoop.timeouts[i].deleted)
+@@ -266,11 +291,11 @@ int virEventRemoveTimeoutImpl(int timer) {
+ 
+         if (eventLoop.timeouts[i].timer == timer) {
+             eventLoop.timeouts[i].deleted = 1;
++            virEventInterruptLocked();
+             virEventUnlock();
+             return 0;
+         }
+     }
+-    virEventInterruptLocked();
+     virEventUnlock();
+     return -1;
+ }
+@@ -616,9 +641,12 @@ static int virEventInterruptLocked(void)
+     char c = '\0';
+ 
+     if (!eventLoop.running ||
+-        pthread_self() == eventLoop.leader)
++        pthread_self() == eventLoop.leader) {
++        VIR_DEBUG("Skip interrupt, %d %d", eventLoop.running, (int)eventLoop.leader);
+         return 0;
++    }
+ 
++    VIR_DEBUG0("Interrupting");
+     if (safewrite(eventLoop.wakeupfd[1], &c, sizeof(c)) != sizeof(c))
+         return -1;
+     return 0;
+-- 
+1.6.2.5
+

libvirt-0.6.2-event-handling-2.patch

@@ -0,0 +1,200 @@
+From ef1a3eaa58d83c3367a1addff6c8132f27aa09dd Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Tue, 12 May 2009 16:43:04 +0000
+Subject: [PATCH] Fix watch/timer event deletion
+
+(cherry picked from commit 470317f5c71cbcc6b6d8d83d0978aea3510d3698)
+
+Fedora-patch: libvirt-0.6.2-event-handling-2.patch
+---
+ qemud/event.c |  112 ++++++++++++++++++++++++++-------------------------------
+ 1 files changed, 51 insertions(+), 61 deletions(-)
+
+diff --git a/qemud/event.c b/qemud/event.c
+index 4dc1020..8bc7c34 100644
+--- a/qemud/event.c
++++ b/qemud/event.c
+@@ -312,7 +312,7 @@ static int virEventCalculateTimeout(int *timeout) {
+     EVENT_DEBUG("Calculate expiry of %d timers", eventLoop.timeoutsCount);
+     /* Figure out if we need a timeout */
+     for (i = 0 ; i < eventLoop.timeoutsCount ; i++) {
+-        if (eventLoop.timeouts[i].deleted || eventLoop.timeouts[i].frequency < 0)
++        if (eventLoop.timeouts[i].frequency < 0)
+             continue;
+ 
+         EVENT_DEBUG("Got a timeout scheduled for %llu", eventLoop.timeouts[i].expiresAt);
+@@ -349,32 +349,26 @@ static int virEventCalculateTimeout(int *timeout) {
+  * file handles. The caller must free the returned data struct
+  * returns: the pollfd array, or NULL on error
+  */
+-static int virEventMakePollFDs(struct pollfd **retfds) {
++static struct pollfd *virEventMakePollFDs(void) {
+     struct pollfd *fds;
+-    int i, nfds = 0;
++    int i;
+ 
+-    for (i = 0 ; i < eventLoop.handlesCount ; i++) {
+-        if (eventLoop.handles[i].deleted)
+-            continue;
+-        nfds++;
+-    }
+-    *retfds = NULL;
+     /* Setup the poll file handle data structs */
+-    if (VIR_ALLOC_N(fds, nfds) < 0)
+-        return -1;
++    if (VIR_ALLOC_N(fds, eventLoop.handlesCount) < 0)
++        return NULL;
+ 
+-    for (i = 0, nfds = 0 ; i < eventLoop.handlesCount ; i++) {
+-        if (eventLoop.handles[i].deleted)
+-            continue;
+-        fds[nfds].fd = eventLoop.handles[i].fd;
+-        fds[nfds].events = eventLoop.handles[i].events;
+-        fds[nfds].revents = 0;
++    for (i = 0 ; i < eventLoop.handlesCount ; i++) {
++        EVENT_DEBUG("Prepare n=%d w=%d, f=%d e=%d", i,
++                    eventLoop.handles[i].watch,
++                    eventLoop.handles[i].fd,
++                    eventLoop.handles[i].events);
++        fds[i].fd = eventLoop.handles[i].fd;
++        fds[i].events = eventLoop.handles[i].events;
++        fds[i].revents = 0;
+         //EVENT_DEBUG("Wait for %d %d", eventLoop.handles[i].fd, eventLoop.handles[i].events);
+-        nfds++;
+     }
+ 
+-    *retfds = fds;
+-    return nfds;
++    return fds;
+ }
+ 
+ 
+@@ -434,26 +428,30 @@ static int virEventDispatchTimeouts(void) {
+  * Returns 0 upon success, -1 if an error occurred
+  */
+ static int virEventDispatchHandles(int nfds, struct pollfd *fds) {
+-    int i, n;
++    int i;
+ 
+-    for (i = 0, n = 0 ; i < eventLoop.handlesCount && n < nfds ; i++) {
++    /* NB, use nfds not eventLoop.handlesCount, because new
++     * fds might be added on end of list, and they're not
++     * in the fds array we've got */
++    for (i = 0 ; i < nfds ; i++) {
+         if (eventLoop.handles[i].deleted) {
+-            EVENT_DEBUG("Skip deleted %d", eventLoop.handles[i].fd);
++            EVENT_DEBUG("Skip deleted n=%d w=%d f=%d", i,
++                        eventLoop.handles[i].watch, eventLoop.handles[i].fd);
+             continue;
+         }
+ 
+-        if (fds[n].revents) {
++        if (fds[i].revents) {
+             virEventHandleCallback cb = eventLoop.handles[i].cb;
+             void *opaque = eventLoop.handles[i].opaque;
+-            int hEvents = virPollEventToEventHandleType(fds[n].revents);
+-            EVENT_DEBUG("Dispatch %d %d %p", fds[n].fd,
+-                        fds[n].revents, eventLoop.handles[i].opaque);
++            int hEvents = virPollEventToEventHandleType(fds[i].revents);
++            EVENT_DEBUG("Dispatch n=%d f=%d w=%d e=%d %p", i,
++                        fds[i].fd, eventLoop.handles[i].watch,
++                        fds[i].revents, eventLoop.handles[i].opaque);
+             virEventUnlock();
+             (cb)(eventLoop.handles[i].watch,
+-                 fds[n].fd, hEvents, opaque);
++                 fds[i].fd, hEvents, opaque);
+             virEventLock();
+         }
+-        n++;
+     }
+ 
+     return 0;
+@@ -544,22 +542,21 @@ static int virEventCleanupHandles(void) {
+  * at least one file handle has an event, or a timer expires
+  */
+ int virEventRunOnce(void) {
+-    struct pollfd *fds;
++    struct pollfd *fds = NULL;
+     int ret, timeout, nfds;
+ 
+     virEventLock();
+     eventLoop.running = 1;
+     eventLoop.leader = pthread_self();
+-    if ((nfds = virEventMakePollFDs(&fds)) < 0) {
+-        virEventUnlock();
+-        return -1;
+-    }
+ 
+-    if (virEventCalculateTimeout(&timeout) < 0) {
+-        VIR_FREE(fds);
+-        virEventUnlock();
+-        return -1;
+-    }
++    if (virEventCleanupTimeouts() < 0 ||
++        virEventCleanupHandles() < 0)
++        goto error;
++
++    if (!(fds = virEventMakePollFDs()) ||
++        virEventCalculateTimeout(&timeout) < 0)
++        goto error;
++    nfds = eventLoop.handlesCount;
+ 
+     virEventUnlock();
+ 
+@@ -571,38 +568,31 @@ int virEventRunOnce(void) {
+         if (errno == EINTR) {
+             goto retry;
+         }
+-        VIR_FREE(fds);
+-        return -1;
++        goto error_unlocked;
+     }
+ 
+     virEventLock();
+-    if (virEventDispatchTimeouts() < 0) {
+-        VIR_FREE(fds);
+-        virEventUnlock();
+-        return -1;
+-    }
++    if (virEventDispatchTimeouts() < 0)
++        goto error;
+ 
+     if (ret > 0 &&
+-        virEventDispatchHandles(nfds, fds) < 0) {
+-        VIR_FREE(fds);
+-        virEventUnlock();
+-        return -1;
+-    }
+-    VIR_FREE(fds);
+-
+-    if (virEventCleanupTimeouts() < 0) {
+-        virEventUnlock();
+-        return -1;
+-    }
++        virEventDispatchHandles(nfds, fds) < 0)
++        goto error;
+ 
+-    if (virEventCleanupHandles() < 0) {
+-        virEventUnlock();
+-        return -1;
+-    }
++    if (virEventCleanupTimeouts() < 0 ||
++        virEventCleanupHandles() < 0)
++        goto error;
+ 
+     eventLoop.running = 0;
+     virEventUnlock();
++    VIR_FREE(fds);
+     return 0;
++
++error:
++    virEventUnlock();
++error_unlocked:
++    VIR_FREE(fds);
++    return -1;
+ }
+ 
+ static void virEventHandleWakeup(int watch ATTRIBUTE_UNUSED,
+-- 
+1.6.2.5
+

libvirt-0.6.2-fix-libvirtd-crash-with-bad-capabilities-data.patch

@@ -0,0 +1,137 @@
+From d8bd0cff27c0572e9305e7fdbc6b843f74d9e30f Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Mon, 29 Jun 2009 10:41:56 +0000
+Subject: [PATCH] Fix crash in QEMU driver with bad capabilities data
+
+(cherry picked from commit 39c7e7a6b79bbdfa36928a430d56fa88a204e8fd)
+
+Fedora-patch: libvirt-0.6.2-fix-libvirtd-crash-with-bad-capabilities-data.patch
+---
+ src/qemu_driver.c |   80 +++++++++++++++++++++++++++++++++++-----------------
+ 1 files changed, 54 insertions(+), 26 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index cb738b2..3d3675c 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -360,12 +360,43 @@ next:
+     return 0;
+ }
+ 
++
++static int
++qemudSecurityCapsInit(virSecurityDriverPtr secdrv,
++                      virCapsPtr caps)
++{
++    const char *doi, *model;
++
++    doi = virSecurityDriverGetDOI(secdrv);
++    model = virSecurityDriverGetModel(secdrv);
++
++    caps->host.secModel.model = strdup(model);
++    if (!caps->host.secModel.model) {
++        char ebuf[1024];
++        VIR_ERROR(_("Failed to copy secModel model: %s"),
++                  virStrerror(errno, ebuf, sizeof ebuf));
++        return -1;
++    }
++
++    caps->host.secModel.doi = strdup(doi);
++    if (!caps->host.secModel.doi) {
++        char ebuf[1024];
++        VIR_ERROR(_("Failed to copy secModel DOI: %s"),
++                  virStrerror(errno, ebuf, sizeof ebuf));
++        return -1;
++    }
++
++    VIR_DEBUG("Initialized caps for security driver \"%s\" with "
++              "DOI \"%s\"", model, doi);
++
++    return 0;
++}
++
++
+ static int
+ qemudSecurityInit(struct qemud_driver *qemud_drv)
+ {
+     int ret;
+-    const char *doi, *model;
+-    virCapsPtr caps;
+     virSecurityDriverPtr security_drv;
+ 
+     ret = virSecurityDriverStartup(&security_drv,
+@@ -381,36 +412,17 @@ qemudSecurityInit(struct qemud_driver *qemud_drv)
+     }
+ 
+     qemud_drv->securityDriver = security_drv;
+-    doi = virSecurityDriverGetDOI(security_drv);
+-    model = virSecurityDriverGetModel(security_drv);
+ 
+-    VIR_DEBUG("Initialized security driver \"%s\" with "
+-              "DOI \"%s\"", model, doi);
++    VIR_INFO("Initialized security driver %s", security_drv->name);
+ 
+     /*
+      * Add security policy host caps now that the security driver is
+      * initialized.
+      */
+-    caps = qemud_drv->caps;
+-
+-    caps->host.secModel.model = strdup(model);
+-    if (!caps->host.secModel.model) {
+-        char ebuf[1024];
+-        VIR_ERROR(_("Failed to copy secModel model: %s"),
+-                  virStrerror(errno, ebuf, sizeof ebuf));
+-        return -1;
+-    }
++    return qemudSecurityCapsInit(security_drv, qemud_drv->caps);
++}
+ 
+-    caps->host.secModel.doi = strdup(doi);
+-    if (!caps->host.secModel.doi) {
+-        char ebuf[1024];
+-        VIR_ERROR(_("Failed to copy secModel DOI: %s"),
+-                  virStrerror(errno, ebuf, sizeof ebuf));
+-        return -1;
+-    }
+ 
+-    return 0;
+-}
+ 
+ /**
+  * qemudStartup:
+@@ -1852,13 +1864,29 @@ static int qemudGetNodeInfo(virConnectPtr conn,
+ 
+ static char *qemudGetCapabilities(virConnectPtr conn) {
+     struct qemud_driver *driver = conn->privateData;
++    virCapsPtr caps;
+     char *xml = NULL;
+ 
+     qemuDriverLock(driver);
++    if ((caps = qemudCapsInit()) == NULL) {
++        virReportOOMError(conn);
++        goto cleanup;
++    }
++
++    if (qemu_driver->securityDriver &&
++        qemudSecurityCapsInit(qemu_driver->securityDriver, caps) < 0) {
++        virCapabilitiesFree(caps);
++        virReportOOMError(conn);
++        goto cleanup;
++    }
++
+     virCapabilitiesFree(qemu_driver->caps);
+-    if ((qemu_driver->caps = qemudCapsInit()) == NULL ||
+-        (xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
++    qemu_driver->caps = caps;
++
++    if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
+         virReportOOMError(conn);
++
++cleanup:
+     qemuDriverUnlock(driver);
+ 
+     return xml;
+-- 
+1.6.2.5
+

libvirt-0.6.2-fix-nosource-label.patch

@@ -0,0 +1,37 @@
+From 99c018831379f23e65860ad4f3628a6d5f1a7d5a Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 3 Jul 2009 10:29:09 +0000
+Subject: [PATCH] Skip labelling if no src path present
+
+Fixes startup of guest's with sourceless cdrom devices.
+
+Patch from Cole Robinson originally posted here:
+
+  https://bugzilla.redhat.com/499569
+
+but never sent upstream.
+
+(cherry picked from commit 67d0c6eb9410d5101f4820a7286deacb6398afde)
+
+Fedora-patch: libvirt-0.6.2-fix-nosource-label.patch
+---
+ src/security_selinux.c |    3 +++
+ 1 files changed, 3 insertions(+), 0 deletions(-)
+
+diff --git a/src/security_selinux.c b/src/security_selinux.c
+index 95fa0a6..450fce2 100644
+--- a/src/security_selinux.c
++++ b/src/security_selinux.c
+@@ -338,6 +338,9 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
+ {
+     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ 
++    if (!disk->src)
++        return 0;
++
+     if (disk->shared) {
+         return SELinuxSetFilecon(conn, disk->src, default_image_context);
+     } else if (disk->readonly) {
+-- 
+1.6.2.5
+

libvirt-0.6.2-fix-qemu-argv-detection-with-kvm-85.patch

@@ -0,0 +1,85 @@
+From 9f6a5f50aee13575331f79f5d93635f701646eb7 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Mon, 11 May 2009 15:14:24 +0000
+Subject: [PATCH] Fix QEMU ARGV detection with kvm >= 85
+
+(cherry picked from commit 426f9772b84752b4901b72fd382ff6e28e258efd)
+
+Fedora-patch: libvirt-0.6.2-fix-qemu-argv-detection-with-kvm-85.patch
+---
+ src/qemu_conf.c   |   18 ++++++++++++++----
+ src/qemu_driver.c |   12 ++----------
+ 2 files changed, 16 insertions(+), 14 deletions(-)
+
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index 929fe00..3e7e32d 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -431,18 +431,28 @@ int qemudExtractVersionInfo(const char *qemu,
+         return -1;
+ 
+     char *help = NULL;
+-    enum { MAX_HELP_OUTPUT_SIZE = 8192 };
++    enum { MAX_HELP_OUTPUT_SIZE = 1024*64 };
+     int len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, &help);
+-    if (len < 0)
++    if (len < 0) {
++        virReportSystemError(NULL, errno, "%s",
++                             _("Unable to read QEMU help output"));
+         goto cleanup2;
++    }
+ 
+     if (sscanf(help, "QEMU PC emulator version %u.%u.%u (kvm-%u)",
+                &major, &minor, &micro, &kvm_version) != 4)
+         kvm_version = 0;
+ 
+-    if (!kvm_version && sscanf(help, "QEMU PC emulator version %u.%u.%u",
+-               &major, &minor, &micro) != 3)
++    if (!kvm_version &&
++        sscanf(help, "QEMU PC emulator version %u.%u.%u",
++               &major, &minor, &micro) != 3) {
++        char *eol = strchr(help, '\n');
++        if (eol) *eol = '\0';
++        qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
++                         _("cannot parse QEMU version number in '%s'"),
++                         help);
+         goto cleanup2;
++    }
+ 
+     version = (major * 1000 * 1000) + (minor * 1000) + micro;
+ 
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 4752a64..5ca3d20 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1379,12 +1379,8 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+ 
+     if (qemudExtractVersionInfo(emulator,
+                                 NULL,
+-                                &qemuCmdFlags) < 0) {
+-        qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+-                         _("Cannot determine QEMU argv syntax %s"),
+-                         emulator);
++                                &qemuCmdFlags) < 0)
+         goto cleanup;
+-    }
+ 
+     if (qemuPrepareHostDevices(conn, vm->def) < 0)
+         goto cleanup;
+@@ -3606,12 +3602,8 @@ static int qemudDomainChangeEjectableMedia(virConnectPtr conn,
+ 
+     if (qemudExtractVersionInfo(vm->def->emulator,
+                                 NULL,
+-                                &qemuCmdFlags) < 0) {
+-        qemudReportError(conn, dom, NULL, VIR_ERR_INTERNAL_ERROR,
+-                         _("Cannot determine QEMU argv syntax %s"),
+-                         vm->def->emulator);
++                                &qemuCmdFlags) < 0)
+         return -1;
+-    }
+ 
+     if (qemuCmdFlags & QEMUD_CMD_FLAG_DRIVE) {
+         if (!(devname = qemudDiskDeviceName(conn, newdisk)))
+-- 
+1.6.2.5
+

libvirt-0.6.2-hotplug-labelling.patch

@@ -0,0 +1,46 @@
+From 0aac99f8e13dfc74b87986908165ae7f44662153 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Mon, 6 Jul 2009 16:01:55 +0100
+Subject: [PATCH] Fix SELinux denial during hotplug
+
+* src/qemu_driver.c: Relabel disk images *before* running QEMU
+hotplug monitor commands
+
+(cherry picked from commit 1795bfe4a177a5eff1b3b0a16d56df6f371c0f8e)
+
+Fedora-patch: libvirt-0.6.2-hotplug-labelling.patch
+---
+ src/qemu_driver.c |    6 ++++--
+ 1 files changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 5fc21a1..f3661f8 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -3934,10 +3934,14 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
+         switch (dev->data.disk->device) {
+         case VIR_DOMAIN_DISK_DEVICE_CDROM:
+         case VIR_DOMAIN_DISK_DEVICE_FLOPPY:
++            if (driver->securityDriver)
++                driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev->data.disk);
+             ret = qemudDomainChangeEjectableMedia(dom->conn, vm, dev);
+             break;
+ 
+         case VIR_DOMAIN_DISK_DEVICE_DISK:
++            if (driver->securityDriver)
++                driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev->data.disk);
+             if (dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_USB) {
+                 ret = qemudDomainAttachUsbMassstorageDevice(dom->conn, vm, dev);
+             } else if (dev->data.disk->bus == VIR_DOMAIN_DISK_BUS_SCSI ||
+@@ -3949,8 +3953,6 @@ static int qemudDomainAttachDevice(virDomainPtr dom,
+                                  virDomainDiskBusTypeToString(dev->data.disk->bus));
+                 goto cleanup;
+             }
+-            if (driver->securityDriver)
+-                driver->securityDriver->domainSetSecurityImageLabel(dom->conn, vm, dev->data.disk);
+             break;
+ 
+         default:
+-- 
+1.6.2.5
+

libvirt-0.6.2-hotplug-monitor-syntax.patch

@@ -0,0 +1,134 @@
+From ae80f9ec15b03d9d3ab6cfa2d48529b459a64fb2 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Mon, 6 Jul 2009 15:58:55 +0100
+Subject: [PATCH] Fix PCI device hotplug/unplug with newer QEMU
+
+* src/qemu_driver.c: Try new monitor syntax for hotplug first. If
+  that fails fallback to old KVM specific syntax
+
+(cherry picked from commit 326ecb78145cfeb7706ef0dcd521b19d934950e7)
+
+Fedora-patch: libvirt-0.6.2-hotplug-monitor-syntax.patch
+---
+ src/qemu_driver.c |   56 +++++++++++++++++++++++++++++++++++++++-------------
+ 1 files changed, 42 insertions(+), 14 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index f3661f8..8473616 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -3724,6 +3724,7 @@ static int qemudDomainAttachPciDiskDevice(virConnectPtr conn,
+     char *cmd, *reply, *s;
+     char *safe_path;
+     const char* type = virDomainDiskBusTypeToString(dev->data.disk->bus);
++    int tryOldSyntax = 0;
+ 
+     for (i = 0 ; i < vm->def->ndisks ; i++) {
+         if (STREQ(vm->def->disks[i]->dst, dev->data.disk->dst)) {
+@@ -3738,14 +3739,15 @@ static int qemudDomainAttachPciDiskDevice(virConnectPtr conn,
+         return -1;
+     }
+ 
++try_command:
+     safe_path = qemudEscapeMonitorArg(dev->data.disk->src);
+     if (!safe_path) {
+         virReportOOMError(conn);
+         return -1;
+     }
+ 
+-    ret = virAsprintf(&cmd, "pci_add 0 storage file=%s,if=%s",
+-                      safe_path, type);
++    ret = virAsprintf(&cmd, "pci_add %s storage file=%s,if=%s",
++                      (tryOldSyntax ? "0": "pci_addr=auto"), safe_path, type);
+     VIR_FREE(safe_path);
+     if (ret == -1) {
+         virReportOOMError(conn);
+@@ -3761,17 +3763,27 @@ static int qemudDomainAttachPciDiskDevice(virConnectPtr conn,
+ 
+     DEBUG ("%s: pci_add reply: %s", vm->def->name, reply);
+     /* If the command succeeds qemu prints:
+-     * OK bus 0... */
+-#define PCI_ATTACH_OK_MSG "OK bus 0, slot "
+-    if ((s=strstr(reply, PCI_ATTACH_OK_MSG))) {
+-        char* dummy = s;
+-        s += strlen(PCI_ATTACH_OK_MSG);
++     * OK bus 0, slot XXX...
++     * or
++     * OK domain 0, bus 0, slot XXX
++     */
++    if ((s = strstr(reply, "OK ")) &&
++        (s = strstr(s, "slot "))) {
++        char *dummy = s;
++        s += strlen("slot ");
+ 
+         if (virStrToLong_i ((const char*)s, &dummy, 10, &dev->data.disk->slotnum) == -1)
+             VIR_WARN("%s", _("Unable to parse slot number\n"));
++        /* XXX not neccessarily always going to end up in domain 0 / bus 0 :-( */
++        /* XXX this slotnum is not persistant across restarts :-( */
++    } else if (!tryOldSyntax && strstr(reply, "invalid char in expression")) {
++        VIR_FREE(reply);
++        VIR_FREE(cmd);
++        tryOldSyntax = 1;
++        goto try_command;
+     } else {
+         qemudReportError (conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
+-                          _("adding %s disk failed"), type);
++                          _("adding %s disk failed: %s"), type, reply);
+         VIR_FREE(reply);
+         VIR_FREE(cmd);
+         return -1;
+@@ -3990,6 +4002,7 @@ static int qemudDomainDetachPciDiskDevice(virConnectPtr conn,
+     char *cmd = NULL;
+     char *reply = NULL;
+     virDomainDiskDefPtr detach = NULL;
++    int tryOldSyntax = 0;
+ 
+     for (i = 0 ; i < vm->def->ndisks ; i++) {
+         if (STREQ(vm->def->disks[i]->dst, dev->data.disk->dst)) {
+@@ -4011,9 +4024,17 @@ static int qemudDomainDetachPciDiskDevice(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
+-    if (virAsprintf(&cmd, "pci_del 0 %d", detach->slotnum) < 0) {
+-        virReportOOMError(conn);
+-        goto cleanup;
++try_command:
++    if (tryOldSyntax) {
++        if (virAsprintf(&cmd, "pci_del 0 %d", detach->slotnum) < 0) {
++            virReportOOMError(conn);
++            goto cleanup;
++        }
++    } else {
++        if (virAsprintf(&cmd, "pci_del pci_addr=0:0:%d", detach->slotnum) < 0) {
++            virReportOOMError(conn);
++            goto cleanup;
++        }
+     }
+ 
+     if (qemudMonitorCommand(vm, cmd, &reply) < 0) {
+@@ -4023,12 +4044,19 @@ static int qemudDomainDetachPciDiskDevice(virConnectPtr conn,
+     }
+ 
+     DEBUG ("%s: pci_del reply: %s",vm->def->name,  reply);
++
++    if (!tryOldSyntax &&
++        strstr(reply, "extraneous characters")) {
++        tryOldSyntax = 1;
++        goto try_command;
++    }
+     /* If the command fails due to a wrong slot qemu prints: invalid slot,
+      * nothing is printed on success */
+-    if (strstr(reply, "invalid slot")) {
++    if (strstr(reply, "invalid slot") ||
++        strstr(reply, "Invalid pci address")) {
+         qemudReportError (conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+-                          _("failed to detach disk %s: invalid slot %d"),
+-                          detach->dst, detach->slotnum);
++                          _("failed to detach disk %s: invalid slot %d: %s"),
++                          detach->dst, detach->slotnum, reply);
+         goto cleanup;
+     }
+ 
+-- 
+1.6.2.5
+

libvirt-0.6.2-libvirtd-double-free.patch

@@ -0,0 +1,57 @@
+From 2c42e4c96efd390fa7a6957692a5863d30a10828 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Fri, 29 May 2009 14:34:35 +0000
+Subject: [PATCH] Avoid double-free in daemon client cleanup code
+
+(cherry picked from commit 6c3ef350649b959215cfc5ccfdaba35bf9560066)
+
+Fedora-patch: libvirt-0.6.2-libvirtd-double-free.patch
+---
+ qemud/qemud.c |   22 +++++++++++++++++-----
+ 1 files changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/qemud/qemud.c b/qemud/qemud.c
+index 4f04355..e299a67 100644
+--- a/qemud/qemud.c
++++ b/qemud/qemud.c
+@@ -1397,7 +1397,10 @@ static int qemudDispatchServer(struct qemud_server *server, struct qemud_socket
+  * jobs have finished, then clean it up elsehwere
+  */
+ void qemudDispatchClientFailure(struct qemud_client *client) {
+-    virEventRemoveHandleImpl(client->watch);
++    if (client->watch != -1) {
++        virEventRemoveHandleImpl(client->watch);
++        client->watch = -1;
++    }
+ 
+     /* Deregister event delivery callback */
+     if(client->conn) {
+@@ -1406,12 +1409,21 @@ void qemudDispatchClientFailure(struct qemud_client *client) {
+     }
+ 
+ #if HAVE_SASL
+-    if (client->saslconn) sasl_dispose(&client->saslconn);
++    if (client->saslconn) {
++        sasl_dispose(&client->saslconn);
++        client->saslconn = NULL;
++    }
+     free(client->saslUsername);
++    client->saslUsername = NULL;
+ #endif
+-    if (client->tlssession) gnutls_deinit (client->tlssession);
+-    close(client->fd);
+-    client->fd = -1;
++    if (client->tlssession) {
++        gnutls_deinit (client->tlssession);
++        client->tlssession = NULL;
++    }
++    if (client->fd != -1) {
++        close(client->fd);
++        client->fd = -1;
++    }
+ }
+ 
+ 
+-- 
+1.6.2.5
+

libvirt-0.6.2-monitor-prompt-discard.patch

@@ -0,0 +1,60 @@
+From eb2fad7e94ba9bf48787e24542931688b9926ca1 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Mon, 6 Jul 2009 15:45:04 +0100
+Subject: [PATCH] Fix problem with QEMU monitor welcome prompt confusing libvirt after a libvirtd daemon restart with active guests
+
+* src/qemu_driver: Read and dicard pending monitor data
+  before issuing new monitor commands.
+
+(cherry picked from commit 2d1f2e706c8b13571e1227df1c69b2302da35d5a)
+
+Fedora-patch: libvirt-0.6.2-monitor-prompt-discard.patch
+---
+ src/qemu_driver.c |   24 ++++++++++++++++++++++++
+ 1 files changed, 24 insertions(+), 0 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 3d3675c..5fc21a1 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1636,6 +1636,28 @@ cleanup:
+     qemuDriverUnlock(driver);
+ }
+ 
++
++/* Throw away any data available on the monitor
++ * This is done before executing a command, in order
++ * to allow re-synchronization if something went badly
++ * wrong in the past. it also deals with problem of
++ * QEMU *sometimes* re-printing its initial greeting
++ * when we reconnect to the monitor after restarts.
++ */
++static void
++qemuMonitorDiscardPendingData(virDomainObjPtr vm) {
++    char buf[1024];
++    int ret = 0;
++
++    /* Monitor is non-blocking, so just loop till we
++     * get -1 or 0. Don't bother with detecting
++     * errors, since we'll deal with that better later */
++    do {
++        ret = read(vm->monitor, buf, sizeof (buf)-1);
++    } while (ret > 0);
++}
++
++
+ static int
+ qemudMonitorCommandExtra(const virDomainObjPtr vm,
+                          const char *cmd,
+@@ -1647,6 +1669,8 @@ qemudMonitorCommandExtra(const virDomainObjPtr vm,
+     size_t cmdlen = strlen(cmd);
+     size_t extralen = extra ? strlen(extra) : 0;
+ 
++    qemuMonitorDiscardPendingData(vm);
++
+     if (safewrite(vm->monitor, cmd, cmdlen) != cmdlen)
+         return -1;
+     if (safewrite(vm->monitor, "\r", 1) != 1)
+-- 
+1.6.2.5
+

libvirt-0.6.2-numa-ignore-fail.patch

@@ -0,0 +1,159 @@
+From 3cf2f90a4747547f9877b15c1f573f8a771098e8 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Mon, 29 Jun 2009 10:41:56 +0000
+Subject: [PATCH] Fix crash in QEMU driver with bad capabilities data
+
+(cherry picked from commit 39c7e7a6b79bbdfa36928a430d56fa88a204e8fd)
+
+Fedora-patch: libvirt-0.6.2-numa-ignore-fail.patch
+---
+ src/capabilities.c       |   16 +++++++++++++---
+ src/capabilities.h       |    3 +++
+ src/libvirt_private.syms |    1 +
+ src/lxc_conf.c           |   11 +++++++++--
+ src/qemu_conf.c          |   10 ++++++++--
+ src/uml_conf.c           |   11 +++++++++--
+ 6 files changed, 43 insertions(+), 9 deletions(-)
+
+diff --git a/src/capabilities.c b/src/capabilities.c
+index d6e3478..8dc32a1 100644
+--- a/src/capabilities.c
++++ b/src/capabilities.c
+@@ -122,6 +122,18 @@ virCapabilitiesFreeGuest(virCapsGuestPtr guest)
+ }
+ 
+ 
++void
++virCapabilitiesFreeNUMAInfo(virCapsPtr caps)
++{
++    int i;
++
++    for (i = 0 ; i < caps->host.nnumaCell ; i++)
++        virCapabilitiesFreeHostNUMACell(caps->host.numaCell[i]);
++    VIR_FREE(caps->host.numaCell);
++    caps->host.nnumaCell = 0;
++}
++
++
+ /**
+  * virCapabilitiesFree:
+  * @caps: object to free
+@@ -141,9 +153,7 @@ virCapabilitiesFree(virCapsPtr caps) {
+     for (i = 0 ; i < caps->host.nfeatures ; i++)
+         VIR_FREE(caps->host.features[i]);
+     VIR_FREE(caps->host.features);
+-    for (i = 0 ; i < caps->host.nnumaCell ; i++)
+-        virCapabilitiesFreeHostNUMACell(caps->host.numaCell[i]);
+-    VIR_FREE(caps->host.numaCell);
++    virCapabilitiesFreeNUMAInfo(caps);
+ 
+     for (i = 0 ; i < caps->host.nmigrateTrans ; i++)
+         VIR_FREE(caps->host.migrateTrans[i]);
+diff --git a/src/capabilities.h b/src/capabilities.h
+index 5b0bbab..1b49666 100644
+--- a/src/capabilities.h
++++ b/src/capabilities.h
+@@ -118,6 +118,9 @@ extern void
+ virCapabilitiesFree(virCapsPtr caps);
+ 
+ extern void
++virCapabilitiesFreeNUMAInfo(virCapsPtr caps);
++
++extern void
+ virCapabilitiesSetMacPrefix(virCapsPtr caps,
+                             unsigned char *prefix);
+ 
+diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
+index 350a931..9249a1a 100644
+--- a/src/libvirt_private.syms
++++ b/src/libvirt_private.syms
+@@ -24,6 +24,7 @@ virCapabilitiesDefaultGuestEmulator;
+ virCapabilitiesDefaultGuestMachine;
+ virCapabilitiesFormatXML;
+ virCapabilitiesFree;
++virCapabilitiesFreeNUMAInfo;
+ virCapabilitiesNew;
+ virCapabilitiesSetMacPrefix;
+ virCapabilitiesGenerateMac;
+diff --git a/src/lxc_conf.c b/src/lxc_conf.c
+index 34c8aea..fe721e3 100644
+--- a/src/lxc_conf.c
++++ b/src/lxc_conf.c
+@@ -30,6 +30,7 @@
+ #include "lxc_conf.h"
+ #include "nodeinfo.h"
+ #include "virterror_internal.h"
++#include "logging.h"
+ 
+ #define VIR_FROM_THIS VIR_FROM_LXC
+ 
+@@ -46,8 +47,14 @@ virCapsPtr lxcCapsInit(void)
+                                    0, 0)) == NULL)
+         goto no_memory;
+ 
+-    if (virCapsInitNUMA(caps) < 0)
+-        goto no_memory;
++    /* Some machines have problematic NUMA toplogy causing
++     * unexpected failures. We don't want to break the QEMU
++     * driver in this scenario, so log errors & carry on
++     */
++    if (virCapsInitNUMA(caps) < 0) {
++        virCapabilitiesFreeNUMAInfo(caps);
++        VIR_WARN0("Failed to query host NUMA topology, disabling NUMA capabilities");
++    }
+ 
+     /* XXX shouldn't 'borrow' KVM's prefix */
+     virCapabilitiesSetMacPrefix(caps, (unsigned char []){ 0x52, 0x54, 0x00 });
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index 99f13c6..1194e36 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -376,8 +376,14 @@ virCapsPtr qemudCapsInit(void) {
+     /* Using KVM's mac prefix for QEMU too */
+     virCapabilitiesSetMacPrefix(caps, (unsigned char[]){ 0x52, 0x54, 0x00 });
+ 
+-    if (virCapsInitNUMA(caps) < 0)
+-        goto no_memory;
++    /* Some machines have problematic NUMA toplogy causing
++     * unexpected failures. We don't want to break the QEMU
++     * driver in this scenario, so log errors & carry on
++     */
++    if (virCapsInitNUMA(caps) < 0) {
++        virCapabilitiesFreeNUMAInfo(caps);
++        VIR_WARN0("Failed to query host NUMA topology, disabling NUMA capabilities");
++    }
+ 
+     /* First the pure HVM guests */
+     for (i = 0 ; i < ARRAY_CARDINALITY(arch_info_hvm) ; i++)
+diff --git a/src/uml_conf.c b/src/uml_conf.c
+index c0d086e..9dd4967 100644
+--- a/src/uml_conf.c
++++ b/src/uml_conf.c
+@@ -44,6 +44,7 @@
+ #include "memory.h"
+ #include "nodeinfo.h"
+ #include "verify.h"
++#include "logging.h"
+ 
+ #define VIR_FROM_THIS VIR_FROM_UML
+ 
+@@ -62,8 +63,14 @@ virCapsPtr umlCapsInit(void) {
+                                    0, 0)) == NULL)
+         goto no_memory;
+ 
+-    if (virCapsInitNUMA(caps) < 0)
+-        goto no_memory;
++    /* Some machines have problematic NUMA toplogy causing
++     * unexpected failures. We don't want to break the QEMU
++     * driver in this scenario, so log errors & carry on
++     */
++    if (virCapsInitNUMA(caps) < 0) {
++        virCapabilitiesFreeNUMAInfo(caps);
++        VIR_WARN0("Failed to query host NUMA topology, disabling NUMA capabilities");
++    }
+ 
+     if ((guest = virCapabilitiesAddGuest(caps,
+                                          "uml",
+-- 
+1.6.2.5
+

libvirt-0.6.2-pci-device-crash.patch

@@ -0,0 +1,31 @@
+From d5d67ea357d92759d4a9ecb213e577835f961eed Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Thu, 16 Jul 2009 13:23:32 +0100
+Subject: [PATCH] Fix free of unitialized data upon PCI open fail
+
+(cherry picked from commit 4a7acedd3c59a6a750576cb8680bc3f08fe0b52c)
+
+Fedora-patch: libvirt-0.6.2-pci-device-crash.patch
+---
+ src/pci.c |    4 +---
+ 1 files changed, 1 insertions(+), 3 deletions(-)
+
+diff --git a/src/pci.c b/src/pci.c
+index ed64d68..68a380d 100644
+--- a/src/pci.c
++++ b/src/pci.c
+@@ -829,10 +829,8 @@ pciReadDeviceID(pciDevice *dev, const char *id_name)
+              dev->name, id_name);
+ 
+     /* ID string is '0xNNNN\n' ... i.e. 7 bytes */
+-    if (virFileReadAll(path, 7, &id_str) < 7) {
+-        VIR_FREE(id_str);
++    if (virFileReadAll(path, 7, &id_str) < 0)
+         return NULL;
+-    }
+ 
+     /* Check for 0x suffix */
+     if (id_str[0] != '0' || id_str[1] != 'x') {
+-- 
+1.6.2.5
+

libvirt-0.6.2-qemu-drive-format.patch

@@ -0,0 +1,31 @@
+From bf7b58a2471a07111f8022c0176f45ee5dc5fe71 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Thu, 16 Apr 2009 14:21:35 +0000
+Subject: [PATCH] qemu -drive takes format= not fmt=
+
+Seems like a simple typo - it has been "format=" since the flag
+was introduced, but we added it as "fmt=".
+
+(cherry picked from commit 9fa79000ecc883c699a6cb1ce7f00c34881bc8fe)
+
+Fedora-patch: libvirt-0.6.2-qemu-drive-format.patch
+---
+ src/qemu_conf.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index f36c927..6f9e610 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -1135,7 +1135,7 @@ int qemudBuildCommandLine(virConnectPtr conn,
+                 disk->device == VIR_DOMAIN_DISK_DEVICE_DISK)
+                 virBufferAddLit(&opt, ",boot=on");
+             if (disk->driverType)
+-                virBufferVSprintf(&opt, ",fmt=%s", disk->driverType);
++                virBufferVSprintf(&opt, ",format=%s", disk->driverType);
+ 
+             if (disk->cachemode) {
+                 const char *mode =
+-- 
+1.6.2.5
+

libvirt-0.6.2-qemu-name-uniqueness.patch

@@ -0,0 +1,176 @@
+From 1f1a0ca63c5492c7d41a0cdbd452a2743f314ebc Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Fri, 8 May 2009 10:11:14 +0000
+Subject: [PATCH] Improve name & UUID uniqueness checking in QEMU driver
+
+(cherry picked from commit 54ebbde1e18ec831ff2fddb44ec27ed5dde7874a)
+
+Fedora-patch: libvirt-0.6.2-qemu-name-uniqueness.patch
+---
+ src/qemu_driver.c |  103 ++++++++++++++++++++++++++++++++++++++++++----------
+ 1 files changed, 83 insertions(+), 20 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 8473616..dfd19c5 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -2174,22 +2174,37 @@ static virDomainPtr qemudDomainCreate(virConnectPtr conn, const char *xml,
+     if (virSecurityDriverVerify(conn, def) < 0)
+         goto cleanup;
+ 
+-    vm = virDomainFindByName(&driver->domains, def->name);
+-    if (vm) {
+-        qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+-                         _("domain '%s' is already defined"),
+-                         def->name);
+-        goto cleanup;
+-    }
++    /* See if a VM with matching UUID already exists */
+     vm = virDomainFindByUUID(&driver->domains, def->uuid);
+     if (vm) {
+-        char uuidstr[VIR_UUID_STRING_BUFLEN];
++        /* UUID matches, but if names don't match, refuse it */
++        if (STRNEQ(vm->def->name, def->name)) {
++            char uuidstr[VIR_UUID_STRING_BUFLEN];
++            virUUIDFormat(vm->def->uuid, uuidstr);
++            qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
++                             _("domain '%s' is already defined with uuid %s"),
++                             vm->def->name, uuidstr);
++            goto cleanup;
++        }
+ 
+-        virUUIDFormat(def->uuid, uuidstr);
+-        qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+-                         _("domain with uuid '%s' is already defined"),
+-                         uuidstr);
+-        goto cleanup;
++        /* UUID & name match, but if VM is already active, refuse it */
++        if (virDomainIsActive(vm)) {
++            qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
++                             _("domain is already active as '%s'"), vm->def->name);
++            goto cleanup;
++        }
++        virDomainObjUnlock(vm);
++    } else {
++        /* UUID does not match, but if a name matches, refuse it */
++        vm = virDomainFindByName(&driver->domains, def->name);
++        if (vm) {
++            char uuidstr[VIR_UUID_STRING_BUFLEN];
++            virUUIDFormat(vm->def->uuid, uuidstr);
++            qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
++                             _("domain '%s' is already defined with uuid %s"),
++                             def->name, uuidstr);
++            goto cleanup;
++        }
+     }
+ 
+     if (!(vm = virDomainAssignDef(conn,
+@@ -2368,6 +2383,11 @@ static int qemudDomainDestroy(virDomainPtr dom) {
+                          _("no domain with matching id %d"), dom->id);
+         goto cleanup;
+     }
++    if (!virDomainIsActive(vm)) {
++        qemudReportError(dom->conn, dom, NULL, VIR_ERR_OPERATION_FAILED,
++                         "%s", _("domain is not running"));
++        goto cleanup;
++    }
+ 
+     qemudShutdownVMDaemon(dom->conn, driver, vm);
+     event = virDomainEventNewFromObj(vm,
+@@ -3272,17 +3292,36 @@ static int qemudDomainRestore(virConnectPtr conn,
+         goto cleanup;
+     }
+ 
+-    /* Ensure the name and UUID don't already exist in an active VM */
++    /* See if a VM with matching UUID already exists */
+     vm = virDomainFindByUUID(&driver->domains, def->uuid);
+-    if (!vm)
+-        vm = virDomainFindByName(&driver->domains, def->name);
+     if (vm) {
++        /* UUID matches, but if names don't match, refuse it */
++        if (STRNEQ(vm->def->name, def->name)) {
++            char uuidstr[VIR_UUID_STRING_BUFLEN];
++            virUUIDFormat(vm->def->uuid, uuidstr);
++            qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
++                             _("domain '%s' is already defined with uuid %s"),
++                             vm->def->name, uuidstr);
++            goto cleanup;
++        }
++
++        /* UUID & name match, but if VM is already active, refuse it */
+         if (virDomainIsActive(vm)) {
+             qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
+                              _("domain is already active as '%s'"), vm->def->name);
+             goto cleanup;
+-        } else {
+-            virDomainObjUnlock(vm);
++        }
++        virDomainObjUnlock(vm);
++    } else {
++        /* UUID does not match, but if a name matches, refuse it */
++        vm = virDomainFindByName(&driver->domains, def->name);
++        if (vm) {
++            char uuidstr[VIR_UUID_STRING_BUFLEN];
++            virUUIDFormat(vm->def->uuid, uuidstr);
++            qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
++                             _("domain '%s' is already defined with uuid %s"),
++                             def->name, uuidstr);
++            goto cleanup;
+         }
+     }
+ 
+@@ -3470,18 +3509,41 @@ static virDomainPtr qemudDomainDefine(virConnectPtr conn, const char *xml) {
+     if (virSecurityDriverVerify(conn, def) < 0)
+         goto cleanup;
+ 
+-    vm = virDomainFindByName(&driver->domains, def->name);
++    /* See if a VM with matching UUID already exists */
++    vm = virDomainFindByUUID(&driver->domains, def->uuid);
+     if (vm) {
++        /* UUID matches, but if names don't match, refuse it */
++        if (STRNEQ(vm->def->name, def->name)) {
++            char uuidstr[VIR_UUID_STRING_BUFLEN];
++            virUUIDFormat(vm->def->uuid, uuidstr);
++            qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
++                             _("domain '%s' is already defined with uuid %s"),
++                             vm->def->name, uuidstr);
++            goto cleanup;
++        }
++
++        /* UUID & name match */
+         virDomainObjUnlock(vm);
+         newVM = 0;
++    } else {
++        /* UUID does not match, but if a name matches, refuse it */
++        vm = virDomainFindByName(&driver->domains, def->name);
++        if (vm) {
++            char uuidstr[VIR_UUID_STRING_BUFLEN];
++            virUUIDFormat(vm->def->uuid, uuidstr);
++            qemudReportError(conn, NULL, NULL, VIR_ERR_OPERATION_FAILED,
++                             _("domain '%s' is already defined with uuid %s"),
++                             def->name, uuidstr);
++            goto cleanup;
++        }
+     }
+ 
+     if (!(vm = virDomainAssignDef(conn,
+                                   &driver->domains,
+                                   def))) {
+-        virDomainDefFree(def);
+         goto cleanup;
+     }
++    def = NULL;
+     vm->persistent = 1;
+ 
+     if (virDomainSaveConfig(conn,
+@@ -3503,6 +3565,7 @@ static virDomainPtr qemudDomainDefine(virConnectPtr conn, const char *xml) {
+     if (dom) dom->id = vm->def->id;
+ 
+ cleanup:
++    virDomainDefFree(def);
+     if (vm)
+         virDomainObjUnlock(vm);
+     if (event)
+-- 
+1.6.2.5
+

libvirt-0.6.2-qemu-ppc-machine-type.patch

@@ -0,0 +1,56 @@
+From 5c1ff776a3194bcc5d593aedd36cd676f1fcab64 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 29 May 2009 13:32:06 +0000
+Subject: [PATCH] PPC Qemu Machine Type update * src/qemu_conf.c docs/schemas/domain.rng tests/capabilityschemadata/caps-qemu-kvm.xml: PPC Qemu Machine Type changed from g3bw to g3beige some time ago, patch by Thomas Baker
+
+(cherry picked from commit 525c3d40a97a1ccce7c4dc314d2dd9e780b50d41)
+
+Fedora-patch: libvirt-0.6.2-qemu-ppc-machine-type.patch
+---
+ docs/schemas/domain.rng                      |    2 +-
+ src/qemu_conf.c                              |    2 +-
+ tests/capabilityschemadata/caps-qemu-kvm.xml |    2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/docs/schemas/domain.rng b/docs/schemas/domain.rng
+index 2f784e1..b29079a 100644
+--- a/docs/schemas/domain.rng
++++ b/docs/schemas/domain.rng
+@@ -184,7 +184,7 @@
+       </attribute>
+       <attribute name="machine">
+         <choice>
+-          <value>g3bw</value>
++          <value>g3beige</value>
+           <value>mac99</value>
+           <value>prep</value>
+         </choice>
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index 3e7e32d..fc0e772 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -192,7 +192,7 @@ static const char *const arch_info_hvm_sparc_machines[] = {
+     "sun4m"
+ };
+ static const char *const arch_info_hvm_ppc_machines[] = {
+-    "g3bw", "mac99", "prep"
++    "g3beige", "mac99", "prep"
+ };
+ 
+ static const char *const arch_info_xen_x86_machines[] = {
+diff --git a/tests/capabilityschemadata/caps-qemu-kvm.xml b/tests/capabilityschemadata/caps-qemu-kvm.xml
+index fd8523e..893f9ed 100644
+--- a/tests/capabilityschemadata/caps-qemu-kvm.xml
++++ b/tests/capabilityschemadata/caps-qemu-kvm.xml
+@@ -81,7 +81,7 @@
+     <arch name='ppc'>
+       <wordsize>32</wordsize>
+       <emulator>/usr/bin/qemu-system-ppc</emulator>
+-      <machine>g3bw</machine>
++      <machine>g3beige</machine>
+       <machine>mac99</machine>
+       <machine>prep</machine>
+       <domain type='qemu'>
+-- 
+1.6.2.5
+

libvirt-0.6.2-refactor-qemu-version-parsing.patch

@@ -0,0 +1,224 @@
+From 266df161bfd87220bac68918613a2ce9323c8238 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Thu, 11 Jun 2009 14:12:30 +0000
+Subject: [PATCH] Re-factor qemu version parsing
+
+This patch is purely re-factoring without any functional changes
+to make way for the next patch.
+
+The main thing achieved by the refactoring is that we now have
+easier access to the parenthesised string that KVM folks seem
+to delight in changing.
+
+(cherry picked from commit 56ecebf22dd5a235503028e20bf936229037664b)
+
+Signed-off-by: Mark McLoughlin <markmc@redhat.com>
+Fedora-patch: libvirt-0.6.2-refactor-qemu-version-parsing.patch
+---
+ src/qemu_conf.c |  174 +++++++++++++++++++++++++++++++++++++++----------------
+ 1 files changed, 123 insertions(+), 51 deletions(-)
+
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index 1194e36..e488d74 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -414,54 +414,12 @@ virCapsPtr qemudCapsInit(void) {
+     return NULL;
+ }
+ 
+-
+-int qemudExtractVersionInfo(const char *qemu,
+-                            unsigned int *retversion,
+-                            unsigned int *retflags) {
+-    const char *const qemuarg[] = { qemu, "-help", NULL };
+-    const char *const qemuenv[] = { "LC_ALL=C", NULL };
+-    pid_t child;
+-    int newstdout = -1;
+-    int ret = -1, status;
+-    unsigned int major, minor, micro;
+-    unsigned int version, kvm_version;
++static unsigned int qemudComputeCmdFlags(const char *help,
++                                         unsigned int version,
++                                         unsigned int kvm_version)
++{
+     unsigned int flags = 0;
+ 
+-    if (retflags)
+-        *retflags = 0;
+-    if (retversion)
+-        *retversion = 0;
+-
+-    if (virExec(NULL, qemuarg, qemuenv, NULL,
+-                &child, -1, &newstdout, NULL, VIR_EXEC_NONE) < 0)
+-        return -1;
+-
+-    char *help = NULL;
+-    enum { MAX_HELP_OUTPUT_SIZE = 1024*64 };
+-    int len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, &help);
+-    if (len < 0) {
+-        virReportSystemError(NULL, errno, "%s",
+-                             _("Unable to read QEMU help output"));
+-        goto cleanup2;
+-    }
+-
+-    if (sscanf(help, "QEMU PC emulator version %u.%u.%u (kvm-%u)",
+-               &major, &minor, &micro, &kvm_version) != 4)
+-        kvm_version = 0;
+-
+-    if (!kvm_version &&
+-        sscanf(help, "QEMU PC emulator version %u.%u.%u",
+-               &major, &minor, &micro) != 3) {
+-        char *eol = strchr(help, '\n');
+-        if (eol) *eol = '\0';
+-        qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+-                         _("cannot parse QEMU version number in '%s'"),
+-                         help);
+-        goto cleanup2;
+-    }
+-
+-    version = (major * 1000 * 1000) + (minor * 1000) + micro;
+-
+     if (strstr(help, "-no-kqemu"))
+         flags |= QEMUD_CMD_FLAG_KQEMU;
+     if (strstr(help, "-no-kvm"))
+@@ -507,6 +465,125 @@ int qemudExtractVersionInfo(const char *qemu,
+         flags |= QEMUD_CMD_FLAG_MIGRATE_QEMU_EXEC;
+     }
+ 
++    return flags;
++}
++
++/* We parse the output of 'qemu -help' to get the QEMU
++ * version number. The first bit is easy, just parse
++ * 'QEMU PC emulator version x.y.z'.
++ *
++ * With qemu-kvm, however, that is followed by a kvm-XX
++ * string in parenthesis.
++ */
++#define QEMU_VERSION_STR    "QEMU PC emulator version"
++#define KVM_VER_PREFIX      "(kvm-"
++
++#define SKIP_BLANKS(p) do { while ((*(p) == ' ') || (*(p) == '\t')) (p)++; } while (0)
++
++static int qemudParseHelpStr(const char *help,
++                             unsigned int *flags,
++                             unsigned int *version,
++                             unsigned int *kvm_version)
++{
++    unsigned major, minor, micro;
++    const char *p = help;
++
++    *flags = *version = *kvm_version = 0;
++
++    if (!STRPREFIX(p, QEMU_VERSION_STR))
++        goto fail;
++
++    p += strlen(QEMU_VERSION_STR);
++
++    SKIP_BLANKS(p);
++
++    major = virParseNumber(&p);
++    if (major == -1 || *p != '.')
++        goto fail;
++
++    ++p;
++
++    minor = virParseNumber(&p);
++    if (major == -1 || *p != '.')
++        goto fail;
++
++    ++p;
++
++    micro = virParseNumber(&p);
++    if (major == -1)
++        goto fail;
++
++    SKIP_BLANKS(p);
++
++    if (STRPREFIX(p, KVM_VER_PREFIX)) {
++        int ret;
++
++        p += strlen(KVM_VER_PREFIX);
++
++        ret = virParseNumber(&p);
++        if (ret == -1)
++            goto fail;
++
++        *kvm_version = ret;
++    }
++
++    *version = (major * 1000 * 1000) + (minor * 1000) + micro;
++
++    *flags = qemudComputeCmdFlags(help, *version, *kvm_version);
++
++    qemudDebug("Version %u.%u.%u, cooked version %u, flags %u",
++               major, minor, micro, *version, *flags);
++    if (*kvm_version)
++        qemudDebug("KVM version %u detected", *kvm_version);
++
++    return 0;
++
++fail:
++    p = strchr(help, '\n');
++    if (p)
++        p = strndup(help, p - help);
++
++    qemudReportError(NULL, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
++                     _("cannot parse QEMU version number in '%s'"),
++                     p ? p : help);
++
++    VIR_FREE(p);
++
++    return -1;
++}
++
++int qemudExtractVersionInfo(const char *qemu,
++                            unsigned int *retversion,
++                            unsigned int *retflags) {
++    const char *const qemuarg[] = { qemu, "-help", NULL };
++    const char *const qemuenv[] = { "LC_ALL=C", NULL };
++    pid_t child;
++    int newstdout = -1;
++    int ret = -1, status;
++    unsigned int version, kvm_version;
++    unsigned int flags = 0;
++
++    if (retflags)
++        *retflags = 0;
++    if (retversion)
++        *retversion = 0;
++
++    if (virExec(NULL, qemuarg, qemuenv, NULL,
++                &child, -1, &newstdout, NULL, VIR_EXEC_NONE) < 0)
++        return -1;
++
++    char *help = NULL;
++    enum { MAX_HELP_OUTPUT_SIZE = 1024*64 };
++    int len = virFileReadLimFD(newstdout, MAX_HELP_OUTPUT_SIZE, &help);
++    if (len < 0) {
++        virReportSystemError(NULL, errno, "%s",
++                             _("Unable to read QEMU help output"));
++        goto cleanup2;
++    }
++
++    if (qemudParseHelpStr(help, &flags, &version, &kvm_version) == -1)
++        goto cleanup2;
++
+     if (retversion)
+         *retversion = version;
+     if (retflags)
+@@ -514,11 +591,6 @@ int qemudExtractVersionInfo(const char *qemu,
+ 
+     ret = 0;
+ 
+-    qemudDebug("Version %d %d %d  Cooked version: %d, with flags ? %d",
+-               major, minor, micro, version, flags);
+-    if (kvm_version)
+-        qemudDebug("KVM version %d detected", kvm_version);
+-
+ cleanup2:
+     VIR_FREE(help);
+     if (close(newstdout) < 0)
+-- 
+1.6.2.5
+

libvirt-0.6.2-shared-readonly-label.patch

@@ -0,0 +1,100 @@
+From 36cf92efa2b22f275bdc56411d9704e530cdb3fa Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 3 Jul 2009 10:26:37 +0000
+Subject: [PATCH] Re-label shared and readonly images
+
+This patch was posted ages ago here:
+
+  https://bugzilla.redhat.com/493692
+
+But was never posted upstream AFAICT.
+
+Patch from Dan Berrange
+
+(cherry picked from commit 547147084d03ebf30d09d242a5a721a4df664ffe)
+
+Fedora-patch: libvirt-0.6.2-shared-readonly-label.patch
+---
+ src/security_selinux.c |   26 +++++++++++++++++++-------
+ 1 files changed, 19 insertions(+), 7 deletions(-)
+
+diff --git a/src/security_selinux.c b/src/security_selinux.c
+index ac317d7..95fa0a6 100644
+--- a/src/security_selinux.c
++++ b/src/security_selinux.c
+@@ -24,11 +24,12 @@
+ #include "virterror_internal.h"
+ #include "util.h"
+ #include "memory.h"
+-
++#include "logging.h"
+ 
+ #define VIR_FROM_THIS VIR_FROM_SECURITY
+ 
+ static char default_domain_context[1024];
++static char default_content_context[1024];
+ static char default_image_context[1024];
+ #define SECURITY_SELINUX_VOID_DOI       "0"
+ #define SECURITY_SELINUX_NAME "selinux"
+@@ -148,8 +149,13 @@ SELinuxInitialize(virConnectPtr conn)
+     close(fd);
+ 
+     ptr = strchrnul(default_image_context, '\n');
+-    *ptr = '\0';
+-
++    if (*ptr == '\n') {
++        *ptr = '\0';
++        strcpy(default_content_context, ptr+1);
++        ptr = strchrnul(default_content_context, '\n');
++        if (*ptr == '\n')
++            *ptr = '\0';
++    }
+     return 0;
+ }
+ 
+@@ -275,6 +281,8 @@ SELinuxSetFilecon(virConnectPtr conn, const char *path, char *tcon)
+ {
+     char ebuf[1024];
+ 
++    VIR_INFO("Setting SELinux context on '%s' to '%s'", path, tcon);
++
+     if(setfilecon(path, tcon) < 0) {
+         virSecurityReportError(conn, VIR_ERR_ERROR,
+                                _("%s: unable to set security context "
+@@ -299,6 +307,8 @@ SELinuxRestoreSecurityImageLabel(virConnectPtr conn,
+     char *newpath = NULL;
+     const char *path = disk->src;
+ 
++    /* Don't restore labels on readoly/shared disks, because
++     * other VMs may still be accessing these */
+     if (disk->readonly || disk->shared)
+         return 0;
+ 
+@@ -328,8 +338,13 @@ SELinuxSetSecurityImageLabel(virConnectPtr conn,
+ {
+     const virSecurityLabelDefPtr secdef = &vm->def->seclabel;
+ 
+-    if (secdef->imagelabel)
++    if (disk->shared) {
++        return SELinuxSetFilecon(conn, disk->src, default_image_context);
++    } else if (disk->readonly) {
++        return SELinuxSetFilecon(conn, disk->src, default_content_context);
++    } else if (secdef->imagelabel) {
+         return SELinuxSetFilecon(conn, disk->src, secdef->imagelabel);
++    }
+ 
+     return 0;
+ }
+@@ -403,9 +418,6 @@ SELinuxSetSecurityLabel(virConnectPtr conn,
+ 
+     if (secdef->imagelabel) {
+         for (i = 0 ; i < vm->def->ndisks ; i++) {
+-            if (vm->def->disks[i]->readonly ||
+-                vm->def->disks[i]->shared) continue;
+-
+             if (SELinuxSetSecurityImageLabel(conn, vm, vm->def->disks[i]) < 0)
+                 return -1;
+         }
+-- 
+1.6.2.5
+

libvirt-0.6.2-svirt-sound.patch

@@ -0,0 +1,51 @@
+From 6096cb19d6b05707ca32f52b905c53818ecfc84b Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Mon, 17 Aug 2009 08:52:30 +0100
+Subject: [PATCH] Disable sound cards when running sVirt
+
+Temporary hack till PulseAudio autostart problems are sorted out when
+SELinux enforcing (bz 486112)
+
+Fedora-patch: libvirt-0.6.2-svirt-sound.patch
+---
+ src/qemu_conf.c |   17 ++++++++++++++++-
+ 1 files changed, 16 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu_conf.c b/src/qemu_conf.c
+index d76b2b6..22c5363 100644
+--- a/src/qemu_conf.c
++++ b/src/qemu_conf.c
+@@ -885,6 +885,20 @@ int qemudBuildCommandLine(virConnectPtr conn,
+     char domid[50];
+     char *pidfile;
+     const char *cpu = NULL;
++    int skipSound = 0;
++
++    if (driver->securityDriver &&
++        driver->securityDriver->name &&
++        STREQ(driver->securityDriver->name, "selinux") &&
++        getuid() == 0) {
++        static int soundWarned = 0;
++        skipSound = 1;
++        if (vm->def->nsounds &&
++            !soundWarned) {
++            soundWarned = 1;
++            VIR_WARN0("Sound cards for VMs are disabled while SELinux security model is active");
++        }
++    }
+ 
+     uname_normalize(&ut);
+ 
+@@ -1531,7 +1545,8 @@ int qemudBuildCommandLine(virConnectPtr conn,
+     }
+ 
+     /* Add sound hardware */
+-    if (vm->def->nsounds) {
++    if (vm->def->nsounds &&
++        !skipSound) {
+         int size = 100;
+         char *modstr;
+         if (VIR_ALLOC_N(modstr, size+1) < 0)
+-- 
+1.6.2.5
+

libvirt-0.6.2-xml-attribute-escaping.patch

@@ -0,0 +1,49 @@
+From a7d81a2f9e80942c9951c1d16ad69c66b9a47bbb Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Wed, 13 May 2009 16:19:59 +0000
+Subject: [PATCH] * src/buf.c: avoid an XML attribute escaping bug #499791 daniel
+
+(cherry picked from commit 7afe94e7e236ec465d838e7d60e961975c526ab2)
+
+Fedora-patch: libvirt-0.6.2-xml-attribute-escaping.patch
+---
+ src/buf.c |   16 +++++++++++++++-
+ 1 files changed, 15 insertions(+), 1 deletions(-)
+
+diff --git a/src/buf.c b/src/buf.c
+index cdcdac9..259175d 100644
+--- a/src/buf.c
++++ b/src/buf.c
+@@ -266,7 +266,7 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
+         return;
+ 
+     len = strlen(str);
+-    if (VIR_ALLOC_N(escaped, 5 * len + 1) < 0) {
++    if (VIR_ALLOC_N(escaped, 6 * len + 1) < 0) {
+         virBufferNoMemory(buf);
+         return;
+     }
+@@ -290,6 +290,20 @@ virBufferEscapeString(const virBufferPtr buf, const char *format, const char *st
+             *out++ = 'm';
+             *out++ = 'p';
+             *out++ = ';';
++        } else if (*cur == '"') {
++            *out++ = '&';
++            *out++ = 'q';
++            *out++ = 'u';
++            *out++ = 'o';
++            *out++ = 't';
++            *out++ = ';';
++        } else if (*cur == '\'') {
++            *out++ = '&';
++            *out++ = 'a';
++            *out++ = 'p';
++            *out++ = 'o';
++            *out++ = 's';
++            *out++ = ';';
+         } else if ((*cur >= 0x20) || (*cur == '\n') || (*cur == '\t') ||
+                    (*cur == '\r')) {
+             /*
+-- 
+1.6.2.5
+

libvirt-0.6.3-hostdev-managed.patch

@@ -0,0 +1,47 @@
+From b3f02d5528c121bcf7b9ac5c4284517e71a5e2f2 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Wed, 6 May 2009 15:56:20 +0000
+Subject: [PATCH] Fix qemu driver's interpretation of <hostdev managed='yes'/>
+
+This change:
+
+  Tue Mar  3 08:55:13 GMT 2009 Daniel P. Berrange <berrange@redhat.com>
+
+       Don't try to detach & reset PCI devices while running test
+       suite for XML-> ARGV conversion.
+       * src/qemu_driver.c: Add qemuPrepareHostDevices() helper to
+       detach and reset PCI devices.
+       * src/qemu_conf.c: Don't detach & reset PCI devices while
+       building the command line argv
+
+accidentally did this:
+
+-            if (hostdev->managed) {
++        if (!hostdev->managed) {
+
+Which results in managed='yes' not causing the device to be
+detached when the guest is starting.
+
+(cherry picked from commit 1d6c713b18741f1a0e3d0ccd094275a11aef138c)
+
+Fedora-patch: libvirt-0.6.3-hostdev-managed.patch
+---
+ src/qemu_driver.c |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 79ee072..162d072 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1215,7 +1215,7 @@ static int qemuPrepareHostDevices(virConnectPtr conn,
+         if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+             continue;
+ 
+-        if (!hostdev->managed) {
++        if (hostdev->managed) {
+             pciDevice *dev = pciGetDevice(conn,
+                                           hostdev->source.subsys.u.pci.domain,
+                                           hostdev->source.subsys.u.pci.bus,
+-- 
+1.6.2.5
+

libvirt-0.6.3-refresh-qemu-caps.patch

@@ -0,0 +1,85 @@
+From a521796bac21f0c8af38a8551a420d87b61c7a9a Mon Sep 17 00:00:00 2001
+From: Cole Robinson <crobinso@redhat.com>
+Date: Wed, 6 May 2009 14:20:34 +0000
+Subject: [PATCH] Refresh QEMU driver capabilities for each getCapabilities call.
+
+Also fix up a couple issues where caps are accessed without locking
+the driver structure.
+
+(cherry picked from commit 4f107590243631869677ddea2bb667db4a1282a6)
+
+Fedora-patch: libvirt-0.6.3-refresh-qemu-caps.patch
+---
+ src/qemu_driver.c |   28 ++++++++++++++++++++--------
+ 1 files changed, 20 insertions(+), 8 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 162d072..4752a64 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1872,10 +1872,12 @@ static int qemudGetNodeInfo(virConnectPtr conn,
+ 
+ static char *qemudGetCapabilities(virConnectPtr conn) {
+     struct qemud_driver *driver = conn->privateData;
+-    char *xml;
++    char *xml = NULL;
+ 
+     qemuDriverLock(driver);
+-    if ((xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
++    virCapabilitiesFree(qemu_driver->caps);
++    if ((qemu_driver->caps = qemudCapsInit()) == NULL ||
++        (xml = virCapabilitiesFormatXML(driver->caps)) == NULL)
+         virReportOOMError(conn);
+     qemuDriverUnlock(driver);
+ 
+@@ -3142,20 +3144,26 @@ cleanup:
+     return ret;
+ }
+ 
+-static int qemudNodeGetSecurityModel(virConnectPtr conn, virSecurityModelPtr secmodel)
++static int qemudNodeGetSecurityModel(virConnectPtr conn,
++                                     virSecurityModelPtr secmodel)
+ {
+     struct qemud_driver *driver = (struct qemud_driver *)conn->privateData;
+     char *p;
++    int ret = 0;
+ 
+-    if (!driver->securityDriver)
+-        return -2;
++    qemuDriverLock(driver);
++    if (!driver->securityDriver) {
++        ret = -2;
++        goto cleanup;
++    }
+ 
+     p = driver->caps->host.secModel.model;
+     if (strlen(p) >= VIR_SECURITY_MODEL_BUFLEN-1) {
+         qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+                          _("security model string exceeds max %d bytes"),
+                          VIR_SECURITY_MODEL_BUFLEN-1);
+-        return -1;
++        ret = -1;
++        goto cleanup;
+     }
+     strcpy(secmodel->model, p);
+ 
+@@ -3164,10 +3172,14 @@ static int qemudNodeGetSecurityModel(virConnectPtr conn, virSecurityModelPtr sec
+         qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+                          _("security DOI string exceeds max %d bytes"),
+                          VIR_SECURITY_DOI_BUFLEN-1);
+-        return -1;
++        ret = -1;
++        goto cleanup;
+     }
+     strcpy(secmodel->doi, p);
+-    return 0;
++
++cleanup:
++    qemuDriverUnlock(driver);
++    return ret;
+ }
+ 
+ /* TODO: check seclabel restore */
+-- 
+1.6.2.5
+

libvirt-add-space-to-nodedev-list-tree.patch

@@ -0,0 +1,60 @@
+From b77d11b221862343d304e11ed878e2f176101f24 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrange <berrange@redhat.com>
+Date: Tue, 28 Apr 2009 10:55:45 +0000
+Subject: [PATCH] Cosmetic change to 'virsh nodedev-list --tree' output
+
+Maybe it's just me, but I try to select an item from the tree using
+double-click and get annoyed when "+-" gets included in the selection.
+
+* src/virsh.c: add a space between "+-" and the node device name
+  in 'virsh nodedev-list --tree'
+
+(cherry picked from commit cb4a6614fae48d05f09b7b15328ea6ef4071ccb3)
+(cherry picked from commit 097c818bf00b3777778ffc32fea3a6ed1e741e2b)
+
+Fedora-patch: libvirt-add-space-to-nodedev-list-tree.patch
+---
+ src/virsh.c |   10 ++++++----
+ 1 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/src/virsh.c b/src/virsh.c
+index 26764a7..c92bb8f 100644
+--- a/src/virsh.c
++++ b/src/virsh.c
+@@ -4460,10 +4460,12 @@ cmdNodeListDevicesPrint(vshControl *ctl,
+     if (depth && depth < MAX_DEPTH) {
+         indentBuf[indentIdx] = '+';
+         indentBuf[indentIdx+1] = '-';
++        indentBuf[indentIdx+2] = ' ';
++        indentBuf[indentIdx+3] = '\0';
+     }
+ 
+     /* Print this device */
+-    vshPrint(ctl, indentBuf);
++    vshPrint(ctl, "%s", indentBuf);
+     vshPrint(ctl, "%s\n", devices[devid]);
+ 
+ 
+@@ -4487,8 +4489,8 @@ cmdNodeListDevicesPrint(vshControl *ctl,
+ 
+     /* If there is a child device, then print another blank line */
+     if (nextlastdev != -1) {
+-        vshPrint(ctl, indentBuf);
+-        vshPrint(ctl, "  |\n");
++        vshPrint(ctl, "%s", indentBuf);
++        vshPrint(ctl, " |\n");
+     }
+ 
+     /* Finally print all children */
+@@ -4511,7 +4513,7 @@ cmdNodeListDevicesPrint(vshControl *ctl,
+     /* If there was no child device, and we're the last in
+      * a list of devices, then print another blank line */
+     if (nextlastdev == -1 && devid == lastdev) {
+-        vshPrint(ctl, indentBuf);
++        vshPrint(ctl, "%s", indentBuf);
+         vshPrint(ctl, "\n");
+     }
+ }
+-- 
+1.6.2.5
+

libvirt-allow-pci-hostdev-reset-to-reset-other-devices.patch

@@ -0,0 +1,812 @@
+From 6878a049e27f2eaea7bd3d5c266a2d2b39e444f1 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Mon, 17 Aug 2009 15:05:23 +0100
+Subject: [PATCH] Maintain a list of active PCI hostdevs and use it in pciResetDevice()
+
+https://bugzilla.redhat.com/499678
+
+First we add a pciDeviceList type and add a qemuGetPciHostDeviceList()
+function to build a list from a domain definition. Use this in
+prepare/re-attach to simplify things and eliminate the multiple
+pciGetDevice() calls.
+
+Then, as we start/shutdown guests we can add or delete devices as
+appropriate from a list of active devices.
+
+Finally, in pciReset(), we can use this to determine whether its safe to
+reset a device as a side effect of resetting another device.
+
+(cherry picked from commit 78675b228b76a83f83d64856bfb63b9e14c103a0)
+(cherry picked from commit e8ad33931296c67de0538e78d12e21706a826d37)
+
+Fedora-patch: libvirt-allow-pci-hostdev-reset-to-reset-other-devices.patch
+---
+ src/libvirt_private.syms |    7 +-
+ src/pci.c                |  211 +++++++++++++++++++++++++++++++++--------
+ src/pci.h                |   23 +++++-
+ src/qemu_conf.h          |    3 +
+ src/qemu_driver.c        |  237 +++++++++++++++++++++++++++-------------------
+ src/xen_unified.c        |    2 +-
+ 6 files changed, 339 insertions(+), 144 deletions(-)
+
+diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
+index 9249a1a..75ddda8 100644
+--- a/src/libvirt_private.syms
++++ b/src/libvirt_private.syms
+@@ -240,7 +240,12 @@ pciFreeDevice;
+ pciDettachDevice;
+ pciReAttachDevice;
+ pciResetDevice;
+-
++pciDeviceSetManaged;
++pciDeviceGetManaged;
++pciDeviceListNew;
++pciDeviceListFree;
++pciDeviceListAdd;
++pciDeviceListDel;
+ 
+ # qparams.h
+ qparam_get_query;
+diff --git a/src/pci.c b/src/pci.c
+index 1dddb08..1e68261 100644
+--- a/src/pci.c
++++ b/src/pci.c
+@@ -58,6 +58,7 @@ struct _pciDevice {
+     unsigned      pci_pm_cap_pos;
+     unsigned      has_flr : 1;
+     unsigned      has_pm_reset : 1;
++    unsigned      managed : 1;
+ };
+ 
+ /* For virReportOOMError()  and virReportSystemError() */
+@@ -220,7 +221,7 @@ pciWrite32(pciDevice *dev, unsigned pos, uint32_t val)
+     pciWrite(dev, pos, &buf[0], sizeof(buf));
+ }
+ 
+-typedef int (*pciIterPredicate)(pciDevice *, pciDevice *);
++typedef int (*pciIterPredicate)(pciDevice *, pciDevice *, void *);
+ 
+ /* Iterate over available PCI devices calling @predicate
+  * to compare each one to @dev.
+@@ -231,7 +232,8 @@ static int
+ pciIterDevices(virConnectPtr conn,
+                pciIterPredicate predicate,
+                pciDevice *dev,
+-               pciDevice **matched)
++               pciDevice **matched,
++               void *data)
+ {
+     DIR *dir;
+     struct dirent *entry;
+@@ -249,7 +251,7 @@ pciIterDevices(virConnectPtr conn,
+ 
+     while ((entry = readdir(dir))) {
+         unsigned domain, bus, slot, function;
+-        pciDevice *try;
++        pciDevice *check;
+ 
+         /* Ignore '.' and '..' */
+         if (entry->d_name[0] == '.')
+@@ -261,18 +263,18 @@ pciIterDevices(virConnectPtr conn,
+             continue;
+         }
+ 
+-        try = pciGetDevice(conn, domain, bus, slot, function);
+-        if (!try) {
++        check = pciGetDevice(conn, domain, bus, slot, function);
++        if (!check) {
+             ret = -1;
+             break;
+         }
+ 
+-        if (predicate(try, dev)) {
+-            VIR_DEBUG("%s %s: iter matched on %s", dev->id, dev->name, try->name);
+-            *matched = try;
++        if (predicate(dev, check, data)) {
++            VIR_DEBUG("%s %s: iter matched on %s", dev->id, dev->name, check->name);
++            *matched = check;
+             break;
+         }
+-        pciFreeDevice(conn, try);
++        pciFreeDevice(conn, check);
+     }
+     closedir(dir);
+     return ret;
+@@ -374,63 +376,70 @@ pciDetectPowerManagementReset(pciDevice *dev)
+     return 0;
+ }
+ 
+-/* Any devices other than the one supplied on the same domain/bus ? */
++/* Any active devices other than the one supplied on the same domain/bus ? */
+ static int
+-pciSharesBus(pciDevice *a, pciDevice *b)
++pciSharesBusWithActive(pciDevice *dev, pciDevice *check, void *data)
+ {
+-    return
+-        a->domain == b->domain &&
+-        a->bus == b->bus &&
+-        (a->slot != b->slot ||
+-         a->function != b->function);
+-}
++    pciDeviceList *activeDevs = data;
+ 
+-static int
+-pciBusContainsOtherDevices(virConnectPtr conn, pciDevice *dev)
+-{
+-    pciDevice *matched = NULL;
+-    if (pciIterDevices(conn, pciSharesBus, dev, &matched) < 0)
+-        return 1;
+-    if (!matched)
++    if (dev->domain != check->domain ||
++        dev->bus != check->bus ||
++        (check->slot == check->slot &&
++         check->function == check->function))
++        return 0;
++
++    if (activeDevs && !pciDeviceListFind(activeDevs, check))
+         return 0;
+-    pciFreeDevice(conn, matched);
++
+     return 1;
+ }
+ 
+-/* Is @a the parent of @b ? */
++static pciDevice *
++pciBusContainsActiveDevices(virConnectPtr conn,
++                            pciDevice *dev,
++                            pciDeviceList *activeDevs)
++{
++    pciDevice *active = NULL;
++    if (pciIterDevices(conn, pciSharesBusWithActive,
++                       dev, &active, activeDevs) < 0)
++        return NULL;
++    return active;
++}
++
++/* Is @check the parent of @dev ? */
+ static int
+-pciIsParent(pciDevice *a, pciDevice *b)
++pciIsParent(pciDevice *dev, pciDevice *check, void *data ATTRIBUTE_UNUSED)
+ {
+     uint16_t device_class;
+     uint8_t header_type, secondary, subordinate;
+ 
+-    if (a->domain != b->domain)
++    if (dev->domain != check->domain)
+         return 0;
+ 
+     /* Is it a bridge? */
+-    device_class = pciRead16(a, PCI_CLASS_DEVICE);
++    device_class = pciRead16(check, PCI_CLASS_DEVICE);
+     if (device_class != PCI_CLASS_BRIDGE_PCI)
+         return 0;
+ 
+     /* Is it a plane? */
+-    header_type = pciRead8(a, PCI_HEADER_TYPE);
++    header_type = pciRead8(check, PCI_HEADER_TYPE);
+     if ((header_type & PCI_HEADER_TYPE_MASK) != PCI_HEADER_TYPE_BRIDGE)
+         return 0;
+ 
+-    secondary   = pciRead8(a, PCI_SECONDARY_BUS);
+-    subordinate = pciRead8(a, PCI_SUBORDINATE_BUS);
++    secondary   = pciRead8(check, PCI_SECONDARY_BUS);
++    subordinate = pciRead8(check, PCI_SUBORDINATE_BUS);
+ 
+-    VIR_DEBUG("%s %s: found parent device %s\n", b->id, b->name, a->name);
++    VIR_DEBUG("%s %s: found parent device %s\n", dev->id, dev->name, check->name);
+ 
+     /* No, it's superman! */
+-    return (b->bus >= secondary && b->bus <= subordinate);
++    return (dev->bus >= secondary && dev->bus <= subordinate);
+ }
+ 
+ static pciDevice *
+ pciGetParentDevice(virConnectPtr conn, pciDevice *dev)
+ {
+     pciDevice *parent = NULL;
+-    pciIterDevices(conn, pciIsParent, dev, &parent);
++    pciIterDevices(conn, pciIsParent, dev, &parent, NULL);
+     return parent;
+ }
+ 
+@@ -438,9 +447,11 @@ pciGetParentDevice(virConnectPtr conn, pciDevice *dev)
+  * devices behind a bus.
+  */
+ static int
+-pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
++pciTrySecondaryBusReset(virConnectPtr conn,
++                        pciDevice *dev,
++                        pciDeviceList *activeDevs)
+ {
+-    pciDevice *parent;
++    pciDevice *parent, *conflict;
+     uint8_t config_space[PCI_CONF_LEN];
+     uint16_t ctl;
+     int ret = -1;
+@@ -450,10 +461,10 @@ pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
+      * In future, we could allow it so long as those devices
+      * are not in use by the host or other guests.
+      */
+-    if (pciBusContainsOtherDevices(conn, dev)) {
++    if ((conflict = pciBusContainsActiveDevices(conn, dev, activeDevs))) {
+         pciReportError(conn, VIR_ERR_NO_SUPPORT,
+-                       _("Other devices on bus with %s, not doing bus reset"),
+-                       dev->name);
++                       _("Active %s devices on bus with %s, not doing bus reset"),
++                       conflict->name, dev->name);
+         return -1;
+     }
+ 
+@@ -567,10 +578,18 @@ pciInitDevice(virConnectPtr conn, pciDevice *dev)
+ }
+ 
+ int
+-pciResetDevice(virConnectPtr conn, pciDevice *dev)
++pciResetDevice(virConnectPtr conn,
++               pciDevice *dev,
++               pciDeviceList *activeDevs)
+ {
+     int ret = -1;
+ 
++    if (activeDevs && pciDeviceListFind(activeDevs, dev)) {
++        pciReportError(conn, VIR_ERR_INTERNAL_ERROR,
++                       _("Not resetting active device %s"), dev->name);
++        return -1;
++    }
++
+     if (!dev->initted && pciInitDevice(conn, dev) < 0)
+         return -1;
+ 
+@@ -589,7 +608,7 @@ pciResetDevice(virConnectPtr conn, pciDevice *dev)
+ 
+     /* Bus reset is not an option with the root bus */
+     if (ret < 0 && dev->bus != 0)
+-        ret = pciTrySecondaryBusReset(conn, dev);
++        ret = pciTrySecondaryBusReset(conn, dev, activeDevs);
+ 
+     if (ret < 0) {
+         virErrorPtr err = virGetLastError();
+@@ -885,8 +904,116 @@ pciGetDevice(virConnectPtr conn,
+ void
+ pciFreeDevice(virConnectPtr conn ATTRIBUTE_UNUSED, pciDevice *dev)
+ {
++    if (!dev)
++        return;
+     VIR_DEBUG("%s %s: freeing", dev->id, dev->name);
+     if (dev->fd >= 0)
+         close(dev->fd);
+     VIR_FREE(dev);
+ }
++
++void pciDeviceSetManaged(pciDevice *dev, unsigned managed)
++{
++    dev->managed = !!managed;
++}
++
++unsigned pciDeviceGetManaged(pciDevice *dev)
++{
++    return dev->managed;
++}
++
++pciDeviceList *
++pciDeviceListNew(virConnectPtr conn)
++{
++    pciDeviceList *list;
++
++    if (VIR_ALLOC(list) < 0) {
++        virReportOOMError(conn);
++        return NULL;
++    }
++
++    return list;
++}
++
++void
++pciDeviceListFree(virConnectPtr conn,
++                  pciDeviceList *list)
++{
++    int i;
++
++    if (!list)
++        return;
++
++    for (i = 0; i < list->count; i++) {
++        pciFreeDevice(conn, list->devs[i]);
++        list->devs[i] = NULL;
++    }
++
++    list->count = 0;
++    VIR_FREE(list->devs);
++    VIR_FREE(list);
++}
++
++int
++pciDeviceListAdd(virConnectPtr conn,
++                 pciDeviceList *list,
++                 pciDevice *dev)
++{
++    if (pciDeviceListFind(list, dev)) {
++        pciReportError(conn, VIR_ERR_INTERNAL_ERROR,
++                       _("Device %s is already in use"), dev->name);
++        return -1;
++    }
++
++    if (VIR_REALLOC_N(list->devs, list->count+1) < 0) {
++        virReportOOMError(conn);
++        return -1;
++    }
++
++    list->devs[list->count++] = dev;
++
++    return 0;
++}
++
++void
++pciDeviceListDel(virConnectPtr conn ATTRIBUTE_UNUSED,
++                 pciDeviceList *list,
++                 pciDevice *dev)
++{
++    int i;
++
++    for (i = 0; i < list->count; i++) {
++        if (list->devs[i]->domain   != dev->domain ||
++            list->devs[i]->bus      != dev->bus    ||
++            list->devs[i]->slot     != dev->slot   ||
++            list->devs[i]->function != dev->function)
++            continue;
++
++        pciFreeDevice(conn, list->devs[i]);
++
++        if (i != --list->count)
++            memmove(&list->devs[i],
++                    &list->devs[i+1],
++                    sizeof(*list->devs) * (list->count-i));
++
++        if (VIR_REALLOC_N(list->devs, list->count) < 0) {
++            ; /* not fatal */
++        }
++
++        break;
++    }
++}
++
++pciDevice *
++pciDeviceListFind(pciDeviceList *list, pciDevice *dev)
++{
++    int i;
++
++    for (i = 0; i < list->count; i++)
++        if (list->devs[i]->domain   == dev->domain &&
++            list->devs[i]->bus      == dev->bus    &&
++            list->devs[i]->slot     == dev->slot   &&
++            list->devs[i]->function == dev->function)
++            return list->devs[i];
++    return NULL;
++}
+diff --git a/src/pci.h b/src/pci.h
+index 47882ef..685b0af 100644
+--- a/src/pci.h
++++ b/src/pci.h
+@@ -27,6 +27,11 @@
+ 
+ typedef struct _pciDevice pciDevice;
+ 
++typedef struct {
++    unsigned count;
++    pciDevice **devs;
++} pciDeviceList;
++
+ pciDevice *pciGetDevice      (virConnectPtr  conn,
+                               unsigned       domain,
+                               unsigned       bus,
+@@ -39,6 +44,22 @@ int        pciDettachDevice  (virConnectPtr  conn,
+ int        pciReAttachDevice (virConnectPtr  conn,
+                               pciDevice     *dev);
+ int        pciResetDevice    (virConnectPtr  conn,
+-                              pciDevice     *dev);
++                              pciDevice     *dev,
++                              pciDeviceList *activeDevs);
++void      pciDeviceSetManaged(pciDevice     *dev,
++                              unsigned       managed);
++unsigned  pciDeviceGetManaged(pciDevice     *dev);
++
++pciDeviceList *pciDeviceListNew  (virConnectPtr conn);
++void           pciDeviceListFree (virConnectPtr conn,
++                                  pciDeviceList *list);
++int            pciDeviceListAdd  (virConnectPtr conn,
++                                  pciDeviceList *list,
++                                  pciDevice *dev);
++void           pciDeviceListDel  (virConnectPtr conn,
++                                  pciDeviceList *list,
++                                  pciDevice *dev);
++pciDevice *    pciDeviceListFind (pciDeviceList *list,
++                                  pciDevice *dev);
+ 
+ #endif /* __VIR_PCI_H__ */
+diff --git a/src/qemu_conf.h b/src/qemu_conf.h
+index 70fe9c8..cde326d 100644
+--- a/src/qemu_conf.h
++++ b/src/qemu_conf.h
+@@ -34,6 +34,7 @@
+ #include "domain_event.h"
+ #include "threads.h"
+ #include "security.h"
++#include "pci.h"
+ 
+ #define qemudDebug(fmt, ...) do {} while(0)
+ 
+@@ -90,6 +91,8 @@ struct qemud_driver {
+ 
+     char *securityDriverName;
+     virSecurityDriverPtr securityDriver;
++
++    pciDeviceList *activePciHostdevs;
+ };
+ 
+ /* Status needed to reconenct to running VMs */
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 9f87d2a..7dbf4a2 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -126,6 +126,9 @@ static int qemudDomainSetMemoryBalloon(virConnectPtr conn,
+                                        virDomainObjPtr vm,
+                                        unsigned long newmem);
+ 
++static int qemuUpdateActivePciHostdevs(struct qemud_driver *driver,
++                                       virDomainDefPtr def);
++
+ static struct qemud_driver *qemu_driver = NULL;
+ 
+ 
+@@ -334,6 +337,10 @@ qemudReconnectVMs(struct qemud_driver *driver)
+         if ((vm->logfile = qemudLogFD(NULL, driver->logDir, vm->def->name)) < 0)
+             goto next_error;
+ 
++        if (qemuUpdateActivePciHostdevs(driver, vm->def) < 0) {
++            goto next_error;
++        }
++
+         if (vm->def->id >= driver->nextvmid)
+             driver->nextvmid = vm->def->id + 1;
+ 
+@@ -515,6 +522,9 @@ qemudStartup(void) {
+     if ((qemu_driver->caps = qemudCapsInit()) == NULL)
+         goto out_of_memory;
+ 
++    if ((qemu_driver->activePciHostdevs = pciDeviceListNew(NULL)) == NULL)
++        goto error;
++
+     if (qemudLoadDriverConfig(qemu_driver, driverConf) < 0) {
+         goto error;
+     }
+@@ -627,6 +637,7 @@ qemudShutdown(void) {
+         return -1;
+ 
+     qemuDriverLock(qemu_driver);
++    pciDeviceListFree(NULL, qemu_driver->activePciHostdevs);
+     virCapabilitiesFree(qemu_driver->caps);
+ 
+     virDomainObjListFree(&qemu_driver->domains);
+@@ -1209,48 +1220,16 @@ static int qemudNextFreeVNCPort(struct qemud_driver *driver ATTRIBUTE_UNUSED) {
+     return -1;
+ }
+ 
+-static int qemuPrepareHostDevices(virConnectPtr conn,
+-                                  virDomainDefPtr def) {
++static pciDeviceList *
++qemuGetPciHostDeviceList(virConnectPtr conn,
++                         virDomainDefPtr def)
++{
++    pciDeviceList *list;
+     int i;
+ 
+-    /* We have to use 2 loops here. *All* devices must
+-     * be detached before we reset any of them, because
+-     * in some cases you have to reset the whole PCI,
+-     * which impacts all devices on it
+-     */
+-
+-    for (i = 0 ; i < def->nhostdevs ; i++) {
+-        virDomainHostdevDefPtr hostdev = def->hostdevs[i];
+-
+-        if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+-            continue;
+-        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+-            continue;
+-
+-        if (hostdev->managed) {
+-            pciDevice *dev = pciGetDevice(conn,
+-                                          hostdev->source.subsys.u.pci.domain,
+-                                          hostdev->source.subsys.u.pci.bus,
+-                                          hostdev->source.subsys.u.pci.slot,
+-                                          hostdev->source.subsys.u.pci.function);
+-            if (!dev)
+-                goto error;
+-
+-            if (pciDettachDevice(conn, dev) < 0) {
+-                pciFreeDevice(conn, dev);
+-                goto error;
+-            }
+-
+-            pciFreeDevice(conn, dev);
+-        } /* else {
+-             XXX validate that non-managed device isn't in use, eg
+-             by checking that device is either un-bound, or bound
+-             to pci-stub.ko
+-        } */
+-    }
++    if (!(list = pciDeviceListNew(conn)))
++        return NULL;
+ 
+-    /* Now that all the PCI hostdevs have be dettached, we can safely
+-     * reset them */
+     for (i = 0 ; i < def->nhostdevs ; i++) {
+         virDomainHostdevDefPtr hostdev = def->hostdevs[i];
+         pciDevice *dev;
+@@ -1265,95 +1244,151 @@ static int qemuPrepareHostDevices(virConnectPtr conn,
+                            hostdev->source.subsys.u.pci.bus,
+                            hostdev->source.subsys.u.pci.slot,
+                            hostdev->source.subsys.u.pci.function);
+-        if (!dev)
+-            goto error;
++        if (!dev) {
++            pciDeviceListFree(conn, list);
++            return NULL;
++        }
+ 
+-        if (pciResetDevice(conn, dev) < 0) {
++        if (pciDeviceListAdd(conn, list, dev) < 0) {
+             pciFreeDevice(conn, dev);
+-            goto error;
++            pciDeviceListFree(conn, list);
++            return NULL;
+         }
+ 
+-        pciFreeDevice(conn, dev);
++        pciDeviceSetManaged(dev, hostdev->managed);
+     }
+ 
+-    return 0;
++    return list;
++}
+ 
+-error:
+-    return -1;
++static int
++qemuUpdateActivePciHostdevs(struct qemud_driver *driver,
++                            virDomainDefPtr def)
++{
++    pciDeviceList *pcidevs;
++    int i, ret;
++
++    if (!def->nhostdevs)
++        return 0;
++
++    if (!(pcidevs = qemuGetPciHostDeviceList(NULL, def)))
++        return -1;
++
++    ret = 0;
++
++    for (i = 0; i < pcidevs->count; i++) {
++        if (pciDeviceListAdd(NULL,
++                             driver->activePciHostdevs,
++                             pcidevs->devs[i]) < 0) {
++            ret = -1;
++            break;
++        }
++        pcidevs->devs[i] = NULL;
++    }
++
++    pciDeviceListFree(NULL, pcidevs);
++    return ret;
+ }
+ 
+-static void
+-qemuDomainReAttachHostDevices(virConnectPtr conn, virDomainDefPtr def)
++static int
++qemuPrepareHostDevices(virConnectPtr conn,
++                       struct qemud_driver *driver,
++                       virDomainDefPtr def)
+ {
++    pciDeviceList *pcidevs;
+     int i;
+ 
+-    /* Again 2 loops; reset all the devices before re-attach */
++    if (!def->nhostdevs)
++        return 0;
+ 
+-    for (i = 0 ; i < def->nhostdevs ; i++) {
+-        virDomainHostdevDefPtr hostdev = def->hostdevs[i];
+-        pciDevice *dev;
++    if (!(pcidevs = qemuGetPciHostDeviceList(conn, def)))
++        return -1;
+ 
+-        if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+-            continue;
+-        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+-            continue;
++    /* We have to use 3 loops here. *All* devices must
++     * be detached before we reset any of them, because
++     * in some cases you have to reset the whole PCI,
++     * which impacts all devices on it. Also, all devices
++     * must be reset before being marked as active.
++     */
+ 
+-        dev = pciGetDevice(conn,
+-                           hostdev->source.subsys.u.pci.domain,
+-                           hostdev->source.subsys.u.pci.bus,
+-                           hostdev->source.subsys.u.pci.slot,
+-                           hostdev->source.subsys.u.pci.function);
+-        if (!dev) {
+-            virErrorPtr err = virGetLastError();
+-            VIR_ERROR(_("Failed to allocate pciDevice: %s\n"),
+-                      err ? err->message : "");
+-            virResetError(err);
+-            continue;
+-        }
++    /* XXX validate that non-managed device isn't in use, eg
++     * by checking that device is either un-bound, or bound
++     * to pci-stub.ko
++     */
+ 
+-        if (pciResetDevice(conn, dev) < 0) {
+-            virErrorPtr err = virGetLastError();
+-            VIR_ERROR(_("Failed to reset PCI device: %s\n"),
+-                      err ? err->message : "");
+-            virResetError(err);
+-        }
++    for (i = 0; i < pcidevs->count; i++)
++        if (pciDeviceGetManaged(pcidevs->devs[i]) &&
++            pciDettachDevice(conn, pcidevs->devs[i]) < 0)
++            goto error;
++
++    /* Now that all the PCI hostdevs have be dettached, we can safely
++     * reset them */
++    for (i = 0; i < pcidevs->count; i++)
++        if (pciResetDevice(conn, pcidevs->devs[i],
++                           driver->activePciHostdevs) < 0)
++            goto error;
+ 
+-        pciFreeDevice(conn, dev);
++    /* Now mark all the devices as active */
++    for (i = 0; i < pcidevs->count; i++) {
++        if (pciDeviceListAdd(conn,
++                             driver->activePciHostdevs,
++                             pcidevs->devs[i]) < 0)
++            goto error;
++        pcidevs->devs[i] = NULL;
+     }
+ 
+-    for (i = 0 ; i < def->nhostdevs ; i++) {
+-        virDomainHostdevDefPtr hostdev = def->hostdevs[i];
+-        pciDevice *dev;
++    pciDeviceListFree(conn, pcidevs);
++    return 0;
+ 
+-        if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
+-            continue;
+-        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
+-            continue;
+-        if (!hostdev->managed)
+-            continue;
++error:
++    pciDeviceListFree(conn, pcidevs);
++    return -1;
++}
+ 
+-        dev = pciGetDevice(conn,
+-                           hostdev->source.subsys.u.pci.domain,
+-                           hostdev->source.subsys.u.pci.bus,
+-                           hostdev->source.subsys.u.pci.slot,
+-                           hostdev->source.subsys.u.pci.function);
+-        if (!dev) {
++static void
++qemuDomainReAttachHostDevices(virConnectPtr conn,
++                              struct qemud_driver *driver,
++                              virDomainDefPtr def)
++{
++    pciDeviceList *pcidevs;
++    int i;
++
++    if (!def->nhostdevs)
++        return;
++
++    if (!(pcidevs = qemuGetPciHostDeviceList(conn, def))) {
++        virErrorPtr err = virGetLastError();
++        VIR_ERROR(_("Failed to allocate pciDeviceList: %s\n"),
++                  err ? err->message : "");
++        virResetError(err);
++        return;
++    }
++
++    /* Again 3 loops; mark all devices as inactive before reset
++     * them and reset all the devices before re-attach */
++
++    for (i = 0; i < pcidevs->count; i++)
++        pciDeviceListDel(conn, driver->activePciHostdevs, pcidevs->devs[i]);
++
++    for (i = 0; i < pcidevs->count; i++)
++        if (pciResetDevice(conn, pcidevs->devs[i],
++                           driver->activePciHostdevs) < 0) {
+             virErrorPtr err = virGetLastError();
+-            VIR_ERROR(_("Failed to allocate pciDevice: %s\n"),
++            VIR_ERROR(_("Failed to reset PCI device: %s\n"),
+                       err ? err->message : "");
+             virResetError(err);
+-            continue;
+         }
+ 
+-        if (pciReAttachDevice(conn, dev) < 0) {
++    for (i = 0; i < pcidevs->count; i++)
++        if (pciDeviceGetManaged(pcidevs->devs[i]) &&
++            pciReAttachDevice(conn, pcidevs->devs[i]) < 0) {
+             virErrorPtr err = virGetLastError();
+             VIR_ERROR(_("Failed to re-attach PCI device: %s\n"),
+                       err ? err->message : "");
+             virResetError(err);
+         }
+ 
+-        pciFreeDevice(conn, dev);
+-    }
++    pciDeviceListFree(conn, pcidevs);
+ }
+ 
+ static int qemudDomainSetSecurityLabel(virConnectPtr conn, struct qemud_driver *driver, virDomainObjPtr vm)
+@@ -1468,7 +1503,7 @@ static int qemudStartVMDaemon(virConnectPtr conn,
+                                 &qemuCmdFlags) < 0)
+         goto cleanup;
+ 
+-    if (qemuPrepareHostDevices(conn, vm->def) < 0)
++    if (qemuPrepareHostDevices(conn, driver, vm->def) < 0)
+         goto cleanup;
+ 
+     vm->def->id = driver->nextvmid++;
+@@ -1634,7 +1669,7 @@ static void qemudShutdownVMDaemon(virConnectPtr conn ATTRIBUTE_UNUSED,
+         VIR_FREE(vm->def->seclabel.imagelabel);
+     }
+ 
+-    qemuDomainReAttachHostDevices(conn, vm->def);
++    qemuDomainReAttachHostDevices(conn, driver, vm->def);
+ 
+     if (qemudRemoveDomainStatus(conn, driver, vm) < 0) {
+         VIR_WARN(_("Failed to remove domain status for %s"),
+@@ -5247,6 +5282,7 @@ out:
+ static int
+ qemudNodeDeviceReset (virNodeDevicePtr dev)
+ {
++    struct qemud_driver *driver = dev->conn->privateData;
+     pciDevice *pci;
+     unsigned domain, bus, slot, function;
+     int ret = -1;
+@@ -5258,11 +5294,14 @@ qemudNodeDeviceReset (virNodeDevicePtr dev)
+     if (!pci)
+         return -1;
+ 
+-    if (pciResetDevice(dev->conn, pci) < 0)
++    qemuDriverLock(driver);
++
++    if (pciResetDevice(dev->conn, pci, driver->activePciHostdevs) < 0)
+         goto out;
+ 
+     ret = 0;
+ out:
++    qemuDriverUnlock(driver);
+     pciFreeDevice(dev->conn, pci);
+     return ret;
+ }
+diff --git a/src/xen_unified.c b/src/xen_unified.c
+index e708980..ba8c769 100644
+--- a/src/xen_unified.c
++++ b/src/xen_unified.c
+@@ -1529,7 +1529,7 @@ xenUnifiedNodeDeviceReset (virNodeDevicePtr dev)
+     if (!pci)
+         return -1;
+ 
+-    if (pciResetDevice(dev->conn, pci) < 0)
++    if (pciResetDevice(dev->conn, pci, NULL) < 0)
+         goto out;
+ 
+     ret = 0;
+-- 
+1.6.2.5
+

libvirt-allow-pm-reset-on-multi-function-pci-devices.patch

@@ -0,0 +1,121 @@
+From d79f35fbd4eaf610972621b042993d00f3247d5c Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 14 Aug 2009 08:31:11 +0100
+Subject: [PATCH] Allow PM reset on multi-function PCI devices
+
+https://bugzilla.redhat.com/515689
+
+It turns out that a PCI Power Management reset only affects individual
+functions, and not the whole device.
+
+The PCI Power Management spec talks about resetting the 'device' rather
+than the 'function', but Intel's Dexuan Cui informs me that it is
+actually a per-function reset.
+
+Also, Yu Zhao has added pci_pm_reset() to the kernel, and it doesn't
+reject multi-function devices, so it must be true! :-)
+
+(A side issue is that we could defer the PM reset to the kernel if we
+could detect that the kernel has PM reset support, but barring version
+number checks we don't have a way to detect that support)
+
+* src/pci.c: remove the pciDeviceContainsOtherFunctions() check from
+  pciTryPowerManagementReset() and prefer PM reset over bus reset
+  where both are available
+
+Cc: Cui, Dexuan <dexuan.cui@intel.com>
+Cc: Yu Zhao <yu.zhao@intel.com>
+
+(cherry picked from commit 64a6682b93a2a8aa38067a43979c9eaf993d2b41)
+
+Fedora-patch: libvirt-allow-pm-reset-on-multi-function-pci-devices.patch
+---
+ src/pci.c |   48 +++++++++---------------------------------------
+ 1 files changed, 9 insertions(+), 39 deletions(-)
+
+diff --git a/src/pci.c b/src/pci.c
+index 68a380d..f78ab9f 100644
+--- a/src/pci.c
++++ b/src/pci.c
+@@ -397,29 +397,6 @@ pciBusContainsOtherDevices(virConnectPtr conn, pciDevice *dev)
+     return 1;
+ }
+ 
+-/* Any other functions on this device ? */
+-static int
+-pciSharesDevice(pciDevice *a, pciDevice *b)
+-{
+-    return
+-        a->domain == b->domain &&
+-        a->bus == b->bus &&
+-        a->slot == b->slot &&
+-        a->function != b->function;
+-}
+-
+-static int
+-pciDeviceContainsOtherFunctions(virConnectPtr conn, pciDevice *dev)
+-{
+-    pciDevice *matched = NULL;
+-    if (pciIterDevices(conn, pciSharesDevice, dev, &matched) < 0)
+-        return 1;
+-    if (!matched)
+-        return 0;
+-    pciFreeDevice(conn, matched);
+-    return 1;
+-}
+-
+ /* Is @a the parent of @b ? */
+ static int
+ pciIsParent(pciDevice *a, pciDevice *b)
+@@ -524,7 +501,7 @@ out:
+  * above we require the device supports a full internal reset.
+  */
+ static int
+-pciTryPowerManagementReset(virConnectPtr conn, pciDevice *dev)
++pciTryPowerManagementReset(virConnectPtr conn ATTRIBUTE_UNUSED, pciDevice *dev)
+ {
+     uint8_t config_space[PCI_CONF_LEN];
+     uint32_t ctl;
+@@ -532,16 +509,6 @@ pciTryPowerManagementReset(virConnectPtr conn, pciDevice *dev)
+     if (!dev->pci_pm_cap_pos)
+         return -1;
+ 
+-    /* For now, we just refuse to do a power management reset
+-     * if there are other functions on this device.
+-     * In future, we could allow it so long as those functions
+-     * are not in use by the host or other guests.
+-     */
+-    if (pciDeviceContainsOtherFunctions(conn, dev)) {
+-        VIR_WARN("%s contains other functions, not resetting", dev->name);
+-        return -1;
+-    }
+-
+     /* Save and restore the device's config space. */
+     if (pciRead(dev, 0, &config_space[0], PCI_CONF_LEN) < 0) {
+         VIR_WARN("Failed to save PCI config space for %s", dev->name);
+@@ -599,14 +566,17 @@ pciResetDevice(virConnectPtr conn, pciDevice *dev)
+     if (dev->has_flr)
+         return 0;
+ 
++    /* If the device supports PCI power management reset,
++     * that's the next best thing because it only resets
++     * the function, not the whole device.
++     */
++    if (dev->has_pm_reset)
++        ret = pciTryPowerManagementReset(conn, dev);
++
+     /* Bus reset is not an option with the root bus */
+-    if (dev->bus != 0)
++    if (ret < 0 && dev->bus != 0)
+         ret = pciTrySecondaryBusReset(conn, dev);
+ 
+-    /* Next best option is a PCI power management reset */
+-    if (ret < 0 && dev->has_pm_reset)
+-        ret = pciTryPowerManagementReset(conn, dev);
+-
+     if (ret < 0)
+         pciReportError(conn, VIR_ERR_NO_SUPPORT,
+                        _("No PCI reset capability available for %s"),
+-- 
+1.6.2.5
+

libvirt-do-not-overwrite-error-in-wait-for-monitor.patch

@@ -0,0 +1,31 @@
+From 1319852c443c432d44a2e73508f3be742027f780 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Wed, 19 Aug 2009 11:28:02 +0100
+Subject: [PATCH] Don't overwrite error in qemudWaitForMonitor()
+
+May help diagnose https://bugzilla.redhat.com/515054
+
+Fedora-patch: libvirt-do-not-overwrite-error-in-wait-for-monitor.patch
+---
+ src/qemu_driver.c |    5 +++--
+ 1 files changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index dfd19c5..74e106a 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -985,8 +985,9 @@ static int qemudWaitForMonitor(virConnectPtr conn,
+         return 0;
+ 
+     /* Unexpected end of file - inform user of QEMU log data */
+-    qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+-                     _("unable to start guest: %s"), buf);
++    if (!virGetLastError())
++        qemudReportError(conn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
++                         _("unable to start guest: %s"), buf);
+     return -1;
+ }
+ 
+-- 
+1.6.2.5
+

libvirt-fix-device-list-update-after-detach.patch

@@ -0,0 +1,53 @@
+From 2754da03d65f216271c81ece791b96a19272c812 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Sat, 15 Aug 2009 19:38:15 +0100
+Subject: [PATCH] Fix list updating after disk hot-unplug
+
+The current code makes a poor effort at updating the device arrays after
+hot-unplug. Fix that and combine the two code paths into one.
+
+* src/qemu_driver.c: fix list updating in qemudDomainDetachPciDiskDevice()
+
+(cherry picked from commit 4e12af5623e4a962a6bb911af06fa29aa85befba)
+
+Fedora-patch: libvirt-fix-device-list-update-after-detach.patch
+---
+ src/qemu_driver.c |   21 ++++++++++-----------
+ 1 files changed, 10 insertions(+), 11 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index dfd19c5..ce04beb 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -4123,18 +4123,17 @@ try_command:
+         goto cleanup;
+     }
+ 
+-    if (vm->def->ndisks > 1) {
+-        vm->def->disks[i] = vm->def->disks[--vm->def->ndisks];
+-        if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks) < 0) {
+-            virReportOOMError(conn);
+-            goto cleanup;
+-        }
+-        qsort(vm->def->disks, vm->def->ndisks, sizeof(*vm->def->disks),
+-              virDomainDiskQSort);
+-    } else {
+-        VIR_FREE(vm->def->disks[0]);
+-        vm->def->ndisks = 0;
++    if (i != --vm->def->ndisks)
++        memmove(&vm->def->disks[i],
++                &vm->def->disks[i+1],
++                sizeof(*vm->def->disks) * (vm->def->ndisks-i));
++    if (VIR_REALLOC_N(vm->def->disks, vm->def->ndisks) < 0) {
++        virReportOOMError(conn);
++        goto cleanup;
+     }
++    qsort(vm->def->disks, vm->def->ndisks, sizeof(*vm->def->disks),
++          virDomainDiskQSort);
++
+     ret = 0;
+ 
+ cleanup:
+-- 
+1.6.2.5
+

libvirt-fix-migration-completion-with-newer-qemu.patch

@@ -0,0 +1,45 @@
+From 21ef933dfdd64c754d184d41d87ecd94eaddf697 Mon Sep 17 00:00:00 2001
+From: Chris Lalancette <clalance@redhat.com>
+Date: Wed, 5 Aug 2009 13:42:07 +0200
+Subject: [PATCH] Run 'cont' on successful migration finish.
+
+https://bugzilla.redhat.com/516187
+
+As of qemu 0.10.6, qemu now honors the -S flag on incoming migration.
+That means that when the migration completes, we have to issue a
+'cont' command to get the VM running again.  We do it unconditionally
+since it won't hurt on older qemu.
+
+(cherry picked from commit d1ec4d7a5a4f50c9492137eaab4f021caa075f95)
+
+Fedora-patch: libvirt-fix-migration-completion-with-newer-qemu.patch
+---
+ src/qemu_driver.c |   11 +++++++++++
+ 1 files changed, 11 insertions(+), 0 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index 7dbf4a2..ff56f61 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -5162,7 +5162,18 @@ qemudDomainMigrateFinish2 (virConnectPtr dconn,
+      */
+     if (retcode == 0) {
+         dom = virGetDomain (dconn, vm->def->name, vm->def->uuid);
++
++        /* run 'cont' on the destination, which allows migration on qemu
++         * >= 0.10.6 to work properly.  This isn't strictly necessary on
++         * older qemu's, but it also doesn't hurt anything there
++         */
++        if (qemudMonitorCommand(vm, "cont", &info) < 0) {
++            qemudReportError(dconn, NULL, NULL, VIR_ERR_INTERNAL_ERROR,
++                             "%s", _("resume operation failed"));
++            goto cleanup;
++        }
+         VIR_FREE(info);
++
+         vm->state = VIR_DOMAIN_RUNNING;
+         event = virDomainEventNewFromObj(vm,
+                                          VIR_DOMAIN_EVENT_RESUMED,
+-- 
+1.6.2.5
+

libvirt-fix-xen-driver-segfault-with-newer-xen.patch

@@ -0,0 +1,38 @@
+From 0878a15ad937449b5dfc4cf49888cc7753473e33 Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 26 Jun 2009 18:14:16 +0000
+Subject: [PATCH] Fix xen driver segfault with newer Xen
+
+https://bugzilla.redhat.com/518091
+
+(cherry picked from commit 14435163a086c0bcdff04308077fa46a5fa08bb0)
+
+Fedora-patch: libvirt-fix-xen-driver-segfault-with-newer-xen.patch
+---
+ src/xend_internal.c |   10 +++++++++-
+ 1 files changed, 9 insertions(+), 1 deletions(-)
+
+diff --git a/src/xend_internal.c b/src/xend_internal.c
+index 2e2fd21..c3a9836 100644
+--- a/src/xend_internal.c
++++ b/src/xend_internal.c
+@@ -2077,7 +2077,15 @@ xenDaemonParseSxprGraphicsNew(virConnectPtr conn,
+         if (sexpr_lookup(node, "device/vfb")) {
+             /* New style graphics config for PV guests in >= 3.0.4,
+              * or for HVM guests in >= 3.0.5 */
+-            tmp = sexpr_node(node, "device/vfb/type");
++            if (sexpr_node(node, "device/vfb/type")) {
++                tmp = sexpr_node(node, "device/vfb/type");
++            } else if (sexpr_node(node, "device/vfb/vnc")) {
++                tmp = "vnc";
++            } else if (sexpr_node(node, "device/vfb/sdl")) {
++                tmp = "sdl";
++            } else {
++                tmp = "unknown";
++            }
+ 
+             if (VIR_ALLOC(graphics) < 0)
+                 goto no_memory;
+-- 
+1.6.2.5
+

libvirt-improve-pci-hostdev-reset-error-message.patch

@@ -0,0 +1,141 @@
+From 9f80bab3829b97ac2802c15b9f3e4a6bbbb24627 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 14 Aug 2009 08:31:11 +0100
+Subject: [PATCH] Improve PCI host device reset error message
+
+https://bugzilla.redhat.com/499678
+
+Currently, if we are unable to reset a PCI device we return a fairly
+generic 'No PCI reset capability available' error message.
+
+Fix that by returning an error from the individual reset messages and
+using that error to construct the higher level error mesage.
+
+* src/pci.c: set errors in pciTryPowerManagementReset() and
+  pciTrySecondaryBusReset() on failure; use those error messages
+  in pciResetDevice(), or explain that no reset support is available
+
+(cherry picked from commit ebea34185612c3b96d7d3bbd8b7c2ce6c9f4fe6f)
+
+Fedora-patch: libvirt-improve-pci-hostdev-reset-error-message.patch
+---
+ src/pci.c         |   44 +++++++++++++++++++++++++++++++-------------
+ src/qemu_driver.c |    4 ++--
+ 2 files changed, 33 insertions(+), 15 deletions(-)
+
+diff --git a/src/pci.c b/src/pci.c
+index f78ab9f..1dddb08 100644
+--- a/src/pci.c
++++ b/src/pci.c
+@@ -451,15 +451,18 @@ pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
+      * are not in use by the host or other guests.
+      */
+     if (pciBusContainsOtherDevices(conn, dev)) {
+-        VIR_WARN("Other devices on bus with %s, not doing bus reset",
+-                 dev->name);
++        pciReportError(conn, VIR_ERR_NO_SUPPORT,
++                       _("Other devices on bus with %s, not doing bus reset"),
++                       dev->name);
+         return -1;
+     }
+ 
+     /* Find the parent bus */
+     parent = pciGetParentDevice(conn, dev);
+     if (!parent) {
+-        VIR_WARN("Failed to find parent device for %s", dev->name);
++        pciReportError(conn, VIR_ERR_NO_SUPPORT,
++                       _("Failed to find parent device for %s"),
++                       dev->name);
+         return -1;
+     }
+ 
+@@ -470,7 +473,9 @@ pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
+      * are multiple devices/functions
+      */
+     if (pciRead(dev, 0, config_space, PCI_CONF_LEN) < 0) {
+-        VIR_WARN("Failed to save PCI config space for %s", dev->name);
++        pciReportError(conn, VIR_ERR_NO_SUPPORT,
++                       _("Failed to save PCI config space for %s"),
++                       dev->name);
+         goto out;
+     }
+ 
+@@ -487,9 +492,12 @@ pciTrySecondaryBusReset(virConnectPtr conn, pciDevice *dev)
+ 
+     usleep(200 * 1000); /* sleep 200ms */
+ 
+-    if (pciWrite(dev, 0, config_space, PCI_CONF_LEN) < 0)
+-        VIR_WARN("Failed to restore PCI config space for %s", dev->name);
+-
++    if (pciWrite(dev, 0, config_space, PCI_CONF_LEN) < 0) {
++        pciReportError(conn, VIR_ERR_NO_SUPPORT,
++                       _("Failed to restore PCI config space for %s"),
++                       dev->name);
++        goto out;
++    }
+     ret = 0;
+ out:
+     pciFreeDevice(conn, parent);
+@@ -511,7 +519,9 @@ pciTryPowerManagementReset(virConnectPtr conn ATTRIBUTE_UNUSED, pciDevice *dev)
+ 
+     /* Save and restore the device's config space. */
+     if (pciRead(dev, 0, &config_space[0], PCI_CONF_LEN) < 0) {
+-        VIR_WARN("Failed to save PCI config space for %s", dev->name);
++        pciReportError(conn, VIR_ERR_NO_SUPPORT,
++                       _("Failed to save PCI config space for %s"),
++                       dev->name);
+         return -1;
+     }
+ 
+@@ -528,8 +538,12 @@ pciTryPowerManagementReset(virConnectPtr conn ATTRIBUTE_UNUSED, pciDevice *dev)
+ 
+     usleep(10 * 1000); /* sleep 10ms */
+ 
+-    if (pciWrite(dev, 0, &config_space[0], PCI_CONF_LEN) < 0)
+-        VIR_WARN("Failed to restore PCI config space for %s", dev->name);
++    if (pciWrite(dev, 0, &config_space[0], PCI_CONF_LEN) < 0) {
++        pciReportError(conn, VIR_ERR_NO_SUPPORT,
++                       _("Failed to restore PCI config space for %s"),
++                       dev->name);
++        return -1;
++    }
+ 
+     return 0;
+ }
+@@ -577,10 +591,14 @@ pciResetDevice(virConnectPtr conn, pciDevice *dev)
+     if (ret < 0 && dev->bus != 0)
+         ret = pciTrySecondaryBusReset(conn, dev);
+ 
+-    if (ret < 0)
++    if (ret < 0) {
++        virErrorPtr err = virGetLastError();
+         pciReportError(conn, VIR_ERR_NO_SUPPORT,
+-                       _("No PCI reset capability available for %s"),
+-                       dev->name);
++                       _("Unable to reset PCI device %s: %s"),
++                       dev->name,
++                       err ? err->message : _("no FLR, PM reset or bus reset available"));
++    }
++
+     return ret;
+ }
+ 
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index ddd3693..9f87d2a 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1345,9 +1345,9 @@ qemuDomainReAttachHostDevices(virConnectPtr conn, virDomainDefPtr def)
+             continue;
+         }
+ 
+-        if (pciDettachDevice(conn, dev) < 0) {
++        if (pciReAttachDevice(conn, dev) < 0) {
+             virErrorPtr err = virGetLastError();
+-            VIR_ERROR(_("Failed to reset PCI device: %s\n"),
++            VIR_ERROR(_("Failed to re-attach PCI device: %s\n"),
+                       err ? err->message : "");
+             virResetError(err);
+         }
+-- 
+1.6.2.5
+

libvirt-reattach-pci-hostdevs-after-guest-shutdown.patch

@@ -0,0 +1,124 @@
+From 1e44604c0d4c2d4c1347c2a1027f1ea02a6499f9 Mon Sep 17 00:00:00 2001
+From: Mark McLoughlin <markmc@redhat.com>
+Date: Fri, 14 Aug 2009 08:31:11 +0100
+Subject: [PATCH] Reset and re-attach PCI host devices on guest shutdown
+
+https://bugzilla.redhat.com/499561
+
+When the guest shuts down, we should attempt to restore all PCI host
+devices to a sane state.
+
+In the case of managed hostdevs, we should reset and re-attach the
+devices. In the case of unmanaged hostdevs, we should just reset them.
+
+Note, KVM will already reset assigned devices when the guest shuts
+down using whatever means it can, so we are only doing it to cover the
+cases the kernel can't handle.
+
+* src/qemu_driver.c: add qemuDomainReAttachHostDevices() and call
+  it from qemudShutdownVMDaemon()
+
+(cherry picked from commit 4035152a8767e72fd4e26a91cb4d5afa75b72e61)
+
+Fedora-patch: libvirt-reattach-pci-hostdevs-after-guest-shutdown.patch
+---
+ src/qemu_driver.c |   76 +++++++++++++++++++++++++++++++++++++++++++++++++++++
+ 1 files changed, 76 insertions(+), 0 deletions(-)
+
+diff --git a/src/qemu_driver.c b/src/qemu_driver.c
+index ce04beb..ddd3693 100644
+--- a/src/qemu_driver.c
++++ b/src/qemu_driver.c
+@@ -1282,6 +1282,80 @@ error:
+     return -1;
+ }
+ 
++static void
++qemuDomainReAttachHostDevices(virConnectPtr conn, virDomainDefPtr def)
++{
++    int i;
++
++    /* Again 2 loops; reset all the devices before re-attach */
++
++    for (i = 0 ; i < def->nhostdevs ; i++) {
++        virDomainHostdevDefPtr hostdev = def->hostdevs[i];
++        pciDevice *dev;
++
++        if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
++            continue;
++        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
++            continue;
++
++        dev = pciGetDevice(conn,
++                           hostdev->source.subsys.u.pci.domain,
++                           hostdev->source.subsys.u.pci.bus,
++                           hostdev->source.subsys.u.pci.slot,
++                           hostdev->source.subsys.u.pci.function);
++        if (!dev) {
++            virErrorPtr err = virGetLastError();
++            VIR_ERROR(_("Failed to allocate pciDevice: %s\n"),
++                      err ? err->message : "");
++            virResetError(err);
++            continue;
++        }
++
++        if (pciResetDevice(conn, dev) < 0) {
++            virErrorPtr err = virGetLastError();
++            VIR_ERROR(_("Failed to reset PCI device: %s\n"),
++                      err ? err->message : "");
++            virResetError(err);
++        }
++
++        pciFreeDevice(conn, dev);
++    }
++
++    for (i = 0 ; i < def->nhostdevs ; i++) {
++        virDomainHostdevDefPtr hostdev = def->hostdevs[i];
++        pciDevice *dev;
++
++        if (hostdev->mode != VIR_DOMAIN_HOSTDEV_MODE_SUBSYS)
++            continue;
++        if (hostdev->source.subsys.type != VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_PCI)
++            continue;
++        if (!hostdev->managed)
++            continue;
++
++        dev = pciGetDevice(conn,
++                           hostdev->source.subsys.u.pci.domain,
++                           hostdev->source.subsys.u.pci.bus,
++                           hostdev->source.subsys.u.pci.slot,
++                           hostdev->source.subsys.u.pci.function);
++        if (!dev) {
++            virErrorPtr err = virGetLastError();
++            VIR_ERROR(_("Failed to allocate pciDevice: %s\n"),
++                      err ? err->message : "");
++            virResetError(err);
++            continue;
++        }
++
++        if (pciDettachDevice(conn, dev) < 0) {
++            virErrorPtr err = virGetLastError();
++            VIR_ERROR(_("Failed to reset PCI device: %s\n"),
++                      err ? err->message : "");
++            virResetError(err);
++        }
++
++        pciFreeDevice(conn, dev);
++    }
++}
++
+ static int qemudDomainSetSecurityLabel(virConnectPtr conn, struct qemud_driver *driver, virDomainObjPtr vm)
+ {
+     if (vm->def->seclabel.label != NULL)
+@@ -1560,6 +1634,8 @@ static void qemudShutdownVMDaemon(virConnectPtr conn ATTRIBUTE_UNUSED,
+         VIR_FREE(vm->def->seclabel.imagelabel);
+     }
+ 
++    qemuDomainReAttachHostDevices(conn, vm->def);
++
+     if (qemudRemoveDomainStatus(conn, driver, vm) < 0) {
+         VIR_WARN(_("Failed to remove domain status for %s"),
+                  vm->def->name);
+-- 
+1.6.2.5
+

sources

@@ -1 +1 @@
-SHA512 (libvirt-5.1.0.tar.xz) = ca64d7be683614bdeb20a8865655fe80f911cf13c00aed2334db3a2e4131e1dd6fe5e9663a24e6f82161ad5aa53f1a2637cd21730eed46e4764b7eebced94f3f
+3035b484861516a1cd425acef1e760e3  libvirt-0.6.2.tar.gz