Disable -Werror on mingw builds

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

0001-Fix-off-by-one-error-in-udevListInterfacesByStatus.patch

@@ -0,0 +1,40 @@
+From 76cdc7adf55723ff8da146bd3c15c64d0afd5d93 Mon Sep 17 00:00:00 2001
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Tue, 27 Feb 2024 16:20:12 +0100
+Subject: [PATCH] Fix off-by-one error in udevListInterfacesByStatus
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Ever since this function was introduced in 2012 it could've tried
+filling in an extra interface name.  That was made worse in 2019 when
+the caller functions started accepting NULL arrays of size 0.
+
+This is assigned CVE-2024-1441.
+
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reported-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
+Fixes: 5a33366f5c0b18c93d161bd144f9f079de4ac8ca
+Fixes: d6064e2759a24e0802f363e3a810dc5a7d7ebb15
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit c664015fe3a7bf59db26686e9ed69af011c6ebb8)
+---
+ src/interface/interface_backend_udev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
+index fb6799ed94..4091483060 100644
+--- a/src/interface/interface_backend_udev.c
++++ b/src/interface/interface_backend_udev.c
+@@ -222,7 +222,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
+         g_autoptr(virInterfaceDef) def = NULL;
+ 
+         /* Ensure we won't exceed the size of our array */
+-        if (count > names_len)
++        if (count >= names_len)
+             break;
+ 
+         path = udev_list_entry_get_name(dev_entry);
+-- 
+2.43.0
+

0001-build-support-explicitly-disabling-netcf.patch

@@ -1,56 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Thu, 21 Jan 2021 16:01:06 -0500
-Subject: [PATCH] build: support explicitly disabling netcf
-
-placing "-Dnetcf=disabled" on the meson commandline was ignored,
-meaning that even with that option the build would get WITH_NETCF if
-the netcf-devel package was found - the only way to disable it was to
-uninstall netcf-devel.
-
-This patch adds the small bit of logic to check the netcf meson
-commandline option (in addition to whether netcf-devel is installed)
-before defining WITH_NETCF.
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Neal Gompa <ngompa13@gmail.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 06169a115d46d8870a96d293c2faf6ea87e71020)
----
- meson.build | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index b5164f68ed..e9d6d9f82e 100644
---- a/meson.build
-+++ b/meson.build
-@@ -1155,8 +1155,10 @@ libm_dep = cc.find_library('m', required : false)
- 
- netcf_version = '0.1.8'
- netcf_dep = dependency('netcf', version: '>=' + netcf_version, required: get_option('netcf'))
--if netcf_dep.found()
--  conf.set('WITH_NETCF', 1)
-+if not get_option('netcf').disabled()
-+  if netcf_dep.found()
-+    conf.set('WITH_NETCF', 1)
-+  endif
- endif
- 
- have_gnu_gettext_tools = false
-@@ -1550,7 +1552,7 @@ elif get_option('driver_hyperv').enabled()
-   error('openwsman is required for the Hyper-V driver')
- endif
- 
--if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or netcf_dep.found())
-+if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or conf.has('WITH_NETCF'))
-   conf.set('WITH_INTERFACE', 1)
- elif get_option('driver_interface').enabled()
-   error('Requested the Interface driver without netcf or udev and libvirtd support')
-@@ -2362,7 +2364,7 @@ libs_summary = {
-   'libssh': libssh_dep.found(),
-   'libssh2': libssh2_dep.found(),
-   'libutil': libutil_dep.found(),
--  'netcf': netcf_dep.found(),
-+  'netcf': conf.has('WITH_NETCF'),
-   'NLS': have_gnu_gettext_tools,
-   'numactl': numactl_dep.found(),
-   'openwsman': openwsman_dep.found(),

0001-interface-fix-udev-reference-leak-with-invalid-flags.patch

@@ -0,0 +1,41 @@
+From 3499354e12a1c1832bf4030693a64e03ceb79d05 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Wed, 5 Jun 2024 11:16:21 +0100
+Subject: [PATCH] interface: fix udev reference leak with invalid flags
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The udevInterfaceGetXMLDesc method takes a reference on the udev
+driver as its first action. If the virCheckFlags() condition
+fails, however, this reference is never released.
+
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/interface/interface_backend_udev.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
+index fdf11a8318..e1a50389c9 100644
+--- a/src/interface/interface_backend_udev.c
++++ b/src/interface/interface_backend_udev.c
+@@ -1027,12 +1027,14 @@ static char *
+ udevInterfaceGetXMLDesc(virInterfacePtr ifinfo,
+                         unsigned int flags)
+ {
+-    struct udev *udev = udev_ref(driver->udev);
++    struct udev *udev = NULL;
+     g_autoptr(virInterfaceDef) ifacedef = NULL;
+     char *xmlstr = NULL;
+ 
+     virCheckFlags(VIR_INTERFACE_XML_INACTIVE, NULL);
+ 
++    udev = udev_ref(driver->udev);
++
+     /* Recursively build up the interface XML based on the requested
+      * interface name
+      */
+-- 
+2.45.1
+

0001-interface-fix-udev_device_get_sysattr_value-return-v.patch

@@ -0,0 +1,90 @@
+From c120b31f826cd51127d28f8beaa61ac0d5f03048 Mon Sep 17 00:00:00 2001
+From: Dmitry Frolov <frolov@swemel.ru>
+Date: Tue, 12 Sep 2023 15:56:47 +0300
+Subject: [PATCH] interface: fix udev_device_get_sysattr_value return value
+ check
+
+Reviewing the code I found that return value of function
+udev_device_get_sysattr_value() is dereferenced without a check.
+udev_device_get_sysattr_value() may return NULL by number of reasons.
+
+v2: VIR_DEBUG added, replaced STREQ(NULLSTR()) with STREQ_NULLABLE()
+v3: More checks added, to skip earlier. More verbose VIR_DEBUG.
+
+Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
+(cherry picked from commit 2ca94317ac642a70921947150ced8acc674ccdc8)
+---
+ src/interface/interface_backend_udev.c | 26 +++++++++++++++++++-------
+ 1 file changed, 19 insertions(+), 7 deletions(-)
+
+diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
+index a0485ddd21..fb6799ed94 100644
+--- a/src/interface/interface_backend_udev.c
++++ b/src/interface/interface_backend_udev.c
+@@ -23,6 +23,7 @@
+ #include <dirent.h>
+ #include <libudev.h>
+ 
++#include "virlog.h"
+ #include "virerror.h"
+ #include "virfile.h"
+ #include "datatypes.h"
+@@ -40,6 +41,8 @@
+ 
+ #define VIR_FROM_THIS VIR_FROM_INTERFACE
+ 
++VIR_LOG_INIT("interface.interface_backend_udev");
++
+ struct udev_iface_driver {
+     struct udev *udev;
+     /* pid file FD, ensures two copies of the driver can't use the same root */
+@@ -354,11 +357,20 @@ udevConnectListAllInterfaces(virConnectPtr conn,
+         const char *macaddr;
+         g_autoptr(virInterfaceDef) def = NULL;
+ 
+-        path = udev_list_entry_get_name(dev_entry);
+-        dev = udev_device_new_from_syspath(udev, path);
+-        name = udev_device_get_sysname(dev);
++        if (!(path = udev_list_entry_get_name(dev_entry))) {
++            VIR_DEBUG("Skipping interface, path == NULL");
++            continue;
++        }
++        if (!(dev = udev_device_new_from_syspath(udev, path))) {
++            VIR_DEBUG("Skipping interface '%s', dev == NULL", path);
++            continue;
++        }
++        if (!(name = udev_device_get_sysname(dev))) {
++            VIR_DEBUG("Skipping interface '%s', name == NULL", path);
++            continue;
++        }
+         macaddr = udev_device_get_sysattr_value(dev, "address");
+-        status = STREQ(udev_device_get_sysattr_value(dev, "operstate"), "up");
++        status = STREQ_NULLABLE(udev_device_get_sysattr_value(dev, "operstate"), "up");
+ 
+         def = udevGetMinimalDefForDevice(dev);
+         if (!virConnectListAllInterfacesCheckACL(conn, def)) {
+@@ -964,9 +976,9 @@ udevGetIfaceDef(struct udev *udev, const char *name)
+ 
+     /* MTU */
+     mtu_str = udev_device_get_sysattr_value(dev, "mtu");
+-    if (virStrToLong_ui(mtu_str, NULL, 10, &mtu) < 0) {
++    if (!mtu_str || virStrToLong_ui(mtu_str, NULL, 10, &mtu) < 0) {
+         virReportError(VIR_ERR_INTERNAL_ERROR,
+-                _("Could not parse MTU value '%1$s'"), mtu_str);
++                _("Could not parse MTU value '%1$s'"), NULLSTR(mtu_str));
+         goto error;
+     }
+     ifacedef->mtu = mtu;
+@@ -1089,7 +1101,7 @@ udevInterfaceIsActive(virInterfacePtr ifinfo)
+        goto cleanup;
+ 
+     /* Check if it's active or not */
+-    status = STREQ(udev_device_get_sysattr_value(dev, "operstate"), "up");
++    status = STREQ_NULLABLE(udev_device_get_sysattr_value(dev, "operstate"), "up");
+ 
+     udev_device_unref(dev);
+ 
+-- 
+2.43.0
+

0001-rpc-avoid-leak-of-GSource-in-use-for-interrupting-ma.patch

@@ -0,0 +1,49 @@
+From 98f1cf88fa7e0f992d93f376418fbfb3996a9690 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Fri, 17 May 2024 14:55:24 +0100
+Subject: [PATCH] rpc: avoid leak of GSource in use for interrupting main loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We never release the reference on the GSource created for
+interrupting the main loop, nor do we remove it from the
+main context if our thread is woken up prior to the wakeup
+callback firing.
+
+This can result in a leak of GSource objects, along with an
+ever growing list of GSources attached to the main context,
+which will gradually slow down execution of the loop, as
+several operations are O(N) for the number of attached GSource
+objects.
+
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/rpc/virnetclient.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 147b0d661a..6d424eb599 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1946,7 +1946,7 @@ static int virNetClientIO(virNetClient *client,
+     /* Check to see if another thread is dispatching */
+     if (client->haveTheBuck) {
+         /* Force other thread to wakeup from poll */
+-        GSource *wakeup = g_idle_source_new();
++        g_autoptr(GSource) wakeup = g_idle_source_new();
+         g_source_set_callback(wakeup, virNetClientIOWakeup, client->eventLoop, NULL);
+         g_source_attach(wakeup, client->eventCtx);
+ 
+@@ -1968,6 +1968,7 @@ static int virNetClientIO(virNetClient *client,
+             return -1;
+         }
+ 
++        g_source_destroy(wakeup);
+         VIR_DEBUG("Woken up from sleep head=%p call=%p",
+                   client->waitDispatch, thiscall);
+         /* Three reasons we can be woken up
+-- 
+2.45.1
+

0001-rpc-ensure-temporary-GSource-is-removed-from-client-.patch

@@ -0,0 +1,99 @@
+From 8074d64dc2eca846d6a61efe1a9b7428a0ce1dd1 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 30 Apr 2024 11:51:15 +0100
+Subject: [PATCH] rpc: ensure temporary GSource is removed from client event
+ loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Users are seeing periodic segfaults from libvirt client apps,
+especially thread heavy ones like virt-manager. A typical
+stack trace would end up in the virNetClientIOEventFD method,
+with illegal access to stale stack data. eg
+
+==238721==ERROR: AddressSanitizer: stack-use-after-return on address 0x75cd18709788 at pc 0x75cd3111f907 bp 0x75cd181ff550 sp 0x75cd181ff548
+WRITE of size 4 at 0x75cd18709788 thread T11
+    #0 0x75cd3111f906 in virNetClientIOEventFD /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1634:15
+    #1 0x75cd3210d198  (/usr/lib/libglib-2.0.so.0+0x5a198) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
+    #2 0x75cd3216c3be  (/usr/lib/libglib-2.0.so.0+0xb93be) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
+    #3 0x75cd3210ddc6 in g_main_loop_run (/usr/lib/libglib-2.0.so.0+0x5adc6) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
+    #4 0x75cd3111a47c in virNetClientIOEventLoop /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1722:9
+    #5 0x75cd3111a47c in virNetClientIO /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2002:10
+    #6 0x75cd3111a47c in virNetClientSendInternal /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2170:11
+    #7 0x75cd311198a8 in virNetClientSendWithReply /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2198:11
+    #8 0x75cd31111653 in virNetClientProgramCall /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclientprogram.c:318:9
+    #9 0x75cd31241c8f in callFull /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6054:10
+    #10 0x75cd31241c8f in call /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6076:12
+    #11 0x75cd31241c8f in remoteNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/src/remote/remote_client_bodies.h:5959:9
+    #12 0x75cd31410ff7 in virNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/libvirt-network.c:952:15
+
+The root cause is a bad assumption in the virNetClientIOEventLoop
+method. This method is run by whichever thread currently owns the
+buck, and is responsible for handling I/O. Inside a for(;;) loop,
+this method creates a temporary GSource, adds it to the event loop
+and runs g_main_loop_run(). When I/O is ready, the GSource callback
+(virNetClientIOEventFD) will fire and call g_main_loop_quit(), and
+return G_SOURCE_REMOVE which results in the temporary GSource being
+destroyed. A g_autoptr() will then remove the last reference.
+
+What was overlooked, is that a second thread can come along and
+while it can't enter virNetClientIOEventLoop, it will register an
+idle source that uses virNetClientIOWakeup to interrupt the
+original thread's 'g_main_loop_run' call. When this happens the
+virNetClientIOEventFD callback never runs, and so the temporary
+GSource is not destroyed. The g_autoptr() will remove a reference,
+but by virtue of still being attached to the event context, there
+is an extra reference held causing GSource to be leaked. The
+next time 'g_main_loop_run' is called, the original GSource will
+trigger its callback, and access data that was allocated on the
+stack by the previous thread, and likely SEGV.
+
+To solve this, the thread calling 'g_main_loop_run' must call
+g_source_destroy, immediately upon return, to guarantee that
+the temporary GSource is removed.
+
+CVE-2024-4418
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Reported-by: Martin Shirokov <shirokovmartin@gmail.com>
+Tested-by: Martin Shirokov <shirokovmartin@gmail.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/rpc/virnetclient.c | 14 +++++++++++++-
+ 1 file changed, 13 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 68098b1c8d..147b0d661a 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1657,7 +1657,7 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ #endif /* !WIN32 */
+         int timeout = -1;
+         virNetMessage *msg = NULL;
+-        g_autoptr(GSource) G_GNUC_UNUSED source = NULL;
++        g_autoptr(GSource) source = NULL;
+         GIOCondition ev = 0;
+         struct virNetClientIOEventData data = {
+             .client = client,
+@@ -1721,6 +1721,18 @@ static int virNetClientIOEventLoop(virNetClient *client,
+ 
+         g_main_loop_run(client->eventLoop);
+ 
++        /*
++         * If virNetClientIOEventFD ran, this GSource will already be
++         * destroyed due to G_SOURCE_REMOVE. It is harmless to re-destroy
++         * it, since we still own a reference.
++         *
++         * If virNetClientIOWakeup ran, it will have interrupted the
++         * g_main_loop_run call, before virNetClientIOEventFD could
++         * run, and thus the GSource is still registered, and we need
++         * to destroy it since it is referencing stack memory for 'data'
++         */
++        g_source_destroy(source);
++
+ #ifndef WIN32
+         ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL));
+ #endif /* !WIN32 */
+-- 
+2.45.1
+

0001-rpc-fix-race-in-waking-up-client-event-loop.patch

@@ -0,0 +1,76 @@
+From 7cb03e6a28e465c49f0cabe8fe2e7d21edb5aadf Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Mon, 18 Dec 2023 12:17:18 +0000
+Subject: [PATCH] rpc: fix race in waking up client event loop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The first thread to issue a client RPC request will own the event
+loop execution, sitting in the virNetClientIOEventLoop function.
+
+It releases the client lock while running:
+
+   virNetClientUnlock()
+   g_main_loop_run()
+   virNetClientLock()
+
+If a second thread arrives with an RPC request, it will queue it
+for the first thread to process. To inform the first thread that
+there's a new request it calls g_main_loop_quit() to break it out
+of the main loop.
+
+This works if the first thread is in g_main_loop_run() at that
+time. There is a small window of opportunity, however, where
+the first thread has released the client lock, but not yet got
+into g_main_loop_run(). If that happens, the wakeup from the
+second thread is lost.
+
+This patch deals with that by changing the way the wakeup is
+performed. Instead of directly calling g_main_loop_quit(), the
+second thread creates an idle source to run the quit function
+from within the first thread. This guarantees that the first
+thread will see the wakeup.
+
+Tested by: Fima Shevrin <efim.shevrin@virtuozzo.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Denis V. Lunev <den@openvz.org>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/rpc/virnetclient.c | 13 ++++++++++++-
+ 1 file changed, 12 insertions(+), 1 deletion(-)
+
+diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
+index 4ab8af68c5..68098b1c8d 100644
+--- a/src/rpc/virnetclient.c
++++ b/src/rpc/virnetclient.c
+@@ -1848,6 +1848,15 @@ static void virNetClientIOUpdateCallback(virNetClient *client,
+ }
+ 
+ 
++static gboolean virNetClientIOWakeup(gpointer opaque)
++{
++    GMainLoop *loop = opaque;
++
++    g_main_loop_quit(loop);
++
++    return G_SOURCE_REMOVE;
++}
++
+ /*
+  * This function sends a message to remote server and awaits a reply
+  *
+@@ -1925,7 +1934,9 @@ static int virNetClientIO(virNetClient *client,
+     /* Check to see if another thread is dispatching */
+     if (client->haveTheBuck) {
+         /* Force other thread to wakeup from poll */
+-        g_main_loop_quit(client->eventLoop);
++        GSource *wakeup = g_idle_source_new();
++        g_source_set_callback(wakeup, virNetClientIOWakeup, client->eventLoop, NULL);
++        g_source_attach(wakeup, client->eventCtx);
+ 
+         /* If we are non-blocking, detach the thread and keep the call in the
+          * queue. */
+-- 
+2.43.0
+

0002-node_device_udev-Serialize-access-to-pci_get_strings.patch

@@ -1,72 +0,0 @@
-From: wangjian <wangjian161@huawei.com>
-Date: Fri, 26 Mar 2021 11:21:16 +0800
-Subject: [PATCH] node_device_udev: Serialize access to pci_get_strings)_
-
-Since the functions provided by libpciaccess are not thread-safe,
-when the udev-event and nodedev-init threads of libvirt call the
-pci_get_strings function provided by libpaciaccess at the same
-time the following can happen:
-
-nodedev-init thread:
-nodeStateInitializeEnumerate ->
-  udevEnumerateDevices->
-    udevProcessDeviceListEntry ->
-      udevAddOneDevice ->
-        udevGetDeviceDetails->
-          udevProcessPCI ->
-            udevTranslatePCIIds ->
-              pci_get_strings -> (libpciaccess)
-                find_device_name ->
-                  populate_vendor ->
-                    d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
-                    vend->num_devices++;
-
-udev-event thread:
-udevEventHandleThread ->
-  udevHandleOneDevice ->
-    udevAddOneDevice->
-      udevGetDeviceDetails->
-        udevProcessPCI ->
-          udevTranslatePCIIds ->
-            pci_get_strings -> (libpciaccess)
-              find_device_name ->
-                populate_vendor ->
-                  d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
-                  vend->num_devices++;
-
-Signed-off-by: WangJian <wangjian161@huawei.com>
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 59788a5caea5f292c86e07a31ee2b853d68db87e)
----
- src/node_device/node_device_udev.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
-index 55a2731681..6f0defe908 100644
---- a/src/node_device/node_device_udev.c
-+++ b/src/node_device/node_device_udev.c
-@@ -328,6 +328,7 @@ udevGenerateDeviceName(struct udev_device *device,
-     return 0;
- }
- 
-+static virMutex pciaccessMutex = VIR_MUTEX_INITIALIZER;
- 
- static int
- udevTranslatePCIIds(unsigned int vendor,
-@@ -346,12 +347,14 @@ udevTranslatePCIIds(unsigned int vendor,
-     m.device_class_mask = 0;
-     m.match_data = 0;
- 
--    /* pci_get_strings returns void */
-+    /* pci_get_strings returns void and unfortunately is not thread safe. */
-+    virMutexLock(&pciaccessMutex);
-     pci_get_strings(&m,
-                     &device_name,
-                     &vendor_name,
-                     NULL,
-                     NULL);
-+    virMutexUnlock(&pciaccessMutex);
- 
-     *vendor_string = g_strdup(vendor_name);
-     *product_string = g_strdup(device_name);

0003-virSetUIDGIDWithCaps-Don-t-drop-CAP_SETPCAP-right-aw.patch

@@ -1,53 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 24 Jun 2021 16:58:09 +0200
-Subject: [PATCH] virSetUIDGIDWithCaps: Don't drop CAP_SETPCAP right away
-
-There are few cases where we execute a virCommand with all caps
-cleared (virCommandClearCaps()). For instance
-dnsmasqCapsRefreshInternal() does just that. This means, that
-after fork() and before exec() the virSetUIDGIDWithCaps() is
-called. But since the caller did not want to change anything,
-just drop capabilities, these are the values of arguments:
-
-  virSetUIDGIDWithCaps (uid=-1, gid=-1, groups=0x0, ngroups=0,
-                        capBits=0, clearExistingCaps=true)
-
-This means that indeed all capabilities will be dropped,
-including CAP_SETPCAP. But this capability controls whether
-capabilities can be set, IOW whether capng_apply() succeeds.
-
-There are two calls of capng_apply() in the function. The
-CAP_SETPCAP is dropped after the first call and thus the other
-call (capng_apply(CAPNG_SELECT_BOUNDS);) fails.
-
-The solution is to keep the capability for as long as needed
-(just like CAP_SETGID and CAP_SETUID) and drop it only at the
-very end (just like CAP_SETGID and CAP_SETUID).
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1949388
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 438b50dda8a863fdc988e9ab612f097cc1626e8a)
----
- src/util/virutil.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/util/virutil.c b/src/util/virutil.c
-index a0cd0f1bcd..7ae23a7061 100644
---- a/src/util/virutil.c
-+++ b/src/util/virutil.c
-@@ -1202,12 +1202,10 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
-     }
- # ifdef PR_CAPBSET_DROP
-     /* If newer kernel, we need also need setpcap to change the bounding set */
--    if ((capBits || need_setgid || need_setuid) &&
--        !capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-+    if (!capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-         need_setpcap = true;
--    }
--    if (need_setpcap)
-         capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPCAP);
-+    }
- # endif
- 
-     /* Tell system we want to keep caps across uid change */

0004-security-fix-SELinux-label-generation-logic.patch

@@ -1,51 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Jun 2021 13:09:04 +0100
-Subject: [PATCH] security: fix SELinux label generation logic
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A process can access a file if the set of MCS categories
-for the file is equal-to *or* a subset-of, the set of
-MCS categories for the process.
-
-If there are two VMs:
-
-  a) svirt_t:s0:c117
-  b) svirt_t:s0:c117,c720
-
-Then VM (b) is able to access files labelled for VM (a).
-
-IOW, we must discard case where the categories are equal
-because that is a subset of many other valid category pairs.
-
-Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153
-CVE-2021-3631
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 15073504dbb624d3f6c911e85557019d3620fdb2)
----
- src/security/security_selinux.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 2fc6ef2616..61a871ec3d 100644
---- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -389,7 +389,15 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
-         VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
- 
-         if (c1 == c2) {
--            mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
-+            /*
-+             * A process can access a file if the set of MCS categories
-+             * for the file is equal-to *or* a subset-of, the set of
-+             * MCS categories for the process.
-+             *
-+             * IOW, we must discard case where the categories are equal
-+             * because that is a subset of other category pairs.
-+             */
-+            continue;
-         } else {
-             if (c1 > c2) {
-                 int t = c1;

0005-virSetUIDGIDWithCaps-Set-bounding-capabilities-only-.patch

@@ -1,43 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 22 Jul 2021 14:26:00 +0200
-Subject: [PATCH] virSetUIDGIDWithCaps: Set bounding capabilities only with
- CAP_SETPCAP
-
-In one of my previous patches I've tried to postpone dropping
-CAP_SETPCAP until the very end because it's needed for
-capng_apply(). What I did not realize back then was that we might
-not have the capability to begin with. Because of unknown reasons
-capng_apply() pollutes logs only for CAPNG_SELECT_BOUNDS and not
-for CAPNG_SELECT_CAPS.
-
-Reproducer is really simple: run libvirtd as a regular user.
-During its initialization, libvirtd will spawn some binaries
-(dnsmasq, qemu-*, etc.) and while doing so it will try to drop
-capabilities.
-
-Anyway, let's call capng_apply(CAPNG_SELECT_BOUNDS) only if we
-have the CAP_SETPCAP (which is tracked in need_setpcap variable).
-
-Fixes: 438b50dda8a863fdc988e9ab612f097cc1626e8a
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1924218
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Cole Robinson <crobinso@redhat.com>
-(cherry picked from commit a2476f37a7789eb9315b77bb451f4754ef4ef15b)
----
- src/util/virutil.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/virutil.c b/src/util/virutil.c
-index 7ae23a7061..333f99e91d 100644
---- a/src/util/virutil.c
-+++ b/src/util/virutil.c
-@@ -1269,7 +1269,8 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
-      * do this if we failed to get the capability above, so ignore the
-      * return value.
-      */
--    capng_apply(CAPNG_SELECT_BOUNDS);
-+    if (!need_setpcap)
-+        capng_apply(CAPNG_SELECT_BOUNDS);
- 
-     /* Drop the caps that allow setuid/gid (unless they were requested) */
-     if (need_setgid)

0006-qemu_firmware-don-t-error-out-for-unknown-firmware-f.patch

@@ -1,57 +0,0 @@
-From: Pavel Hrdina <phrdina@redhat.com>
-Date: Mon, 10 May 2021 15:07:09 +0200
-Subject: [PATCH] qemu_firmware: don't error out for unknown firmware features
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When QEMU introduces new firmware features libvirt will fail until we
-list that feature in our code as well which doesn't sound right.
-
-We should simply ignore the new feature until we add a proper support
-for it.
-
-Reported-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 61d95a1073833ec4323c1ef28e71e913c55aa7b9)
----
- src/qemu/qemu_firmware.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
-index 639cff7459..e602de22e3 100644
---- a/src/qemu/qemu_firmware.c
-+++ b/src/qemu/qemu_firmware.c
-@@ -573,6 +573,7 @@ qemuFirmwareFeatureParse(const char *path,
-     virJSONValuePtr featuresJSON;
-     g_autoptr(qemuFirmwareFeature) features = NULL;
-     size_t nfeatures;
-+    size_t nparsed = 0;
-     size_t i;
- 
-     if (!(featuresJSON = virJSONValueObjectGetArray(doc, "features"))) {
-@@ -592,17 +593,16 @@ qemuFirmwareFeatureParse(const char *path,
-         int tmp;
- 
-         if ((tmp = qemuFirmwareFeatureTypeFromString(tmpStr)) <= 0) {
--            virReportError(VIR_ERR_INTERNAL_ERROR,
--                           _("unknown feature %s"),
--                           tmpStr);
--            return -1;
-+            VIR_DEBUG("ignoring unknown QEMU firmware feature '%s'", tmpStr);
-+            continue;
-         }
- 
--        features[i] = tmp;
-+        features[nparsed] = tmp;
-+        nparsed++;
-     }
- 
-     fw->features = g_steal_pointer(&features);
--    fw->nfeatures = nfeatures;
-+    fw->nfeatures = nparsed;
-     return 0;
- }
- 

0007-storage_driver-Unlock-object-on-ACL-fail-in-storageP.patch

@@ -1,33 +0,0 @@
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Wed, 21 Jul 2021 11:22:25 +0200
-Subject: [PATCH] storage_driver: Unlock object on ACL fail in
- storagePoolLookupByTargetPath
-
-'virStoragePoolObjListSearch' returns a locked and refed object, thus we
-must release it on ACL permission failure.
-
-Fixes: 7aa0e8c0cb8
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87)
----
- src/storage/storage_driver.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
-index 16bc53aa46..2787c1671b 100644
---- a/src/storage/storage_driver.c
-+++ b/src/storage/storage_driver.c
-@@ -1739,8 +1739,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
-                                            storagePoolLookupByTargetPathCallback,
-                                            cleanpath))) {
-         def = virStoragePoolObjGetDef(obj);
--        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
-+        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
-+            virStoragePoolObjEndAPI(&obj);
-             return NULL;
-+        }
- 
-         pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
-         virStoragePoolObjEndAPI(&obj);

0008-wireshark-Switch-to-tvb_bytes_to_str.patch

@@ -1,81 +0,0 @@
-From 7e299ba649b1288d529c7595c0e6060c9ae0ff2a Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 29 Nov 2021 09:57:49 +0100
-Subject: [PATCH 1/2] wireshark: Switch to tvb_bytes_to_str()
-
-When the dissector sees a byte sequence that is either an opaque
-data (xdr_opaque) or a byte sequence (xdr_bytes) it formats the
-bytes as a hex numbers using our own implementation. But
-wireshark already provides a function for it: tvb_bytes_to_str().
-NB, the reason why it returns a const string is so that callers
-don't try to free it - the string is allocated using an allocator
-which will decide when to free it.
-
-The wireshark formatter was introduced in wireshark commit of
-v1.99.2~479 and thus is present in the version we require at
-least (2.6.0).
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
----
- tools/wireshark/src/packet-libvirt.c | 30 ++++++++--------------------
- 1 file changed, 8 insertions(+), 22 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index f43919b05d..cb922b8070 100644
---- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -158,24 +158,6 @@ dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     }
- }
- 
--static const gchar *
--format_xdr_bytes(guint8 *bytes, guint32 length)
--{
--    gchar *buf;
--    guint32 i;
--
--    if (length == 0)
--        return "";
--    buf = wmem_alloc(wmem_packet_scope(), length*2 + 1);
--    for (i = 0; i < length; i++) {
--        /* We know that buf has enough size to contain
--           2 * length + '\0' characters. */
--        g_snprintf(buf, 2*(length - i) + 1, "%02x", bytes[i]);
--        buf += 2;
--    }
--    return buf - length*2;
--}
--
- static gboolean
- dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-                    guint32 size)
-@@ -187,8 +169,10 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     val = g_malloc(size);
-     start = xdr_getpos(xdrs);
-     if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) {
--        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
--                                          NULL, "%s", format_xdr_bytes(val, size));
-+        gint len = xdr_getpos(xdrs) - start;
-+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+
-+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-     } else {
-         proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA);
-     }
-@@ -207,8 +191,10 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- 
-     start = xdr_getpos(xdrs);
-     if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) {
--        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
--                                          NULL, "%s", format_xdr_bytes(val, length));
-+        gint len = xdr_getpos(xdrs) - start;
-+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+
-+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-         /* Seems I can't call xdr_free() for this case.
-            It will raises SEGV by referencing out of bounds call stack */
-         free(val);
--- 
-2.33.1
-

0009-wireshark-Drop-needless-comment-in-dissect_xdr_bytes.patch

@@ -1,33 +0,0 @@
-From 010613cfd8dae6d85602a84c5c95b2d441e1b3d1 Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 29 Nov 2021 10:20:05 +0100
-Subject: [PATCH 2/2] wireshark: Drop needless comment in dissect_xdr_bytes()
-
-In the dissect_xdr_bytes() there's a comment that the string
-allocated by xdr_bytes() can't be freed using xdr_free(). Well,
-that is expected because xdr_bytes() used plain calloc() AND the
-string is not an XDR struct but plain 'char *' type. Passing it
-to xdr_free() must result in weird things happening.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
----
- tools/wireshark/src/packet-libvirt.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index cb922b8070..eeacbcdf0e 100644
---- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -195,8 +195,6 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-         const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
--        /* Seems I can't call xdr_free() for this case.
--           It will raises SEGV by referencing out of bounds call stack */
-         free(val);
-         return TRUE;
-     } else {
--- 
-2.33.1
-

libvirt-regression-input-default-bus.patch

@@ -0,0 +1,31 @@
+From c9056e682a8a67dc29e39eb01392fcf8ee978c31 Mon Sep 17 00:00:00 2001
+From: Jonathan Wright <jonathan@almalinux.org>
+Date: Wed, 3 Jan 2024 09:26:59 -0600
+Subject: [PATCH] conf: Restore setting default bus for input devices
+
+Prior to v9.3.0-rc1~30 we used to set default bus for <input/>
+devices, during XML parsing. In the commit this code was moved to
+a post parse callback. But somehow the line that sets the bus in
+one specific case disappeared. Bring it back.
+
+Resolves: https://gitlab.com/libvirt/libvirt/-/issues/577
+Fixes: c4bc4d3b82fbe22e03c986ca896090f481df5c10
+Signed-off-by: Jonathan Wright <jonathan@almalinux.org>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/conf/domain_postparse.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/conf/domain_postparse.c b/src/conf/domain_postparse.c
+index e79913b73f..ee27023f3e 100644
+--- a/src/conf/domain_postparse.c
++++ b/src/conf/domain_postparse.c
+@@ -657,6 +657,7 @@ virDomainInputDefPostParse(virDomainInputDef *input,
+             if ((input->type == VIR_DOMAIN_INPUT_TYPE_MOUSE ||
+                  input->type == VIR_DOMAIN_INPUT_TYPE_KBD) &&
+                 (ARCH_IS_X86(def->os.arch) || def->os.arch == VIR_ARCH_NONE)) {
++                    input->bus = VIR_DOMAIN_INPUT_BUS_PS2;
+             } else if (ARCH_IS_S390(def->os.arch) ||
+                        input->type == VIR_DOMAIN_INPUT_TYPE_PASSTHROUGH) {
+                 input->bus = VIR_DOMAIN_INPUT_BUS_VIRTIO;
+-- 

sources

@@ -1 +1 @@
-SHA512 (libvirt-7.0.0.tar.xz) = dd6db5ec4971cf4c6059795fd81d5a3a889b10740e34c3c92271eda1c683c99df2c8f923398065d8a7c4f987a20eb1da617d5297ba8ea5a31f154412af50c343
+SHA512 (libvirt-9.7.0.tar.xz) = dd771822c0fa0861a32cab9d7f82235b101867fa0a4e8cf9a857ddfb2347e41b625b1e6f8791c4b3543fec836a1a23cae1fac4ce4b40debd51f2097bae46c949