!34 bugfix: cherry-pick some bugfix patches from openEuler-20.09 branch

From: @zhendongchen
Reviewed-by: @xydong
Signed-off-by: @xydong

libvirt-Don-t-require-secdrivers-to-implement-.domainMoveIma.patch

@@ -0,0 +1,42 @@
+From 19845de491a3102df4256a3457c7d5669bccda63 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 18 May 2020 10:07:30 +0200
+Subject: [PATCH] Don't require secdrivers to implement
+ .domainMoveImageMetadata
+
+The AppArmor secdriver does not use labels to grant access to
+resources. Therefore, it doesn't use XATTRs and hence it lacks
+implementation of .domainMoveImageMetadata callback. This leads
+to a harmless but needless error message appearing in the logs:
+
+  virSecurityManagerMoveImageMetadata:476 : this function is not
+  supported by the connection driver: virSecurityManagerMoveImageMetadata
+
+Closes: https://gitlab.com/libvirt/libvirt/-/issues/25
+
+cherry-pick from commit: cc8c297e473afd55e5d8e35e18345d8df176059d
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/security/security_manager.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/security/security_manager.c b/src/security/security_manager.c
+index fe03274..1445291 100644
+--- a/src/security/security_manager.c
++++ b/src/security/security_manager.c
+@@ -473,8 +473,7 @@ virSecurityManagerMoveImageMetadata(virSecurityManagerPtr mgr,
+         return ret;
+     }
+ 
+-    virReportUnsupportedError();
+-    return -1;
++    return 0;
+ }
+ 
+ 
+-- 
+1.8.3.1
+

libvirt-Fix-some-wrong-usage-of-ATTRIBUTE_NONNULL.patch

@@ -0,0 +1,56 @@
+From 42e4b74e1bbd08aad3afa46d741e46c40a8af73d Mon Sep 17 00:00:00 2001
+From: Bihong Yu <yubihong@huawei.com>
+Date: Sat, 6 Jun 2020 18:52:35 +0800
+Subject: [PATCH] Fix some wrong usage of ATTRIBUTE_NONNULL()
+
+The virStateInitialize() function has ATTRIBUTE_NONNULL()
+referring to @root argument (incorrectly anyway) but in
+daemonRunStateInit() NULL is passed in anyway.
+
+Then there is virCommandAddArgPair() which also has
+ATTRIBUTE_NONNULL() for one of its arguments and then checks the
+argument for being NULL anyways.
+
+cherry-pick from commit: 2a372a5ad5fab3bf26fb9bea019d38fa04ba8b34
+
+Signed-off-by:Bihong Yu <yubihong@huawei.com>
+Reviewed-by:Chuan Zheng <zhengchuan@huawei.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/libvirt_internal.h | 3 +--
+ src/util/vircommand.h  | 3 +--
+ 2 files changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/src/libvirt_internal.h b/src/libvirt_internal.h
+index 00ef7aa..72c6127 100644
+--- a/src/libvirt_internal.h
++++ b/src/libvirt_internal.h
+@@ -33,8 +33,7 @@ int virStateInitialize(bool privileged,
+                        bool mandatory,
+                        const char *root,
+                        virStateInhibitCallback inhibit,
+-                       void *opaque)
+-    ATTRIBUTE_NONNULL(2);
++                       void *opaque);
+ int virStateCleanup(void);
+ int virStateReload(void);
+ int virStateStop(void);
+diff --git a/src/util/vircommand.h b/src/util/vircommand.h
+index 9086f9a..4e6cb0a 100644
+--- a/src/util/vircommand.h
++++ b/src/util/vircommand.h
+@@ -128,8 +128,7 @@ void virCommandAddArgFormat(virCommandPtr cmd,
+ 
+ void virCommandAddArgPair(virCommandPtr cmd,
+                           const char *name,
+-                          const char *val)
+-    ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3);
++                          const char *val);
+ 
+ void virCommandAddArgSet(virCommandPtr cmd,
+                          const char *const*vals) ATTRIBUTE_NONNULL(2);
+-- 
+1.8.3.1
+

libvirt-conf-Increase-cpuset-length-limit-for-CPU-pinning.patch

@@ -0,0 +1,33 @@
+From fc8c41dbb52eb9ce3ee36680ecb53a41f4146610 Mon Sep 17 00:00:00 2001
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Thu, 11 Jun 2020 13:53:27 +0200
+Subject: [PATCH] conf: Increase cpuset length limit for CPU pinning
+
+Domains are now allowed to be pinned to host CPUs with IDs up to 16383.
+The new limit is as arbitrary as the old one. It's just bigger.
+
+cherry-pick from commit: e728ffba5119cfb1488aa7363fef596940449f50
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/conf/domain_conf.h | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
+index a40773a..16e6253 100644
+--- a/src/conf/domain_conf.h
++++ b/src/conf/domain_conf.h
+@@ -2241,7 +2241,7 @@ struct _virDomainHugePage {
+     unsigned long long size;    /* hugepage size in KiB */
+ };
+ 
+-#define VIR_DOMAIN_CPUMASK_LEN 1024
++#define VIR_DOMAIN_CPUMASK_LEN 16384
+ 
+ struct _virDomainIOThreadIDDef {
+     bool autofill;
+-- 
+1.8.3.1
+

libvirt-conf-vmx-check-for-OOM-after-calling-xmlBufferCreate.patch

@@ -0,0 +1,100 @@
+From 657c7f5d79fe43823ffb4d46e244bea15a65baf6 Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@redhat.com>
+Date: Thu, 18 Jun 2020 12:49:09 -0400
+Subject: [PATCH 1/6] conf, vmx: check for OOM after calling xmlBufferCreate()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Although libvirt itself uses g_malloc0() and friends, which exit when
+there isn't enouogh memory, libxml2 uses standard malloc(), which just
+returns NULL on OOM - this means we must check for NULL on return from
+any libxml2 functions that allocate memory.
+
+xmlBufferCreate(), for example, might return NULL, and we don't always
+check for it. This patch adds checks where it isn't already done.
+
+(NB: Although libxml2 has a provision for changing behavior on OOM (by
+calling xmlMemSetup() to change what functions are used to
+allocating/freeing memory), we can't use that, since parts of libvirt
+code end up in libvirt.so, which is linked and called directly by
+applications that may themselves use libxml2 (and may have already set
+their own alternate malloc()), e.g. drivers like esx which live totally
+in the library rather than a separate process.)
+
+cherry pick from: b7a92bce070fd57844a59bf8b1c30cb4ef4f3acd
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/conf/domain_conf.c  |  6 +++++-
+ src/conf/network_conf.c |  6 +++++-
+ src/vmx/vmx.c           | 11 +++++++----
+ 3 files changed, 17 insertions(+), 6 deletions(-)
+
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 914e03c..37c785a 100644
+--- a/src/conf/domain_conf.c
++++ b/src/conf/domain_conf.c
+@@ -29022,7 +29022,11 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def,
+          * Thankfully, libxml maps what looks like globals into
+          * thread-local uses, so we are thread-safe.  */
+         xmlIndentTreeOutput = 1;
+-        xmlbuf = xmlBufferCreate();
++        if (!(xmlbuf = xmlBufferCreate())) {
++            virReportOOMError();
++            goto error;
++        }
++
+         if (xmlNodeDump(xmlbuf, def->metadata->doc, def->metadata,
+                         virBufferGetIndent(buf) / 2, 1) < 0) {
+             xmlBufferFree(xmlbuf);
+diff --git a/src/conf/network_conf.c b/src/conf/network_conf.c
+index 819b645..c379042 100644
+--- a/src/conf/network_conf.c
++++ b/src/conf/network_conf.c
+@@ -2478,7 +2478,11 @@ virNetworkDefFormatBuf(virBufferPtr buf,
+          * Thankfully, libxml maps what looks like globals into
+          * thread-local uses, so we are thread-safe.  */
+         xmlIndentTreeOutput = 1;
+-        xmlbuf = xmlBufferCreate();
++        if (!(xmlbuf = xmlBufferCreate())) {
++            virReportOOMError();
++            return -1;
++        }
++
+         if (xmlNodeDump(xmlbuf, def->metadata->doc, def->metadata,
+                         virBufferGetIndent(buf) / 2, 1) < 0) {
+             xmlBufferFree(xmlbuf);
+diff --git a/src/vmx/vmx.c b/src/vmx/vmx.c
+index b1fd118..fbc8366 100644
+--- a/src/vmx/vmx.c
++++ b/src/vmx/vmx.c
+@@ -697,8 +697,8 @@ virVMXConvertToUTF8(const char *encoding, const char *string)
+ {
+     char *result = NULL;
+     xmlCharEncodingHandlerPtr handler;
+-    xmlBufferPtr input;
+-    xmlBufferPtr utf8;
++    xmlBufferPtr input = NULL;
++    xmlBufferPtr utf8 = NULL;
+ 
+     handler = xmlFindCharEncodingHandler(encoding);
+ 
+@@ -708,8 +708,11 @@ virVMXConvertToUTF8(const char *encoding, const char *string)
+         return NULL;
+     }
+ 
+-    input = xmlBufferCreateStatic((char *)string, strlen(string));
+-    utf8 = xmlBufferCreate();
++    if (!(input = xmlBufferCreateStatic((char *)string, strlen(string))) ||
++        !(utf8 = xmlBufferCreate())) {
++        virReportOOMError();
++        goto cleanup;
++    }
+ 
+     if (xmlCharEncInFunc(handler, utf8, input) < 0) {
+         virReportError(VIR_ERR_INTERNAL_ERROR,
+-- 
+1.8.3.1
+

libvirt-leaseshelper-Report-more-errors.patch

@@ -0,0 +1,66 @@
+From cc842aa3030697b1a454e15ccfb2a201e57d5602 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 15 Jun 2020 12:53:48 +0200
+Subject: [PATCH 3/6] leaseshelper: Report more errors
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Some functions or code paths that may fail don't report error
+(e.g. when acquiring PID file fails) leading to a silent quit
+of the leaseshelper. This makes it super hard for us and users
+to debug what is happening. Fortunately, dnsmasq captures both
+stdout and stderr so we can write an error message there.
+
+cherry pick from: 9ed345ac1a035c8cf1de37431de638f4bac41de3
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/network/leaseshelper.c | 18 ++++++++++++++----
+ 1 file changed, 14 insertions(+), 4 deletions(-)
+
+diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c
+index 86c847d..2b5fc0f 100644
+--- a/src/network/leaseshelper.c
++++ b/src/network/leaseshelper.c
+@@ -131,8 +131,10 @@ main(int argc, char **argv)
+      * events for expired leases. So, libvirtd sets another env var for this
+      * purpose */
+     if (!interface &&
+-        !(interface = getenv("VIR_BRIDGE_NAME")))
+-        goto cleanup;
++        !(interface = getenv("VIR_BRIDGE_NAME"))) {
++        fprintf(stderr, _("interface not set\n"));
++        exit(EXIT_FAILURE);
++    }
+ 
+     ip = argv[3];
+     mac = argv[2];
+@@ -160,13 +162,21 @@ main(int argc, char **argv)
+     pid_file = g_strdup(RUNSTATEDIR "/leaseshelper.pid");
+ 
+     /* Try to claim the pidfile, exiting if we can't */
+-    if ((pid_file_fd = virPidFileAcquirePath(pid_file, true, getpid())) < 0)
++    if ((pid_file_fd = virPidFileAcquirePath(pid_file, true, getpid())) < 0) {
++        fprintf(stderr,
++                _("Unable to acquire PID file: %s\n errno=%d"),
++                pid_file, errno);
+         goto cleanup;
++    }
+ 
+     /* Since interfaces can be hot plugged, we need to make sure that the
+      * corresponding custom lease file exists. If not, 'touch' it */
+-    if (virFileTouch(custom_lease_file, 0644) < 0)
++    if (virFileTouch(custom_lease_file, 0644) < 0) {
++        fprintf(stderr,
++                _("Unable to create: %s\n errno=%d"),
++                custom_lease_file, errno);
+         goto cleanup;
++    }
+ 
+     switch ((enum virLeaseActionFlags) action) {
+     case VIR_LEASE_ACTION_ADD:
+-- 
+1.8.3.1
+

libvirt-leaseshelper-Wait-to-acquire-PID-file.patch

@@ -0,0 +1,45 @@
+From 173b80e8f8103f26438d344e9b97335d4e5036b4 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Thu, 11 Jun 2020 16:43:22 +0200
+Subject: [PATCH 2/6] leaseshelper: Wait to acquire PID file
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+On a DHCP transaction, dnsmasq runs our leases helper which
+updates corresponding JSON files. While one dnsmasq won't run the
+leaseshelper in parallel, two dnsmasqs (from two distinct
+networks) might. To avoid corrupting JSON file, the leaseshelper
+acquires PID file first. Well, the way it's acquiring it is not
+ideal - it calls virPidFileAcquirePath(wait = false); which
+means, that either it acquires the PID file instantly or returns
+an error and does not touch the JSON at all. This in turn means
+that there might be a leases record missing. With wait = true,
+this won't happen.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1840307
+
+cherry pick from: 876211ef4a192df1603b45715044ec14567d7e9f
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+---
+ src/network/leaseshelper.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/network/leaseshelper.c b/src/network/leaseshelper.c
+index a1780ca..86c847d 100644
+--- a/src/network/leaseshelper.c
++++ b/src/network/leaseshelper.c
+@@ -160,7 +160,7 @@ main(int argc, char **argv)
+     pid_file = g_strdup(RUNSTATEDIR "/leaseshelper.pid");
+ 
+     /* Try to claim the pidfile, exiting if we can't */
+-    if ((pid_file_fd = virPidFileAcquirePath(pid_file, false, getpid())) < 0)
++    if ((pid_file_fd = virPidFileAcquirePath(pid_file, true, getpid())) < 0)
+         goto cleanup;
+ 
+     /* Since interfaces can be hot plugged, we need to make sure that the
+-- 
+1.8.3.1
+

libvirt-libxl-fix-crash-when-initializing-driver.patch

@@ -0,0 +1,48 @@
+From 0e95f7b912055cf254b71b0b02dcb0acf7da3870 Mon Sep 17 00:00:00 2001
+From: Jim Fehlig <jfehlig@suse.com>
+Date: Fri, 3 Apr 2020 15:51:48 -0600
+Subject: [PATCH 1/8] libxl: fix crash when initializing driver
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit 54a401af478 split out DriverConfigInit from DriverConfigNew, but
+then called it a bit late from libxlStateInitialize. The cfg is used in
+libxlDriverConfigLoadFile and when uninitialized results in a crash.
+Calling DriverConfigInit immediately after DriverConfigNew fixes the
+crash.
+
+Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry-picked from commit 88011ed2)
+Signed-off-by: AlexChen <alex.chen@huawei.com>
+---
+ src/libxl/libxl_driver.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/libxl/libxl_driver.c b/src/libxl/libxl_driver.c
+index 7ec4fcc3d1..980984b199 100644
+--- a/src/libxl/libxl_driver.c
++++ b/src/libxl/libxl_driver.c
+@@ -702,14 +702,14 @@ libxlStateInitialize(bool privileged,
+     if (!(cfg = libxlDriverConfigNew()))
+         goto error;
+ 
++    if (libxlDriverConfigInit(cfg) < 0)
++        goto error;
++
+     driverConf = g_strdup_printf("%s/libxl.conf", cfg->configBaseDir);
+ 
+     if (libxlDriverConfigLoadFile(cfg, driverConf) < 0)
+         goto error;
+ 
+-    if (libxlDriverConfigInit(cfg) < 0)
+-        goto error;
+-
+     /* Register the callbacks providing access to libvirt's event loop */
+     libxl_osevent_register_hooks(cfg->ctx, &libxl_osevent_callbacks, cfg->ctx);
+ 
+-- 
+2.23.0
+

libvirt-qemu-Revoke-access-to-mirror-on-failed-blockcopy.patch

@@ -0,0 +1,72 @@
+From 19d06bcb3c64662d5c131a035146d2caa8c5a437 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 14 Apr 2020 11:18:02 +0200
+Subject: [PATCH 4/8] qemu: Revoke access to mirror on failed blockcopy
+
+When preparing to do a blockcopy, the mirror image is modified so
+that QEMU can access it. For instance, the mirror has seclabels
+set, if it is a NVMe disk it is detached from the host and so on.
+And usually, the restore is done upon successful finish of the
+blockcopy operation. But, if something fails then we need to
+explicitly revoke the access to the mirror image (and thus
+reattach NVMe disk back to the host).
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1822538
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Pavel Mores <pmores@redhat.com>
+(cherry-picked from commit 67e19fc9)
+Signed-off-by: AlexChen <alex.chen@huawei.com>
+---
+ src/qemu/qemu_driver.c | 21 +++++++++++++--------
+ 1 file changed, 13 insertions(+), 8 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 8bc5368b2f..7162875492 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -17972,6 +17972,7 @@ qemuDomainBlockCopyCommon(virDomainObjPtr vm,
+     virDomainDiskDefPtr disk = NULL;
+     int ret = -1;
+     bool need_unlink = false;
++    bool need_revoke = false;
+     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+     const char *format = NULL;
+     bool mirror_reuse = !!(flags & VIR_DOMAIN_BLOCK_COPY_REUSE_EXT);
+@@ -18146,6 +18147,7 @@ qemuDomainBlockCopyCommon(virDomainObjPtr vm,
+ 
+     if (qemuDomainStorageSourceChainAccessAllow(driver, vm, mirror) < 0)
+         goto endjob;
++    need_revoke = true;
+ 
+     if (blockdev) {
+         if (mirror_reuse) {
+@@ -18254,14 +18256,17 @@ qemuDomainBlockCopyCommon(virDomainObjPtr vm,
+ 
+  endjob:
+     if (ret < 0 &&
+-        virDomainObjIsActive(vm) &&
+-        (data || crdata)) {
+-        qemuDomainObjEnterMonitor(driver, vm);
+-        if (data)
+-            qemuBlockStorageSourceChainDetach(priv->mon, data);
+-        if (crdata)
+-            qemuBlockStorageSourceAttachRollback(priv->mon, crdata->srcdata[0]);
+-        ignore_value(qemuDomainObjExitMonitor(driver, vm));
++        virDomainObjIsActive(vm)) {
++        if (data || crdata) {
++            qemuDomainObjEnterMonitor(driver, vm);
++            if (data)
++                qemuBlockStorageSourceChainDetach(priv->mon, data);
++            if (crdata)
++                qemuBlockStorageSourceAttachRollback(priv->mon, crdata->srcdata[0]);
++            ignore_value(qemuDomainObjExitMonitor(driver, vm));
++        }
++        if (need_revoke)
++            qemuDomainStorageSourceChainAccessRevoke(driver, vm, mirror);
+     }
+     if (need_unlink && virStorageFileUnlink(mirror) < 0)
+         VIR_WARN("%s", _("unable to remove just-created copy target"));
+-- 
+2.23.0
+

libvirt-qemu-Skip-pre-creation-of-NVMe-disks.patch

@@ -0,0 +1,53 @@
+From a7f7d8f7513af2b98d01259480f63167cf44cced Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 26 May 2020 16:26:25 +0200
+Subject: [PATCH] qemu: Skip pre-creation of NVMe disks
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Upon migration with disks, libvirt determines if each disk exists
+on the destination and tries to pre-create missing ones. Well,
+NVMe disks can't be pre-created, but they can be checked for
+presence.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1823639
+
+cherry-pick from commit: a5a297f387fee9e9aa4cbc2df6788c330fd33ad1
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/qemu/qemu_migration.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
+index 65b47ec..3f4627b 100644
+--- a/src/qemu/qemu_migration.c
++++ b/src/qemu/qemu_migration.c
+@@ -315,6 +315,7 @@ qemuMigrationDstPrecreateStorage(virDomainObjPtr vm,
+     for (i = 0; i < nbd->ndisks; i++) {
+         virDomainDiskDefPtr disk;
+         const char *diskSrcPath;
++        g_autofree char *nvmePath = NULL;
+ 
+         VIR_DEBUG("Looking up disk target '%s' (capacity=%llu)",
+                   nbd->disks[i].target, nbd->disks[i].capacity);
+@@ -326,7 +327,12 @@ qemuMigrationDstPrecreateStorage(virDomainObjPtr vm,
+             goto cleanup;
+         }
+ 
+-        diskSrcPath = virDomainDiskGetSource(disk);
++        if (disk->src->type == VIR_STORAGE_TYPE_NVME) {
++            virPCIDeviceAddressGetSysfsFile(&disk->src->nvme->pciAddr, &nvmePath);
++            diskSrcPath = nvmePath;
++        } else {
++            diskSrcPath = virDomainDiskGetSource(disk);
++        }
+ 
+         /* Skip disks we don't want to migrate and already existing disks. */
+         if (!qemuMigrationAnyCopyDisk(disk, nmigrate_disks, migrate_disks) ||
+-- 
+1.8.3.1
+

libvirt-qemu-do-not-add-model-when-actual-iface-type-is-host.patch

@@ -0,0 +1,34 @@
+From c8a043dcdf4f04288bcfc34c25054dcef571a6a7 Mon Sep 17 00:00:00 2001
+From: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
+Date: Tue, 16 Jun 2020 16:32:10 +0200
+Subject: [PATCH] qemu: do not add model when actual iface type is hostdev
+
+No default model should be added to the interface
+entry at post parse when its actual network type is hostdev
+as doing so might cause a mismatch between the interface
+definition and its actual device type.
+
+cherry-pick from commit: bdb8f2e41867ae5dbcc040909b1b8c20fd864a40
+
+Signed-off-by: Paulo de Rezende Pinatti <ppinatti@linux.ibm.com>
+Reviewed-by: Laine Stump <laine@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/qemu/qemu_domain.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
+index 91c1a49..cfada81 100644
+--- a/src/qemu/qemu_domain.c
++++ b/src/qemu/qemu_domain.c
+@@ -9334,6 +9334,7 @@ qemuDomainDeviceNetDefPostParse(virDomainNetDefPtr net,
+                                 virQEMUCapsPtr qemuCaps)
+ {
+     if (net->type != VIR_DOMAIN_NET_TYPE_HOSTDEV &&
++        virDomainNetResolveActualType(net) != VIR_DOMAIN_NET_TYPE_HOSTDEV &&
+         !virDomainNetGetModelString(net))
+         net->model = qemuDomainDefaultNetModel(def, qemuCaps);
+ 
+-- 
+1.8.3.1
+

libvirt-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch

@@ -0,0 +1,48 @@
+From f15935ea3b510bf0633dc2219a132412a7a8e96c Mon Sep 17 00:00:00 2001
+From: Lin Ma <lma@suse.com>
+Date: Thu, 16 Apr 2020 12:44:51 +0800
+Subject: [PATCH 3/8] qemu: fix hang in p2p + xbzrle compression + parallel
+ migration
+
+When we do parallel migration, The multifd-channels migration parameter
+needs to be set on the destination side as well before incoming migration
+URI, unless we accept the default number of connections(2).
+
+Usually, This can be correctly handled by libvirtd. But in this case if
+we use p2p + xbzrle compression without parameter '--comp-xbzrle-cache',
+qemuMigrationParamsDump returns too early, The corresponding migration
+parameter will not be set on the destination side, It results QEMU hangs.
+
+Reproducer:
+virsh migrate --live --p2p --comp-methods xbzrle \
+--parallel --parallel-connections 3 GUEST qemu+ssh://dsthost/system
+
+or
+
+virsh migrate --live --p2p --compressed \
+--parallel --parallel-connections 3 GUEST qemu+ssh://dsthost/system
+
+Signed-off-by: Lin Ma <lma@suse.com>
+Message-Id: <20200416044451.21134-1-lma@suse.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+(cherry-picked from commit 93b15ba0)
+Signed-off-by: AlexChen <alex.chen@huawei.com>
+---
+ src/qemu/qemu_migration_params.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c
+index dd5e2ce1b6..810199370f 100644
+--- a/src/qemu/qemu_migration_params.c
++++ b/src/qemu/qemu_migration_params.c
+@@ -630,7 +630,6 @@ qemuMigrationParamsDump(qemuMigrationParamsPtr migParams,
+     if (migParams->compMethods == 1ULL << QEMU_MIGRATION_COMPRESS_XBZRLE &&
+         !migParams->params[QEMU_MIGRATION_PARAM_XBZRLE_CACHE_SIZE].set) {
+         *flags |= VIR_MIGRATE_COMPRESSED;
+-        return 0;
+     }
+ 
+     for (i = 0; i < QEMU_MIGRATION_COMPRESS_LAST; ++i) {
+-- 
+2.23.0
+

libvirt-qemu-format-ramfb-attribute-for-mediated-devices.patch

@@ -0,0 +1,107 @@
+From e017f95c7d833c0e9a463a1613d01fe93020606b Mon Sep 17 00:00:00 2001
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Tue, 23 Jun 2020 13:29:56 -0500
+Subject: [PATCH 5/6] qemu: format 'ramfb' attribute for mediated devices
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+It's possible to use ramfb as the boot display of an assigned vgpu
+device. This was introduced in 4b95738c, but unfortunately the attribute
+was not formatted into the xml output for such a device. This patch
+fixes that oversight and adds a xml2xml test to verify proper behavior.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1847791
+
+cherry pick from: c5815b31976f3982d18c7f6c1367ab6e403eb7eb
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/conf/domain_conf.c                             |  3 ++
+ .../hostdev-mdev-display-ramfb.x86_64-latest.xml   | 44 ++++++++++++++++++++++
+ tests/qemuxml2xmltest.c                            |  1 +
+ 3 files changed, 48 insertions(+)
+ create mode 100644 tests/qemuxml2xmloutdata/hostdev-mdev-display-ramfb.x86_64-latest.xml
+
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 37c785a..93e78a0 100644
+--- a/src/conf/domain_conf.c
++++ b/src/conf/domain_conf.c
+@@ -27849,6 +27849,9 @@ virDomainHostdevDefFormat(virBufferPtr buf,
+             if (mdevsrc->display != VIR_TRISTATE_SWITCH_ABSENT)
+                 virBufferAsprintf(buf, " display='%s'",
+                                   virTristateSwitchTypeToString(mdevsrc->display));
++            if (mdevsrc->ramfb != VIR_TRISTATE_SWITCH_ABSENT)
++                virBufferAsprintf(buf, " ramfb='%s'",
++                                  virTristateSwitchTypeToString(mdevsrc->ramfb));
+         }
+ 
+     }
+diff --git a/tests/qemuxml2xmloutdata/hostdev-mdev-display-ramfb.x86_64-latest.xml b/tests/qemuxml2xmloutdata/hostdev-mdev-display-ramfb.x86_64-latest.xml
+new file mode 100644
+index 0000000..c134400
+--- /dev/null
++++ b/tests/qemuxml2xmloutdata/hostdev-mdev-display-ramfb.x86_64-latest.xml
+@@ -0,0 +1,44 @@
++<domain type='qemu'>
++  <name>QEMUGuest2</name>
++  <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid>
++  <memory unit='KiB'>219136</memory>
++  <currentMemory unit='KiB'>219136</currentMemory>
++  <vcpu placement='static'>1</vcpu>
++  <os>
++    <type arch='i686' machine='pc'>hvm</type>
++    <boot dev='hd'/>
++  </os>
++  <cpu mode='custom' match='exact' check='none'>
++    <model fallback='forbid'>qemu64</model>
++  </cpu>
++  <clock offset='utc'/>
++  <on_poweroff>destroy</on_poweroff>
++  <on_reboot>restart</on_reboot>
++  <on_crash>destroy</on_crash>
++  <devices>
++    <emulator>/usr/bin/qemu-system-i386</emulator>
++    <controller type='usb' index='0' model='piix3-uhci'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
++    </controller>
++    <controller type='pci' index='0' model='pci-root'/>
++    <controller type='ide' index='0'>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
++    </controller>
++    <input type='mouse' bus='ps2'/>
++    <input type='keyboard' bus='ps2'/>
++    <graphics type='vnc' port='-1' autoport='yes'>
++      <listen type='address'/>
++    </graphics>
++    <video>
++      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
++    </video>
++    <hostdev mode='subsystem' type='mdev' managed='no' model='vfio-pci' display='on' ramfb='on'>
++      <source>
++        <address uuid='53764d0e-85a0-42b4-af5c-2046b460b1dc'/>
++      </source>
++      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
++    </hostdev>
++    <memballoon model='none'/>
++  </devices>
++</domain>
+diff --git a/tests/qemuxml2xmltest.c b/tests/qemuxml2xmltest.c
+index a0d27fd..3a25395 100644
+--- a/tests/qemuxml2xmltest.c
++++ b/tests/qemuxml2xmltest.c
+@@ -529,6 +529,7 @@ mymain(void)
+             QEMU_CAPS_VFIO_PCI_DISPLAY,
+             QEMU_CAPS_DEVICE_VFIO_PCI,
+             QEMU_CAPS_VNC);
++    DO_TEST_CAPS_LATEST("hostdev-mdev-display-ramfb");
+     DO_TEST("pci-rom", NONE);
+     DO_TEST("pci-rom-disabled", NONE);
+     DO_TEST("pci-rom-disabled-invalid", NONE);
+-- 
+1.8.3.1
+

libvirt-qemu-only-stop-external-devices-after-the-domain.patch

@@ -0,0 +1,47 @@
+From 7dd15a340179598dece5546c9e4fec9b8e47aca7 Mon Sep 17 00:00:00 2001
+From: Ján Tomko <jtomko@redhat.com>
+Date: Tue, 12 May 2020 12:59:07 +0200
+Subject: [PATCH] qemu: only stop external devices after the domain
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+A failure in qemuProcessLaunch would lead to qemuExtDevicesStop
+being called twice - once in the cleanup section and then again
+in qemuProcessStop.
+
+However, the first one is called while the QEMU process is
+still running, which is too soon for the swtpm process, because
+the swtmp_ioctl command can lock up:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1822523
+
+Remove the first call and only leave the one in qemuProcessStop,
+which is called after the QEMU process is killed.
+
+cherry-pick from commit: 006782a8bc5a27125211946fcb12a40f7d4ed12a
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/qemu/qemu_process.c | 2 --
+ 1 file changed, 2 deletions(-)
+
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 6b9f6fb..6fbe0c1 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -6998,8 +6998,6 @@ qemuProcessLaunch(virConnectPtr conn,
+     ret = 0;
+ 
+  cleanup:
+-    if (ret < 0)
+-        qemuExtDevicesStop(driver, vm);
+     qemuDomainSecretDestroy(vm);
+     return ret;
+ }
+-- 
+1.8.3.1
+

libvirt-qemu-pre-create-the-dbus-directory-in-qemuStateIniti.patch

@@ -0,0 +1,92 @@
+From 3ee423c363b69588e82e522ad1634193284c09a7 Mon Sep 17 00:00:00 2001
+From: Bihong Yu <yubihong@huawei.com>
+Date: Tue, 14 Jul 2020 15:44:05 +0800
+Subject: [PATCH] qemu: pre-create the dbus directory in qemuStateInitialize
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There are races condiction to make '/run/libvirt/qemu/dbus' directory in
+virDirCreateNoFork() while concurrent start VMs, and get "failed to create
+directory '/run/libvirt/qemu/dbus': File exists" error message. pre-create the
+dbus directory in qemuStateInitialize.
+
+Signed-off-by: Bihong Yu <yubihong@huawei.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/qemu/qemu_dbus.c    | 10 ----------
+ src/qemu/qemu_dbus.h    |  2 --
+ src/qemu/qemu_driver.c  |  7 +++++++
+ src/qemu/qemu_process.c |  3 ---
+ 4 files changed, 7 insertions(+), 15 deletions(-)
+
+diff --git a/src/qemu/qemu_dbus.c b/src/qemu/qemu_dbus.c
+index 51f6c94e3e..81042876fe 100644
+--- a/src/qemu/qemu_dbus.c
++++ b/src/qemu/qemu_dbus.c
+@@ -33,16 +33,6 @@
+ VIR_LOG_INIT("qemu.dbus");
+ 
+ 
+-int
+-qemuDBusPrepareHost(virQEMUDriverPtr driver)
+-{
+-    g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+-
+-    return virDirCreate(cfg->dbusStateDir, 0770, cfg->user, cfg->group,
+-                        VIR_DIR_CREATE_ALLOW_EXIST);
+-}
+-
+-
+ static char *
+ qemuDBusCreatePidFilename(virQEMUDriverConfigPtr cfg,
+                           const char *shortName)
+diff --git a/src/qemu/qemu_dbus.h b/src/qemu/qemu_dbus.h
+index 474eb1058b..3c2145a223 100644
+--- a/src/qemu/qemu_dbus.h
++++ b/src/qemu/qemu_dbus.h
+@@ -21,8 +21,6 @@
+ #include "qemu_conf.h"
+ #include "qemu_domain.h"
+ 
+-int qemuDBusPrepareHost(virQEMUDriverPtr driver);
+-
+ char *qemuDBusGetAddress(virQEMUDriverPtr driver,
+                          virDomainObjPtr vm);
+ 
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 8e81c30a93..53980d4d78 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -743,6 +743,13 @@ qemuStateInitialize(bool privileged,
+         goto error;
+     }
+ 
++    if (virDirCreate(cfg->dbusStateDir, 0770, cfg->user, cfg->group,
++                     VIR_DIR_CREATE_ALLOW_EXIST) < 0) {
++        virReportSystemError(errno, _("Failed to create dbus state dir %s"),
++                             cfg->dbusStateDir);
++        goto error;
++    }
++
+     if ((qemu_driver->lockFD =
+          virPidFileAcquire(cfg->stateDir, "driver", false, getpid())) < 0)
+         goto error;
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index e8b15ee3ca..1006f41614 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -6466,9 +6466,6 @@ qemuProcessPrepareHost(virQEMUDriverPtr driver,
+     qemuDomainObjPrivatePtr priv = vm->privateData;
+     g_autoptr(virQEMUDriverConfig) cfg = virQEMUDriverGetConfig(driver);
+ 
+-    if (qemuDBusPrepareHost(driver) < 0)
+-        return -1;
+-
+     if (qemuPrepareNVRAM(cfg, vm) < 0)
+         return -1;
+ 
+-- 
+2.25.0.windows.1
+

libvirt-qemuBuildMemoryBackendProps-Use-boolean-type-for-pme.patch

@@ -0,0 +1,57 @@
+From f63d6889b34af9b0b7808566945d6e1720d7c1fd Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Wed, 8 Jul 2020 09:13:42 +0200
+Subject: [PATCH 4/6] qemuBuildMemoryBackendProps: Use boolean type for 'pmem'
+ property
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Commit 82576d8f35e used a string "on" to enable the 'pmem' property.
+This is okay for the command line visitor, but the property is declared
+as boolean in qemu and thus it will not work when using QMP.
+
+Modify the type to boolean. This changes the command line, but
+fortunately the command line visitor in qemu parses both 'yes' and 'on'
+as true for the property.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1854684
+
+cherry pick from: e95da4e5bf53ff977f440903df9f7343f2fb6f0e
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/qemu/qemu_command.c                                              | 2 +-
+ tests/qemuxml2argvdata/memory-hotplug-nvdimm-pmem.x86_64-latest.args | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
+index 2f0e919..014a0e4 100644
+--- a/src/qemu/qemu_command.c
++++ b/src/qemu/qemu_command.c
+@@ -3523,7 +3523,7 @@ qemuBuildMemoryBackendProps(virJSONValuePtr *backendProps,
+                              "with this QEMU binary"));
+             return -1;
+         }
+-        if (virJSONValueObjectAdd(props, "s:pmem", "on", NULL) < 0)
++        if (virJSONValueObjectAdd(props, "b:pmem", true, NULL) < 0)
+             return -1;
+     }
+ 
+diff --git a/tests/qemuxml2argvdata/memory-hotplug-nvdimm-pmem.x86_64-latest.args b/tests/qemuxml2argvdata/memory-hotplug-nvdimm-pmem.x86_64-latest.args
+index 5dfba9b..00a78ba 100644
+--- a/tests/qemuxml2argvdata/memory-hotplug-nvdimm-pmem.x86_64-latest.args
++++ b/tests/qemuxml2argvdata/memory-hotplug-nvdimm-pmem.x86_64-latest.args
+@@ -19,7 +19,7 @@ file=/tmp/lib/domain--1-QEMUGuest1/master-key.aes \
+ -smp 2,sockets=2,dies=1,cores=1,threads=1 \
+ -numa node,nodeid=0,cpus=0-1,mem=214 \
+ -object memory-backend-file,id=memnvdimm0,prealloc=yes,mem-path=/tmp/nvdimm,\
+-share=no,size=536870912,pmem=on \
++share=no,size=536870912,pmem=yes \
+ -device nvdimm,node=0,memdev=memnvdimm0,id=nvdimm0,slot=0 \
+ -uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
+ -display none \
+-- 
+1.8.3.1
+

libvirt-qemuDomainCleanupRun-Actually-run-cleanup-callbacks-.patch

@@ -0,0 +1,54 @@
+From 517d69d6c3935adf59fcf9ed11cb05e1dfa8a6f3 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 5 May 2020 13:45:44 +0200
+Subject: [PATCH] qemuDomainCleanupRun: Actually run cleanup callbacks in
+ reverse order
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+We have a framework to register cleanup callbacks that are run
+when a domain is shut down. The idea is to run callbacks in
+reverse order than they were registered. However, looking at the
+code this is not the case. Fortunately, this framework is used to
+register a single callback and a single callback only -
+qemuMigrationDstPrepareCleanup() - therefore there was no problem
+just yet.
+
+cherry-pick from commit: 06fc99b6ceb846b07e1cae3d82916ef50ca5f60e
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/qemu/qemu_domain.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
+index b1a4647..36bef67 100644
+--- a/src/qemu/qemu_domain.c
++++ b/src/qemu/qemu_domain.c
+@@ -11561,18 +11561,14 @@ qemuDomainCleanupRun(virQEMUDriverPtr driver,
+                      virDomainObjPtr vm)
+ {
+     qemuDomainObjPrivatePtr priv = vm->privateData;
+-    size_t i;
+ 
+     VIR_DEBUG("driver=%p, vm=%s", driver, vm->def->name);
+ 
+     /* run cleanup callbacks in reverse order */
+-    for (i = 0; i < priv->ncleanupCallbacks; i++) {
+-        if (priv->cleanupCallbacks[priv->ncleanupCallbacks - (i + 1)])
+-            priv->cleanupCallbacks[i](driver, vm);
+-    }
++    while (priv->ncleanupCallbacks)
++        priv->cleanupCallbacks[--priv->ncleanupCallbacks](driver, vm);
+ 
+     VIR_FREE(priv->cleanupCallbacks);
+-    priv->ncleanupCallbacks = 0;
+     priv->ncleanupCallbacks_max = 0;
+ }
+ 
+-- 
+1.8.3.1
+

libvirt-qemuDomainDefPostParse-Fail-if-unable-to-fill-machin.patch

@@ -0,0 +1,47 @@
+From d9190851ed9a28e86d5baa3a9872eb6246270cd1 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Thu, 16 Apr 2020 14:18:28 +0200
+Subject: [PATCH 5/8] qemuDomainDefPostParse: Fail if unable to fill machine
+ type
+
+Previously, we used virCapabilitiesDomainDataLookup() to fill
+machine type in post parse callback if none was provided in the
+domain XML. If machine type couldn't be filled in an error was
+reported. After 4a4132b4625 we've changed it to
+virQEMUCapsGetPreferredMachine() which returns NULL, but we no
+longer report an error and proceed with the post parse callbacks
+processing. This may lead to a crash because the code later on
+assumes def->os.machine is not NULL.
+
+Fixes: 4a4132b4625
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Pavel Mores <pmores@redhat.com>
+(cherry-picked from commit 67b973b5)
+Signed-off-by: AlexChen <alex.chen@huawei.com>
+---
+ src/qemu/qemu_domain.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
+index b1a46478ed..36e6343995 100644
+--- a/src/qemu/qemu_domain.c
++++ b/src/qemu/qemu_domain.c
+@@ -4971,6 +4971,14 @@ qemuDomainDefPostParse(virDomainDefPtr def,
+     if (!def->os.machine) {
+         const char *machine = virQEMUCapsGetPreferredMachine(qemuCaps,
+                                                              def->virtType);
++        if (!machine) {
++            virReportError(VIR_ERR_INVALID_ARG,
++                           _("could not get preferred machine for %s type=%s"),
++                           def->emulator,
++                           virDomainVirtTypeToString(def->virtType));
++            return -1;
++        }
++
+         def->os.machine = g_strdup(machine);
+     }
+ 
+-- 
+2.23.0
+

libvirt-qemuDomainGetUnplugTimeout-Add-G_GNUC_NO_INLINE.patch

@@ -0,0 +1,33 @@
+From 9494102bc1560c1870c8ba603e936fa81beaa28c Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Thu, 23 Apr 2020 10:30:13 +0200
+Subject: [PATCH 8/8] qemuDomainGetUnplugTimeout: Add G_GNUC_NO_INLINE
+
+The function is mocked in qemuhotplugmock.so. Recent clang versions
+decided to inline it so the mock stopped working resulting in
+qemuhotplugtest wasting 15 seconds waiting for timeouts.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry-picked from commit 2ab8dba5)
+Signed-off-by: AlexChen <alex.chen@huawei.com>
+---
+ src/qemu/qemu_hotplug.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
+index 14654a17d7..60d0729f1e 100644
+--- a/src/qemu/qemu_hotplug.c
++++ b/src/qemu/qemu_hotplug.c
+@@ -5122,7 +5122,7 @@ qemuDomainResetDeviceRemoval(virDomainObjPtr vm)
+ }
+ 
+ 
+-unsigned long long
++unsigned long long G_GNUC_NO_INLINE
+ qemuDomainGetUnplugTimeout(virDomainObjPtr vm)
+ {
+     if (qemuDomainIsPSeries(vm->def))
+-- 
+2.23.0
+

libvirt-qemuDomainSetNumaParamsLive-set-nodeset-for-root-cgr.patch

@@ -0,0 +1,49 @@
+From 222d16af976dc08ee3ea2008d1dc68b00a1ccc9f Mon Sep 17 00:00:00 2001
+From: Daniel Henrique Barboza <danielhb413@gmail.com>
+Date: Thu, 11 Jun 2020 15:54:57 -0300
+Subject: [PATCH] qemuDomainSetNumaParamsLive: set nodeset for root cgroup
+
+This function handles the change of NUMA nodeset for a given
+guest, setting CpusetMems for the emulator, vcpus and IOThread
+sub-groups. It doesn't set the same  nodeset to the root cgroup
+though. This means that cpuset.mems of the root cgroup ends up
+holding the new nodeset and the old nodeset as well. For
+a guest with placement=strict, nodeset='0', doing
+
+virsh numatune <vm> 0 8 --live
+
+Will make cpuset.mems of emulator, vcpus and iothread to be
+"8", but cpuset.mems of the root cgroup will be "0,8".
+
+This means that any new tasks that ends up landing in the
+root cgroup, aside from the emulator/vcpus/iothread sub-groups,
+will be split between the old nodeset and the new nodeset,
+which is not what we want.
+
+cherry-pick from commit: 1b22dd6dd44202094e0f78f887cbe790c00e9ebc
+
+Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/qemu/qemu_driver.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 8bc5368..cb049fe 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -9728,6 +9728,10 @@ qemuDomainSetNumaParamsLive(virDomainObjPtr vm,
+         virCgroupFree(&cgroup_temp);
+     }
+ 
++    /* set nodeset for root cgroup */
++    if (virCgroupSetCpusetMems(priv->cgroup, nodeset_str) < 0)
++        goto cleanup;
++
+     ret = 0;
+  cleanup:
+     virCgroupFree(&cgroup_temp);
+-- 
+1.8.3.1
+

libvirt-qemuDomainStorageSourcePrivateDispose-Free-httpcooki.patch

@@ -0,0 +1,43 @@
+From 8263665d2003446a9b08181fdcc13b89397aae7d Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Thu, 14 May 2020 10:47:42 +0200
+Subject: [PATCH] qemuDomainStorageSourcePrivateDispose: Free httpcookie
+
+==156803== 58 (40 direct, 18 indirect) bytes in 1 blocks are definitely lost in loss record 306 of 463
+==156803==    at 0x4839EC6: calloc (vg_replace_malloc.c:762)
+==156803==    by 0x5791AC0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.6400.1)
+==156803==    by 0x48F60DC: virAlloc (viralloc.c:48)
+==156803==    by 0x18DD74: qemuStorageSourcePrivateDataAssignSecinfo (qemu_domain.c:2384)
+==156803==    by 0x18DFD5: qemuStorageSourcePrivateDataParse (qemu_domain.c:2433)
+==156803==    by 0x49EC884: virDomainStorageSourceParse (domain_conf.c:9857)
+==156803==    by 0x49ECBA3: virDomainDiskBackingStoreParse (domain_conf.c:9909)
+==156803==    by 0x49F129D: virDomainDiskDefParseXML (domain_conf.c:10785)
+==156803==    by 0x4A1804E: virDomainDefParseXML (domain_conf.c:21543)
+==156803==    by 0x4A1B60C: virDomainObjParseXML (domain_conf.c:22254)
+==156803==    by 0x4A1BFE9: virDomainObjParseNode (domain_conf.c:22429)
+==156803==    by 0x4A1C0B4: virDomainObjParseFile (domain_conf.c:22443
+
+cherry-pick from commit: 42a415d5a548d828c4b6bd42ad59dfc44b113fa9
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/qemu/qemu_domain.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
+index 36bef67..91c1a49 100644
+--- a/src/qemu/qemu_domain.c
++++ b/src/qemu/qemu_domain.c
+@@ -1203,6 +1203,7 @@ qemuDomainStorageSourcePrivateDispose(void *obj)
+ 
+     g_clear_pointer(&priv->secinfo, qemuDomainSecretInfoFree);
+     g_clear_pointer(&priv->encinfo, qemuDomainSecretInfoFree);
++    g_clear_pointer(&priv->httpcookie, qemuDomainSecretInfoFree);
+ }
+ 
+ 
+-- 
+1.8.3.1
+

libvirt-qemuProcessStop-Reattach-NVMe-disks-a-domain-is-mirr.patch

@@ -0,0 +1,41 @@
+From 2358e2dd4971793f4c8cc530251ed0b01536e603 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 18 May 2020 15:11:49 +0200
+Subject: [PATCH] qemuProcessStop: Reattach NVMe disks a domain is mirroring
+ into
+
+If the mirror destination is not a file but a NVMe disk, then
+call qemuHostdevReAttachOneNVMeDisk() to reattach the NVMe back
+to the host.
+
+This would be done by blockjob code when the job finishes, but in
+this case the job won't finish - QEMU is killed meanwhile.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1825785
+
+cherry-pick from commit: 8fd2749b2df99f3ac27215e9e4ab8be191c39460
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/qemu/qemu_process.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 9285ace..280fed9 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -7606,6 +7606,9 @@ void qemuProcessStop(virQEMUDriverPtr driver,
+             if (disk->mirror) {
+                 if (qemuSecurityRestoreImageLabel(driver, vm, disk->mirror, false) < 0)
+                     VIR_WARN("Unable to restore security label on %s", disk->dst);
++
++                if (virStorageSourceChainHasNVMe(disk->mirror))
++                    qemuHostdevReAttachOneNVMeDisk(driver, vm->def->name, disk->mirror);
+             }
+ 
+             qemuBlockRemoveImageMetadata(driver, vm, disk->dst, disk->src);
+-- 
+1.8.3.1
+

libvirt-qemuProcessStop-Use-XATTRs-to-restore-seclabels-on-d.patch

@@ -0,0 +1,44 @@
+From 63846560cf12789ff592374dfc6211d83e693e9d Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 18 May 2020 15:07:46 +0200
+Subject: [PATCH] qemuProcessStop: Use XATTRs to restore seclabels on disks a
+ domain is mirroring into
+
+In v5.10.0-rc1~42 (which was later fixed in v6.0.0-rc1~487) I am
+removing XATTRs for a file that QEMU is mirroring a disk into but
+it is killed meanwhile. Well, we can call
+qemuSecurityRestoreImageLabel() which will not only remove XATTRs
+but also use them to restore the original owner of the file.
+
+This would be done by blockjob code when the job finishes, but in
+this case the job won't finish - QEMU is killed meanwhile
+
+cherry-pick from commit: 0230e3838402624756d6cd913b7d92639fafc7d0
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/qemu/qemu_process.c | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 6fbe0c1..9285ace 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -7603,8 +7603,10 @@ void qemuProcessStop(virQEMUDriverPtr driver,
+         for (i = 0; i < def->ndisks; i++) {
+             virDomainDiskDefPtr disk = def->disks[i];
+ 
+-            if (disk->mirror)
+-                qemuBlockRemoveImageMetadata(driver, vm, disk->dst, disk->mirror);
++            if (disk->mirror) {
++                if (qemuSecurityRestoreImageLabel(driver, vm, disk->mirror, false) < 0)
++                    VIR_WARN("Unable to restore security label on %s", disk->dst);
++            }
+ 
+             qemuBlockRemoveImageMetadata(driver, vm, disk->dst, disk->src);
+         }
+-- 
+1.8.3.1
+

libvirt-remote-fix-driver-name-check-for-libxl-driver.patch

@@ -0,0 +1,38 @@
+From 1285a266c106ebac3fc6d1a7d5bf839a7623a5a0 Mon Sep 17 00:00:00 2001
+From: Daniel P. Berrangé <berrange@redhat.com>
+Date: Mon, 4 May 2020 17:41:46 +0100
+Subject: [PATCH] remote: fix driver name check for libxl driver
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virConnectGetType() returns "Xen" for libxl, not "LIBXL".
+
+This prevents users opening a connection to the libxl driver when using
+the modular daemons.
+
+cherry-pick from commit: d677de9d567e3e87be295b91723457b461345caa
+
+Reviewed-by: Jim Fehlig <jfehlig@suse.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/remote/remote_daemon_dispatch.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
+index c5506c2..d2652e3 100644
+--- a/src/remote/remote_daemon_dispatch.c
++++ b/src/remote/remote_daemon_dispatch.c
+@@ -2111,7 +2111,7 @@ remoteDispatchConnectOpen(virNetServerPtr server G_GNUC_UNUSED,
+ 
+     VIR_DEBUG("Primary driver type is '%s'", type);
+     if (STREQ(type, "QEMU") ||
+-        STREQ(type, "LIBXL") ||
++        STREQ(type, "Xen") ||
+         STREQ(type, "LXC") ||
+         STREQ(type, "VBOX") ||
+         STREQ(type, "bhyve") ||
+-- 
+1.8.3.1
+

libvirt-resctrl-Do-not-open-directory-for-writing.patch

@@ -0,0 +1,40 @@
+From 6c4265c15abd446e050f955cccb41d22f8456969 Mon Sep 17 00:00:00 2001
+From: Martin Kletzander <mkletzan@redhat.com>
+Date: Thu, 9 Jul 2020 09:27:41 +0200
+Subject: [PATCH 6/6] resctrl: Do not open directory for writing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When preparing for the removal of GNULIB commit 18dca21a32e9 removed the
+unneeded O_DIRECTORY, but unfortunately started opening the directory for
+writing which fails every time for a directory.  There is also no need for that
+as flock() works on O_RDONLY file descriptor as well, even for LOCK_EX.
+
+https://bugzilla.redhat.com/1852741
+
+cherry pick from: 9d832813820b948eb508508fb3cbd86c90698119
+
+Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Andrea Bolognani <abologna@redhat.com>
+---
+ src/util/virresctrl.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/util/virresctrl.c b/src/util/virresctrl.c
+index c537d60..937a053 100644
+--- a/src/util/virresctrl.c
++++ b/src/util/virresctrl.c
+@@ -456,7 +456,7 @@ VIR_ONCE_GLOBAL_INIT(virResctrl);
+ static int
+ virResctrlLockWrite(void)
+ {
+-    int fd = open(SYSFS_RESCTRL_PATH, O_RDWR | O_CLOEXEC);
++    int fd = open(SYSFS_RESCTRL_PATH, O_RDONLY | O_CLOEXEC);
+ 
+     if (fd < 0) {
+         virReportSystemError(errno, "%s", _("Cannot open resctrl"));
+-- 
+1.8.3.1
+

libvirt-security-don-t-fail-if-built-without-attr-support.patch

@@ -0,0 +1,75 @@
+From ba950b814f7a2037829d54e3d1e0522c42c104a4 Mon Sep 17 00:00:00 2001
+From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Date: Tue, 26 May 2020 09:33:38 +0200
+Subject: [PATCH] security: don't fail if built without attr support
+
+If built without attr support removing any image will trigger
+ qemuBlockRemoveImageMetadata (the one that emits the warning)
+   -> qemuSecurityMoveImageMetadata
+     -> virSecurityManagerMoveImageMetadata
+       -> virSecurityDACMoveImageMetadata
+         -> virSecurityDACMoveImageMetadataHelper
+           -> virProcessRunInFork (spawns subprocess)
+             -> virSecurityMoveRememberedLabel
+
+In there due to !HAVE_LIBATTR virFileGetXAttrQuiet will return
+ENOSYS and from there the chain will error out.
+
+That is wrong and looks like:
+  libvirtd[6320]: internal error: child reported (status=125):
+  libvirtd[6320]: Unable to remove disk metadata on vm testguest from
+  /var/lib/uvtool/libvirt/images/testguest.qcow (disk target vda)
+
+This change makes virSecurityDACMoveImageMetadataHelper and
+virSecuritySELinuxMoveImageMetadataHelper accept that
+error code gracefully and in that sense it is an extension of:
+5214b2f1a3f "security: Don't skip label restore on file systems lacking XATTRs"
+which does the same for other call chains into the virFile*XAttr functions.
+
+cherry-pick from commit: 55029d93150e33d70b02b6de2b899c05054c5d3a
+
+Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/security/security_dac.c     | 6 ++++++
+ src/security/security_selinux.c | 6 ++++++
+ 2 files changed, 12 insertions(+)
+
+diff --git a/src/security/security_dac.c b/src/security/security_dac.c
+index 11fff63..51cabf1 100644
+--- a/src/security/security_dac.c
++++ b/src/security/security_dac.c
+@@ -1132,6 +1132,12 @@ virSecurityDACMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
+ 
+     ret = virSecurityMoveRememberedLabel(SECURITY_DAC_NAME, data->src, data->dst);
+     virSecurityManagerMetadataUnlock(data->mgr, &state);
++
++    if (ret == -2) {
++        /* Libvirt built without XATTRS */
++        ret = 0;
++    }
++
+     return ret;
+ }
+ 
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 72d1658..78ea618 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -1990,6 +1990,12 @@ virSecuritySELinuxMoveImageMetadataHelper(pid_t pid G_GNUC_UNUSED,
+ 
+     ret = virSecurityMoveRememberedLabel(SECURITY_SELINUX_NAME, data->src, data->dst);
+     virSecurityManagerMetadataUnlock(data->mgr, &state);
++
++    if (ret == -2) {
++        /* Libvirt built without XATTRS */
++        ret = 0;
++    }
++
+     return ret;
+ }
+ 
+-- 
+1.8.3.1
+

libvirt-systemd-start-libvirtd-after-firewalld-iptables-serv.patch

@@ -0,0 +1,106 @@
+From 1ed313f35a4ac27ed29395ed30ec6e7966b798fd Mon Sep 17 00:00:00 2001
+From: Laine Stump <laine@redhat.com>
+Date: Fri, 1 May 2020 00:05:50 -0400
+Subject: [PATCH] systemd: start libvirtd after firewalld/iptables services
+
+When a system has enabled the iptables/ip6tables services rather than
+firewalld, there is no explicit ordering of the start of those
+services vs. libvirtd. This creates a problem when libvirtd.service is
+started before ip[6]tables, as the latter, when it finally is started,
+will remove all of the iptables rules that had previously been added
+by libvirt, including the custom chains where libvirt's rules are
+kept. This results in an error message similar to the following when a
+user subsequently tries to start a new libvirt network:
+
+ "Error while activating network: Call to virNetworkCreate failed:
+ internal error: Failed to apply firewall rules
+ /usr/sbin/ip6tables -w --table filter --insert LIBVIRT_FWO \
+   --in-interface virbr2 --jump REJECT:
+ ip6tables: No chain/target/match by that name."
+
+(Prior to logging this error, it also would have caused failure to
+forward (or block) traffic in some cases, e.g. for guests on a NATed
+network, since libvirt's rules to forward/block had all been deleted
+and libvirt didn't know about it, so it couldn't fix the problem)
+
+When this happens, the problem can be remedied by simply restarting
+libvirtd.service (which has the side-effect of reloading all
+libvirt-generated firewall rules)
+
+Instead, we can just explicitly stating in the libvirtd.service file
+that libvirtd.service should start after ip6tables.service and
+ip6tables.service, eliminating the race condition that leads to the
+error.
+
+There is also nothing (that I can see) in the systemd .service files
+to guarantee that firewalld.service will be started (if enabled) prior
+to libvirtd.service. The same error scenario given above would occur
+if libvirtd.service started before firewalld.service.  Even before
+that, though libvirtd would have detected that firewalld.service was
+disabled, and then turn off all firewalld support. So, for example,
+firewalld's libvirt zone wouldn't be used, and most likely traffic
+from guests would therefore be blocked (all with no external
+indication of the source of the problem other than a debug-level log
+when libvirtd was started saying that firewalld wasn't in use); also
+libvirtd wouldn't notice when firewalld reloaded its rules (which also
+simultaneously deletes all of libvirt's rules).
+
+I'm not aware of any reports that have been traced back to
+libvirtd.service starting before firewalld.service, but have seen that
+error reported multiple times, and also don't see an existing
+dependency that would guarantee firewalld.service starts before
+libvirtd.service, so it's possible it's been happening and we just
+haven't gotten to the bottom of it.
+
+This patch adds an After= line to the libvirtd.service file for each
+of iptables.service, ip6tables.service, and firewalld.servicee, which
+should guarantee that libvirtd.service isn't started until systemd has
+started whichever of the others is enabled.
+
+This race was diagnosed, and patch proposed, by Jason Montleon in
+https://bugzilla.redhat.com/1723698 . At the time (April 2019) danpb
+agreed with him that this change to libvirtd.service was a reasonable
+thing to do, but I guess everyone thought someone else was going to
+post a patch, so in the end nobody did.
+
+cherry-pick from commit: 0756415f147dda15a417bd79eef9a62027d176e6
+
+Signed-off-by: Laine Stump <laine@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/network/virtnetworkd.service.in | 3 +++
+ src/remote/libvirtd.service.in      | 3 +++
+ 2 files changed, 6 insertions(+)
+
+diff --git a/src/network/virtnetworkd.service.in b/src/network/virtnetworkd.service.in
+index 656e8b4..56182e1 100644
+--- a/src/network/virtnetworkd.service.in
++++ b/src/network/virtnetworkd.service.in
+@@ -5,6 +5,9 @@ Requires=virtnetworkd.socket
+ Requires=virtnetworkd-ro.socket
+ Requires=virtnetworkd-admin.socket
+ After=network.target
++After=firewalld.service
++After=iptables.service
++After=ip6tables.service
+ After=dbus.service
+ After=apparmor.service
+ After=local-fs.target
+diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in
+index 90b2cad..cc0d4e3 100644
+--- a/src/remote/libvirtd.service.in
++++ b/src/remote/libvirtd.service.in
+@@ -11,6 +11,9 @@ Wants=libvirtd-admin.socket
+ Wants=systemd-machined.service
+ Before=libvirt-guests.service
+ After=network.target
++After=firewalld.service
++After=iptables.service
++After=ip6tables.service
+ After=dbus.service
+ After=iscsid.service
+ After=apparmor.service
+-- 
+1.8.3.1
+

libvirt-tests-commandtest-skip-the-test4-if-the-testcase-is-.patch

@@ -0,0 +1,73 @@
+From df5d95b8db5ec8a79dee223338a72a9f8897a538 Mon Sep 17 00:00:00 2001
+From: AlexChen <alex.chen@huawei.com>
+Date: Wed, 16 Sep 2020 15:53:57 +0800
+Subject: [PATCH] tests/commandtest: skip the test4 if the testcase is run in
+ the container env
+
+In a container environment without an init thread, the daemoned
+process is not reclaimed, and Test4 loops forever, causing
+the compilation to hung. So, skip it.
+
+Signed-off-by: AlexChen <alex.chen@huawei.com>
+---
+ tests/commandtest.c | 23 ++++++++++++++++++-----
+ 1 file changed, 18 insertions(+), 5 deletions(-)
+
+diff --git a/tests/commandtest.c b/tests/commandtest.c
+index d5092b7dd0..2cc27c64a1 100644
+--- a/tests/commandtest.c
++++ b/tests/commandtest.c
+@@ -259,6 +259,7 @@ static int test4(const void *unused G_GNUC_UNUSED)
+     char *pidfile = virPidFileBuildPath(abs_builddir, "commandhelper");
+     pid_t pid;
+     int ret = -1;
++    int count = 0;
+ 
+     if (!pidfile)
+         goto cleanup;
+@@ -275,9 +276,14 @@ static int test4(const void *unused G_GNUC_UNUSED)
+         printf("cannot read pidfile\n");
+         goto cleanup;
+     }
+-    while (kill(pid, 0) != -1)
+-        g_usleep(100*1000);
+-
++    while (kill(pid, 0) != -1) {
++        if (count++ >= 600) {
++            printf("check time exceeds 60s, it may be in container env, "
++                "skip this testcase!!!\n");
++            break;
++        }
++        g_usleep(100*1000); /* 100ms */
++    }
+     ret = checkoutput("test4", NULL);
+ 
+  cleanup:
+@@ -734,6 +740,7 @@ static int test18(const void *unused G_GNUC_UNUSED)
+     char *pidfile = virPidFileBuildPath(abs_builddir, "commandhelper");
+     pid_t pid;
+     int ret = -1;
++    int count = 0;
+ 
+     if (!pidfile)
+         goto cleanup;
+@@ -760,8 +767,14 @@ static int test18(const void *unused G_GNUC_UNUSED)
+         goto cleanup;
+     }
+ 
+-    while (kill(pid, SIGINT) != -1)
+-        g_usleep(100*1000);
++    while (kill(pid, SIGINT) != -1) {
++        if (count++ >= 600) {
++            printf("check time exceeds 60s, it may be in container env, "
++                "skip this testcase!!!\n");
++            break;
++        }
++        g_usleep(100*1000); /* 100ms */
++    }
+ 
+     ret = 0;
+ 
+-- 
+2.23.0
+

libvirt-util-fix-iteration-in-virSocketAddrResolveService.patch

@@ -0,0 +1,31 @@
+From 9056229f9dff923406d97f0ac295bd502eaa5265 Mon Sep 17 00:00:00 2001
+From: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
+Date: Mon, 13 Apr 2020 16:48:43 +0300
+Subject: [PATCH 2/8] util: fix iteration in virSocketAddrResolveService
+
+getaddrinfo returns linked list. Fix iteration accordingly.
+
+Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy@virtuozzo.com>
+Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
+(cherry-picked from commit a13ac587)
+Signed-off-by: AlexChen <alex.chen@huawei.com>
+---
+ src/util/virsocketaddr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/util/virsocketaddr.c b/src/util/virsocketaddr.c
+index 4cad329d15..4c9f124e88 100644
+--- a/src/util/virsocketaddr.c
++++ b/src/util/virsocketaddr.c
+@@ -271,7 +271,7 @@ int virSocketAddrResolveService(const char *service)
+             port = ntohs(in.sin6_port);
+             goto cleanup;
+         }
+-        tmp++;
++        tmp = tmp->ai_next;
+     }
+ 
+     virReportError(VIR_ERR_SYSTEM_ERROR,
+-- 
+2.23.0
+

libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-n.patch

@@ -0,0 +1,63 @@
+From c279162d6d335d4302a74c1e19dbce8eaff75679 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Fri, 24 Apr 2020 13:17:51 +0200
+Subject: [PATCH] virDevMapperGetTargetsImpl: quit early if device is not a
+ devmapper target
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+As suggested in the linked bug, libvirt should firstly check
+whether the major number of the device is device mapper major.
+Because if it isn't subsequent DM_DEVICE_DEPS task may not only
+fail, but also yield different results. In the bugzilla this is
+demonstrated by creating a devmapper target named 'loop0' and
+then creating loop target /dev/loop0. When the latter is then
+passed to a domain, our virDevMapperGetTargetsImpl() function
+blindly asks devmapper to provide target dependencies for
+/dev/loop0 and because of the way devmapper APIs work, it will
+'sanitize' the input by using the last component only which is
+'loop0' and thus return different results than expected.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1823976
+
+cherry-pick from commit: 01626c668ecfbe465d18799ac4628e6127ea1d47
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/util/virdevmapper.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
+index feb5982..79dbc3d 100644
+--- a/src/util/virdevmapper.c
++++ b/src/util/virdevmapper.c
+@@ -64,6 +64,7 @@ virDevMapperGetTargetsImpl(const char *path,
+                            char ***devPaths_ret,
+                            unsigned int ttl)
+ {
++    struct stat sb;
+     struct dm_task *dmt = NULL;
+     struct dm_deps *deps;
+     struct dm_info info;
+@@ -82,6 +83,15 @@ virDevMapperGetTargetsImpl(const char *path,
+         return ret;
+     }
+ 
++    if (stat(path, &sb) < 0) {
++        if (errno == ENOENT)
++            return 0;
++        return -1;
++    }
++
++    if (!dm_is_dm_major(major(sb.st_dev)))
++        return 0;
++
+     if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) {
+         if (errno == ENOENT || errno == ENODEV) {
+             /* It's okay. Kernel is probably built without
+-- 
+1.8.3.1
+

libvirt-virNetDevGetFamilyId-Change-signature.patch

@@ -0,0 +1,91 @@
+From 56635fe00f44f8c83ba059432d42c093be4e9ed8 Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Sun, 19 Apr 2020 08:26:04 +0200
+Subject: [PATCH 6/8] virNetDevGetFamilyId: Change signature
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Introduced in v3.8.0-rc1~96, the virNetDevGetFamilyId() gets
+netlink family ID for passed family name (even though it's used
+only for getting "devlink" ID). Nevertheless, the function
+returns 0 on an error or if no family ID was found. This makes it
+harder for a caller to distinguish these two. Change the retval
+so that a negative value is returned upon error, zero is no ID
+found (but no error encountered) and a positive value is returned
+on successful translation.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry-picked from commit ca616274)
+Signed-off-by: AlexChen <alex.chen@huawei.com>
+---
+ src/util/virnetdev.c | 23 +++++++++++++++--------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
+index b465bdac2e..3431aaf6a9 100644
+--- a/src/util/virnetdev.c
++++ b/src/util/virnetdev.c
+@@ -3057,11 +3057,15 @@ virNetDevGetEthtoolFeatures(virBitmapPtr bitmap,
+  * This function supplies the devlink family id
+  *
+  * @family_name: the name of the family to query
++ * @family_id: family ID
+  *
+- * Returns family id or 0 on failure.
++ * Returns: 0 if no family was found,
++ *          1 if family was found (@family_id is set),
++ *         -1 otherwise
+  */
+-static uint32_t
+-virNetDevGetFamilyId(const char *family_name)
++static int
++virNetDevGetFamilyId(const char *family_name,
++                     uint32_t *family_id)
+ {
+     struct nl_msg *nl_msg = NULL;
+     struct nlmsghdr *resp = NULL;
+@@ -3072,7 +3076,7 @@ virNetDevGetFamilyId(const char *family_name)
+     };
+     struct nlattr *tb[CTRL_ATTR_MAX + 1] = {NULL, };
+     unsigned int recvbuflen;
+-    uint32_t family_id = 0;
++    int ret = -1;
+ 
+     if (!(nl_msg = nlmsg_alloc_simple(GENL_ID_CTRL,
+                                       NLM_F_REQUEST | NLM_F_ACK))) {
+@@ -3098,15 +3102,18 @@ virNetDevGetFamilyId(const char *family_name)
+         goto cleanup;
+     }
+ 
+-    if (tb[CTRL_ATTR_FAMILY_ID] == NULL)
++    if (tb[CTRL_ATTR_FAMILY_ID] == NULL) {
++        ret = 0;
+         goto cleanup;
++    }
+ 
+-    family_id = *(uint32_t *)RTA_DATA(tb[CTRL_ATTR_FAMILY_ID]);
++    *family_id = *(uint32_t *)RTA_DATA(tb[CTRL_ATTR_FAMILY_ID]);
++    ret = 1;
+ 
+  cleanup:
+     nlmsg_free(nl_msg);
+     VIR_FREE(resp);
+-    return family_id;
++    return ret;
+ }
+ 
+ 
+@@ -3140,7 +3147,7 @@ virNetDevSwitchdevFeature(const char *ifname,
+     int ret = -1;
+     uint32_t family_id;
+ 
+-    if ((family_id = virNetDevGetFamilyId(DEVLINK_GENL_NAME)) <= 0)
++    if (virNetDevGetFamilyId(DEVLINK_GENL_NAME, &family_id) <= 0)
+         return ret;
+ 
+     if ((is_vf = virNetDevIsVirtualFunction(ifname)) < 0)
+-- 
+2.23.0
+

libvirt-virNetDevSwitchdevFeature-Make-failure-to-get-family.patch

@@ -0,0 +1,58 @@
+From 7581a0bbd552d63d654a88f0ad2a68e99fa8b54a Mon Sep 17 00:00:00 2001
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Sun, 19 Apr 2020 07:25:34 +0200
+Subject: [PATCH 7/8] virNetDevSwitchdevFeature: Make failure to get
+ 'family_id' non-fatal
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+I've just got a new machine and I'm still converging on the
+kernel config. Anyway, since I don't have enabled any of SRIO-V
+drivers, my kernel doesn't have NET_DEVLINK enabled (i.e.
+virNetDevGetFamilyId() returns 0). But this makes nodedev driver
+ignore all interfaces, because when enumerating all devices via
+udev, the control reaches virNetDevSwitchdevFeature() eventually
+and subsequently virNetDevGetFamilyId() which 'fails'. Well, it's
+not really a failure - the virNetDevSwitchdevFeature() stub
+simply returns 0.
+
+Also, move the call a few lines below, just around the place
+where it's needed.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry-picked from commit 423664a6)
+Signed-off-by: AlexChen <alex.chen@huawei.com>
+---
+ src/util/virnetdev.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
+index 3431aaf6a9..ff86aa1fc9 100644
+--- a/src/util/virnetdev.c
++++ b/src/util/virnetdev.c
+@@ -3146,9 +3146,7 @@ virNetDevSwitchdevFeature(const char *ifname,
+     int is_vf = -1;
+     int ret = -1;
+     uint32_t family_id;
+-
+-    if (virNetDevGetFamilyId(DEVLINK_GENL_NAME, &family_id) <= 0)
+-        return ret;
++    int rv;
+ 
+     if ((is_vf = virNetDevIsVirtualFunction(ifname)) < 0)
+         return ret;
+@@ -3168,6 +3166,9 @@ virNetDevSwitchdevFeature(const char *ifname,
+         goto cleanup;
+     }
+ 
++    if ((rv = virNetDevGetFamilyId(DEVLINK_GENL_NAME, &family_id)) <= 0)
++        return rv;
++
+     if (!(nl_msg = nlmsg_alloc_simple(family_id,
+                                       NLM_F_REQUEST | NLM_F_ACK))) {
+         virReportOOMError();
+-- 
+2.23.0
+

libvirt-virQEMUDriverConfigNew-Add-slash-to-cfg-defaultTLSx5.patch

@@ -0,0 +1,35 @@
+From a34f1d6623f3fb1ec03982ef776e31a4b450158d Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Tue, 16 Jun 2020 12:36:55 +0200
+Subject: [PATCH] virQEMUDriverConfigNew: Add slash to
+ cfg->defaultTLSx509certdir for non-embedded driver
+
+Commit 068efae5b1a9ef accidentally removed the slash.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1847234
+
+cherry-pick from commit: 8f58a4003532d5fffdadf2adc659c94eba3fa21a
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Andrea Bolognani <abologna@redhat.com>
+Signed-off-by: Jin Yan <jinyan12@huawei.com>
+---
+ src/qemu/qemu_conf.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
+index 15837ce..809e8fe 100644
+--- a/src/qemu/qemu_conf.c
++++ b/src/qemu/qemu_conf.c
+@@ -234,7 +234,7 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged,
+      * directory doesn't exist (although we don't check if this exists).
+      */
+     if (root == NULL) {
+-        cfg->defaultTLSx509certdir = g_strdup(SYSCONFDIR "pki/qemu");
++        cfg->defaultTLSx509certdir = g_strdup(SYSCONFDIR "/pki/qemu");
+     } else {
+         cfg->defaultTLSx509certdir = g_strdup_printf("%s/etc/pki/qemu", root);
+     }
+-- 
+1.8.3.1
+

libvirt.spec

@@ -99,7 +99,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 6.2.0
-Release: 8
+Release: 13
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -132,6 +132,38 @@ Patch0021: libvirt-Substitute-security_context_t-with-char.patch
 Patch0022: libvirt-conf-Don-t-format-http-cookies-unless-VIR_DOMAIN_DEF.patch
 Patch0023: libvirt-virstoragetest-testBackingParse-Use-VIR_DOMAIN_DEF_F.patch
 Patch0024: libvirt-support-aarch64-vtpm-with-parameter-tpm-tis-.patch
+Patch0025: libvirt-tests-commandtest-skip-the-test4-if-the-testcase-is-.patch
+Patch0026: libvirt-remote-fix-driver-name-check-for-libxl-driver.patch
+Patch0027: libvirt-systemd-start-libvirtd-after-firewalld-iptables-serv.patch
+Patch0028: libvirt-qemuDomainCleanupRun-Actually-run-cleanup-callbacks-.patch
+Patch0029: libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-n.patch
+Patch0030: libvirt-qemu-only-stop-external-devices-after-the-domain.patch
+Patch0031: libvirt-qemuDomainStorageSourcePrivateDispose-Free-httpcooki.patch
+Patch0032: libvirt-Don-t-require-secdrivers-to-implement-.domainMoveIma.patch
+Patch0033: libvirt-qemuProcessStop-Use-XATTRs-to-restore-seclabels-on-d.patch
+Patch0034: libvirt-qemuProcessStop-Reattach-NVMe-disks-a-domain-is-mirr.patch
+Patch0035: libvirt-security-don-t-fail-if-built-without-attr-support.patch
+Patch0036: libvirt-qemu-Skip-pre-creation-of-NVMe-disks.patch
+Patch0037: libvirt-Fix-some-wrong-usage-of-ATTRIBUTE_NONNULL.patch
+Patch0038: libvirt-conf-Increase-cpuset-length-limit-for-CPU-pinning.patch
+Patch0039: libvirt-virQEMUDriverConfigNew-Add-slash-to-cfg-defaultTLSx5.patch
+Patch0040: libvirt-qemuDomainSetNumaParamsLive-set-nodeset-for-root-cgr.patch
+Patch0041: libvirt-qemu-do-not-add-model-when-actual-iface-type-is-host.patch
+Patch0042: libvirt-qemu-pre-create-the-dbus-directory-in-qemuStateIniti.patch
+Patch0043: libvirt-conf-vmx-check-for-OOM-after-calling-xmlBufferCreate.patch
+Patch0044: libvirt-leaseshelper-Wait-to-acquire-PID-file.patch
+Patch0045: libvirt-leaseshelper-Report-more-errors.patch
+Patch0046: libvirt-qemuBuildMemoryBackendProps-Use-boolean-type-for-pme.patch
+Patch0047: libvirt-qemu-format-ramfb-attribute-for-mediated-devices.patch
+Patch0048: libvirt-resctrl-Do-not-open-directory-for-writing.patch
+Patch0049: libvirt-libxl-fix-crash-when-initializing-driver.patch
+Patch0050: libvirt-util-fix-iteration-in-virSocketAddrResolveService.patch
+Patch0051: libvirt-qemu-fix-hang-in-p2p-xbzrle-compression-parallel-mig.patch
+Patch0052: libvirt-qemu-Revoke-access-to-mirror-on-failed-blockcopy.patch
+Patch0053: libvirt-qemuDomainDefPostParse-Fail-if-unable-to-fill-machin.patch
+Patch0054: libvirt-virNetDevGetFamilyId-Change-signature.patch
+Patch0055: libvirt-virNetDevSwitchdevFeature-Make-failure-to-get-family.patch
+Patch0056: libvirt-qemuDomainGetUnplugTimeout-Add-G_GNUC_NO_INLINE.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -1864,6 +1896,16 @@ exit 0
 
 
 %changelog
+* Tue Sep 22 2020 AlexChen <alex.chen@huawei.com> - 6.2.0-13
+- bugfix: cherry-pick some bugfix patches from opensource community
+* Tue Sep 22 2020 Hao Wang <wanghao232@huawei.com> - 6.2.0-12
+- backport upstream patches
+* Tue Sep 22 2020 Zeyu Jin <jinzeyu@huawei.com> - 6.2.0-11
+- bugfix: backport an upstream patch to fix '/run/libvirt/qemu/dbus' racing bug.
+* Tue Sep 22 2020 Jin Yan <jinyan12@huawei.com> - 6.2.0-10
+- bugfix: cherry-pick some bugfix patches from opensource community
+* Wed Aug 5 2020 AlexChen <alex.chen@huawei.com> - 6.2.0-9
+- tests: skip the test4 if the testcase is run in the container env
 * Wed Aug 5 2020 Jiang Fangjie <jiangfangjie@huawei.com> - 6.2.0-8
 - Libvirt supports aarch64 vtpm with parameter tpm-tis-device
 * Tue Aug 4 2020 Xu Yandong <xuyandong2@huawei.com> - 6.2.0-7