import libvirt-8.5.0-7.3.el9_1

SOURCES/libvirt-kbase-Document-QEMU-private-mount-NS-limitations.patch

@@ -0,0 +1,59 @@
+From 332386ae7bc02618d1860f726065448324a6734a Mon Sep 17 00:00:00 2001
+Message-Id: <332386ae7bc02618d1860f726065448324a6734a@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 5 Sep 2022 12:37:16 +0200
+Subject: [PATCH] kbase: Document QEMU private mount NS limitations
+
+There are two points I've taken for granted:
+
+  1) the mount points are set before starting a guest,
+  2) the / and its submounts are marked as shared, so that mount
+     events propagate into child namespaces when assumption 1) is
+     not held.
+
+But what's obvious to me might not be obvious to our users.
+Document these known limitations.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
+(cherry picked from commit d3397885d589c25b8962ae221fd0a71ced5597cb)
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ docs/kbase/qemu-passthrough-security.rst | 22 ++++++++++++++++++++++
+ 1 file changed, 22 insertions(+)
+
+diff --git a/docs/kbase/qemu-passthrough-security.rst b/docs/kbase/qemu-passthrough-security.rst
+index 4381d9f3a6..106c3cc5b9 100644
+--- a/docs/kbase/qemu-passthrough-security.rst
++++ b/docs/kbase/qemu-passthrough-security.rst
+@@ -156,3 +156,25 @@ will affect all virtual machines. These settings are all made in
+ 
+ * Cgroups - set ``cgroup_device_acl`` to include the desired device node, or
+   ``cgroup_controllers = [...]`` to exclude the ``devices`` controller.
++
++Private monunt namespace
++----------------------------
++
++As mentioned above, libvirt launches each QEMU process in its own ``mount``
++namespace. It's recommended that all mount points are set up prior starting any
++guest. For cases when that can't be assured, mount points in the namespace are
++marked as slave so that mount events happening in the parent namespace are
++propagated into this child namespace. But this may require an additional step:
++mounts in the parent namespace need to be marked as shared (if the distribution
++doesn't do that by default). This can be achieved by running the following
++command before any guest is started:
++
++::
++
++  # mount --make-rshared /
++
++Another requirement for dynamic mount point propagation is to  not place
++``hugetlbfs`` mount points under ``/dev`` because these won't be propagated as
++corresponding directories do not exist in the private namespace. Or just use
++``memfd`` memory backend instead which does not require ``hugetlbfs`` mount
++points.
+-- 
+2.39.0
+

SOURCES/libvirt-nodedev-wait-a-bit-longer-for-new-node-devices.patch

@@ -0,0 +1,48 @@
+From 08c8ef5eb30983d6ca004e84a11fe7f2547f984e Mon Sep 17 00:00:00 2001
+Message-Id: <08c8ef5eb30983d6ca004e84a11fe7f2547f984e@dist-git>
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Tue, 23 Aug 2022 12:28:02 -0500
+Subject: [PATCH] nodedev: wait a bit longer for new node devices
+
+Openstack developers reported that newly-created mdevs were not
+recognized by libvirt until after a libvirt daemon restart. The source
+of the problem appears to be that when libvirt gets the udev 'add'
+event, the sysfs tree for that device might not be ready and so libvirt
+waits 100ms for it to appear (max 100 waits of 1ms each). But in the
+OpenStack environment, the sysfs tree for new mediated devices was
+taking closer to 250ms to appear and therefore libvirt gave up waiting
+and didn't add these new devices to its list of nodedevs.
+
+By changing the wait time to 1 second (max 100 waits of 10ms each), this
+should provide enough time to enable these deployments to recognize
+newly-created mediated devices, but it shouldn't increase the delay for
+more traditional deployments too much.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2109450
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+(cherry picked from commit e4f9682ebc442bb5dfee807ba618c8863355776d)
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2141364
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+---
+ src/node_device/node_device_udev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
+index 3d69bdedae..1f63162e23 100644
+--- a/src/node_device/node_device_udev.c
++++ b/src/node_device/node_device_udev.c
+@@ -1036,7 +1036,7 @@ udevProcessMediatedDevice(struct udev_device *dev,
+ 
+     linkpath = g_strdup_printf("%s/mdev_type", udev_device_get_syspath(dev));
+ 
+-    if (virFileWaitForExists(linkpath, 1, 100) < 0) {
++    if (virFileWaitForExists(linkpath, 10, 100) < 0) {
+         virReportSystemError(errno,
+                              _("failed to wait for file '%s' to appear"),
+                              linkpath);
+-- 
+2.38.1
+

SOURCES/libvirt-qemu-Implement-qemuDomainGetStatsCpu-fallback-for-qemu-session.patch

@@ -0,0 +1,86 @@
+From 5da85fb944db3dd8213a7302deaffa3b294acd64 Mon Sep 17 00:00:00 2001
+Message-Id: <5da85fb944db3dd8213a7302deaffa3b294acd64@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 9 Aug 2022 16:16:09 +0200
+Subject: [PATCH] qemu: Implement qemuDomainGetStatsCpu fallback for
+ qemu:///session
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+For domains started under session URI, we don't set up CGroups
+(well, how could we since we're not running as root anyways).
+Nevertheless, fetching CPU statistics exits early because of
+lacking cpuacct controller. But with recent extension to
+virProcessGetStatInfo() we can get the values we need from the
+proc filesystem. Implement the fallback for the session URI as
+some of virt tools rely on cpu.* stats to be reported (virt-top,
+virt-manager).
+
+Resolves: https://gitlab.com/libvirt/libvirt/-/issues/353
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1693707
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 044b8744d65f8571038f85685b3c4b241162977b)
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2157094
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_driver.c | 35 +++++++++++++++++++++++++++++++++--
+ 1 file changed, 33 insertions(+), 2 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 84cf2c6a4f..ac210d8069 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -18042,6 +18042,30 @@ qemuDomainGetStatsCpuCgroup(virDomainObj *dom,
+     return 0;
+ }
+ 
++
++static int
++qemuDomainGetStatsCpuProc(virDomainObj *vm,
++                          virTypedParamList *params)
++{
++    unsigned long long cpuTime = 0;
++    unsigned long long sysTime = 0;
++    unsigned long long userTime = 0;
++
++    if (virProcessGetStatInfo(&cpuTime, &sysTime, &userTime,
++                              NULL, NULL, vm->pid, 0) < 0) {
++        /* ignore error */
++        return 0;
++    }
++
++    if (virTypedParamListAddULLong(params, cpuTime, "cpu.time") < 0 ||
++        virTypedParamListAddULLong(params, userTime, "cpu.user") < 0 ||
++        virTypedParamListAddULLong(params, sysTime, "cpu.system") < 0)
++        return -1;
++
++    return 0;
++}
++
++
+ static int
+ qemuDomainGetStatsCpuHaltPollTime(virDomainObj *dom,
+                                   virTypedParamList *params)
+@@ -18066,8 +18090,15 @@ qemuDomainGetStatsCpu(virQEMUDriver *driver,
+                       virTypedParamList *params,
+                       unsigned int privflags G_GNUC_UNUSED)
+ {
+-    if (qemuDomainGetStatsCpuCgroup(dom, params) < 0)
+-        return -1;
++    qemuDomainObjPrivate *priv = dom->privateData;
++
++    if (priv->cgroup) {
++        if (qemuDomainGetStatsCpuCgroup(dom, params) < 0)
++            return -1;
++    } else {
++        if (qemuDomainGetStatsCpuProc(dom, params) < 0)
++            return -1;
++    }
+ 
+     if (qemuDomainGetStatsCpuCache(driver, dom, params) < 0)
+         return -1;
+-- 
+2.39.0
+

SOURCES/libvirt-qemuAgentGetDisks-Don-t-use-virJSONValueObjectGetStringArray-for-optional-data.patch

@@ -0,0 +1,58 @@
+From 198f38fa5540c7545607b9d1beb0bfb689d56c3d Mon Sep 17 00:00:00 2001
+Message-Id: <198f38fa5540c7545607b9d1beb0bfb689d56c3d@dist-git>
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Thu, 1 Dec 2022 17:02:42 +0100
+Subject: [PATCH] qemuAgentGetDisks: Don't use virJSONValueObjectGetStringArray
+ for optional data
+
+The 'dependencies' field in the return data may be missing in some
+cases. Historically 'virJSONValueObjectGetStringArray' didn't report
+error in such case, but later refactor (commit 043b50b948ef3c2 ) added
+an error in order to use it in other places too.
+
+Unfortunately this results in the error log being spammed with an
+irrelevant error in case when qemuAgentGetDisks is invoked on a VM
+running windows.
+
+Replace the use of virJSONValueObjectGetStringArray by fetching the
+array first and calling virJSONValueArrayToStringList only when we have
+an array.
+
+Fixes: 043b50b948ef3c2a4adf5fa32a93ec2589851ac6
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2149752
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 3b576601dfb924bb518870a01de5d1a421cbb467)
+https://bugzilla.redhat.com/show_bug.cgi?id=2154410
+---
+ src/qemu/qemu_agent.c | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_agent.c b/src/qemu/qemu_agent.c
+index d81f01ba77..7afef06694 100644
+--- a/src/qemu/qemu_agent.c
++++ b/src/qemu/qemu_agent.c
+@@ -2544,6 +2544,7 @@ int qemuAgentGetDisks(qemuAgent *agent,
+     for (i = 0; i < ndata; i++) {
+         virJSONValue *addr;
+         virJSONValue *entry = virJSONValueArrayGet(data, i);
++        virJSONValue *dependencies;
+         qemuAgentDiskInfo *disk;
+ 
+         if (!entry) {
+@@ -2569,7 +2570,11 @@ int qemuAgentGetDisks(qemuAgent *agent,
+             goto error;
+         }
+ 
+-        disk->dependencies = virJSONValueObjectGetStringArray(entry, "dependencies");
++        if ((dependencies = virJSONValueObjectGetArray(entry, "dependencies"))) {
++            if (!(disk->dependencies = virJSONValueArrayToStringList(dependencies)))
++                goto error;
++        }
++
+         disk->alias = g_strdup(virJSONValueObjectGetString(entry, "alias"));
+         addr = virJSONValueObjectGetObject(entry, "address");
+         if (addr) {
+-- 
+2.39.0
+

SOURCES/libvirt-qemuProcessReconnect-Don-t-build-memory-paths.patch

@@ -0,0 +1,57 @@
+From b76623b5921238c9a4db9b3e1958b51a4d7e8b52 Mon Sep 17 00:00:00 2001
+Message-Id: <b76623b5921238c9a4db9b3e1958b51a4d7e8b52@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Wed, 28 Sep 2022 10:12:36 +0200
+Subject: [PATCH] qemuProcessReconnect: Don't build memory paths
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Let me take you on a short trip to history. A long time ago,
+libvirt would configure all QEMUs to use $hugetlbfs/libvirt/qemu
+for their hugepages setup. This was problematic, because it did
+not allow enough separation between guests. Therefore in
+v3.0.0-rc1~367 the path changed to a per-domain basis:
+
+  $hugetlbfs/libvirt/qemu/$domainShortName
+
+And to help with migration on daemon restart a call to
+qemuProcessBuildDestroyMemoryPaths() was added to
+qemuProcessReconnect() (well, it was named
+qemuProcessBuildDestroyHugepagesPath() back then, see
+v3.10.0-rc1~174). This was desirable then, because the memory
+hotplug code did not call the function, it simply assumes
+per-domain paths to exist. But this changed in v3.5.0-rc1~92
+after which the per-domain paths are created on memory hotplug
+too.
+
+Therefore, it's no longer necessary to create these paths in
+qemuProcessReconnect(). They are created exactly when needed
+(domain startup and memory hotplug).
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 3478cca80ea7382cfdbff836d5d0b92aa014297b)
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_process.c | 3 ---
+ 1 file changed, 3 deletions(-)
+
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 062a0b6dac..979ad99f5a 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -9004,9 +9004,6 @@ qemuProcessReconnect(void *opaque)
+         goto cleanup;
+     }
+ 
+-    if (qemuProcessBuildDestroyMemoryPaths(driver, obj, NULL, true) < 0)
+-        goto error;
+-
+     if ((qemuDomainAssignAddresses(obj->def, priv->qemuCaps,
+                                    driver, obj, false)) < 0) {
+         goto error;
+-- 
+2.39.0
+

SOURCES/libvirt-qemu_namespace-Fix-a-corner-case-in-qemuDomainGetPreservedMounts.patch

@@ -0,0 +1,80 @@
+From 6b3a0480cf2de402abce168aa0b093a8dc4f7a57 Mon Sep 17 00:00:00 2001
+Message-Id: <6b3a0480cf2de402abce168aa0b093a8dc4f7a57@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 6 Sep 2022 13:43:22 +0200
+Subject: [PATCH] qemu_namespace: Fix a corner case in
+ qemuDomainGetPreservedMounts()
+
+When setting up namespace for QEMU we look at mount points under
+/dev (like /dev/pts, /dev/mqueue/, etc.) because we want to
+preserve those (which is done by moving them to a temp location,
+unshare(), and then moving them back). We have a convenience
+helper - qemuDomainGetPreservedMounts() - that processes the
+mount table and (optionally) moves the other filesystems too.
+This helper is also used when attempting to create a path in NS,
+because the path, while starting with "/dev/" prefix, may
+actually lead to one of those filesystems that we preserved.
+
+And here comes the corner case: while we require the parent mount
+table to be in shared mode (equivalent of `mount --make-rshared /'),
+these mount events propagate iff the target path exist inside the
+slave mount table (= QEMU's private namespace). And since we
+create only a subset of /dev nodes, well, that assumption is not
+always the case.
+
+For instance, assume that a domain is already running, no
+hugepages were configured for it nor any hugetlbfs is mounted.
+Now, when a hugetlbfs is mounted into '/dev/hugepages', this is
+propagated into the QEMU's namespace, but since the target dir
+does not exist in the private /dev, the FS is not mounted in the
+namespace.
+
+Fortunately, this difference between namespaces is visible when
+comparing /proc/mounts and /proc/$PID/mounts (where PID is the
+QEMU's PID). Therefore, if possible we should look at the latter.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
+(cherry picked from commit 46b03819ae8d833b11c2aaccb2c2a0361727f51b)
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_namespace.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
+index 71e3366ca5..807ec37c91 100644
+--- a/src/qemu/qemu_namespace.c
++++ b/src/qemu/qemu_namespace.c
+@@ -109,6 +109,8 @@ qemuDomainGetPreservedMountPath(virQEMUDriverConfig *cfg,
+  * b) generate backup path for all the entries in a)
+  *
+  * Any of the return pointers can be NULL. Both arrays are NULL-terminated.
++ * Get the mount table either from @vm's PID (if running), or from the
++ * namespace we're in (if @vm's not running).
+  *
+  * Returns 0 on success, -1 otherwise (with error reported)
+  */
+@@ -123,12 +125,18 @@ qemuDomainGetPreservedMounts(virQEMUDriverConfig *cfg,
+     size_t nmounts = 0;
+     g_auto(GStrv) paths = NULL;
+     g_auto(GStrv) savePaths = NULL;
++    g_autofree char *mountsPath = NULL;
+     size_t i;
+ 
+     if (ndevPath)
+         *ndevPath = 0;
+ 
+-    if (virFileGetMountSubtree(QEMU_PROC_MOUNTS, "/dev", &mounts, &nmounts) < 0)
++    if (vm->pid > 0)
++        mountsPath = g_strdup_printf("/proc/%lld/mounts", (long long) vm->pid);
++    else
++        mountsPath = g_strdup(QEMU_PROC_MOUNTS);
++
++    if (virFileGetMountSubtree(mountsPath, "/dev", &mounts, &nmounts) < 0)
+         return -1;
+ 
+     if (nmounts == 0)
+-- 
+2.39.0
+

SOURCES/libvirt-qemu_namespace-Introduce-qemuDomainNamespaceSetupPath.patch

@@ -0,0 +1,68 @@
+From c8379fdd0f13af84f4b2ed449f8de77117fd8bc7 Mon Sep 17 00:00:00 2001
+Message-Id: <c8379fdd0f13af84f4b2ed449f8de77117fd8bc7@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 6 Sep 2022 13:43:58 +0200
+Subject: [PATCH] qemu_namespace: Introduce qemuDomainNamespaceSetupPath()
+
+Sometimes it may come handy to just bind mount a directory/file
+into domain's namespace. Implement a thin wrapper over
+qemuNamespaceMknodPaths() which has all the logic we need.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
+(cherry picked from commit 5853d707189005a4ea5b2215e80853867b822fd9)
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_namespace.c | 19 +++++++++++++++++++
+ src/qemu/qemu_namespace.h |  4 ++++
+ 2 files changed, 23 insertions(+)
+
+diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
+index 807ec37c91..09e235e120 100644
+--- a/src/qemu/qemu_namespace.c
++++ b/src/qemu/qemu_namespace.c
+@@ -1424,6 +1424,25 @@ qemuNamespaceUnlinkPaths(virDomainObj *vm,
+ }
+ 
+ 
++int
++qemuDomainNamespaceSetupPath(virDomainObj *vm,
++                             const char *path,
++                             bool *created)
++{
++    g_autoptr(virGSListString) paths = NULL;
++
++    if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
++        return 0;
++
++    paths = g_slist_prepend(paths, g_strdup(path));
++
++    if (qemuNamespaceMknodPaths(vm, paths, created) < 0)
++        return -1;
++
++    return 0;
++}
++
++
+ int
+ qemuDomainNamespaceSetupDisk(virDomainObj *vm,
+                              virStorageSource *src,
+diff --git a/src/qemu/qemu_namespace.h b/src/qemu/qemu_namespace.h
+index fbea865c70..85d990f460 100644
+--- a/src/qemu/qemu_namespace.h
++++ b/src/qemu/qemu_namespace.h
+@@ -48,6 +48,10 @@ void qemuDomainDestroyNamespace(virQEMUDriver *driver,
+ 
+ bool qemuDomainNamespaceAvailable(qemuDomainNamespace ns);
+ 
++int qemuDomainNamespaceSetupPath(virDomainObj *vm,
++                                 const char *path,
++                                 bool *created);
++
+ int qemuDomainNamespaceSetupDisk(virDomainObj *vm,
+                                  virStorageSource *src,
+                                  bool *created);
+-- 
+2.39.0
+

SOURCES/libvirt-qemu_namespace-Tolerate-missing-ACLs-when-creating-a-path-in-namespace.patch

@@ -0,0 +1,45 @@
+From 1f0a6e441617da6a95e2188408ad1ed2dd4665e4 Mon Sep 17 00:00:00 2001
+Message-Id: <1f0a6e441617da6a95e2188408ad1ed2dd4665e4@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 6 Sep 2022 13:37:23 +0200
+Subject: [PATCH] qemu_namespace: Tolerate missing ACLs when creating a path in
+ namespace
+
+When creating a path in a domain's mount namespace we try to set
+ACLs on it, so that it's a verbatim copy of the path in parent's
+namespace. The ACLs are queried upfront (by
+qemuNamespaceMknodItemInit()) but this is fault tolerant so the
+pointer to ACLs might be NULL (meaning no ACLs were queried, for
+instance because the underlying filesystem does not support
+them). But then we take this NULL and pass it to virFileSetACLs()
+which immediately returns an error because NULL is invalid value.
+
+Mimic what we do with SELinux label - only set ACLs if they are
+non-NULL which includes symlinks.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
+(cherry picked from commit 687374959e160dc566bd4b6d43c7bf1beb470c59)
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_namespace.c | 3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
+index 98cd794666..71e3366ca5 100644
+--- a/src/qemu/qemu_namespace.c
++++ b/src/qemu/qemu_namespace.c
+@@ -1040,8 +1040,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
+         goto cleanup;
+     }
+ 
+-    /* Symlinks don't have ACLs. */
+-    if (!isLink &&
++    if (data->acl &&
+         virFileSetACLs(data->file, data->acl) < 0 &&
+         errno != ENOTSUP) {
+         virReportSystemError(errno,
+-- 
+2.39.0
+

SOURCES/libvirt-qemu_process.c-Propagate-hugetlbfs-mounts-on-reconnect.patch

@@ -0,0 +1,73 @@
+From 9842eb7301f985e4cc08001aff48c269492b2456 Mon Sep 17 00:00:00 2001
+Message-Id: <9842eb7301f985e4cc08001aff48c269492b2456@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 6 Sep 2022 13:45:51 +0200
+Subject: [PATCH] qemu_process.c: Propagate hugetlbfs mounts on reconnect
+
+When reconnecting to a running QEMU process, we construct the
+per-domain path in all hugetlbfs mounts. This is a relict from
+the past (v3.4.0-100-g5b24d25062) where we switched to a
+per-domain path and we want to create those paths when libvirtd
+restarts on upgrade.
+
+And with namespaces enabled there is one corner case where the
+path is not created. In fact an error is reported and the
+reconnect fails. Ideally, all mount events are propagated into
+the QEMU's namespace. And they probably are, except when the
+target path does not exist inside the namespace. Now, it's pretty
+common for users to mount hugetlbfs under /dev (e.g.
+/dev/hugepages), but if domain is started without hugepages (or
+more specifically - private hugetlbfs path wasn't created on
+domain startup), then the reconnect code tries to create it.
+But it fails to do so, well, it fails to set seclabels on the
+path because, because the path does not exist in the private
+namespace. And it doesn't exist because we specifically create
+only a subset of all possible /dev nodes. Therefore, the mount
+event, whilst propagated, is not successful and hence the
+filesystem is not mounted. We have to do it ourselves.
+
+If hugetlbfs is mount anywhere else there's no problem and this
+is effectively a dead code.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
+(cherry picked from commit 0377177c7856bb87a9d8aa1324b54f5fbe9f1e5b)
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2152083
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ docs/kbase/qemu-passthrough-security.rst | 6 ------
+ src/qemu/qemu_process.c                  | 3 +++
+ 2 files changed, 3 insertions(+), 6 deletions(-)
+
+diff --git a/docs/kbase/qemu-passthrough-security.rst b/docs/kbase/qemu-passthrough-security.rst
+index 106c3cc5b9..ef10d8af9b 100644
+--- a/docs/kbase/qemu-passthrough-security.rst
++++ b/docs/kbase/qemu-passthrough-security.rst
+@@ -172,9 +172,3 @@ command before any guest is started:
+ ::
+ 
+   # mount --make-rshared /
+-
+-Another requirement for dynamic mount point propagation is to  not place
+-``hugetlbfs`` mount points under ``/dev`` because these won't be propagated as
+-corresponding directories do not exist in the private namespace. Or just use
+-``memfd`` memory backend instead which does not require ``hugetlbfs`` mount
+-points.
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 4b52d664c7..062a0b6dac 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -4039,6 +4039,9 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriver *driver,
+             return -1;
+         }
+ 
++        if (qemuDomainNamespaceSetupPath(vm, path, NULL) < 0)
++            return -1;
++
+         if (qemuSecurityDomainSetPathLabel(driver, vm, path, true) < 0)
+             return -1;
+     } else {
+-- 
+2.39.0
+

SOURCES/libvirt-util-Extend-virProcessGetStatInfo-for-sysTime-and-userTime.patch

@@ -0,0 +1,165 @@
+From b7a08f453fc448415ce320532907e61fa34f95b7 Mon Sep 17 00:00:00 2001
+Message-Id: <b7a08f453fc448415ce320532907e61fa34f95b7@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 9 Aug 2022 16:15:55 +0200
+Subject: [PATCH] util: Extend virProcessGetStatInfo() for sysTime and userTime
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virProcessGetStatInfo() helper parses /proc stat file for
+given PID and/or TID and reports cumulative cpuTime which is just
+a sum of user and sys times. But in near future, we'll need those
+times separately, so make the function return them too (if caller
+desires).
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit cdc22d9a21e472a02dae8157e3cca5832f161feb)
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2157094
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/ch/ch_driver.c     |  1 +
+ src/qemu/qemu_driver.c |  4 +++-
+ src/util/virprocess.c  | 33 ++++++++++++++++++++++-----------
+ src/util/virprocess.h  |  2 ++
+ 4 files changed, 28 insertions(+), 12 deletions(-)
+
+diff --git a/src/ch/ch_driver.c b/src/ch/ch_driver.c
+index e7c172c894..bde148075d 100644
+--- a/src/ch/ch_driver.c
++++ b/src/ch/ch_driver.c
+@@ -1075,6 +1075,7 @@ chDomainHelperGetVcpus(virDomainObj *vm,
+             vcpuinfo->number = i;
+             vcpuinfo->state = VIR_VCPU_RUNNING;
+             if (virProcessGetStatInfo(&vcpuinfo->cpuTime,
++                                      NULL, NULL,
+                                       &vcpuinfo->cpu, NULL,
+                                       vm->pid, vcpupid) < 0) {
+                 virReportSystemError(errno, "%s",
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index ebd6365f52..84cf2c6a4f 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -1359,6 +1359,7 @@ qemuDomainHelperGetVcpus(virDomainObj *vm,
+             vcpuinfo->state = VIR_VCPU_RUNNING;
+ 
+             if (virProcessGetStatInfo(&vcpuinfo->cpuTime,
++                                      NULL, NULL,
+                                       &vcpuinfo->cpu, NULL,
+                                       vm->pid, vcpupid) < 0) {
+                 virReportSystemError(errno, "%s",
+@@ -2528,6 +2529,7 @@ qemuDomainGetInfo(virDomainPtr dom,
+ 
+     if (virDomainObjIsActive(vm)) {
+         if (virProcessGetStatInfo(&(info->cpuTime), NULL, NULL,
++                                  NULL, NULL,
+                                   vm->pid, 0) < 0) {
+             virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+                            _("cannot read cputime for domain"));
+@@ -10770,7 +10772,7 @@ qemuDomainMemoryStatsInternal(virQEMUDriver *driver,
+         ret = 0;
+     }
+ 
+-    if (virProcessGetStatInfo(NULL, NULL, &rss, vm->pid, 0) < 0) {
++    if (virProcessGetStatInfo(NULL, NULL, NULL, NULL, &rss, vm->pid, 0) < 0) {
+         virReportError(VIR_ERR_OPERATION_FAILED, "%s",
+                        _("cannot get RSS for domain"));
+     } else {
+diff --git a/src/util/virprocess.c b/src/util/virprocess.c
+index 013afd91b4..11f36e00a8 100644
+--- a/src/util/virprocess.c
++++ b/src/util/virprocess.c
+@@ -1737,32 +1737,37 @@ virProcessGetStat(pid_t pid,
+ #ifdef __linux__
+ int
+ virProcessGetStatInfo(unsigned long long *cpuTime,
++                      unsigned long long *userTime,
++                      unsigned long long *sysTime,
+                       int *lastCpu,
+                       long *vm_rss,
+                       pid_t pid,
+                       pid_t tid)
+ {
+     g_auto(GStrv) proc_stat = virProcessGetStat(pid, tid);
+-    unsigned long long usertime = 0, systime = 0;
++    unsigned long long utime = 0;
++    unsigned long long stime = 0;
++    const unsigned long long jiff2nsec = 1000ull * 1000ull * 1000ull /
++                                         (unsigned long long) sysconf(_SC_CLK_TCK);
+     long rss = 0;
+     int cpu = 0;
+ 
+     if (!proc_stat ||
+-        virStrToLong_ullp(proc_stat[VIR_PROCESS_STAT_UTIME], NULL, 10, &usertime) < 0 ||
+-        virStrToLong_ullp(proc_stat[VIR_PROCESS_STAT_STIME], NULL, 10, &systime) < 0 ||
++        virStrToLong_ullp(proc_stat[VIR_PROCESS_STAT_UTIME], NULL, 10, &utime) < 0 ||
++        virStrToLong_ullp(proc_stat[VIR_PROCESS_STAT_STIME], NULL, 10, &stime) < 0 ||
+         virStrToLong_l(proc_stat[VIR_PROCESS_STAT_RSS], NULL, 10, &rss) < 0 ||
+         virStrToLong_i(proc_stat[VIR_PROCESS_STAT_PROCESSOR], NULL, 10, &cpu) < 0) {
+         VIR_WARN("cannot parse process status data");
+     }
+ 
+-    /* We got jiffies
+-     * We want nanoseconds
+-     * _SC_CLK_TCK is jiffies per second
+-     * So calculate thus....
+-     */
++    utime *= jiff2nsec;
++    stime *= jiff2nsec;
+     if (cpuTime)
+-        *cpuTime = 1000ull * 1000ull * 1000ull * (usertime + systime)
+-            / (unsigned long long) sysconf(_SC_CLK_TCK);
++        *cpuTime = utime + stime;
++    if (userTime)
++        *userTime = utime;
++    if (sysTime)
++        *sysTime = stime;
+     if (lastCpu)
+         *lastCpu = cpu;
+ 
+@@ -1771,7 +1776,7 @@ virProcessGetStatInfo(unsigned long long *cpuTime,
+ 
+ 
+     VIR_DEBUG("Got status for %d/%d user=%llu sys=%llu cpu=%d rss=%ld",
+-              (int) pid, tid, usertime, systime, cpu, rss);
++              (int) pid, tid, utime, stime, cpu, rss);
+ 
+     return 0;
+ }
+@@ -1844,6 +1849,8 @@ virProcessGetSchedInfo(unsigned long long *cpuWait,
+ #else
+ int
+ virProcessGetStatInfo(unsigned long long *cpuTime,
++                      unsigned long long *userTime,
++                      unsigned long long *sysTime,
+                       int *lastCpu,
+                       long *vm_rss,
+                       pid_t pid G_GNUC_UNUSED,
+@@ -1853,6 +1860,10 @@ virProcessGetStatInfo(unsigned long long *cpuTime,
+      * platforms, so just report neutral values */
+     if (cpuTime)
+         *cpuTime = 0;
++    if (userTime)
++        *userTime = 0;
++    if (sysTime)
++        *sysTime = 0;
+     if (lastCpu)
+         *lastCpu = 0;
+     if (vm_rss)
+diff --git a/src/util/virprocess.h b/src/util/virprocess.h
+index 086fbe0e4d..f5a4a4e508 100644
+--- a/src/util/virprocess.h
++++ b/src/util/virprocess.h
+@@ -195,6 +195,8 @@ typedef enum {
+ int virProcessNamespaceAvailable(unsigned int ns);
+ 
+ int virProcessGetStatInfo(unsigned long long *cpuTime,
++                          unsigned long long *userTime,
++                          unsigned long long *sysTime,
+                           int *lastCpu,
+                           long *vm_rss,
+                           pid_t pid,
+-- 
+2.39.0
+

SOURCES/libvirt-util-json-Split-out-array-strinlist-conversion-from-virJSONValueObjectGetStringArray.patch

@@ -0,0 +1,124 @@
+From 38ad84afdbeab479d0beee24e7bef87a64db1ce3 Mon Sep 17 00:00:00 2001
+Message-Id: <38ad84afdbeab479d0beee24e7bef87a64db1ce3@dist-git>
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Thu, 1 Dec 2022 13:32:07 +0100
+Subject: [PATCH] util: json: Split out array->strinlist conversion from
+ virJSONValueObjectGetStringArray
+
+Introduce virJSONValueArrayToStringList which does only the conversion
+from an array to a stringlist.
+
+This will allow refactoring the callers to be more careful in case when
+they want to handle the existance of the member in the parent object
+differently.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 6765bdeaf7e9cbdb4c39d47f3b77fb28a498408a)
+https://bugzilla.redhat.com/show_bug.cgi?id=2154410
+---
+ src/libvirt_private.syms |  1 +
+ src/util/virjson.c       | 43 ++++++++++++++++++++++------------------
+ src/util/virjson.h       |  2 ++
+ 3 files changed, 27 insertions(+), 19 deletions(-)
+
+diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
+index 76bcc64eb0..288310b75a 100644
+--- a/src/libvirt_private.syms
++++ b/src/libvirt_private.syms
+@@ -2543,6 +2543,7 @@ virJSONValueArrayForeachSteal;
+ virJSONValueArrayGet;
+ virJSONValueArraySize;
+ virJSONValueArraySteal;
++virJSONValueArrayToStringList;
+ virJSONValueCopy;
+ virJSONValueFree;
+ virJSONValueFromString;
+diff --git a/src/util/virjson.c b/src/util/virjson.c
+index 53f8cdff95..fcbc173ffa 100644
+--- a/src/util/virjson.c
++++ b/src/util/virjson.c
+@@ -1316,10 +1316,7 @@ virJSONValueObjectStealObject(virJSONValue *object,
+ char **
+ virJSONValueObjectGetStringArray(virJSONValue *object, const char *key)
+ {
+-    g_auto(GStrv) ret = NULL;
+     virJSONValue *data;
+-    size_t n;
+-    size_t i;
+ 
+     data = virJSONValueObjectGetArray(object, key);
+     if (!data) {
+@@ -1329,32 +1326,40 @@ virJSONValueObjectGetStringArray(virJSONValue *object, const char *key)
+         return NULL;
+     }
+ 
+-    n = virJSONValueArraySize(data);
+-    ret = g_new0(char *, n + 1);
++    return virJSONValueArrayToStringList(data);
++}
++
++
++/**
++ * virJSONValueArrayToStringList:
++ * @data: a JSON array containing strings to convert
++ *
++ * Converts @data a JSON array containing strings to a NULL-terminated string
++ * list. @data must be a JSON array. In case @data is doesn't contain only
++ * strings an error is reported.
++ */
++char **
++virJSONValueArrayToStringList(virJSONValue *data)
++{
++    size_t n = virJSONValueArraySize(data);
++    g_auto(GStrv) ret = g_new0(char *, n + 1);
++    size_t i;
++
+     for (i = 0; i < n; i++) {
+         virJSONValue *child = virJSONValueArrayGet(data, i);
+-        const char *tmp;
+ 
+-        if (!child) {
+-            virReportError(VIR_ERR_INTERNAL_ERROR,
+-                           _("%s array element is missing item %zu"),
+-                           key, i);
++        if (!child ||
++            !(ret[i] = g_strdup(virJSONValueGetString(child)))) {
++            virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
++                           _("JSON string array contains non-string element"));
+             return NULL;
+         }
+-
+-        if (!(tmp = virJSONValueGetString(child))) {
+-            virReportError(VIR_ERR_INTERNAL_ERROR,
+-                           _("%s array element does not contain a string"),
+-                           key);
+-            return NULL;
+-        }
+-
+-        ret[i] = g_strdup(tmp);
+     }
+ 
+     return g_steal_pointer(&ret);
+ }
+ 
++
+ /**
+  * virJSONValueObjectForeachKeyValue:
+  * @object: JSON object to iterate
+diff --git a/src/util/virjson.h b/src/util/virjson.h
+index aced48a538..c9f83ab2bc 100644
+--- a/src/util/virjson.h
++++ b/src/util/virjson.h
+@@ -172,6 +172,8 @@ virJSONValueObjectGetString(virJSONValue *object,
+ char **
+ virJSONValueObjectGetStringArray(virJSONValue *object,
+                                  const char *key);
++char **
++virJSONValueArrayToStringList(virJSONValue *data);
+ const char *
+ virJSONValueObjectGetStringOrNumber(virJSONValue *object,
+                                     const char *key);
+-- 
+2.39.0
+

SPECS/libvirt.spec

@@ -231,7 +231,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 8.5.0
-Release: 7%{?dist}%{?extra_release}
+Release: 7.3%{?dist}%{?extra_release}
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -274,6 +274,17 @@ Patch31: libvirt-qemu-don-t-call-qemuMigrationSrcIsAllowedHostdev-from-qemuMigra
 Patch32: libvirt-rpc-Pass-OPENSSL_CONF-through-to-ssh-invocations.patch
 Patch33: libvirt-qemu_process-Destroy-domain-s-namespace-after-killing-QEMU.patch
 Patch34: libvirt-security_selinux-Don-t-ignore-NVMe-disks-when-setting-image-label.patch
+Patch35: libvirt-nodedev-wait-a-bit-longer-for-new-node-devices.patch
+Patch36: libvirt-kbase-Document-QEMU-private-mount-NS-limitations.patch
+Patch37: libvirt-qemu_namespace-Tolerate-missing-ACLs-when-creating-a-path-in-namespace.patch
+Patch38: libvirt-qemu_namespace-Fix-a-corner-case-in-qemuDomainGetPreservedMounts.patch
+Patch39: libvirt-qemu_namespace-Introduce-qemuDomainNamespaceSetupPath.patch
+Patch40: libvirt-qemu_process.c-Propagate-hugetlbfs-mounts-on-reconnect.patch
+Patch41: libvirt-qemuProcessReconnect-Don-t-build-memory-paths.patch
+Patch42: libvirt-util-json-Split-out-array-strinlist-conversion-from-virJSONValueObjectGetStringArray.patch
+Patch43: libvirt-qemuAgentGetDisks-Don-t-use-virJSONValueObjectGetStringArray-for-optional-data.patch
+Patch44: libvirt-util-Extend-virProcessGetStatInfo-for-sysTime-and-userTime.patch
+Patch45: libvirt-qemu-Implement-qemuDomainGetStatsCpu-fallback-for-qemu-session.patch
 
 
 Requires: libvirt-daemon = %{version}-%{release}
@@ -2180,6 +2191,24 @@ exit 0
 
 
 %changelog
+* Thu Jan  5 2023 Jiri Denemark <jdenemar@redhat.com> - 8.5.0-7.3.el9_1
+- util: json: Split out array->strinlist conversion from virJSONValueObjectGetStringArray (rhbz#2154410)
+- qemuAgentGetDisks: Don't use virJSONValueObjectGetStringArray for optional data (rhbz#2154410)
+- util: Extend virProcessGetStatInfo() for sysTime and userTime (rhbz#2157094)
+- qemu: Implement qemuDomainGetStatsCpu fallback for qemu:///session (rhbz#2157094)
+- RHEL: rpminspect: Disable abidiff inspection
+
+* Wed Dec 14 2022 Jiri Denemark <jdenemar@redhat.com> - 8.5.0-7.2.el9_1
+- kbase: Document QEMU private mount NS limitations (rhbz#2152083)
+- qemu_namespace: Tolerate missing ACLs when creating a path in namespace (rhbz#2152083)
+- qemu_namespace: Fix a corner case in qemuDomainGetPreservedMounts() (rhbz#2152083)
+- qemu_namespace: Introduce qemuDomainNamespaceSetupPath() (rhbz#2152083)
+- qemu_process.c: Propagate hugetlbfs mounts on reconnect (rhbz#2152083)
+- qemuProcessReconnect: Don't build memory paths (rhbz#2152083)
+
+* Fri Nov 11 2022 Jiri Denemark <jdenemar@redhat.com> - 8.5.0-7.1.el9_1
+- nodedev: wait a bit longer for new node devices (rhbz#2141364)
+
 * Mon Sep 26 2022 Jiri Denemark <jdenemar@redhat.com> - 8.5.0-7
 - security_selinux: Don't ignore NVMe disks when setting image label (rhbz#2121441)