From d84bcc05bdc904aa3737bf59fdc79ab1ba2dcfa8 Mon Sep 17 00:00:00 2001
From: Eduard Abdullin <55892454+eabdullin1@users.noreply.github.com>
Date: Wed, 6 Mar 2024 14:21:06 +0300
Subject: [PATCH] - cpu_map: Add cpu model EPYC Genoa - schema: nodedev: Adjust
 allowed characters in  'vpdFieldValueFormat' - tests: Test the previously
 mishandled PCI VPD characters - util: pcivpd: Refactor
 virPCIVPDResourceIsValidTextValue - virNodeDeviceCapVPDFormat: Properly
 escape system-originated  strings - virNodeDeviceCapVPDFormatCustom*: Escape
 unsanitized strings - virPCIVPDResourceIsValidTextValue: Adjust comment to
 reflect  actual code

---
 .../cpu_map-Add-cpu-model-EPYC-Genoa.patch    | 201 ++++++++++++++++++
 ...ed-characters-in-vpdFieldValueFormat.patch |  31 +++
 ...iously-mishandled-PCI-VPD-characters.patch |  80 +++++++
 ...or-virPCIVPDResourceIsValidTextValue.patch |  54 +++++
 ...at-Properly-escape-system-originated.patch |  86 ++++++++
 ...matCustom-Escape-unsanitized-strings.patch |  72 +++++++
 ...djust-comment-to-reflect-actual-code.patch |  46 ++++
 SPECS/libvirt.spec                            |  29 ++-
 8 files changed, 598 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/cpu_map-Add-cpu-model-EPYC-Genoa.patch
 create mode 100644 SOURCES/schema-nodedev-Adjust-allowed-characters-in-vpdFieldValueFormat.patch
 create mode 100644 SOURCES/tests-Test-the-previously-mishandled-PCI-VPD-characters.patch
 create mode 100644 SOURCES/util-pcivpd-Refactor-virPCIVPDResourceIsValidTextValue.patch
 create mode 100644 SOURCES/virNodeDeviceCapVPDFormat-Properly-escape-system-originated.patch
 create mode 100644 SOURCES/virNodeDeviceCapVPDFormatCustom-Escape-unsanitized-strings.patch
 create mode 100644 SOURCES/virPCIVPDResourceIsValidTextValue-Adjust-comment-to-reflect-actual-code.patch

diff --git a/SOURCES/cpu_map-Add-cpu-model-EPYC-Genoa.patch b/SOURCES/cpu_map-Add-cpu-model-EPYC-Genoa.patch
new file mode 100644
index 0000000..c3a89ab
--- /dev/null
+++ b/SOURCES/cpu_map-Add-cpu-model-EPYC-Genoa.patch
@@ -0,0 +1,201 @@
+From bfe53e9145cd5996a791c5caff0686572b850f82 Mon Sep 17 00:00:00 2001
+From: Tim Wiederhake <twiederh@redhat.com>
+Date: Wed, 6 Sep 2023 13:13:34 +0200
+Subject: [PATCH] cpu_map: Add cpu model EPYC Genoa
+
+This was added in qemu commit 166b174188.
+No additional features had to be added to libvirt.
+
+Signed-off-by: Tim Wiederhake <twiederh@redhat.com>
+Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
+---
+ src/cpu_map/index.xml                         |   1 +
+ src/cpu_map/meson.build                       |   1 +
+ src/cpu_map/x86_EPYC-Genoa.xml                | 115 ++++++++++++++++++
+ .../domaincapsdata/qemu_8.1.0-q35.x86_64.xml  |   1 +
+ .../domaincapsdata/qemu_8.1.0-tcg.x86_64.xml  |   1 +
+ tests/domaincapsdata/qemu_8.1.0.x86_64.xml    |   1 +
+ 6 files changed, 120 insertions(+)
+ create mode 100644 src/cpu_map/x86_EPYC-Genoa.xml
+
+diff --git a/src/cpu_map/index.xml b/src/cpu_map/index.xml
+index 0187016c1c5..d2c5af57970 100644
+--- a/src/cpu_map/index.xml
++++ b/src/cpu_map/index.xml
+@@ -70,6 +70,7 @@
+     <include filename='x86_EPYC-IBPB.xml'/>
+     <include filename='x86_EPYC-Rome.xml'/>
+     <include filename='x86_EPYC-Milan.xml'/>
++    <include filename='x86_EPYC-Genoa.xml'/>
+ 
+     <!-- Hygon CPU models -->
+     <include filename='x86_Dhyana.xml'/>
+diff --git a/src/cpu_map/meson.build b/src/cpu_map/meson.build
+index fa83b234741..ae5293e85f1 100644
+--- a/src/cpu_map/meson.build
++++ b/src/cpu_map/meson.build
+@@ -39,6 +39,7 @@ cpumap_data = [
+   'x86_Dhyana.xml',
+   'x86_EPYC-IBPB.xml',
+   'x86_EPYC.xml',
++  'x86_EPYC-Genoa.xml',
+   'x86_EPYC-Milan.xml',
+   'x86_EPYC-Rome.xml',
+   'x86_features.xml',
+diff --git a/src/cpu_map/x86_EPYC-Genoa.xml b/src/cpu_map/x86_EPYC-Genoa.xml
+new file mode 100644
+index 00000000000..3e765b89b16
+--- /dev/null
++++ b/src/cpu_map/x86_EPYC-Genoa.xml
+@@ -0,0 +1,115 @@
++<cpus>
++  <model name='EPYC-Genoa'>
++    <decode host='on' guest='on'/>
++    <signature family='25' model='17'/>
++    <vendor name='AMD'/>
++    <feature name='3dnowprefetch'/>
++    <feature name='abm'/>
++    <feature name='adx'/>
++    <feature name='aes'/>
++    <feature name='amd-psfd'/>
++    <feature name='amd-ssbd'/>
++    <feature name='amd-stibp'/>
++    <feature name='apic'/>
++    <feature name='arat'/>
++    <feature name='auto-ibrs'/>
++    <feature name='avx'/>
++    <feature name='avx2'/>
++    <feature name='avx512-bf16'/>
++    <feature name='avx512-vpopcntdq'/>
++    <feature name='avx512bitalg'/>
++    <feature name='avx512bw'/>
++    <feature name='avx512cd'/>
++    <feature name='avx512dq'/>
++    <feature name='avx512f'/>
++    <feature name='avx512ifma'/>
++    <feature name='avx512vbmi'/>
++    <feature name='avx512vbmi2'/>
++    <feature name='avx512vl'/>
++    <feature name='avx512vnni'/>
++    <feature name='bmi1'/>
++    <feature name='bmi2'/>
++    <feature name='clflush'/>
++    <feature name='clflushopt'/>
++    <feature name='clwb'/>
++    <feature name='clzero'/>
++    <feature name='cmov'/>
++    <feature name='cr8legacy'/>
++    <feature name='cx16'/>
++    <feature name='cx8'/>
++    <feature name='de'/>
++    <feature name='erms'/>
++    <feature name='f16c'/>
++    <feature name='fma'/>
++    <feature name='fpu'/>
++    <feature name='fsgsbase'/>
++    <feature name='fsrm'/>
++    <feature name='fxsr'/>
++    <feature name='fxsr_opt'/>
++    <feature name='gfni'/>
++    <feature name='ibpb'/>
++    <feature name='ibrs'/>
++    <feature name='invpcid'/>
++    <feature name='la57'/>
++    <feature name='lahf_lm'/>
++    <feature name='lfence-always-serializing'/>
++    <feature name='lm'/>
++    <feature name='mca'/>
++    <feature name='mce'/>
++    <feature name='misalignsse'/>
++    <feature name='mmx'/>
++    <feature name='mmxext'/>
++    <feature name='movbe'/>
++    <feature name='msr'/>
++    <feature name='mtrr'/>
++    <feature name='no-nested-data-bp'/>
++    <feature name='npt'/>
++    <feature name='nrip-save'/>
++    <feature name='null-sel-clr-base'/>
++    <feature name='nx'/>
++    <feature name='osvw'/>
++    <feature name='pae'/>
++    <feature name='pat'/>
++    <feature name='pcid'/>
++    <feature name='pclmuldq'/>
++    <feature name='pdpe1gb'/>
++    <feature name='perfctr_core'/>
++    <feature name='pge'/>
++    <feature name='pku'/>
++    <feature name='pni'/>
++    <feature name='popcnt'/>
++    <feature name='pse'/>
++    <feature name='pse36'/>
++    <feature name='rdpid'/>
++    <feature name='rdrand'/>
++    <feature name='rdseed'/>
++    <feature name='rdtscp'/>
++    <feature name='sep'/>
++    <feature name='sha-ni'/>
++    <feature name='smap'/>
++    <feature name='smep'/>
++    <feature name='sse'/>
++    <feature name='sse2'/>
++    <feature name='sse4.1'/>
++    <feature name='sse4.2'/>
++    <feature name='sse4a'/>
++    <feature name='ssse3'/>
++    <feature name='stibp-always-on'/>
++    <feature name='svm'/>
++    <feature name='svme-addr-chk'/>
++    <feature name='syscall'/>
++    <feature name='tsc'/>
++    <feature name='umip'/>
++    <feature name='vaes'/>
++    <feature name='vme'/>
++    <feature name='vnmi'/>
++    <feature name='vpclmulqdq'/>
++    <feature name='wbnoinvd'/>
++    <feature name='xgetbv1'/>
++    <feature name='xsave'/>
++    <feature name='xsavec'/>
++    <feature name='xsaveerptr'/>
++    <feature name='xsaveopt'/>
++    <feature name='xsaves'/>
++  </model>
++</cpus>
+diff --git a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml
+index 9a9e84e6138..4d438efdf75 100644
+--- a/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml
++++ b/tests/domaincapsdata/qemu_8.1.0-q35.x86_64.xml
+@@ -116,6 +116,7 @@
+       <model usable='no' vendor='AMD'>EPYC-Rome</model>
+       <model usable='no' vendor='AMD'>EPYC-Milan</model>
+       <model usable='yes' vendor='AMD'>EPYC-IBPB</model>
++      <model usable='no' vendor='AMD'>EPYC-Genoa</model>
+       <model usable='yes' vendor='AMD'>EPYC</model>
+       <model usable='yes' vendor='Hygon'>Dhyana</model>
+       <model usable='no' vendor='Intel'>Cooperlake</model>
+diff --git a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml
+index f898149a3c1..e32cd80c178 100644
+--- a/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml
++++ b/tests/domaincapsdata/qemu_8.1.0-tcg.x86_64.xml
+@@ -115,6 +115,7 @@
+       <model usable='no' vendor='AMD'>EPYC-Rome</model>
+       <model usable='no' vendor='AMD'>EPYC-Milan</model>
+       <model usable='no' vendor='AMD'>EPYC-IBPB</model>
++      <model usable='no' vendor='AMD'>EPYC-Genoa</model>
+       <model usable='no' vendor='AMD'>EPYC</model>
+       <model usable='no' vendor='Hygon'>Dhyana</model>
+       <model usable='no' vendor='Intel'>Cooperlake</model>
+diff --git a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml
+index dbe1af68cbc..919357e577c 100644
+--- a/tests/domaincapsdata/qemu_8.1.0.x86_64.xml
++++ b/tests/domaincapsdata/qemu_8.1.0.x86_64.xml
+@@ -115,6 +115,7 @@
+       <model usable='no' vendor='AMD'>EPYC-Rome</model>
+       <model usable='no' vendor='AMD'>EPYC-Milan</model>
+       <model usable='yes' vendor='AMD'>EPYC-IBPB</model>
++      <model usable='no' vendor='AMD'>EPYC-Genoa</model>
+       <model usable='yes' vendor='AMD'>EPYC</model>
+       <model usable='yes' vendor='Hygon'>Dhyana</model>
+       <model usable='no' vendor='Intel'>Cooperlake</model>
diff --git a/SOURCES/schema-nodedev-Adjust-allowed-characters-in-vpdFieldValueFormat.patch b/SOURCES/schema-nodedev-Adjust-allowed-characters-in-vpdFieldValueFormat.patch
new file mode 100644
index 0000000..3502986
--- /dev/null
+++ b/SOURCES/schema-nodedev-Adjust-allowed-characters-in-vpdFieldValueFormat.patch
@@ -0,0 +1,31 @@
+From edaa1112ffef253013dcc3318794cebfaa2a6cb7 Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Mon, 29 Jan 2024 16:12:09 +0100
+Subject: [PATCH] schema: nodedev: Adjust allowed characters in
+ 'vpdFieldValueFormat'
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The check in 'virPCIVPDResourceIsValidTextValue' allows any printable
+characters, thus the XML schema should do the same.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/conf/schemas/nodedev.rng | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/conf/schemas/nodedev.rng b/src/conf/schemas/nodedev.rng
+index fba40217540..ff073139681 100644
+--- a/src/conf/schemas/nodedev.rng
++++ b/src/conf/schemas/nodedev.rng
+@@ -869,7 +869,7 @@
+ 
+   <define name="vpdFieldValueFormat">
+     <data type="string">
+-      <param name="pattern">[0-9a-zA-F -_,.:;=]{0,255}</param>
++      <param name="pattern">.{0,255}</param>
+     </data>
+   </define>
+ 
diff --git a/SOURCES/tests-Test-the-previously-mishandled-PCI-VPD-characters.patch b/SOURCES/tests-Test-the-previously-mishandled-PCI-VPD-characters.patch
new file mode 100644
index 0000000..6f1bd34
--- /dev/null
+++ b/SOURCES/tests-Test-the-previously-mishandled-PCI-VPD-characters.patch
@@ -0,0 +1,80 @@
+From 9eda33161f49fcf3ba07d648bd80d2a9a2388479 Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Tue, 23 Jan 2024 16:40:34 +0100
+Subject: [PATCH] tests: Test the previously mishandled PCI VPD characters
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Modify the test data to validate '<>' and other characters.
+Unfortunately the test suite doesn't have a proper end-to-end test, thus
+we just add a XML->XML variant and also add data to the binary parser.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ tests/nodedevschemadata/pci_0000_42_00_0_vpd.xml | 4 ++--
+ tests/virpcimock.c                               | 4 ++--
+ tests/virpcivpdtest.c                            | 4 ++--
+ 3 files changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/tests/nodedevschemadata/pci_0000_42_00_0_vpd.xml b/tests/nodedevschemadata/pci_0000_42_00_0_vpd.xml
+index 8b56e4f6b41..c9a2901381a 100644
+--- a/tests/nodedevschemadata/pci_0000_42_00_0_vpd.xml
++++ b/tests/nodedevschemadata/pci_0000_42_00_0_vpd.xml
+@@ -15,7 +15,7 @@
+         <change_level>B1</change_level>
+         <manufacture_id>foobar</manufacture_id>
+         <part_number>MBF2H332A-AEEOT</part_number>
+-        <serial_number>MT2113X00000</serial_number>
++        <serial_number>MT2113X00000&gt;&lt;</serial_number>
+         <vendor_field index='0'>PCIeGen4 x8</vendor_field>
+         <vendor_field index='2'>MBF2H332A-AEEOT</vendor_field>
+         <vendor_field index='3'>3c53d07eec484d8aab34dabd24fe575aa</vendor_field>
+@@ -25,7 +25,7 @@
+         <asset_tag>fooasset</asset_tag>
+         <vendor_field index='0'>vendorfield0</vendor_field>
+         <vendor_field index='2'>vendorfield2</vendor_field>
+-        <vendor_field index='A'>vendorfieldA</vendor_field>
++        <vendor_field index='A'>!@#$./&gt;&lt;</vendor_field>
+         <system_field index='B'>systemfieldB</system_field>
+         <system_field index='0'>systemfield0</system_field>
+       </fields>
+diff --git a/tests/virpcimock.c b/tests/virpcimock.c
+index 13b37bb23d4..2f98b0cf13e 100644
+--- a/tests/virpcimock.c
++++ b/tests/virpcimock.c
+@@ -957,9 +957,9 @@ init_env(void)
+         't', 'e', 's', 't', 'n', 'a', 'm', 'e',
+         PCI_VPD_LARGE_RESOURCE_FLAG | PCI_VPD_READ_ONLY_LARGE_RESOURCE_FLAG, 0x16, 0x00,
+         'P', 'N', 0x02, '4', '2',
+-        'E', 'C', 0x04, '4', '2', '4', '2',
++        'E', 'C', 0x04, '4', '<', '>', '2',
+         'V', 'A', 0x02, 'E', 'X',
+-        'R', 'V', 0x02, 0x31, 0x00,
++        'R', 'V', 0x02, 0x1D, 0x00,
+         PCI_VPD_RESOURCE_END_VAL
+     };
+     struct pciVPD exampleVPD = {
+diff --git a/tests/virpcivpdtest.c b/tests/virpcivpdtest.c
+index b4dd68b7aa8..ae5772d3f56 100644
+--- a/tests/virpcivpdtest.c
++++ b/tests/virpcivpdtest.c
+@@ -424,7 +424,7 @@ testPCIVPDGetFieldValueFormat(const void *data G_GNUC_UNUSED)
+ 
+ # define VPD_W_EXAMPLE_FIELDS \
+     'V', 'Z', 0x02, '4', '2', \
+-    'Y', 'A', 0x04, 'I', 'D', '4', '2', \
++    'Y', 'A', 0x04, '!', '<', '>', ':', \
+     'Y', 'F', 0x02, 'E', 'X', \
+     'Y', 'E', 0x00, \
+     'R', 'W', 0x02, 0x00, 0x00
+@@ -579,7 +579,7 @@ testVirPCIVPDParseFullVPD(const void *opaque G_GNUC_UNUSED)
+     if (testVirPCIVPDValidateExampleReadOnlyFields(res))
+         return -1;
+ 
+-    if (STRNEQ_NULLABLE(res->rw->asset_tag, "ID42"))
++    if (STRNEQ_NULLABLE(res->rw->asset_tag, "!<>:"))
+         return -1;
+ 
+     if (!res->rw->vendor_specific)
diff --git a/SOURCES/util-pcivpd-Refactor-virPCIVPDResourceIsValidTextValue.patch b/SOURCES/util-pcivpd-Refactor-virPCIVPDResourceIsValidTextValue.patch
new file mode 100644
index 0000000..74149c3
--- /dev/null
+++ b/SOURCES/util-pcivpd-Refactor-virPCIVPDResourceIsValidTextValue.patch
@@ -0,0 +1,54 @@
+From eb3844009dc3bdd50274954618b8cd9962218317 Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Wed, 24 Jan 2024 15:53:39 +0100
+Subject: [PATCH] util: pcivpd: Refactor virPCIVPDResourceIsValidTextValue
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The function is never called with NULL argument. Remove the check and
+refactor the rest including the debug statement.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/util/virpcivpd.c | 23 +++++++++--------------
+ 1 file changed, 9 insertions(+), 14 deletions(-)
+
+diff --git a/src/util/virpcivpd.c b/src/util/virpcivpd.c
+index 248a9b2790e..81c7c317b34 100644
+--- a/src/util/virpcivpd.c
++++ b/src/util/virpcivpd.c
+@@ -175,23 +175,18 @@ virPCIVPDResourceGetFieldValueFormat(const char *keyword)
+ bool
+ virPCIVPDResourceIsValidTextValue(const char *value)
+ {
+-    size_t i = 0;
++    const char *v;
++    bool ret = true;
+ 
+-    if (value == NULL)
+-        return false;
+-
+-    /* An empty string is a valid value. */
+-    if (STREQ(value, ""))
+-        return true;
+-
+-    while (i < strlen(value)) {
+-        if (!g_ascii_isprint(value[i])) {
+-            VIR_DEBUG("The provided value contains non-ASCII printable characters: %s", value);
+-            return false;
++    for (v = value; *v; v++) {
++        if (!g_ascii_isprint(*v)) {
++            ret = false;
++            break;
+         }
+-        ++i;
+     }
+-    return true;
++
++    VIR_DEBUG("val='%s' ret='%d'", value, ret);
++    return ret;
+ }
+ 
+ void
diff --git a/SOURCES/virNodeDeviceCapVPDFormat-Properly-escape-system-originated.patch b/SOURCES/virNodeDeviceCapVPDFormat-Properly-escape-system-originated.patch
new file mode 100644
index 0000000..f24707b
--- /dev/null
+++ b/SOURCES/virNodeDeviceCapVPDFormat-Properly-escape-system-originated.patch
@@ -0,0 +1,86 @@
+From 2ccac1e42f34404e3a5af22671a31fa1dca94e94 Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Tue, 30 Jan 2024 17:11:37 +0100
+Subject: [PATCH] virNodeDeviceCapVPDFormat: Properly escape system-originated
+ strings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Similarly to previous commit other specific fields which come from the
+system data and aren't sanitized enough to be safe for XML were also
+formatted via virBufferAsprintf.
+
+Other static and safe strings used virBufferEscapeString instead of
+virBufferAddLit.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/conf/node_device_conf.c | 32 +++++++++++++-------------------
+ 1 file changed, 13 insertions(+), 19 deletions(-)
+
+diff --git a/src/conf/node_device_conf.c b/src/conf/node_device_conf.c
+index 87c046e571d..95de77abe9d 100644
+--- a/src/conf/node_device_conf.c
++++ b/src/conf/node_device_conf.c
+@@ -270,14 +270,6 @@ virNodeDeviceCapVPDFormatCustomSystemField(virPCIVPDResourceCustom *field, virBu
+     virNodeDeviceCapVPDFormatCustomField(buf, "system_field", field);
+ }
+ 
+-static inline void
+-virNodeDeviceCapVPDFormatRegularField(virBuffer *buf, const char *keyword, const char *value)
+-{
+-    if (keyword == NULL || value == NULL)
+-        return;
+-
+-    virBufferAsprintf(buf, "<%s>%s</%s>\n", keyword, value, keyword);
+-}
+ 
+ static void
+ virNodeDeviceCapVPDFormat(virBuffer *buf, virPCIVPDResource *res)
+@@ -290,31 +282,33 @@ virNodeDeviceCapVPDFormat(virBuffer *buf, virPCIVPDResource *res)
+     virBufferEscapeString(buf, "<name>%s</name>\n", res->name);
+ 
+     if (res->ro != NULL) {
+-        virBufferEscapeString(buf, "<fields access='%s'>\n", "readonly");
+-
++        virBufferAddLit(buf, "<fields access='readonly'>\n");
+         virBufferAdjustIndent(buf, 2);
+-        virNodeDeviceCapVPDFormatRegularField(buf, "change_level", res->ro->change_level);
+-        virNodeDeviceCapVPDFormatRegularField(buf, "manufacture_id", res->ro->manufacture_id);
+-        virNodeDeviceCapVPDFormatRegularField(buf, "part_number", res->ro->part_number);
+-        virNodeDeviceCapVPDFormatRegularField(buf, "serial_number", res->ro->serial_number);
++
++        virBufferEscapeString(buf, "<change_level>%s</change_level>\n", res->ro->change_level);
++        virBufferEscapeString(buf, "<manufacture_id>%s</manufacture_id>\n", res->ro->manufacture_id);
++        virBufferEscapeString(buf, "<part_number>%s</part_number>\n", res->ro->part_number);
++        virBufferEscapeString(buf, "<serial_number>%s</serial_number>\n", res->ro->serial_number);
++
+         g_ptr_array_foreach(res->ro->vendor_specific,
+                             (GFunc)virNodeDeviceCapVPDFormatCustomVendorField, buf);
+-        virBufferAdjustIndent(buf, -2);
+ 
++        virBufferAdjustIndent(buf, -2);
+         virBufferAddLit(buf, "</fields>\n");
+     }
+ 
+     if (res->rw != NULL) {
+-        virBufferEscapeString(buf, "<fields access='%s'>\n", "readwrite");
+-
++        virBufferAddLit(buf, "<fields access='readwrite'>\n");
+         virBufferAdjustIndent(buf, 2);
+-        virNodeDeviceCapVPDFormatRegularField(buf, "asset_tag", res->rw->asset_tag);
++
++        virBufferEscapeString(buf, "<asset_tag>%s</asset_tag>\n", res->rw->asset_tag);
++
+         g_ptr_array_foreach(res->rw->vendor_specific,
+                             (GFunc)virNodeDeviceCapVPDFormatCustomVendorField, buf);
+         g_ptr_array_foreach(res->rw->system_specific,
+                             (GFunc)virNodeDeviceCapVPDFormatCustomSystemField, buf);
+-        virBufferAdjustIndent(buf, -2);
+ 
++        virBufferAdjustIndent(buf, -2);
+         virBufferAddLit(buf, "</fields>\n");
+     }
+ 
diff --git a/SOURCES/virNodeDeviceCapVPDFormatCustom-Escape-unsanitized-strings.patch b/SOURCES/virNodeDeviceCapVPDFormatCustom-Escape-unsanitized-strings.patch
new file mode 100644
index 0000000..2d9d80b
--- /dev/null
+++ b/SOURCES/virNodeDeviceCapVPDFormatCustom-Escape-unsanitized-strings.patch
@@ -0,0 +1,72 @@
+From 5373b8c02ce44d0284bc9c60b3b7bc12bff2f867 Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Mon, 29 Jan 2024 15:15:03 +0100
+Subject: [PATCH] virNodeDeviceCapVPDFormatCustom*: Escape unsanitized strings
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The custom field data is taken from PCI device data which can contain
+any printable characters, and thus must be escaped when putting into
+XML.
+
+Originally, based on the comment and XML schema which was fixed in
+previous commits the idea seemed to be that the parser would validate
+that only characters which don't break the XML would be present but that
+didn't seem to materialize.
+
+Switch to proper escaping of the XML.
+
+Fixes: 3954378d06a
+Resolves: https://issues.redhat.com/browse/RHEL-22314
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/conf/node_device_conf.c | 25 +++++++++++++++++--------
+ 1 file changed, 17 insertions(+), 8 deletions(-)
+
+diff --git a/src/conf/node_device_conf.c b/src/conf/node_device_conf.c
+index 4826be6f423..87c046e571d 100644
+--- a/src/conf/node_device_conf.c
++++ b/src/conf/node_device_conf.c
+@@ -242,23 +242,32 @@ virNodeDeviceCapMdevTypesFormat(virBuffer *buf,
+ }
+ 
+ static void
+-virNodeDeviceCapVPDFormatCustomVendorField(virPCIVPDResourceCustom *field, virBuffer *buf)
++virNodeDeviceCapVPDFormatCustomField(virBuffer *buf,
++                                     const char *fieldtype,
++                                     virPCIVPDResourceCustom *field)
+ {
++    g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER;
++    g_auto(virBuffer) content = VIR_BUFFER_INITIALIZER;
++
+     if (field == NULL || field->value == NULL)
+         return;
+ 
+-    virBufferAsprintf(buf, "<vendor_field index='%c'>%s</vendor_field>\n", field->idx,
+-                      field->value);
++    virBufferAsprintf(&attrBuf, " index='%c'", field->idx);
++    virBufferEscapeString(&content, "%s", field->value);
++
++    virXMLFormatElementInternal(buf, fieldtype, &attrBuf, &content, false, false);
+ }
+ 
+ static void
+-virNodeDeviceCapVPDFormatCustomSystemField(virPCIVPDResourceCustom *field, virBuffer *buf)
++virNodeDeviceCapVPDFormatCustomVendorField(virPCIVPDResourceCustom *field, virBuffer *buf)
+ {
+-    if (field == NULL || field->value == NULL)
+-        return;
++    virNodeDeviceCapVPDFormatCustomField(buf, "vendor_field", field);
++}
+ 
+-    virBufferAsprintf(buf, "<system_field index='%c'>%s</system_field>\n", field->idx,
+-                      field->value);
++static void
++virNodeDeviceCapVPDFormatCustomSystemField(virPCIVPDResourceCustom *field, virBuffer *buf)
++{
++    virNodeDeviceCapVPDFormatCustomField(buf, "system_field", field);
+ }
+ 
+ static inline void
diff --git a/SOURCES/virPCIVPDResourceIsValidTextValue-Adjust-comment-to-reflect-actual-code.patch b/SOURCES/virPCIVPDResourceIsValidTextValue-Adjust-comment-to-reflect-actual-code.patch
new file mode 100644
index 0000000..2113b8a
--- /dev/null
+++ b/SOURCES/virPCIVPDResourceIsValidTextValue-Adjust-comment-to-reflect-actual-code.patch
@@ -0,0 +1,46 @@
+From 42df6cc1b4acc40d05ff6bc8e85587e4faec6cac Mon Sep 17 00:00:00 2001
+From: Peter Krempa <pkrempa@redhat.com>
+Date: Wed, 24 Jan 2024 15:24:27 +0100
+Subject: [PATCH] virPCIVPDResourceIsValidTextValue: Adjust comment to reflect
+ actual code
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The function does not reject '&', '<', '>' contrary to what it actually
+states. Move and adjust the comment.
+
+Signed-off-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/util/virpcivpd.c | 12 ++++--------
+ 1 file changed, 4 insertions(+), 8 deletions(-)
+
+diff --git a/src/util/virpcivpd.c b/src/util/virpcivpd.c
+index 39557c73479..248a9b2790e 100644
+--- a/src/util/virpcivpd.c
++++ b/src/util/virpcivpd.c
+@@ -167,19 +167,15 @@ virPCIVPDResourceGetFieldValueFormat(const char *keyword)
+  * value or text field value. The expectations are based on the keywords specified
+  * in relevant sections of PCI(e) specifications
+  * ("I.3. VPD Definitions" in PCI specs, "6.28.1 VPD Format" PCIe 4.0).
++ *
++ * The PCI(e) specs mention alphanumeric characters when talking about text fields
++ * and the string resource but also include spaces and dashes in the provided example.
++ * Dots, commas, equal signs have also been observed in values used by major device vendors.
+  */
+ bool
+ virPCIVPDResourceIsValidTextValue(const char *value)
+ {
+     size_t i = 0;
+-    /*
+-     * The PCI(e) specs mention alphanumeric characters when talking about text fields
+-     * and the string resource but also include spaces and dashes in the provided example.
+-     * Dots, commas, equal signs have also been observed in values used by major device vendors.
+-     * The specs do not specify a full set of allowed code points and for Libvirt it is important
+-     * to keep values in the ranges allowed within XML elements (mainly excluding less-than,
+-     * greater-than and ampersand).
+-     */
+ 
+     if (value == NULL)
+         return false;
diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec
index bae3a63..c5f52ea 100644
--- a/SPECS/libvirt.spec
+++ b/SPECS/libvirt.spec
@@ -229,7 +229,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 9.5.0
-Release: 7%{?dist}%{?extra_release}.alma.2
+Release: 7.2%{?dist}%{?extra_release}.alma.1
 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
 URL: https://libvirt.org/
 
@@ -297,6 +297,21 @@ Patch43: libvirt-docs-update-description-of-virsh-nodedev-detach.patch
 # https://gitlab.com/libvirt/libvirt/-/commit/c9056e682a8a67dc29e39eb01392fcf8ee978c31
 Patch44: libvirt-regression-input-default-bus.patch
 
+# https://github.com/libvirt/libvirt/commit/42df6cc1b4acc40d05ff6bc8e85587e4faec6cac
+Patch45: virPCIVPDResourceIsValidTextValue-Adjust-comment-to-reflect-actual-code.patch
+# https://github.com/libvirt/libvirt/commit/eb3844009dc3bdd50274954618b8cd9962218317
+Patch46: util-pcivpd-Refactor-virPCIVPDResourceIsValidTextValue.patch
+# https://github.com/libvirt/libvirt/commit/5373b8c02ce44d0284bc9c60b3b7bc12bff2f867
+Patch47: virNodeDeviceCapVPDFormatCustom-Escape-unsanitized-strings.patch
+# https://github.com/libvirt/libvirt/commit/2ccac1e42f34404e3a5af22671a31fa1dca94e94
+Patch48: virNodeDeviceCapVPDFormat-Properly-escape-system-originated.patch
+# https://github.com/libvirt/libvirt/commit/edaa1112ffef253013dcc3318794cebfaa2a6cb7
+Patch49: schema-nodedev-Adjust-allowed-characters-in-vpdFieldValueFormat.patch
+# https://github.com/libvirt/libvirt/commit/9eda33161f49fcf3ba07d648bd80d2a9a2388479
+Patch50: tests-Test-the-previously-mishandled-PCI-VPD-characters.patch
+# https://github.com/libvirt/libvirt/commit/bfe53e9145cd5996a791c5caff0686572b850f82
+Patch51: cpu_map-Add-cpu-model-EPYC-Genoa.patch
+
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
 Requires: libvirt-daemon-config-nwfilter = %{version}-%{release}
@@ -2542,6 +2557,18 @@ exit 0
 %endif
 
 %changelog
+* Wed Mar 06 2024 Eduard Abdullin <eabdullin@almalinux.org> - 9.5.0-7.2.alma.1
+- cpu_map: Add cpu model EPYC Genoa
+- schema: nodedev: Adjust allowed characters in
+ 'vpdFieldValueFormat'
+- tests: Test the previously mishandled PCI VPD characters
+- util: pcivpd: Refactor virPCIVPDResourceIsValidTextValue
+- virNodeDeviceCapVPDFormat: Properly escape system-originated
+ strings
+- virNodeDeviceCapVPDFormatCustom*: Escape unsanitized strings
+- virPCIVPDResourceIsValidTextValue: Adjust comment to reflect
+ actual code
+
 * Wed Jan 03 2024 Jonathan Wright <jonathan@almalinux.org> - 9.5.0-7.alma.2
 - conf: fix regression for default input bus
 - rpm: fix 9.5.0-7.alma.1 changelog date