import libvirt-8.0.0-10.module+el8.7.0+16689+53d59bc2

SOURCES/libvirt-Add-VIR_MIGRATE_ZEROCOPY-flag.patch

@@ -1,5 +1,5 @@
-From 2f3e89c97c7babc1d4da579eadf34979c8fc1725 Mon Sep 17 00:00:00 2001
-Message-Id: <2f3e89c97c7babc1d4da579eadf34979c8fc1725@dist-git>
+From 9c2fd182a02d64004e30900c52e3fcdb550de0bd Mon Sep 17 00:00:00 2001
+Message-Id: <9c2fd182a02d64004e30900c52e3fcdb550de0bd@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Wed, 22 Jun 2022 16:35:50 +0200
 Subject: [PATCH] Add VIR_MIGRATE_ZEROCOPY flag
@@ -14,7 +14,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit 8744beecb36600e773c8a8c4823db2bf4b3e262d)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2117272
+https://bugzilla.redhat.com/show_bug.cgi?id=2089433
 
 Conflicts:
 	include/libvirt/libvirt-domain.h

SOURCES/libvirt-RHEL-qemu_migration-Fix-restoring-memlock-limit-on-destination.patch

@@ -0,0 +1,52 @@
+From b6c1f9ca8eb0ca8f7603ab205c7dc95b9f07b5a0 Mon Sep 17 00:00:00 2001
+Message-Id: <b6c1f9ca8eb0ca8f7603ab205c7dc95b9f07b5a0@dist-git>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Mon, 18 Jul 2022 16:01:20 +0200
+Subject: [PATCH] RHEL: qemu_migration: Fix restoring memlock limit on
+ destination
+
+Restoring memory locking limit on the destination host only makes sense
+when migration succeeded as otherwise the QEMU process will be killed
+anyway. Specifically if the migration fails because the process died,
+touching the limit would produce rather unhelpful error message instead
+of the real issue:
+
+    cannot get locked memory limit of process -1: No such file or
+    directory
+
+This patch is RHEL-only caused by misplacing the call to
+qemuDomainSetMaxMemLock when the "qemu_migration: Restore original
+memory locking limit" upstream patch was backported to an older code
+base.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2107954
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/qemu/qemu_migration.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
+index db5163e993..11f87296d6 100644
+--- a/src/qemu/qemu_migration.c
++++ b/src/qemu/qemu_migration.c
+@@ -5895,6 +5895,8 @@ qemuMigrationDstFinish(virQEMUDriver *driver,
+          */
+         if (inPostCopy)
+             g_clear_pointer(&priv->job.completed, qemuDomainJobInfoFree);
++
++        qemuDomainSetMaxMemLock(vm, 0, &priv->preMigrationMemlock);
+     }
+ 
+     qemuMigrationParamsReset(driver, vm, QEMU_ASYNC_JOB_MIGRATION_IN,
+@@ -5907,7 +5909,6 @@ qemuMigrationDstFinish(virQEMUDriver *driver,
+  cleanup:
+     g_clear_pointer(&jobInfo, qemuDomainJobInfoFree);
+     virPortAllocatorRelease(port);
+-    qemuDomainSetMaxMemLock(vm, 0, &priv->preMigrationMemlock);
+     if (priv->mon)
+         qemuMonitorSetDomainLog(priv->mon, NULL, NULL, NULL);
+     VIR_FREE(priv->origname);
+-- 
+2.35.1
+

SOURCES/libvirt-conf-Introduce-memory-allocation-threads.patch

@@ -1,5 +1,5 @@
-From e60a964e51cb0aecb060f1a1cc2884586e00ddeb Mon Sep 17 00:00:00 2001
-Message-Id: <e60a964e51cb0aecb060f1a1cc2884586e00ddeb@dist-git>
+From 19f7e6dc950baf346738f462ac5c6b815c04edcc Mon Sep 17 00:00:00 2001
+Message-Id: <19f7e6dc950baf346738f462ac5c6b815c04edcc@dist-git>
 From: Michal Privoznik <mprivozn@redhat.com>
 Date: Mon, 21 Mar 2022 16:49:25 +0100
 Subject: [PATCH] conf: Introduce memory allocation threads
@@ -18,7 +18,7 @@ only complicate things for a little or no benefit.
 Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
 Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
 (cherry picked from commit ba7f98126fa84d354ce72929b77cc111a9a557a9)
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2075569
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2067126
 Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
 ---
  docs/formatdomain.rst                        |  8 +++++---

SOURCES/libvirt-conf-Move-virDomainObj-originalMemlock-into-qemuDomainObjPrivate.patch

@@ -1,5 +1,5 @@
-From b4469bda27e54a948f0d2750637226afc2b2be61 Mon Sep 17 00:00:00 2001
-Message-Id: <b4469bda27e54a948f0d2750637226afc2b2be61@dist-git>
+From 00c5cab2b92b653edbf491d9ef60359578c3d59a Mon Sep 17 00:00:00 2001
+Message-Id: <00c5cab2b92b653edbf491d9ef60359578c3d59a@dist-git>
 From: Michal Privoznik <mprivozn@redhat.com>
 Date: Wed, 11 May 2022 16:27:18 +0200
 Subject: [PATCH] conf: Move virDomainObj::originalMemlock into
@@ -15,7 +15,7 @@ Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
 Reviewed-by: Peter Krempa <pkrempa@redhat.com>
 (cherry picked from commit 75df6d2c291c48d65c1e54dd93e3d2d3cb0712e7)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2117272
+https://bugzilla.redhat.com/show_bug.cgi?id=2089433
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---
@@ -25,10 +25,10 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
  3 files changed, 8 insertions(+), 7 deletions(-)
 
 diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
-index 10af94e2e4..7e3255e41a 100644
+index d0d0fdc815..45976beb2b 100644
 --- a/src/conf/domain_conf.h
 +++ b/src/conf/domain_conf.h
-@@ -3030,9 +3030,6 @@ struct _virDomainObj {
+@@ -3031,9 +3031,6 @@ struct _virDomainObj {
      int taint;
      size_t ndeprecations;
      char **deprecations;

SOURCES/libvirt-conf-virtiofs-add-thread_pool-element.patch

@@ -0,0 +1,151 @@
+From 0c09e4225c511ce1b0ebe22e45962f83d5145e66 Mon Sep 17 00:00:00 2001
+Message-Id: <0c09e4225c511ce1b0ebe22e45962f83d5145e66@dist-git>
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 10 Jun 2022 15:10:29 +0200
+Subject: [PATCH] conf: virtiofs: add thread_pool element
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Add an element to configure the thread pool size:
+
+...
+<binary>
+  <thread_pool size='16'/>
+</binary>
+...
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2072905
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 0df2e7df80452f81edbfeb0ee355235b533346a9)
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2079582
+---
+ docs/formatdomain.rst                             |  6 ++++++
+ docs/schemas/domaincommon.rng                     |  9 +++++++++
+ src/conf/domain_conf.c                            | 15 +++++++++++++++
+ src/conf/domain_conf.h                            |  1 +
+ .../qemuxml2argvdata/vhost-user-fs-fd-memory.xml  |  1 +
+ 5 files changed, 32 insertions(+)
+
+diff --git a/docs/formatdomain.rst b/docs/formatdomain.rst
+index 17e89a0c0d..e6cf2ec083 100644
+--- a/docs/formatdomain.rst
++++ b/docs/formatdomain.rst
+@@ -3316,6 +3316,7 @@ A directory on the host that can be accessed directly from the guest.
+             <cache mode='always'/>
+             <sandbox mode='namespace'/>
+             <lock posix='on' flock='on'/>
++            <thread_pool size='16'/>
+          </binary>
+          <source dir='/path'/>
+          <target dir='mount_tag'/>
+@@ -3449,6 +3450,11 @@ A directory on the host that can be accessed directly from the guest.
+    ``chroot``, see the
+    `virtiofsd documentation <https://qemu.readthedocs.io/en/latest/tools/virtiofsd.html>`__
+    for more details. ( :since:`Since 7.2.0` )
++   Element ``thread_pool`` accepts one attribute ``size`` which defines the
++   maximum thread pool size. A value of "0" disables the pool.
++   The thread pool helps increase the number of requests in flight when used with
++   storage that has a higher latency.  However, it has an overhead, and so for
++   fast, low latency filesystems, it may be best to turn it off. ( :since:`Since 8.5.0` )
+ ``source``
+    The resource on the host that is being accessed in the guest. The ``name``
+    attribute must be used with ``type='template'``, and the ``dir`` attribute
+diff --git a/docs/schemas/domaincommon.rng b/docs/schemas/domaincommon.rng
+index c9c1529979..79c8979410 100644
+--- a/docs/schemas/domaincommon.rng
++++ b/docs/schemas/domaincommon.rng
+@@ -3064,6 +3064,15 @@
+             </optional>
+           </element>
+         </optional>
++        <optional>
++          <element name="thread_pool">
++            <optional>
++              <attribute name="size">
++                <data type="integer"/>
++              </attribute>
++            </optional>
++          </element>
++        </optional>
+       </interleave>
+     </element>
+   </define>
+diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
+index 92510973e6..95afd9226e 100644
+--- a/src/conf/domain_conf.c
++++ b/src/conf/domain_conf.c
+@@ -2447,6 +2447,8 @@ virDomainFSDefNew(virDomainXMLOption *xmlopt)
+ 
+     ret->src = virStorageSourceNew();
+ 
++    ret->thread_pool_size = -1;
++
+     if (xmlopt &&
+         xmlopt->privateData.fsNew &&
+         !(ret->privateData = xmlopt->privateData.fsNew()))
+@@ -9869,6 +9871,7 @@ virDomainFSDefParseXML(virDomainXMLOption *xmlopt,
+     if (def->fsdriver == VIR_DOMAIN_FS_DRIVER_TYPE_VIRTIOFS) {
+         g_autofree char *queue_size = virXPathString("string(./driver/@queue)", ctxt);
+         g_autofree char *binary = virXPathString("string(./binary/@path)", ctxt);
++        g_autofree char *thread_pool_size = virXPathString("string(./binary/thread_pool/@size)", ctxt);
+         g_autofree char *xattr = virXPathString("string(./binary/@xattr)", ctxt);
+         g_autofree char *cache = virXPathString("string(./binary/cache/@mode)", ctxt);
+         g_autofree char *sandbox = virXPathString("string(./binary/sandbox/@mode)", ctxt);
+@@ -9883,6 +9886,14 @@ virDomainFSDefParseXML(virDomainXMLOption *xmlopt,
+             goto error;
+         }
+ 
++        if (thread_pool_size &&
++            virStrToLong_i(thread_pool_size, NULL, 10, &def->thread_pool_size) < 0) {
++            virReportError(VIR_ERR_XML_ERROR,
++                           _("cannot parse thread pool size '%s' for virtiofs"),
++                           queue_size);
++            goto error;
++        }
++
+         if (binary)
+             def->binary = virFileSanitizePath(binary);
+ 
+@@ -24205,6 +24216,10 @@ virDomainFSDefFormat(virBuffer *buf,
+         }
+ 
+         virXMLFormatElement(&binaryBuf, "lock", &lockAttrBuf, NULL);
++
++        if (def->thread_pool_size >= 0)
++            virBufferAsprintf(&binaryBuf, "<thread_pool size='%d'/>\n", def->thread_pool_size);
++
+     }
+ 
+     virDomainVirtioOptionsFormat(&driverAttrBuf, def->virtio);
+diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
+index 10af94e2e4..d0d0fdc815 100644
+--- a/src/conf/domain_conf.h
++++ b/src/conf/domain_conf.h
+@@ -892,6 +892,7 @@ struct _virDomainFSDef {
+     virTristateSwitch posix_lock;
+     virTristateSwitch flock;
+     virDomainFSSandboxMode sandbox;
++    int thread_pool_size;
+     virDomainVirtioOptions *virtio;
+     virObject *privateData;
+ };
+diff --git a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml
+index abddf0870b..81de8c0dd7 100644
+--- a/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml
++++ b/tests/qemuxml2argvdata/vhost-user-fs-fd-memory.xml
+@@ -32,6 +32,7 @@
+         <cache mode='always'/>
+         <sandbox mode='chroot'/>
+         <lock posix='off' flock='off'/>
++        <thread_pool size='16'/>
+       </binary>
+       <source dir='/path'/>
+       <target dir='mount_tag'/>
+-- 
+2.35.1
+

SOURCES/libvirt-cpu_map-Disable-cpu64-rhel-for-host-model-and-baseline.patch

@@ -1,5 +1,5 @@
-From d03c369dd75c747f25ecc34af3b9d79adf92ea0c Mon Sep 17 00:00:00 2001
-Message-Id: <d03c369dd75c747f25ecc34af3b9d79adf92ea0c@dist-git>
+From 46f4cfe513f0f893c862dca7f02ed7d7932b2115 Mon Sep 17 00:00:00 2001
+Message-Id: <46f4cfe513f0f893c862dca7f02ed7d7932b2115@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Tue, 26 Apr 2022 12:50:41 +0200
 Subject: [PATCH] cpu_map: Disable cpu64-rhel* for host-model and baseline
@@ -12,7 +12,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
 (cherry picked from commit d2e4d66be35cd04da72e5f5129a8a4da6a931505)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2084030
+https://bugzilla.redhat.com/show_bug.cgi?id=1851227
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---

SOURCES/libvirt-cpu_x86-Consolidate-signature-match-in-x86DecodeUseCandidate.patch

@@ -1,5 +1,5 @@
-From e075af4319c7c30531421e6667845abd30cd28e9 Mon Sep 17 00:00:00 2001
-Message-Id: <e075af4319c7c30531421e6667845abd30cd28e9@dist-git>
+From 99a298a4a0575bf0072f504c4b8e4551400c44c0 Mon Sep 17 00:00:00 2001
+Message-Id: <99a298a4a0575bf0072f504c4b8e4551400c44c0@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Tue, 26 Apr 2022 11:58:07 +0200
 Subject: [PATCH] cpu_x86: Consolidate signature match in x86DecodeUseCandidate
@@ -12,7 +12,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
 (cherry picked from commit 35ce086667e68e8f546cf36473591dd7c19c72eb)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2084030
+https://bugzilla.redhat.com/show_bug.cgi?id=1851227
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---

SOURCES/libvirt-cpu_x86-Ignore-enabled-features-for-input-models-in-x86DecodeUseCandidate.patch

@@ -1,5 +1,5 @@
-From 5b5f684bfceeed923e1733931b6c4c75d5ed4149 Mon Sep 17 00:00:00 2001
-Message-Id: <5b5f684bfceeed923e1733931b6c4c75d5ed4149@dist-git>
+From 752c74eeae67d41e7550991cb3bbe289984ec9d3 Mon Sep 17 00:00:00 2001
+Message-Id: <752c74eeae67d41e7550991cb3bbe289984ec9d3@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Fri, 29 Apr 2022 10:35:02 +0200
 Subject: [PATCH] cpu_x86: Ignore enabled features for input models in
@@ -22,7 +22,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
 (cherry picked from commit bb6cedd2082599323257ee0df18c93a6e0551b0b)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2084030
+https://bugzilla.redhat.com/show_bug.cgi?id=1851227
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---

SOURCES/libvirt-cpu_x86-Penalize-disabled-features-when-computing-CPU-model.patch

@@ -1,5 +1,5 @@
-From 652e1798991dcb503abc9a2588b0f95c47b8e3df Mon Sep 17 00:00:00 2001
-Message-Id: <652e1798991dcb503abc9a2588b0f95c47b8e3df@dist-git>
+From 5db9a525e3cec267544580d43554b2cf5779b6b9 Mon Sep 17 00:00:00 2001
+Message-Id: <5db9a525e3cec267544580d43554b2cf5779b6b9@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Tue, 26 Apr 2022 15:06:30 +0200
 Subject: [PATCH] cpu_x86: Penalize disabled features when computing CPU model
@@ -39,8 +39,6 @@ Conflicts:
         tests/domaincapsdata/qemu_3.0.0-tcg.x86_64.xml
             - not supported upstream anymore
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2084030
-
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---
  src/cpu/cpu_x86.c                             | 44 ++++++++++++++++---

SOURCES/libvirt-cpu_x86-Refactor-feature-list-comparison-in-x86DecodeUseCandidate.patch

@@ -1,5 +1,5 @@
-From d9736516378d1fbac451dd80a93bf25c85e74b50 Mon Sep 17 00:00:00 2001
-Message-Id: <d9736516378d1fbac451dd80a93bf25c85e74b50@dist-git>
+From 3d7a4041d31e403dc9e762b34f7faf36f7f20a28 Mon Sep 17 00:00:00 2001
+Message-Id: <3d7a4041d31e403dc9e762b34f7faf36f7f20a28@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Tue, 26 Apr 2022 15:02:51 +0200
 Subject: [PATCH] cpu_x86: Refactor feature list comparison in
@@ -12,7 +12,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
 (cherry picked from commit 1d6ca40ac23c039abc4392b668f256d0eda33280)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2084030
+https://bugzilla.redhat.com/show_bug.cgi?id=1851227
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---

SOURCES/libvirt-cputest-Add-some-real-world-baseline-tests.patch

@@ -1,5 +1,5 @@
-From 8f7e267c7b98b378e301519b10aa3d18f0ceb45c Mon Sep 17 00:00:00 2001
-Message-Id: <8f7e267c7b98b378e301519b10aa3d18f0ceb45c@dist-git>
+From b37a398da4323407de24d19afac937eac80170cc Mon Sep 17 00:00:00 2001
+Message-Id: <b37a398da4323407de24d19afac937eac80170cc@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Thu, 21 Apr 2022 18:25:15 +0200
 Subject: [PATCH] cputest: Add some real world baseline tests
@@ -8,7 +8,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
 (cherry picked from commit 63d633b9a4fc42da7e2acaf45501914607d968a5)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2084030
+https://bugzilla.redhat.com/show_bug.cgi?id=1851227
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---

SOURCES/libvirt-cputest-Drop-some-old-artificial-baseline-tests.patch

@@ -1,5 +1,5 @@
-From 039e6627a7ee53973da64405b79cc0c0f6111fc7 Mon Sep 17 00:00:00 2001
-Message-Id: <039e6627a7ee53973da64405b79cc0c0f6111fc7@dist-git>
+From 50d94f13286ca19ef1f457be72debdbf77547df6 Mon Sep 17 00:00:00 2001
+Message-Id: <50d94f13286ca19ef1f457be72debdbf77547df6@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Wed, 4 May 2022 16:21:38 +0200
 Subject: [PATCH] cputest: Drop some old artificial baseline tests
@@ -8,7 +8,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
 (cherry picked from commit 6aff36019bbaf643f451779621c6c88cab0e64a7)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2084030
+https://bugzilla.redhat.com/show_bug.cgi?id=1851227
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---

SOURCES/libvirt-cputest-Give-better-names-to-baseline-tests.patch

@@ -1,5 +1,5 @@
-From 89272567fd9e2b87133333f5565c1d9e2befb350 Mon Sep 17 00:00:00 2001
-Message-Id: <89272567fd9e2b87133333f5565c1d9e2befb350@dist-git>
+From 6cf9cd8f6d9e90eadd58d8a37129e7401876e4e8 Mon Sep 17 00:00:00 2001
+Message-Id: <6cf9cd8f6d9e90eadd58d8a37129e7401876e4e8@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Wed, 4 May 2022 16:28:03 +0200
 Subject: [PATCH] cputest: Give better names to baseline tests
@@ -8,7 +8,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
 (cherry picked from commit 3daa68e26514dc114d71f4c44f7d728e93a53cd0)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2084030
+https://bugzilla.redhat.com/show_bug.cgi?id=1851227
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---

SOURCES/libvirt-domain_validate-Split-out-validation-of-disk-startup-policy.patch

@@ -1,5 +1,5 @@
-From bfd8d181d45a22731ae5b1f05f3cb9488a2c7939 Mon Sep 17 00:00:00 2001
-Message-Id: <bfd8d181d45a22731ae5b1f05f3cb9488a2c7939@dist-git>
+From 296343c5a950668d790f9cd5ebd7b466e8156d03 Mon Sep 17 00:00:00 2001
+Message-Id: <296343c5a950668d790f9cd5ebd7b466e8156d03@dist-git>
 From: Peter Krempa <pkrempa@redhat.com>
 Date: Tue, 14 Jun 2022 13:23:29 +0200
 Subject: [PATCH] domain_validate: Split out validation of disk startup policy
@@ -14,7 +14,6 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit 3603a18bcec18842cedecbd8329723062b87795c)
 https://bugzilla.redhat.com/show_bug.cgi?id=2095758
-https://bugzilla.redhat.com/show_bug.cgi?id=2109571
 ---
  src/conf/domain_validate.c | 45 ++++++++++++++++++++++++--------------
  src/conf/domain_validate.h |  2 ++

SOURCES/libvirt-nwfilter-fix-crash-when-counting-number-of-network-filters.patch

@@ -0,0 +1,55 @@
+From dc6ab8b51ff53ba22abfb84f24641aa87320038a Mon Sep 17 00:00:00 2001
+Message-Id: <dc6ab8b51ff53ba22abfb84f24641aa87320038a@dist-git>
+From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
+Date: Tue, 8 Mar 2022 17:28:38 +0000
+Subject: [PATCH] nwfilter: fix crash when counting number of network filters
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The virNWFilterObjListNumOfNWFilters method iterates over the
+driver->nwfilters, accessing virNWFilterObj instances. As such
+it needs to be protected against concurrent modification of
+the driver->nwfilters object.
+
+This API allows unprivileged users to connect, so users with
+read-only access to libvirt can cause a denial of service
+crash if they are able to race with a call of virNWFilterUndefine.
+Since network filters are usually statically defined, this is
+considered a low severity problem.
+
+This is assigned CVE-2022-0897.
+
+Reviewed-by: Eric Blake <eblake@redhat.com>
+Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit a4947e8f63c3e6b7b067b444f3d6cf674c0d7f36)
+https://bugzilla.redhat.com/show_bug.cgi?id=2063902
+---
+ src/nwfilter/nwfilter_driver.c | 8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
+index 200451d6b1..956aca6421 100644
+--- a/src/nwfilter/nwfilter_driver.c
++++ b/src/nwfilter/nwfilter_driver.c
+@@ -478,11 +478,15 @@ nwfilterLookupByName(virConnectPtr conn,
+ static int
+ nwfilterConnectNumOfNWFilters(virConnectPtr conn)
+ {
++    int ret;
+     if (virConnectNumOfNWFiltersEnsureACL(conn) < 0)
+         return -1;
+ 
+-    return virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
+-                                        virConnectNumOfNWFiltersCheckACL);
++    nwfilterDriverLock();
++    ret = virNWFilterObjListNumOfNWFilters(driver->nwfilters, conn,
++                                           virConnectNumOfNWFiltersCheckACL);
++    nwfilterDriverUnlock();
++    return ret;
+ }
+ 
+ 
+-- 
+2.35.1
+

SOURCES/libvirt-qemu-Add-qemuDomainSetMaxMemLock-helper.patch

@@ -1,5 +1,5 @@
-From 7f5b89a15bfcd964c7f2b6ccbf3c03fd867f93b5 Mon Sep 17 00:00:00 2001
-Message-Id: <7f5b89a15bfcd964c7f2b6ccbf3c03fd867f93b5@dist-git>
+From 2595c7716b19214b2729b41b86656f96a2cd18bc Mon Sep 17 00:00:00 2001
+Message-Id: <2595c7716b19214b2729b41b86656f96a2cd18bc@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Wed, 22 Jun 2022 15:21:30 +0200
 Subject: [PATCH] qemu: Add qemuDomainSetMaxMemLock helper
@@ -15,7 +15,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit dff51c7f5760ded8235076f55d082fe4363f2f78)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2117272
+https://bugzilla.redhat.com/show_bug.cgi?id=2089433
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---

SOURCES/libvirt-qemu-virtiofs-format-thread-pool-size.patch

@@ -0,0 +1,37 @@
+From 44f83782ba882f9eb037a54fb75231c305d98712 Mon Sep 17 00:00:00 2001
+Message-Id: <44f83782ba882f9eb037a54fb75231c305d98712@dist-git>
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Fri, 10 Jun 2022 15:25:00 +0200
+Subject: [PATCH] qemu: virtiofs: format --thread-pool-size
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2079582
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 2753eba20ce76d3d8785b23a6e940574ca12fe3c)
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/qemu/qemu_virtiofs.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/qemu/qemu_virtiofs.c b/src/qemu/qemu_virtiofs.c
+index 1b853a5a59..1ee3781286 100644
+--- a/src/qemu/qemu_virtiofs.c
++++ b/src/qemu/qemu_virtiofs.c
+@@ -163,6 +163,10 @@ qemuVirtioFSBuildCommandLine(virQEMUDriverConfig *cfg,
+         virBufferAddLit(&opts, ",no_posix_lock");
+ 
+     virCommandAddArgBuffer(cmd, &opts);
++
++    if (fs->thread_pool_size >= 0)
++        virCommandAddArgFormat(cmd, "--thread-pool-size=%i", fs->thread_pool_size);
++
+     if (cfg->virtiofsdDebug)
+         virCommandAddArg(cmd, "-d");
+ 
+-- 
+2.35.1
+

SOURCES/libvirt-qemuProcessReconnect-Don-t-build-memory-paths.patch

@@ -1,57 +0,0 @@
-From 9e5559fb4056507ecfc5e7dd758c3837283feb39 Mon Sep 17 00:00:00 2001
-Message-Id: <9e5559fb4056507ecfc5e7dd758c3837283feb39@dist-git>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Wed, 28 Sep 2022 10:12:36 +0200
-Subject: [PATCH] qemuProcessReconnect: Don't build memory paths
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Let me take you on a short trip to history. A long time ago,
-libvirt would configure all QEMUs to use $hugetlbfs/libvirt/qemu
-for their hugepages setup. This was problematic, because it did
-not allow enough separation between guests. Therefore in
-v3.0.0-rc1~367 the path changed to a per-domain basis:
-
-  $hugetlbfs/libvirt/qemu/$domainShortName
-
-And to help with migration on daemon restart a call to
-qemuProcessBuildDestroyMemoryPaths() was added to
-qemuProcessReconnect() (well, it was named
-qemuProcessBuildDestroyHugepagesPath() back then, see
-v3.10.0-rc1~174). This was desirable then, because the memory
-hotplug code did not call the function, it simply assumes
-per-domain paths to exist. But this changed in v3.5.0-rc1~92
-after which the per-domain paths are created on memory hotplug
-too.
-
-Therefore, it's no longer necessary to create these paths in
-qemuProcessReconnect(). They are created exactly when needed
-(domain startup and memory hotplug).
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Ján Tomko <jtomko@redhat.com>
-(cherry picked from commit 3478cca80ea7382cfdbff836d5d0b92aa014297b)
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2132177
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/qemu/qemu_process.c | 3 ---
- 1 file changed, 3 deletions(-)
-
-diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
-index 1164340aa9..0fb665bc82 100644
---- a/src/qemu/qemu_process.c
-+++ b/src/qemu/qemu_process.c
-@@ -8869,9 +8869,6 @@ qemuProcessReconnect(void *opaque)
-         goto cleanup;
-     }
- 
--    if (qemuProcessBuildDestroyMemoryPaths(driver, obj, NULL, true) < 0)
--        goto error;
--
-     if ((qemuDomainAssignAddresses(obj->def, priv->qemuCaps,
-                                    driver, obj, false)) < 0) {
-         goto error;
--- 
-2.37.2
-

SOURCES/libvirt-qemu_capabilities-Detect-memory-backend-.prealloc-threads-property.patch

@@ -1,5 +1,5 @@
-From 9f9fcbc842846c6f2579ca52190f506060e191d8 Mon Sep 17 00:00:00 2001
-Message-Id: <9f9fcbc842846c6f2579ca52190f506060e191d8@dist-git>
+From c387e7680c07d7dbb934dbe972e99ab78cebad28 Mon Sep 17 00:00:00 2001
+Message-Id: <c387e7680c07d7dbb934dbe972e99ab78cebad28@dist-git>
 From: Michal Privoznik <mprivozn@redhat.com>
 Date: Mon, 21 Mar 2022 16:55:05 +0100
 Subject: [PATCH] qemu_capabilities: Detect memory-backend-*.prealloc-threads
@@ -36,7 +36,7 @@ tests/qemucapabilitiesdata/caps_6.2.0.x86_64.xml
 tests/qemucapabilitiesdata/caps_7.0.0.ppc64.xml
 tests/qemucapabilitiesdata/caps_7.0.0.x86_64.xml
 
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2075569
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2067126
 Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
 ---
  src/qemu/qemu_capabilities.c                      | 2 ++

SOURCES/libvirt-qemu_command-Generate-prealloc-threads-property.patch

@@ -1,5 +1,5 @@
-From f9c8097e8a836052239c51552d943a76b8164de3 Mon Sep 17 00:00:00 2001
-Message-Id: <f9c8097e8a836052239c51552d943a76b8164de3@dist-git>
+From e52b12a986de8ac469b98135b2c1d2a8a63b9052 Mon Sep 17 00:00:00 2001
+Message-Id: <e52b12a986de8ac469b98135b2c1d2a8a63b9052@dist-git>
 From: Michal Privoznik <mprivozn@redhat.com>
 Date: Mon, 21 Mar 2022 17:10:15 +0100
 Subject: [PATCH] qemu_command: Generate prealloc-threads property
@@ -16,7 +16,7 @@ tests/qemuxml2argvdata/memfd-memory-numa.x86_64-latest.args:
 Upstream has moved some cmd line arguments
 (v8.0.0-260-gaf23241cfe) but that is not backported.
 
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2075569
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2067126
 Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
 ---
  src/qemu/qemu_command.c                                     | 5 ++++-

SOURCES/libvirt-qemu_domain-Format-qemuDomainObjPrivate-originalMemlock.patch

@@ -1,5 +1,5 @@
-From cbfe812a4affe5be7677bf28764b58dc7f99c969 Mon Sep 17 00:00:00 2001
-Message-Id: <cbfe812a4affe5be7677bf28764b58dc7f99c969@dist-git>
+From b221b3ab6d881efedc544e0e0ed9c507e21fd178 Mon Sep 17 00:00:00 2001
+Message-Id: <b221b3ab6d881efedc544e0e0ed9c507e21fd178@dist-git>
 From: Michal Privoznik <mprivozn@redhat.com>
 Date: Wed, 11 May 2022 16:37:27 +0200
 Subject: [PATCH] qemu_domain: Format qemuDomainObjPrivate::originalMemlock
@@ -12,7 +12,7 @@ Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
 Reviewed-by: Peter Krempa <pkrempa@redhat.com>
 (cherry picked from commit 21aec91790ae14d24512856b20cff49764ede637)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2117272
+https://bugzilla.redhat.com/show_bug.cgi?id=2089433
 
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---

SOURCES/libvirt-qemu_migration-Implement-VIR_MIGRATE_ZEROCOPY-flag.patch

@@ -1,5 +1,5 @@
-From 34dc905251ca0f00d92e8419adc63580c6266394 Mon Sep 17 00:00:00 2001
-Message-Id: <34dc905251ca0f00d92e8419adc63580c6266394@dist-git>
+From 35f06623b82d99dd380340eef465394975dd1c80 Mon Sep 17 00:00:00 2001
+Message-Id: <35f06623b82d99dd380340eef465394975dd1c80@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Wed, 22 Jun 2022 16:37:31 +0200
 Subject: [PATCH] qemu_migration: Implement VIR_MIGRATE_ZEROCOPY flag
@@ -13,7 +13,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit d375993ab314a41bca7ef6c846e07afc18c37774)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2117272
+https://bugzilla.redhat.com/show_bug.cgi?id=2089433
 
 Conflicts:
 	src/qemu/qemu_migration.c
@@ -29,7 +29,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
  4 files changed, 29 insertions(+)
 
 diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
-index 01102c4300..11f87296d6 100644
+index 35ad201580..db5163e993 100644
 --- a/src/qemu/qemu_migration.c
 +++ b/src/qemu/qemu_migration.c
 @@ -2366,6 +2366,12 @@ qemuMigrationSrcBeginPhase(virQEMUDriver *driver,

SOURCES/libvirt-qemu_migration-Restore-original-memory-locking-limit.patch

@@ -1,5 +1,5 @@
-From 7cbfdb081de6e4eb684447ba48869082df798419 Mon Sep 17 00:00:00 2001
-Message-Id: <7cbfdb081de6e4eb684447ba48869082df798419@dist-git>
+From 8cccd9634ecd91a5b7343eddc037e0fa7de2f9f6 Mon Sep 17 00:00:00 2001
+Message-Id: <8cccd9634ecd91a5b7343eddc037e0fa7de2f9f6@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Wed, 22 Jun 2022 16:12:02 +0200
 Subject: [PATCH] qemu_migration: Restore original memory locking limit
@@ -15,22 +15,18 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit d4d3bb813031275c2c7cf72724b83c97ce82ab7a)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2117272
+https://bugzilla.redhat.com/show_bug.cgi?id=2089433
 
 Conflicts:
 	src/qemu/qemu_migration.c
             - post-copy resovery not backported
 
-The original 8.7.0 backport contained a bug which was later fixed by
-"qemu_migration: Fix restoring memlock limit on destination". This
-backport includes the follow up fix squashed in.
-
 Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 ---
  src/qemu/qemu_domain.c    | 12 ++++++++++++
  src/qemu/qemu_domain.h    |  3 +++
- src/qemu/qemu_migration.c | 11 +++++++++--
- 3 files changed, 24 insertions(+), 2 deletions(-)
+ src/qemu/qemu_migration.c | 10 ++++++++--
+ 3 files changed, 23 insertions(+), 2 deletions(-)
 
 diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
 index a81789f194..c24d1e4d53 100644
@@ -77,7 +73,7 @@ index 6d1d23439a..d6e8a7a0fb 100644
      virChrdevs *devs;
  
 diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
-index 10338f8e87..01102c4300 100644
+index 10338f8e87..35ad201580 100644
 --- a/src/qemu/qemu_migration.c
 +++ b/src/qemu/qemu_migration.c
 @@ -2974,7 +2974,8 @@ qemuMigrationDstPrepareAny(virQEMUDriver *driver,
@@ -124,15 +120,14 @@ index 10338f8e87..01102c4300 100644
          qemuMigrationJobFinish(driver, vm);
      } else {
          qemuMigrationJobContinue(vm);
-@@ -5869,6 +5874,8 @@ qemuMigrationDstFinish(virQEMUDriver *driver,
-          */
-         if (inPostCopy)
-             g_clear_pointer(&priv->job.completed, qemuDomainJobInfoFree);
-+
-+        qemuDomainSetMaxMemLock(vm, 0, &priv->preMigrationMemlock);
-     }
- 
-     qemuMigrationParamsReset(driver, vm, QEMU_ASYNC_JOB_MIGRATION_IN,
+@@ -5881,6 +5886,7 @@ qemuMigrationDstFinish(virQEMUDriver *driver,
+  cleanup:
+     g_clear_pointer(&jobInfo, qemuDomainJobInfoFree);
+     virPortAllocatorRelease(port);
++    qemuDomainSetMaxMemLock(vm, 0, &priv->preMigrationMemlock);
+     if (priv->mon)
+         qemuMonitorSetDomainLog(priv->mon, NULL, NULL, NULL);
+     VIR_FREE(priv->origname);
 -- 
 2.35.1
 

SOURCES/libvirt-qemu_migration-Use-qemuDomainSetMaxMemLock.patch

@@ -1,5 +1,5 @@
-From ad3f1dceac21369b9c18b6032a4ff859dc79bbc7 Mon Sep 17 00:00:00 2001
-Message-Id: <ad3f1dceac21369b9c18b6032a4ff859dc79bbc7@dist-git>
+From 8354fa1d2e471699331961272bc38f5e4cfe7cb8 Mon Sep 17 00:00:00 2001
+Message-Id: <8354fa1d2e471699331961272bc38f5e4cfe7cb8@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Wed, 22 Jun 2022 09:04:04 +0200
 Subject: [PATCH] qemu_migration: Use qemuDomainSetMaxMemLock
@@ -15,7 +15,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit 22ee8cbf090c45f999b76e3f8dc7a45065fc9edf)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2117272
+https://bugzilla.redhat.com/show_bug.cgi?id=2089433
 
 Conflicts:
 	src/qemu/qemu_migration.c

SOURCES/libvirt-qemu_namespace-Fix-a-corner-case-in-qemuDomainGetPreservedMounts.patch

@@ -1,80 +0,0 @@
-From d32d74310b652295fa23ccf8f096dd6c997dee05 Mon Sep 17 00:00:00 2001
-Message-Id: <d32d74310b652295fa23ccf8f096dd6c997dee05@dist-git>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Tue, 6 Sep 2022 13:43:22 +0200
-Subject: [PATCH] qemu_namespace: Fix a corner case in
- qemuDomainGetPreservedMounts()
-
-When setting up namespace for QEMU we look at mount points under
-/dev (like /dev/pts, /dev/mqueue/, etc.) because we want to
-preserve those (which is done by moving them to a temp location,
-unshare(), and then moving them back). We have a convenience
-helper - qemuDomainGetPreservedMounts() - that processes the
-mount table and (optionally) moves the other filesystems too.
-This helper is also used when attempting to create a path in NS,
-because the path, while starting with "/dev/" prefix, may
-actually lead to one of those filesystems that we preserved.
-
-And here comes the corner case: while we require the parent mount
-table to be in shared mode (equivalent of `mount --make-rshared /'),
-these mount events propagate iff the target path exist inside the
-slave mount table (= QEMU's private namespace). And since we
-create only a subset of /dev nodes, well, that assumption is not
-always the case.
-
-For instance, assume that a domain is already running, no
-hugepages were configured for it nor any hugetlbfs is mounted.
-Now, when a hugetlbfs is mounted into '/dev/hugepages', this is
-propagated into the QEMU's namespace, but since the target dir
-does not exist in the private /dev, the FS is not mounted in the
-namespace.
-
-Fortunately, this difference between namespaces is visible when
-comparing /proc/mounts and /proc/$PID/mounts (where PID is the
-QEMU's PID). Therefore, if possible we should look at the latter.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 46b03819ae8d833b11c2aaccb2c2a0361727f51b)
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2132177
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/qemu/qemu_namespace.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
-index 4bff325a2c..fc286ab0be 100644
---- a/src/qemu/qemu_namespace.c
-+++ b/src/qemu/qemu_namespace.c
-@@ -110,6 +110,8 @@ qemuDomainGetPreservedMountPath(virQEMUDriverConfig *cfg,
-  * b) generate backup path for all the entries in a)
-  *
-  * Any of the return pointers can be NULL. Both arrays are NULL-terminated.
-+ * Get the mount table either from @vm's PID (if running), or from the
-+ * namespace we're in (if @vm's not running).
-  *
-  * Returns 0 on success, -1 otherwise (with error reported)
-  */
-@@ -124,12 +126,18 @@ qemuDomainGetPreservedMounts(virQEMUDriverConfig *cfg,
-     size_t nmounts = 0;
-     g_auto(GStrv) paths = NULL;
-     g_auto(GStrv) savePaths = NULL;
-+    g_autofree char *mountsPath = NULL;
-     size_t i;
- 
-     if (ndevPath)
-         *ndevPath = 0;
- 
--    if (virFileGetMountSubtree(QEMU_PROC_MOUNTS, "/dev", &mounts, &nmounts) < 0)
-+    if (vm->pid > 0)
-+        mountsPath = g_strdup_printf("/proc/%lld/mounts", (long long) vm->pid);
-+    else
-+        mountsPath = g_strdup(QEMU_PROC_MOUNTS);
-+
-+    if (virFileGetMountSubtree(mountsPath, "/dev", &mounts, &nmounts) < 0)
-         return -1;
- 
-     if (nmounts == 0)
--- 
-2.37.2
-

SOURCES/libvirt-qemu_namespace-Introduce-qemuDomainNamespaceSetupPath.patch

@@ -1,68 +0,0 @@
-From edca5497554ccf8016681884aa732156a9773061 Mon Sep 17 00:00:00 2001
-Message-Id: <edca5497554ccf8016681884aa732156a9773061@dist-git>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Tue, 6 Sep 2022 13:43:58 +0200
-Subject: [PATCH] qemu_namespace: Introduce qemuDomainNamespaceSetupPath()
-
-Sometimes it may come handy to just bind mount a directory/file
-into domain's namespace. Implement a thin wrapper over
-qemuNamespaceMknodPaths() which has all the logic we need.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 5853d707189005a4ea5b2215e80853867b822fd9)
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2132177
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/qemu/qemu_namespace.c | 19 +++++++++++++++++++
- src/qemu/qemu_namespace.h |  4 ++++
- 2 files changed, 23 insertions(+)
-
-diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
-index fc286ab0be..74ffd6fb90 100644
---- a/src/qemu/qemu_namespace.c
-+++ b/src/qemu/qemu_namespace.c
-@@ -1398,6 +1398,25 @@ qemuNamespaceUnlinkPaths(virDomainObj *vm,
- }
- 
- 
-+int
-+qemuDomainNamespaceSetupPath(virDomainObj *vm,
-+                             const char *path,
-+                             bool *created)
-+{
-+    g_autoptr(virGSListString) paths = NULL;
-+
-+    if (!qemuDomainNamespaceEnabled(vm, QEMU_DOMAIN_NS_MOUNT))
-+        return 0;
-+
-+    paths = g_slist_prepend(paths, g_strdup(path));
-+
-+    if (qemuNamespaceMknodPaths(vm, paths, created) < 0)
-+        return -1;
-+
-+    return 0;
-+}
-+
-+
- int
- qemuDomainNamespaceSetupDisk(virDomainObj *vm,
-                              virStorageSource *src,
-diff --git a/src/qemu/qemu_namespace.h b/src/qemu/qemu_namespace.h
-index 020aca13d8..1ab9322061 100644
---- a/src/qemu/qemu_namespace.h
-+++ b/src/qemu/qemu_namespace.h
-@@ -49,6 +49,10 @@ void qemuDomainDestroyNamespace(virQEMUDriver *driver,
- 
- bool qemuDomainNamespaceAvailable(qemuDomainNamespace ns);
- 
-+int qemuDomainNamespaceSetupPath(virDomainObj *vm,
-+                                 const char *path,
-+                                 bool *created);
-+
- int qemuDomainNamespaceSetupDisk(virDomainObj *vm,
-                                  virStorageSource *src,
-                                  bool *created);
--- 
-2.37.2
-

SOURCES/libvirt-qemu_namespace-Tolerate-missing-ACLs-when-creating-a-path-in-namespace.patch

@@ -1,45 +0,0 @@
-From 8806d4dd0f0c7c20a42513b2a1ff310455decdc6 Mon Sep 17 00:00:00 2001
-Message-Id: <8806d4dd0f0c7c20a42513b2a1ff310455decdc6@dist-git>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Tue, 6 Sep 2022 13:37:23 +0200
-Subject: [PATCH] qemu_namespace: Tolerate missing ACLs when creating a path in
- namespace
-
-When creating a path in a domain's mount namespace we try to set
-ACLs on it, so that it's a verbatim copy of the path in parent's
-namespace. The ACLs are queried upfront (by
-qemuNamespaceMknodItemInit()) but this is fault tolerant so the
-pointer to ACLs might be NULL (meaning no ACLs were queried, for
-instance because the underlying filesystem does not support
-them). But then we take this NULL and pass it to virFileSetACLs()
-which immediately returns an error because NULL is invalid value.
-
-Mimic what we do with SELinux label - only set ACLs if they are
-non-NULL which includes symlinks.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 687374959e160dc566bd4b6d43c7bf1beb470c59)
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2132177
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/qemu/qemu_namespace.c | 3 +--
- 1 file changed, 1 insertion(+), 2 deletions(-)
-
-diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
-index 94453033f5..4bff325a2c 100644
---- a/src/qemu/qemu_namespace.c
-+++ b/src/qemu/qemu_namespace.c
-@@ -1023,8 +1023,7 @@ qemuNamespaceMknodOne(qemuNamespaceMknodItem *data)
-         goto cleanup;
-     }
- 
--    /* Symlinks don't have ACLs. */
--    if (!isLink &&
-+    if (data->acl &&
-         virFileSetACLs(data->file, data->acl) < 0 &&
-         errno != ENOTSUP) {
-         virReportSystemError(errno,
--- 
-2.37.2
-

SOURCES/libvirt-qemu_process-Don-t-require-a-hugetlbfs-mount-for-memfd.patch

@@ -1,50 +0,0 @@
-From a2cb0eca44996e1a7a397f028d44994f2e402a2e Mon Sep 17 00:00:00 2001
-Message-Id: <a2cb0eca44996e1a7a397f028d44994f2e402a2e@dist-git>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 5 Sep 2022 10:34:44 +0200
-Subject: [PATCH] qemu_process: Don't require a hugetlbfs mount for memfd
-
-The aim of qemuProcessNeedHugepagesPath() is to determine whether
-a hugetlbfs mount point is required for given domain (as in
-whether qemuBuildMemoryBackendProps() picks up
-memory-backend-file pointing to a hugetlbfs mount point). Well,
-when domain is configured to use memfd backend then that
-condition can never be true. Therefore, skip creating domain's
-private path under hugetlbfs mount points.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit f14f8dff9330ed51d817f190a2ee9ac76dfac00b)
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2132177
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/qemu/qemu_process.c | 12 +++++++++++-
- 1 file changed, 11 insertions(+), 1 deletion(-)
-
-diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
-index 5c6657a876..540eee9ff0 100644
---- a/src/qemu/qemu_process.c
-+++ b/src/qemu/qemu_process.c
-@@ -3810,8 +3810,18 @@ qemuProcessNeedHugepagesPath(virDomainDef *def,
-     const long system_pagesize = virGetSystemPageSizeKB();
-     size_t i;
- 
--    if (def->mem.source == VIR_DOMAIN_MEMORY_SOURCE_FILE)
-+    switch ((virDomainMemorySource)def->mem.source) {
-+    case VIR_DOMAIN_MEMORY_SOURCE_FILE:
-+        /* This needs a hugetlbfs mount. */
-         return true;
-+    case VIR_DOMAIN_MEMORY_SOURCE_MEMFD:
-+        /* memfd works without a hugetlbfs mount */
-+        return false;
-+    case VIR_DOMAIN_MEMORY_SOURCE_NONE:
-+    case VIR_DOMAIN_MEMORY_SOURCE_ANONYMOUS:
-+    case VIR_DOMAIN_MEMORY_SOURCE_LAST:
-+        break;
-+    }
- 
-     for (i = 0; i < def->mem.nhugepages; i++) {
-         if (def->mem.hugepages[i].size != system_pagesize)
--- 
-2.37.2
-

SOURCES/libvirt-qemu_process.c-Propagate-hugetlbfs-mounts-on-reconnect.patch

@@ -1,65 +0,0 @@
-From 347606bc80f40c22712d0ffe61a149c3266bf131 Mon Sep 17 00:00:00 2001
-Message-Id: <347606bc80f40c22712d0ffe61a149c3266bf131@dist-git>
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Tue, 6 Sep 2022 13:45:51 +0200
-Subject: [PATCH] qemu_process.c: Propagate hugetlbfs mounts on reconnect
-
-When reconnecting to a running QEMU process, we construct the
-per-domain path in all hugetlbfs mounts. This is a relict from
-the past (v3.4.0-100-g5b24d25062) where we switched to a
-per-domain path and we want to create those paths when libvirtd
-restarts on upgrade.
-
-And with namespaces enabled there is one corner case where the
-path is not created. In fact an error is reported and the
-reconnect fails. Ideally, all mount events are propagated into
-the QEMU's namespace. And they probably are, except when the
-target path does not exist inside the namespace. Now, it's pretty
-common for users to mount hugetlbfs under /dev (e.g.
-/dev/hugepages), but if domain is started without hugepages (or
-more specifically - private hugetlbfs path wasn't created on
-domain startup), then the reconnect code tries to create it.
-But it fails to do so, well, it fails to set seclabels on the
-path because, because the path does not exist in the private
-namespace. And it doesn't exist because we specifically create
-only a subset of all possible /dev nodes. Therefore, the mount
-event, whilst propagated, is not successful and hence the
-filesystem is not mounted. We have to do it ourselves.
-
-If hugetlbfs is mount anywhere else there's no problem and this
-is effectively a dead code.
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2123196
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 0377177c7856bb87a9d8aa1324b54f5fbe9f1e5b)
-
-Conflicts:
-- docs/kbase/qemu-passthrough-security.rst: Well, v8.8.0-rc1~32
-  isn't backported, thus we can't remove a paragraph that the
-  backported commit did. It's a documentation after all, so no
-  harm.
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2132177
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
----
- src/qemu/qemu_process.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
-index 540eee9ff0..1164340aa9 100644
---- a/src/qemu/qemu_process.c
-+++ b/src/qemu/qemu_process.c
-@@ -3906,6 +3906,9 @@ qemuProcessBuildDestroyMemoryPathsImpl(virQEMUDriver *driver,
-             return -1;
-         }
- 
-+        if (qemuDomainNamespaceSetupPath(vm, path, NULL) < 0)
-+            return -1;
-+
-         if (qemuSecurityDomainSetPathLabel(driver, vm, path, true) < 0)
-             return -1;
-     } else {
--- 
-2.37.2
-

SOURCES/libvirt-qemu_validate-Validate-prealloc-threads-against-qemuCpas.patch

@@ -1,5 +1,5 @@
-From d1a1a95343946fbe0736a14073b63831320d55d2 Mon Sep 17 00:00:00 2001
-Message-Id: <d1a1a95343946fbe0736a14073b63831320d55d2@dist-git>
+From 088ba382d7a099ddbebe37e5486ce648e24266db Mon Sep 17 00:00:00 2001
+Message-Id: <088ba382d7a099ddbebe37e5486ce648e24266db@dist-git>
 From: Michal Privoznik <mprivozn@redhat.com>
 Date: Mon, 21 Mar 2022 17:09:40 +0100
 Subject: [PATCH] qemu_validate: Validate prealloc threads against qemuCpas
@@ -10,7 +10,7 @@ preallocation threads. Validate this assumption.
 Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
 Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
 (cherry picked from commit 75a4e0165ef199809974e97b507d3953e1de01d1)
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2075569
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2067126
 Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
 ---
  src/qemu/qemu_validate.c | 7 +++++++

SOURCES/libvirt-security_selinux.c-Relabel-existing-mode-bind-UNIX-sockets.patch

@@ -0,0 +1,64 @@
+From 07fb786e0d17bd395333d276ebbaad42c72ee358 Mon Sep 17 00:00:00 2001
+Message-Id: <07fb786e0d17bd395333d276ebbaad42c72ee358@dist-git>
+From: David Michael <david@bigbadwolfsecurity.com>
+Date: Tue, 28 Jun 2022 08:33:41 -0400
+Subject: [PATCH] security_selinux.c: Relabel existing mode="bind" UNIX sockets
+
+This supports sockets created by libvirt and passed by FD using the
+same method as in security_dac.c.
+
+Signed-off-by: David Michael <david@bigbadwolfsecurity.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 9f13f54a6348b54170f7de3595039c99b9da72c7)
+
+https://bugzilla.redhat.com/show_bug.cgi?id=2101575
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/security/security_selinux.c            | 9 +++++++--
+ tests/securityselinuxlabeldata/chardev.txt | 2 +-
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
+index 0952431064..b90e819fd2 100644
+--- a/src/security/security_selinux.c
++++ b/src/security/security_selinux.c
+@@ -2545,7 +2545,12 @@ virSecuritySELinuxSetChardevLabel(virSecurityManager *mgr,
+         break;
+ 
+     case VIR_DOMAIN_CHR_TYPE_UNIX:
+-        if (!dev_source->data.nix.listen) {
++        if (!dev_source->data.nix.listen ||
++            (dev_source->data.nix.path &&
++             virFileExists(dev_source->data.nix.path))) {
++            /* Also label mode='bind' sockets if they exist,
++             * e.g. because they were created by libvirt
++             * and passed via FD */
+             if (virSecuritySELinuxSetFilecon(mgr,
+                                              dev_source->data.nix.path,
+                                              imagelabel,
+@@ -2622,7 +2627,7 @@ virSecuritySELinuxRestoreChardevLabel(virSecurityManager *mgr,
+     case VIR_DOMAIN_CHR_TYPE_UNIX:
+         if (!dev_source->data.nix.listen) {
+             if (virSecuritySELinuxRestoreFileLabel(mgr,
+-                                                   dev_source->data.file.path,
++                                                   dev_source->data.nix.path,
+                                                    true) < 0)
+                 goto done;
+         }
+diff --git a/tests/securityselinuxlabeldata/chardev.txt b/tests/securityselinuxlabeldata/chardev.txt
+index 3f4b6302b9..bdb367f7a5 100644
+--- a/tests/securityselinuxlabeldata/chardev.txt
++++ b/tests/securityselinuxlabeldata/chardev.txt
+@@ -2,6 +2,6 @@
+ /plain.dev;system_u:object_r:svirt_image_t:s0:c41,c264
+ /plain.fifo;system_u:object_r:svirt_image_t:s0:c41,c264
+ /nolabel.sock;
+-/plain.sock;
++/plain.sock;system_u:object_r:svirt_image_t:s0:c41,c264
+ /yeslabel.sock;system_u:object_r:svirt_image_t:s0:c41,c264
+ /altlabel.sock;system_u:object_r:svirt_image_custom_t:s0:c41,c264
+-- 
+2.35.1
+

SOURCES/libvirt-virDomainDiskDefValidate-Improve-error-messages-for-startupPolicy-checks.patch

@@ -1,5 +1,5 @@
-From 4c57d8399b86c07ee0b1bafd2f8bf0ba10ff384f Mon Sep 17 00:00:00 2001
-Message-Id: <4c57d8399b86c07ee0b1bafd2f8bf0ba10ff384f@dist-git>
+From 41247c87fd47f2e55825d62c697da810ba5062f5 Mon Sep 17 00:00:00 2001
+Message-Id: <41247c87fd47f2e55825d62c697da810ba5062f5@dist-git>
 From: Peter Krempa <pkrempa@redhat.com>
 Date: Tue, 14 Jun 2022 13:13:48 +0200
 Subject: [PATCH] virDomainDiskDefValidate: Improve error messages for
@@ -15,7 +15,6 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit 9a480737c8adf92c332aa850c5269191ceb04eb9)
 https://bugzilla.redhat.com/show_bug.cgi?id=2095758
-https://bugzilla.redhat.com/show_bug.cgi?id=2109571
 ---
  src/conf/domain_validate.c | 9 ++++-----
  1 file changed, 4 insertions(+), 5 deletions(-)

SOURCES/libvirt-virDomainDiskDefValidateStartupPolicy-Validate-disk-type-better.patch

@@ -1,5 +1,5 @@
-From a5cdca9995a05ac45e882ad3e1ca1e4ab53a2c34 Mon Sep 17 00:00:00 2001
-Message-Id: <a5cdca9995a05ac45e882ad3e1ca1e4ab53a2c34@dist-git>
+From 26daf647925213a05509cc302d9151fe4525febb Mon Sep 17 00:00:00 2001
+Message-Id: <26daf647925213a05509cc302d9151fe4525febb@dist-git>
 From: Peter Krempa <pkrempa@redhat.com>
 Date: Tue, 14 Jun 2022 14:07:47 +0200
 Subject: [PATCH] virDomainDiskDefValidateStartupPolicy: Validate disk type
@@ -17,7 +17,6 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit b90d0f0a1e4ee52c828fb683c14c14e241e6fcbb)
 https://bugzilla.redhat.com/show_bug.cgi?id=2095758
-https://bugzilla.redhat.com/show_bug.cgi?id=2109571
 ---
  src/conf/domain_validate.c | 5 ++++-
  1 file changed, 4 insertions(+), 1 deletion(-)

SOURCES/libvirt-virDomainDiskTranslateSourcePool-Fix-check-of-startupPolicy-definition.patch

@@ -1,5 +1,5 @@
-From d56c0a4b1b57d9547d40088b6787d7503c09e2b9 Mon Sep 17 00:00:00 2001
-Message-Id: <d56c0a4b1b57d9547d40088b6787d7503c09e2b9@dist-git>
+From 2ea89fb18aa9d2dac1e651869736fede7a2ec434 Mon Sep 17 00:00:00 2001
+Message-Id: <2ea89fb18aa9d2dac1e651869736fede7a2ec434@dist-git>
 From: Peter Krempa <pkrempa@redhat.com>
 Date: Tue, 14 Jun 2022 14:21:33 +0200
 Subject: [PATCH] virDomainDiskTranslateSourcePool: Fix check of
@@ -23,7 +23,6 @@ Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2095758
 Signed-off-by: Peter Krempa <pkrempa@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit ed8984306e1cd44c424fda3ed412a4177dd7b84d)
-https://bugzilla.redhat.com/show_bug.cgi?id=2109571
 ---
  src/conf/domain_conf.c | 12 ++++++------
  1 file changed, 6 insertions(+), 6 deletions(-)

SOURCES/libvirt-virsh-Add-support-for-VIR_MIGRATE_ZEROCOPY-flag.patch

@@ -1,5 +1,5 @@
-From eb87264dc41a7147fb88fdc4d666ef8d0e9bb882 Mon Sep 17 00:00:00 2001
-Message-Id: <eb87264dc41a7147fb88fdc4d666ef8d0e9bb882@dist-git>
+From 20c1c86f96dd7293734888ef6f8b75c11cda5fae Mon Sep 17 00:00:00 2001
+Message-Id: <20c1c86f96dd7293734888ef6f8b75c11cda5fae@dist-git>
 From: Jiri Denemark <jdenemar@redhat.com>
 Date: Wed, 22 Jun 2022 16:36:53 +0200
 Subject: [PATCH] virsh: Add support for VIR_MIGRATE_ZEROCOPY flag
@@ -11,7 +11,7 @@ Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
 Reviewed-by: Ján Tomko <jtomko@redhat.com>
 (cherry picked from commit efa3baeae70fbdf4ab032ca485cb9272ee96bd50)
 
-https://bugzilla.redhat.com/show_bug.cgi?id=2117272
+https://bugzilla.redhat.com/show_bug.cgi?id=2089433
 
 Conflicts:
 	docs/manpages/virsh.rst

SPECS/libvirt.spec

@@ -210,7 +210,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 8.0.0
-Release: 5.5%{?dist}%{?extra_release}
+Release: 10%{?dist}%{?extra_release}
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -250,24 +250,23 @@ Patch27: libvirt-cpu_x86-Consolidate-signature-match-in-x86DecodeUseCandidate.pa
 Patch28: libvirt-cpu_x86-Refactor-feature-list-comparison-in-x86DecodeUseCandidate.patch
 Patch29: libvirt-cpu_x86-Penalize-disabled-features-when-computing-CPU-model.patch
 Patch30: libvirt-cpu_x86-Ignore-enabled-features-for-input-models-in-x86DecodeUseCandidate.patch
-Patch31: libvirt-virDomainDiskDefValidate-Improve-error-messages-for-startupPolicy-checks.patch
-Patch32: libvirt-domain_validate-Split-out-validation-of-disk-startup-policy.patch
-Patch33: libvirt-virDomainDiskDefValidateStartupPolicy-Validate-disk-type-better.patch
-Patch34: libvirt-virDomainDiskTranslateSourcePool-Fix-check-of-startupPolicy-definition.patch
-Patch35: libvirt-conf-Move-virDomainObj-originalMemlock-into-qemuDomainObjPrivate.patch
-Patch36: libvirt-qemu_domain-Format-qemuDomainObjPrivate-originalMemlock.patch
-Patch37: libvirt-qemu-Add-qemuDomainSetMaxMemLock-helper.patch
-Patch38: libvirt-qemu_migration-Use-qemuDomainSetMaxMemLock.patch
-Patch39: libvirt-qemu_migration-Restore-original-memory-locking-limit.patch
-Patch40: libvirt-Add-VIR_MIGRATE_ZEROCOPY-flag.patch
-Patch41: libvirt-virsh-Add-support-for-VIR_MIGRATE_ZEROCOPY-flag.patch
-Patch42: libvirt-qemu_migration-Implement-VIR_MIGRATE_ZEROCOPY-flag.patch
-Patch43: libvirt-qemu_process-Don-t-require-a-hugetlbfs-mount-for-memfd.patch
-Patch44: libvirt-qemu_namespace-Tolerate-missing-ACLs-when-creating-a-path-in-namespace.patch
-Patch45: libvirt-qemu_namespace-Fix-a-corner-case-in-qemuDomainGetPreservedMounts.patch
-Patch46: libvirt-qemu_namespace-Introduce-qemuDomainNamespaceSetupPath.patch
-Patch47: libvirt-qemu_process.c-Propagate-hugetlbfs-mounts-on-reconnect.patch
-Patch48: libvirt-qemuProcessReconnect-Don-t-build-memory-paths.patch
+Patch31: libvirt-nwfilter-fix-crash-when-counting-number-of-network-filters.patch
+Patch32: libvirt-virDomainDiskDefValidate-Improve-error-messages-for-startupPolicy-checks.patch
+Patch33: libvirt-domain_validate-Split-out-validation-of-disk-startup-policy.patch
+Patch34: libvirt-virDomainDiskDefValidateStartupPolicy-Validate-disk-type-better.patch
+Patch35: libvirt-virDomainDiskTranslateSourcePool-Fix-check-of-startupPolicy-definition.patch
+Patch36: libvirt-conf-virtiofs-add-thread_pool-element.patch
+Patch37: libvirt-qemu-virtiofs-format-thread-pool-size.patch
+Patch38: libvirt-conf-Move-virDomainObj-originalMemlock-into-qemuDomainObjPrivate.patch
+Patch39: libvirt-qemu_domain-Format-qemuDomainObjPrivate-originalMemlock.patch
+Patch40: libvirt-qemu-Add-qemuDomainSetMaxMemLock-helper.patch
+Patch41: libvirt-qemu_migration-Use-qemuDomainSetMaxMemLock.patch
+Patch42: libvirt-qemu_migration-Restore-original-memory-locking-limit.patch
+Patch43: libvirt-Add-VIR_MIGRATE_ZEROCOPY-flag.patch
+Patch44: libvirt-virsh-Add-support-for-VIR_MIGRATE_ZEROCOPY-flag.patch
+Patch45: libvirt-qemu_migration-Implement-VIR_MIGRATE_ZEROCOPY-flag.patch
+Patch46: libvirt-security_selinux.c-Relabel-existing-mode-bind-UNIX-sockets.patch
+Patch47: libvirt-RHEL-qemu_migration-Fix-restoring-memlock-limit-on-destination.patch
 
 Requires: libvirt-daemon = %{version}-%{release}
 Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -2141,45 +2140,44 @@ exit 0
 
 
 %changelog
-* Thu Oct  6 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-5.5.el8
-- qemu_process: Don't require a hugetlbfs mount for memfd (rhbz#2132177)
-- qemu_namespace: Tolerate missing ACLs when creating a path in namespace (rhbz#2132177)
-- qemu_namespace: Fix a corner case in qemuDomainGetPreservedMounts() (rhbz#2132177)
-- qemu_namespace: Introduce qemuDomainNamespaceSetupPath() (rhbz#2132177)
-- qemu_process.c: Propagate hugetlbfs mounts on reconnect (rhbz#2132177)
-- qemuProcessReconnect: Don't build memory paths (rhbz#2132177)
+* Mon Jul 25 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-10
+- security_selinux.c: Relabel existing mode="bind" UNIX sockets (rhbz#2101575)
+- RHEL: qemu_migration: Fix restoring memlock limit on destination (rhbz#2107954)
 
-* Thu Aug 18 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-5.4.el8
-- conf: Move virDomainObj::originalMemlock into qemuDomainObjPrivate (rhbz#2117272)
-- qemu_domain: Format qemuDomainObjPrivate::originalMemlock (rhbz#2117272)
-- qemu: Add qemuDomainSetMaxMemLock helper (rhbz#2117272)
-- qemu_migration: Use qemuDomainSetMaxMemLock (rhbz#2117272)
-- qemu_migration: Restore original memory locking limit (rhbz#2117272)
-- Add VIR_MIGRATE_ZEROCOPY flag (rhbz#2117272)
-- virsh: Add support for VIR_MIGRATE_ZEROCOPY flag (rhbz#2117272)
-- qemu_migration: Implement VIR_MIGRATE_ZEROCOPY flag (rhbz#2117272)
+* Thu Jun 30 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-9
+- conf: virtiofs: add thread_pool element (rhbz#2079582)
+- qemu: virtiofs: format --thread-pool-size (rhbz#2079582)
+- conf: Move virDomainObj::originalMemlock into qemuDomainObjPrivate (rhbz#2089433)
+- qemu_domain: Format qemuDomainObjPrivate::originalMemlock (rhbz#2089433)
+- qemu: Add qemuDomainSetMaxMemLock helper (rhbz#2089433)
+- qemu_migration: Use qemuDomainSetMaxMemLock (rhbz#2089433)
+- qemu_migration: Restore original memory locking limit (rhbz#2089433)
+- Add VIR_MIGRATE_ZEROCOPY flag (rhbz#2089433)
+- virsh: Add support for VIR_MIGRATE_ZEROCOPY flag (rhbz#2089433)
+- qemu_migration: Implement VIR_MIGRATE_ZEROCOPY flag (rhbz#2089433)
 
-* Fri Jul 29 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-5.3.el8
-- virDomainDiskDefValidate: Improve error messages for 'startupPolicy' checks (rhbz#2109571)
-- domain_validate: Split out validation of disk startup policy (rhbz#2109571)
-- virDomainDiskDefValidateStartupPolicy: Validate disk type better (rhbz#2109571)
-- virDomainDiskTranslateSourcePool: Fix check of 'startupPolicy' definition (rhbz#2109571)
+* Wed Jun 15 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-8
+- nwfilter: fix crash when counting number of network filters (CVE-2022-0897, rhbz#2063902)
+- virDomainDiskDefValidate: Improve error messages for 'startupPolicy' checks (rhbz#2095758)
+- domain_validate: Split out validation of disk startup policy (rhbz#2095758)
+- virDomainDiskDefValidateStartupPolicy: Validate disk type better (rhbz#2095758)
+- virDomainDiskTranslateSourcePool: Fix check of 'startupPolicy' definition (rhbz#2095758)
 
-* Tue May 17 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-5.2.el8
-- cpu_map: Disable cpu64-rhel* for host-model and baseline (rhbz#2084030)
-- cputest: Drop some old artificial baseline tests (rhbz#2084030)
-- cputest: Give better names to baseline tests (rhbz#2084030)
-- cputest: Add some real world baseline tests (rhbz#2084030)
-- cpu_x86: Consolidate signature match in x86DecodeUseCandidate (rhbz#2084030)
-- cpu_x86: Refactor feature list comparison in x86DecodeUseCandidate (rhbz#2084030)
-- cpu_x86: Penalize disabled features when computing CPU model (rhbz#2084030)
-- cpu_x86: Ignore enabled features for input models in x86DecodeUseCandidate (rhbz#2084030)
+* Tue May 17 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-7
+- cpu_map: Disable cpu64-rhel* for host-model and baseline (rhbz#1851227)
+- cputest: Drop some old artificial baseline tests (rhbz#1851227)
+- cputest: Give better names to baseline tests (rhbz#1851227)
+- cputest: Add some real world baseline tests (rhbz#1851227)
+- cpu_x86: Consolidate signature match in x86DecodeUseCandidate (rhbz#1851227)
+- cpu_x86: Refactor feature list comparison in x86DecodeUseCandidate (rhbz#1851227)
+- cpu_x86: Penalize disabled features when computing CPU model (rhbz#1851227)
+- cpu_x86: Ignore enabled features for input models in x86DecodeUseCandidate (rhbz#1851227)
 
-* Wed Apr 27 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-5.1.el8
-- conf: Introduce memory allocation threads (rhbz#2075569)
-- qemu_capabilities: Detect memory-backend-*.prealloc-threads property (rhbz#2075569)
-- qemu_validate: Validate prealloc threads against qemuCpas (rhbz#2075569)
-- qemu_command: Generate prealloc-threads property (rhbz#2075569)
+* Wed Apr 27 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-6
+- conf: Introduce memory allocation threads (rhbz#2067126)
+- qemu_capabilities: Detect memory-backend-*.prealloc-threads property (rhbz#2067126)
+- qemu_validate: Validate prealloc threads against qemuCpas (rhbz#2067126)
+- qemu_command: Generate prealloc-threads property (rhbz#2067126)
 
 * Fri Feb 25 2022 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-5
 - node_device: Rework udevKludgeStorageType() (rhbz#2056673)