diff --git a/SOURCES/libvirt-RHEL-Fix-migration-on-AMD-hosts-with-old-QEMU.patch b/SOURCES/libvirt-RHEL-Fix-migration-on-AMD-hosts-with-old-QEMU.patch
new file mode 100644
index 0000000..6d2dc11
--- /dev/null
+++ b/SOURCES/libvirt-RHEL-Fix-migration-on-AMD-hosts-with-old-QEMU.patch
@@ -0,0 +1,81 @@
+From 3ff107d00519e66ee350f34fcad7739df32411a5 Mon Sep 17 00:00:00 2001
+Message-Id: <3ff107d00519e66ee350f34fcad7739df32411a5@dist-git>
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Thu, 23 Apr 2020 20:59:53 +0200
+Subject: [PATCH] =?UTF-8?q?RHEL:=20Fix=20migration=20on=20AMD=C2=A0hosts?=
+ =?UTF-8?q?=20with=20old=20QEMU?=
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Fix for a RHEL-only hack for qemu-kvm-1.5.3-*
+
+Downstream commit 6244ce5a6f started adding virt-ssbd feature to all
+host-model CPUs before starting a domain to make sure it is enabled if
+possible (qemu-kvm-1.5.3-* is too old for probing whether virt-ssbd may
+be enabled, we just have to try). However, we add this feature to the
+CPU definition before the definition is copied to priv->origCPU and the
+definition stored there is used with QEMU older than 2.10 to start the
+domain after it's been saved or during migration. And because the CPU
+definition contains virt-ssbd which is not provided by the host CPU,
+starting or migrating fails with
+
+ the CPU is incompatible with host CPU: Host CPU does not provide
+ required features: virt-ssbd
+
+We need to copy the original CPU definition to priv->origCPU before
+adding virt-ssbd there (normally priv->origCPU is set in
+qemuProcessUpdateLiveGuestCPU when QEMU is already running).
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1815572
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Message-Id: <e4a8522926cad816fcfb60a05f1c28493ddbcd63.1587659979.git.jdenemar@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+---
+ src/qemu/qemu_process.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 7a7fc8f205..ea55ccf7ec 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -5776,10 +5776,11 @@ qemuProcessSetupHotpluggableVcpus(virQEMUDriverPtr driver,
+
+ static int
+ qemuProcessUpdateGuestCPU(virDomainDefPtr def,
+- virQEMUCapsPtr qemuCaps,
++ qemuDomainObjPrivatePtr priv,
+ virCapsPtr caps,
+ unsigned int flags)
+ {
++ virQEMUCapsPtr qemuCaps = priv->qemuCaps;
+ int ret = -1;
+ bool host_model = false;
+
+@@ -5846,8 +5847,12 @@ qemuProcessUpdateGuestCPU(virDomainDefPtr def,
+ virCPUDefPtr hostCPU;
+ hostCPU = virQEMUCapsGetHostModel(qemuCaps, def->virtType,
+ VIR_QEMU_CAPS_HOST_CPU_REPORTED);
+- if (hostCPU->fallback == VIR_CPU_FALLBACK_ALLOW)
++ if (hostCPU->fallback == VIR_CPU_FALLBACK_ALLOW) {
++ if (!priv->origCPU && !(priv->origCPU = virCPUDefCopy(def->cpu)))
++ goto cleanup;
++
+ virCPUDefUpdateFeature(def->cpu, "virt-ssbd", VIR_CPU_FEATURE_REQUIRE);
++ }
+ }
+
+ def->cpu->fallback = VIR_CPU_FALLBACK_FORBID;
+@@ -6069,7 +6074,7 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver,
+ priv->runningReason = VIR_DOMAIN_RUNNING_UNKNOWN;
+
+ VIR_DEBUG("Updating guest CPU definition");
+- if (qemuProcessUpdateGuestCPU(vm->def, priv->qemuCaps, caps, flags) < 0)
++ if (qemuProcessUpdateGuestCPU(vm->def, priv, caps, flags) < 0)
+ goto cleanup;
+
+ for (i = 0; i < vm->def->nshmems; i++) {
+--
+2.26.0
+
diff --git a/SOURCES/libvirt-qemu-don-t-hold-a-monitor-and-agent-job-for-reboot.patch b/SOURCES/libvirt-qemu-don-t-hold-a-monitor-and-agent-job-for-reboot.patch
new file mode 100644
index 0000000..94a591a
--- /dev/null
+++ b/SOURCES/libvirt-qemu-don-t-hold-a-monitor-and-agent-job-for-reboot.patch
@@ -0,0 +1,186 @@
+From b54ac47536056f26c724c7997e2aa96009b79ebd Mon Sep 17 00:00:00 2001
+Message-Id: <b54ac47536056f26c724c7997e2aa96009b79ebd@dist-git>
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Fri, 1 May 2020 16:53:38 -0500
+Subject: [PATCH] qemu: don't hold a monitor and agent job for reboot
+
+We have to assume that the guest agent may be malicious so we don't want
+to allow any agent queries to block any other libvirt API. By holding
+a monitor job while we're querying the agent, we open ourselves up to a
+DoS.
+
+Split the function so that we only hold the appropriate type of job
+while rebooting.
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 0a9893121187c0c3f9807e9164366e1f6977619c)
+
+CVE-2019-20485
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Message-Id: <20200501215341.27683-3-jjongsma@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_driver.c | 112 +++++++++++++++++++++++++----------------
+ 1 file changed, 70 insertions(+), 42 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index bdc955e1fa..888c586a79 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -2049,6 +2049,72 @@ static int qemuDomainShutdown(virDomainPtr dom)
+ }
+
+
++static int
++qemuDomainRebootAgent(virQEMUDriverPtr driver,
++ virDomainObjPtr vm,
++ bool isReboot,
++ bool agentForced)
++{
++ qemuAgentPtr agent;
++ int ret = -1;
++ int agentFlag = QEMU_AGENT_SHUTDOWN_REBOOT;
++
++ if (!isReboot)
++ agentFlag = QEMU_AGENT_SHUTDOWN_POWERDOWN;
++
++ if (qemuDomainObjBeginAgentJob(driver, vm,
++ QEMU_AGENT_JOB_MODIFY) < 0)
++ return -1;
++
++ if (!qemuDomainAgentAvailable(vm, agentForced))
++ goto endjob;
++
++ if (virDomainObjCheckActive(vm) < 0)
++ goto endjob;
++
++ qemuDomainSetFakeReboot(driver, vm, false);
++ agent = qemuDomainObjEnterAgent(vm);
++ ret = qemuAgentShutdown(agent, agentFlag);
++ qemuDomainObjExitAgent(vm, agent);
++
++ endjob:
++ qemuDomainObjEndAgentJob(vm);
++ return ret;
++}
++
++
++static int
++qemuDomainRebootMonitor(virQEMUDriverPtr driver,
++ virDomainObjPtr vm,
++ bool isReboot)
++{
++ qemuDomainObjPrivatePtr priv = vm->privateData;
++ int ret = -1;
++
++ if (qemuDomainObjBeginJob(driver, vm,
++ QEMU_JOB_MODIFY) < 0)
++ return -1;
++
++ if (virDomainObjCheckActive(vm) < 0)
++ goto endjob;
++
++#if !WITH_YAJL
++ virReportError(VIR_ERR_OPERATION_INVALID, "%s",
++ _("ACPI reboot is not supported without the JSON monitor"));
++ goto endjob;
++#endif
++ qemuDomainSetFakeReboot(driver, vm, isReboot);
++ qemuDomainObjEnterMonitor(driver, vm);
++ ret = qemuMonitorSystemPowerdown(priv->mon);
++ if (qemuDomainObjExitMonitor(driver, vm) < 0)
++ ret = -1;
++
++ endjob:
++ qemuDomainObjEndJob(driver, vm);
++ return ret;
++}
++
++
+ static int
+ qemuDomainReboot(virDomainPtr dom, unsigned int flags)
+ {
+@@ -2059,8 +2125,6 @@ qemuDomainReboot(virDomainPtr dom, unsigned int flags)
+ bool useAgent = false, agentRequested, acpiRequested;
+ bool isReboot = true;
+ bool agentForced;
+- qemuDomainAgentJob agentJob = QEMU_AGENT_JOB_NONE;
+- int agentFlag = QEMU_AGENT_SHUTDOWN_REBOOT;
+
+ virCheckFlags(VIR_DOMAIN_REBOOT_ACPI_POWER_BTN |
+ VIR_DOMAIN_REBOOT_GUEST_AGENT, -1);
+@@ -2070,7 +2134,6 @@ qemuDomainReboot(virDomainPtr dom, unsigned int flags)
+
+ if (vm->def->onReboot == VIR_DOMAIN_LIFECYCLE_ACTION_DESTROY ||
+ vm->def->onReboot == VIR_DOMAIN_LIFECYCLE_ACTION_PRESERVE) {
+- agentFlag = QEMU_AGENT_SHUTDOWN_POWERDOWN;
+ isReboot = false;
+ VIR_INFO("Domain on_reboot setting overridden, shutting down");
+ }
+@@ -2086,56 +2149,21 @@ qemuDomainReboot(virDomainPtr dom, unsigned int flags)
+ if (virDomainRebootEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
++ agentForced = agentRequested && !acpiRequested;
+ if (useAgent)
+- agentJob = QEMU_AGENT_JOB_MODIFY;
++ ret = qemuDomainRebootAgent(driver, vm, isReboot, agentForced);
+
+- if (qemuDomainObjBeginJobWithAgent(driver, vm,
+- QEMU_JOB_MODIFY,
+- agentJob) < 0)
++ if (ret < 0 && agentForced)
+ goto cleanup;
+
+- agentForced = agentRequested && !acpiRequested;
+- if (!qemuDomainAgentAvailable(vm, agentForced)) {
+- if (agentForced)
+- goto endjob;
+- useAgent = false;
+- }
+-
+- if (virDomainObjCheckActive(vm) < 0)
+- goto endjob;
+-
+- if (useAgent) {
+- qemuAgentPtr agent;
+-
+- qemuDomainSetFakeReboot(driver, vm, false);
+- agent = qemuDomainObjEnterAgent(vm);
+- ret = qemuAgentShutdown(agent, agentFlag);
+- qemuDomainObjExitAgent(vm, agent);
+- }
+-
+ /* If we are not enforced to use just an agent, try ACPI
+ * shutdown as well in case agent did not succeed.
+ */
+ if ((!useAgent) ||
+ (ret < 0 && (acpiRequested || !flags))) {
+-#if !WITH_YAJL
+- virReportError(VIR_ERR_OPERATION_INVALID, "%s",
+- _("ACPI reboot is not supported without the JSON monitor"));
+- goto endjob;
+-#endif
+- qemuDomainSetFakeReboot(driver, vm, isReboot);
+- qemuDomainObjEnterMonitor(driver, vm);
+- ret = qemuMonitorSystemPowerdown(priv->mon);
+- if (qemuDomainObjExitMonitor(driver, vm) < 0)
+- ret = -1;
++ ret = qemuDomainRebootMonitor(driver, vm, isReboot);
+ }
+
+- endjob:
+- if (agentJob)
+- qemuDomainObjEndJobWithAgent(driver, vm);
+- else
+- qemuDomainObjEndJob(driver, vm);
+-
+ cleanup:
+ virDomainObjEndAPI(&vm);
+ return ret;
+--
+2.26.2
+
diff --git a/SOURCES/libvirt-qemu-don-t-hold-monitor-and-agent-job-when-setting-time.patch b/SOURCES/libvirt-qemu-don-t-hold-monitor-and-agent-job-when-setting-time.patch
new file mode 100644
index 0000000..8abc43f
--- /dev/null
+++ b/SOURCES/libvirt-qemu-don-t-hold-monitor-and-agent-job-when-setting-time.patch
@@ -0,0 +1,128 @@
+From 1abebbf11f518fcd8a70133245be7b8ea4b094ea Mon Sep 17 00:00:00 2001
+Message-Id: <1abebbf11f518fcd8a70133245be7b8ea4b094ea@dist-git>
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Fri, 1 May 2020 16:53:39 -0500
+Subject: [PATCH] qemu: don't hold monitor and agent job when setting time
+
+We have to assume that the guest agent may be malicious so we don't want
+to allow any agent queries to block any other libvirt API. By holding
+a monitor job while we're querying the agent, we open ourselves up to a
+DoS.
+
+Split the function so that the portion issuing the agent command only
+holds an agent job and the portion issuing the monitor command holds
+only a monitor job.
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit e005c95f56fee9ed780be7f8db103d690bd34cbd)
+
+CVE-2019-20485
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Message-Id: <20200501215341.27683-4-jjongsma@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_driver.c | 54 +++++++++++++++++++++++++++---------------
+ 1 file changed, 35 insertions(+), 19 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 888c586a79..0f6641702d 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -19455,6 +19455,35 @@ qemuDomainGetTime(virDomainPtr dom,
+ return ret;
+ }
+
++static int
++qemuDomainSetTimeAgent(virQEMUDriverPtr driver,
++ virDomainObjPtr vm,
++ long long seconds,
++ unsigned int nseconds,
++ bool rtcSync)
++{
++ qemuAgentPtr agent;
++ int ret = -1;
++
++ if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_MODIFY) < 0)
++ return -1;
++
++ if (virDomainObjCheckActive(vm) < 0)
++ goto endjob;
++
++ if (!qemuDomainAgentAvailable(vm, true))
++ goto endjob;
++
++ agent = qemuDomainObjEnterAgent(vm);
++ ret = qemuAgentSetTime(agent, seconds, nseconds, rtcSync);
++ qemuDomainObjExitAgent(vm, agent);
++
++ endjob:
++ qemuDomainObjEndJob(driver, vm);
++ return ret;
++}
++
++
+ static int
+ qemuDomainSetTime(virDomainPtr dom,
+ long long seconds,
+@@ -19464,7 +19493,6 @@ qemuDomainSetTime(virDomainPtr dom,
+ virQEMUDriverPtr driver = dom->conn->privateData;
+ qemuDomainObjPrivatePtr priv;
+ virDomainObjPtr vm;
+- qemuAgentPtr agent;
+ bool rtcSync = flags & VIR_DOMAIN_TIME_SYNC;
+ int ret = -1;
+ int rv;
+@@ -19479,14 +19507,6 @@ qemuDomainSetTime(virDomainPtr dom,
+
+ priv = vm->privateData;
+
+- if (qemuDomainObjBeginJobWithAgent(driver, vm,
+- QEMU_JOB_MODIFY,
+- QEMU_AGENT_JOB_MODIFY) < 0)
+- goto cleanup;
+-
+- if (virDomainObjCheckActive(vm) < 0)
+- goto endjob;
+-
+ /* On x86, the rtc-reset-reinjection QMP command must be called after
+ * setting the time to avoid trouble down the line. If the command is
+ * not available, don't set the time at all and report an error */
+@@ -19496,18 +19516,14 @@ qemuDomainSetTime(virDomainPtr dom,
+ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+ _("cannot set time: qemu doesn't support "
+ "rtc-reset-reinjection command"));
+- goto endjob;
++ goto cleanup;
+ }
+
+- if (!qemuDomainAgentAvailable(vm, true))
+- goto endjob;
+-
+- agent = qemuDomainObjEnterAgent(vm);
+- rv = qemuAgentSetTime(agent, seconds, nseconds, rtcSync);
+- qemuDomainObjExitAgent(vm, agent);
++ if (qemuDomainSetTimeAgent(driver, vm, seconds, nseconds, rtcSync) < 0)
++ goto cleanup;
+
+- if (rv < 0)
+- goto endjob;
++ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
++ goto cleanup;
+
+ if (virDomainObjCheckActive(vm) < 0)
+ goto endjob;
+@@ -19526,7 +19542,7 @@ qemuDomainSetTime(virDomainPtr dom,
+ ret = 0;
+
+ endjob:
+- qemuDomainObjEndJobWithAgent(driver, vm);
++ qemuDomainObjEndJob(driver, vm);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+--
+2.26.2
+
diff --git a/SOURCES/libvirt-qemu-don-t-take-agent-and-monitor-job-for-shutdown.patch b/SOURCES/libvirt-qemu-don-t-take-agent-and-monitor-job-for-shutdown.patch
new file mode 100644
index 0000000..716786b
--- /dev/null
+++ b/SOURCES/libvirt-qemu-don-t-take-agent-and-monitor-job-for-shutdown.patch
@@ -0,0 +1,198 @@
+From 5975af3d23091c73737968cea32490bca31c0479 Mon Sep 17 00:00:00 2001
+Message-Id: <5975af3d23091c73737968cea32490bca31c0479@dist-git>
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Fri, 1 May 2020 16:53:37 -0500
+Subject: [PATCH] qemu: don't take agent and monitor job for shutdown
+
+We have to assume that the guest agent may be malicious so we don't want
+to allow any agent queries to block any other libvirt API. By holding
+a monitor job while we're querying the agent, we open ourselves up to a
+DoS. So split the function into separate parts: one that does the agent
+shutdown and one that does the monitor shutdown. Each part holds only a
+job of the appropriate type.
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 1cb8bc52c1035573a0c1a87f724a6c7dfee82f12)
+
+CVE-2019-20485
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Message-Id: <20200501215341.27683-2-jjongsma@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_driver.c | 121 ++++++++++++++++++++++++++---------------
+ 1 file changed, 77 insertions(+), 44 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 2852b96edd..bdc955e1fa 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -1913,6 +1913,77 @@ static int qemuDomainResume(virDomainPtr dom)
+ return ret;
+ }
+
++
++static int
++qemuDomainShutdownFlagsAgent(virQEMUDriverPtr driver,
++ virDomainObjPtr vm,
++ bool isReboot,
++ bool reportError)
++{
++ int ret = -1;
++ qemuAgentPtr agent;
++ int agentFlag = isReboot ? QEMU_AGENT_SHUTDOWN_REBOOT :
++ QEMU_AGENT_SHUTDOWN_POWERDOWN;
++
++ if (qemuDomainObjBeginAgentJob(driver, vm,
++ QEMU_AGENT_JOB_MODIFY) < 0)
++ goto cleanup;
++
++ if (virDomainObjGetState(vm, NULL) != VIR_DOMAIN_RUNNING) {
++ virReportError(VIR_ERR_OPERATION_INVALID,
++ "%s", _("domain is not running"));
++ goto endjob;
++ }
++
++ if (!qemuDomainAgentAvailable(vm, reportError))
++ goto endjob;
++
++ qemuDomainSetFakeReboot(driver, vm, false);
++ agent = qemuDomainObjEnterAgent(vm);
++ ret = qemuAgentShutdown(agent, agentFlag);
++ qemuDomainObjExitAgent(vm, agent);
++
++ endjob:
++ qemuDomainObjEndAgentJob(vm);
++
++ cleanup:
++ return ret;
++}
++
++
++static int
++qemuDomainShutdownFlagsMonitor(virQEMUDriverPtr driver,
++ virDomainObjPtr vm,
++ bool isReboot)
++{
++ int ret = -1;
++ qemuDomainObjPrivatePtr priv;
++
++ priv = vm->privateData;
++
++ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
++ goto cleanup;
++
++ if (virDomainObjGetState(vm, NULL) != VIR_DOMAIN_RUNNING) {
++ virReportError(VIR_ERR_OPERATION_INVALID,
++ "%s", _("domain is not running"));
++ goto endjob;
++ }
++
++ qemuDomainSetFakeReboot(driver, vm, isReboot);
++ qemuDomainObjEnterMonitor(driver, vm);
++ ret = qemuMonitorSystemPowerdown(priv->mon);
++ if (qemuDomainObjExitMonitor(driver, vm) < 0)
++ ret = -1;
++
++ endjob:
++ qemuDomainObjEndJob(driver, vm);
++
++ cleanup:
++ return ret;
++}
++
++
+ static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags)
+ {
+ virQEMUDriverPtr driver = dom->conn->privateData;
+@@ -1922,8 +1993,6 @@ static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags)
+ bool useAgent = false, agentRequested, acpiRequested;
+ bool isReboot = false;
+ bool agentForced;
+- qemuDomainAgentJob agentJob = QEMU_AGENT_JOB_NONE;
+- int agentFlag = QEMU_AGENT_SHUTDOWN_POWERDOWN;
+
+ virCheckFlags(VIR_DOMAIN_SHUTDOWN_ACPI_POWER_BTN |
+ VIR_DOMAIN_SHUTDOWN_GUEST_AGENT, -1);
+@@ -1934,7 +2003,6 @@ static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags)
+ if (vm->def->onPoweroff == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART ||
+ vm->def->onPoweroff == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART_RENAME) {
+ isReboot = true;
+- agentFlag = QEMU_AGENT_SHUTDOWN_REBOOT;
+ VIR_INFO("Domain on_poweroff setting overridden, attempting reboot");
+ }
+
+@@ -1949,62 +2017,27 @@ static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags)
+ if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
+- if (useAgent)
+- agentJob = QEMU_AGENT_JOB_MODIFY;
+-
+- if (qemuDomainObjBeginJobWithAgent(driver, vm,
+- QEMU_JOB_MODIFY,
+- agentJob) < 0)
+- goto cleanup;
+-
+- if (virDomainObjGetState(vm, NULL) != VIR_DOMAIN_RUNNING) {
+- virReportError(VIR_ERR_OPERATION_INVALID,
+- "%s", _("domain is not running"));
+- goto endjob;
+- }
+-
+ agentForced = agentRequested && !acpiRequested;
+- if (!qemuDomainAgentAvailable(vm, agentForced)) {
+- if (agentForced)
+- goto endjob;
+- useAgent = false;
+- }
+-
+-
+ if (useAgent) {
+- qemuAgentPtr agent;
+- qemuDomainSetFakeReboot(driver, vm, false);
+- agent = qemuDomainObjEnterAgent(vm);
+- ret = qemuAgentShutdown(agent, agentFlag);
+- qemuDomainObjExitAgent(vm, agent);
++ ret = qemuDomainShutdownFlagsAgent(driver, vm, isReboot, agentForced);
++ if (ret < 0 && agentForced)
++ goto cleanup;
+ }
+
+ /* If we are not enforced to use just an agent, try ACPI
+ * shutdown as well in case agent did not succeed.
+ */
+- if (!useAgent ||
+- (ret < 0 && (acpiRequested || !flags))) {
+-
++ if (!useAgent || (ret < 0 && (acpiRequested || !flags))) {
+ /* Even if agent failed, we have to check if guest went away
+ * by itself while our locks were down. */
+ if (useAgent && !virDomainObjIsActive(vm)) {
+ ret = 0;
+- goto endjob;
++ goto cleanup;
+ }
+
+- qemuDomainSetFakeReboot(driver, vm, isReboot);
+- qemuDomainObjEnterMonitor(driver, vm);
+- ret = qemuMonitorSystemPowerdown(priv->mon);
+- if (qemuDomainObjExitMonitor(driver, vm) < 0)
+- ret = -1;
++ ret = qemuDomainShutdownFlagsMonitor(driver, vm, isReboot);
+ }
+
+- endjob:
+- if (agentJob)
+- qemuDomainObjEndJobWithAgent(driver, vm);
+- else
+- qemuDomainObjEndJob(driver, vm);
+-
+ cleanup:
+ virDomainObjEndAPI(&vm);
+ return ret;
+--
+2.26.2
+
diff --git a/SOURCES/libvirt-qemu-remove-qemuDomainObjBegin-EndJobWithAgent.patch b/SOURCES/libvirt-qemu-remove-qemuDomainObjBegin-EndJobWithAgent.patch
new file mode 100644
index 0000000..c78f125
--- /dev/null
+++ b/SOURCES/libvirt-qemu-remove-qemuDomainObjBegin-EndJobWithAgent.patch
@@ -0,0 +1,227 @@
+From ff8c9ca6d8b5e74d59013d063cc12323622d8fb1 Mon Sep 17 00:00:00 2001
+Message-Id: <ff8c9ca6d8b5e74d59013d063cc12323622d8fb1@dist-git>
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Fri, 1 May 2020 16:53:41 -0500
+Subject: [PATCH] qemu: remove qemuDomainObjBegin/EndJobWithAgent()
+
+This function potentially grabs both a monitor job and an agent job at
+the same time. This is problematic because it means that a malicious (or
+just buggy) guest agent can cause a denial of service on the host. The
+presence of this function makes it easy to do the wrong thing and hold
+both jobs at the same time. All existing uses have already been removed
+by previous commits.
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 3c436c22a4f94c85c2b5e7b5fb84af48219d78e3)
+
+CVE-2019-20485
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Message-Id: <20200501215341.27683-6-jjongsma@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/THREADS.txt | 58 +++++-------------------------------------
+ src/qemu/qemu_domain.c | 56 ++++------------------------------------
+ src/qemu/qemu_domain.h | 7 -----
+ 3 files changed, 11 insertions(+), 110 deletions(-)
+
+diff --git a/src/qemu/THREADS.txt b/src/qemu/THREADS.txt
+index d17f3f4e0c..b34235075a 100644
+--- a/src/qemu/THREADS.txt
++++ b/src/qemu/THREADS.txt
+@@ -71,11 +71,12 @@ There are a number of locks on various objects
+
+ Agent job condition is then used when thread wishes to talk to qemu
+ agent monitor. It is possible to acquire just agent job
+- (qemuDomainObjBeginAgentJob), or only normal job
+- (qemuDomainObjBeginJob) or both at the same time
+- (qemuDomainObjBeginJobWithAgent). Which type of job to grab depends
+- whether caller wishes to communicate only with agent socket, or only
+- with qemu monitor socket or both, respectively.
++ (qemuDomainObjBeginAgentJob), or only normal job (qemuDomainObjBeginJob)
++ but not both at the same time. Holding an agent job and a normal job would
++ allow an unresponsive or malicious agent to block normal libvirt API and
++ potentially result in a denial of service. Which type of job to grab
++ depends whether caller wishes to communicate only with agent socket, or
++ only with qemu monitor socket.
+
+ Immediately after acquiring the virDomainObjPtr lock, any method
+ which intends to update state must acquire asynchronous, normal or
+@@ -151,18 +152,6 @@ To acquire the agent job condition
+
+
+
+-To acquire both normal and agent job condition
+-
+- qemuDomainObjBeginJobWithAgent()
+- - Waits until there is no normal and no agent job set
+- - Sets both job.active and job.agentActive with required job types
+-
+- qemuDomainObjEndJobWithAgent()
+- - Sets both job.active and job.agentActive to 0
+- - Signals on job.cond condition
+-
+-
+-
+ To acquire the asynchronous job condition
+
+ qemuDomainObjBeginAsyncJob()
+@@ -302,41 +291,6 @@ Design patterns
+ virDomainObjEndAPI(&obj);
+
+
+- * Invoking both monitor and agent commands on a virDomainObjPtr
+-
+- virDomainObjPtr obj;
+- qemuAgentPtr agent;
+-
+- obj = qemuDomObjFromDomain(dom);
+-
+- qemuDomainObjBeginJobWithAgent(obj, QEMU_JOB_TYPE, QEMU_AGENT_JOB_TYPE);
+-
+- if (!virDomainObjIsActive(dom))
+- goto cleanup;
+-
+- ...do prep work...
+-
+- if (!qemuDomainAgentAvailable(obj, true))
+- goto cleanup;
+-
+- agent = qemuDomainObjEnterAgent(obj);
+- qemuAgentXXXX(agent, ..);
+- qemuDomainObjExitAgent(obj, agent);
+-
+- ...
+-
+- qemuDomainObjEnterMonitor(obj);
+- qemuMonitorXXXX(priv->mon);
+- qemuDomainObjExitMonitor(obj);
+-
+- /* Alternatively, talk to the monitor first and then talk to the agent. */
+-
+- ...do final work...
+-
+- qemuDomainObjEndJobWithAgent(obj);
+- virDomainObjEndAPI(&obj);
+-
+-
+ * Running asynchronous job
+
+ virDomainObjPtr obj;
+diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
+index 3c67769771..b4792c9476 100644
+--- a/src/qemu/qemu_domain.c
++++ b/src/qemu/qemu_domain.c
+@@ -6905,26 +6905,6 @@ qemuDomainObjBeginAgentJob(virQEMUDriverPtr driver,
+ QEMU_ASYNC_JOB_NONE, false);
+ }
+
+-/**
+- * qemuDomainObjBeginJobWithAgent:
+- *
+- * Grabs both monitor and agent types of job. Use if caller talks to
+- * both monitor and guest agent. However, if @job (or @agentJob) is
+- * QEMU_JOB_NONE (or QEMU_AGENT_JOB_NONE) only agent job is acquired (or
+- * monitor job).
+- *
+- * To end job call qemuDomainObjEndJobWithAgent.
+- */
+-int
+-qemuDomainObjBeginJobWithAgent(virQEMUDriverPtr driver,
+- virDomainObjPtr obj,
+- qemuDomainJob job,
+- qemuDomainAgentJob agentJob)
+-{
+- return qemuDomainObjBeginJobInternal(driver, obj, job, agentJob,
+- QEMU_ASYNC_JOB_NONE, false);
+-}
+-
+ int qemuDomainObjBeginAsyncJob(virQEMUDriverPtr driver,
+ virDomainObjPtr obj,
+ qemuDomainAsyncJob asyncJob,
+@@ -7039,31 +7019,6 @@ qemuDomainObjEndAgentJob(virDomainObjPtr obj)
+ virCondBroadcast(&priv->job.cond);
+ }
+
+-void
+-qemuDomainObjEndJobWithAgent(virQEMUDriverPtr driver,
+- virDomainObjPtr obj)
+-{
+- qemuDomainObjPrivatePtr priv = obj->privateData;
+- qemuDomainJob job = priv->job.active;
+- qemuDomainAgentJob agentJob = priv->job.agentActive;
+-
+- priv->jobs_queued--;
+-
+- VIR_DEBUG("Stopping both jobs: %s %s (async=%s vm=%p name=%s)",
+- qemuDomainJobTypeToString(job),
+- qemuDomainAgentJobTypeToString(agentJob),
+- qemuDomainAsyncJobTypeToString(priv->job.asyncJob),
+- obj, obj->def->name);
+-
+- qemuDomainObjResetJob(priv);
+- qemuDomainObjResetAgentJob(priv);
+- if (qemuDomainTrackJob(job))
+- qemuDomainObjSaveJob(driver, obj);
+- /* We indeed need to wake up ALL threads waiting because
+- * grabbing a job requires checking more variables. */
+- virCondBroadcast(&priv->job.cond);
+-}
+-
+ void
+ qemuDomainObjEndAsyncJob(virQEMUDriverPtr driver, virDomainObjPtr obj)
+ {
+@@ -7097,9 +7052,9 @@ qemuDomainObjAbortAsyncJob(virDomainObjPtr obj)
+ * obj must be locked before calling
+ *
+ * To be called immediately before any QEMU monitor API call
+- * Must have already either called qemuDomainObjBeginJob() or
+- * qemuDomainObjBeginJobWithAgent() and checked that the VM is
+- * still active; may not be used for nested async jobs.
++ * Must have already called qemuDomainObjBeginJob() and checked
++ * that the VM is still active; may not be used for nested async
++ * jobs.
+ *
+ * To be followed with qemuDomainObjExitMonitor() once complete
+ */
+@@ -7216,9 +7171,8 @@ qemuDomainObjEnterMonitorAsync(virQEMUDriverPtr driver,
+ * obj must be locked before calling
+ *
+ * To be called immediately before any QEMU agent API call.
+- * Must have already called qemuDomainObjBeginAgentJob() or
+- * qemuDomainObjBeginJobWithAgent() and checked that the VM is
+- * still active.
++ * Must have already called qemuDomainObjBeginAgentJob() and
++ * checked that the VM is still active.
+ *
+ * To be followed with qemuDomainObjExitAgent() once complete
+ */
+diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h
+index daed69e856..e4cc65c4cc 100644
+--- a/src/qemu/qemu_domain.h
++++ b/src/qemu/qemu_domain.h
+@@ -527,11 +527,6 @@ int qemuDomainObjBeginAgentJob(virQEMUDriverPtr driver,
+ virDomainObjPtr obj,
+ qemuDomainAgentJob agentJob)
+ ATTRIBUTE_RETURN_CHECK;
+-int qemuDomainObjBeginJobWithAgent(virQEMUDriverPtr driver,
+- virDomainObjPtr obj,
+- qemuDomainJob job,
+- qemuDomainAgentJob agentJob)
+- ATTRIBUTE_RETURN_CHECK;
+ int qemuDomainObjBeginAsyncJob(virQEMUDriverPtr driver,
+ virDomainObjPtr obj,
+ qemuDomainAsyncJob asyncJob,
+@@ -550,8 +545,6 @@ int qemuDomainObjBeginJobNowait(virQEMUDriverPtr driver,
+ void qemuDomainObjEndJob(virQEMUDriverPtr driver,
+ virDomainObjPtr obj);
+ void qemuDomainObjEndAgentJob(virDomainObjPtr obj);
+-void qemuDomainObjEndJobWithAgent(virQEMUDriverPtr driver,
+- virDomainObjPtr obj);
+ void qemuDomainObjEndAsyncJob(virQEMUDriverPtr driver,
+ virDomainObjPtr obj);
+ void qemuDomainObjAbortAsyncJob(virDomainObjPtr obj);
+--
+2.26.2
+
diff --git a/SOURCES/libvirt-qemu-remove-use-of-qemuDomainObjBeginJobWithAgent.patch b/SOURCES/libvirt-qemu-remove-use-of-qemuDomainObjBeginJobWithAgent.patch
new file mode 100644
index 0000000..d864ad2
--- /dev/null
+++ b/SOURCES/libvirt-qemu-remove-use-of-qemuDomainObjBeginJobWithAgent.patch
@@ -0,0 +1,75 @@
+From 618400932103613617f361134e446c6937c747c6 Mon Sep 17 00:00:00 2001
+Message-Id: <618400932103613617f361134e446c6937c747c6@dist-git>
+From: Jonathon Jongsma <jjongsma@redhat.com>
+Date: Fri, 1 May 2020 16:53:40 -0500
+Subject: [PATCH] qemu: remove use of qemuDomainObjBeginJobWithAgent()
+
+This function will be removed in a future commit because it allows the
+caller to acquire both monitor and agent jobs at the same time. Holding
+both job types creates a vulnerability to denial of service from a
+malicious guest agent.
+
+qemuDomainSetVcpusFlags() always passes NONE for either the monitor job
+or the agent job (and thus is not vulnerable to the DoS), so we can
+simply replace this function with the functions for acquiring the
+appropriate type of job.
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit ffa5066a49686e61991759983b0d7d1ba707fe50)
+
+CVE-2019-20485
+
+Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
+Message-Id: <20200501215341.27683-5-jjongsma@redhat.com>
+Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
+---
+ src/qemu/qemu_driver.c | 17 ++++++++---------
+ 1 file changed, 8 insertions(+), 9 deletions(-)
+
+diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
+index 0f6641702d..e1d9bbae99 100644
+--- a/src/qemu/qemu_driver.c
++++ b/src/qemu/qemu_driver.c
+@@ -5003,8 +5003,6 @@ qemuDomainSetVcpusFlags(virDomainPtr dom,
+ virDomainDefPtr persistentDef;
+ bool hotpluggable = !!(flags & VIR_DOMAIN_VCPU_HOTPLUGGABLE);
+ bool useAgent = !!(flags & VIR_DOMAIN_VCPU_GUEST);
+- qemuDomainJob job = QEMU_JOB_NONE;
+- qemuDomainAgentJob agentJob = QEMU_AGENT_JOB_NONE;
+ int ret = -1;
+
+ virCheckFlags(VIR_DOMAIN_AFFECT_LIVE |
+@@ -5019,13 +5017,14 @@ qemuDomainSetVcpusFlags(virDomainPtr dom,
+ if (virDomainSetVcpusFlagsEnsureACL(dom->conn, vm->def, flags) < 0)
+ goto cleanup;
+
+- if (useAgent)
+- agentJob = QEMU_AGENT_JOB_MODIFY;
+- else
+- job = QEMU_JOB_MODIFY;
+
+- if (qemuDomainObjBeginJobWithAgent(driver, vm, job, agentJob) < 0)
+- goto cleanup;
++ if (useAgent) {
++ if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_MODIFY) < 0)
++ goto cleanup;
++ } else {
++ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0)
++ goto cleanup;
++ }
+
+ if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0)
+ goto endjob;
+@@ -5039,7 +5038,7 @@ qemuDomainSetVcpusFlags(virDomainPtr dom,
+ nvcpus, hotpluggable);
+
+ endjob:
+- if (agentJob)
++ if (useAgent)
+ qemuDomainObjEndAgentJob(vm);
+ else
+ qemuDomainObjEndJob(driver, vm);
+--
+2.26.2
+
diff --git a/SOURCES/libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch b/SOURCES/libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch
new file mode 100644
index 0000000..23740fd
--- /dev/null
+++ b/SOURCES/libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch
@@ -0,0 +1,58 @@
+From 803a78645bdde8369ead4bc2f63fa878b2ac8d18 Mon Sep 17 00:00:00 2001
+Message-Id: <803a78645bdde8369ead4bc2f63fa878b2ac8d18@dist-git>
+From: Yi Li <yili@winhong.com>
+Date: Thu, 30 Apr 2020 09:49:12 -0400
+Subject: [PATCH] storage: Fix daemon crash on lookup storagepool by targetpath
+
+Causing a crash when storagePoolLookupByTargetPath beacuse of
+Some types of storage pool have no target elements.
+Use STREQ_NULLABLE instead of STREQ
+Avoids segfaults when using NULL arguments.
+
+Core was generated by `/usr/sbin/libvirtd'.
+Program terminated with signal 11, Segmentation fault.
+(gdb) bt
+0 0x0000ffff9e951388 in strcmp () from /lib64/libc.so.6
+1 0x0000ffff92103e9c in storagePoolLookupByTargetPathCallback (
+ obj=0xffff7009aab0, opaque=0xffff801058b0) at storage/storage_driver.c:1649
+2 0x0000ffff9f2c52a4 in virStoragePoolObjListSearchCb (
+ payload=0xffff801058b0, name=<optimized out>, opaque=<optimized out>)
+ at conf/virstorageobj.c:476
+3 0x0000ffff9f1f2f7c in virHashSearch (ctable=0xffff800f4f60,
+ iter=iter@entry=0xffff9f2c5278 <virStoragePoolObjListSearchCb>,
+ data=data@entry=0xffff95af7488, name=name@entry=0x0) at util/virhash.c:696
+4 0x0000ffff9f2c64f0 in virStoragePoolObjListSearch (pools=0xffff800f2ce0,
+ searcher=searcher@entry=0xffff92103e68 <storagePoolLookupByTargetPathCallback>,
+ opaque=<optimized out>) at conf/virstorageobj.c:505
+5 0x0000ffff92101f54 in storagePoolLookupByTargetPath (conn=0xffff5c0009f0,
+path=0xffff7009a850 "/vms/images") at storage/storage_driver.c:1672
+
+Reviewed-by: Cole Robinson <crobinso@redhat.com>
+Signed-off-by: Yi Li <yili@winhong.com>
+(cherry picked from commit dfff16a7c261f8d28e3abe60a47165f845fa952f)
+
+CVE-2020-10703
+
+Signed-off-by: Cole Robinson <crobinso@redhat.com>
+Message-Id: <b15361aee7febad6be8d0b5f7973c9ed48f0910f.1588254371.git.crobinso@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/storage/storage_driver.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
+index 254818e308..f82f38d5e5 100644
+--- a/src/storage/storage_driver.c
++++ b/src/storage/storage_driver.c
+@@ -1647,7 +1647,7 @@ storagePoolLookupByTargetPathCallback(virStoragePoolObjPtr obj,
+ return false;
+
+ def = virStoragePoolObjGetDef(obj);
+- return STREQ(path, def->target.path);
++ return STREQ_NULLABLE(path, def->target.path);
+ }
+
+
+--
+2.26.2
+
diff --git a/SOURCES/libvirt-virDevMapperGetTargetsImpl-Be-tolerant-to-kernels-without-DM-support.patch b/SOURCES/libvirt-virDevMapperGetTargetsImpl-Be-tolerant-to-kernels-without-DM-support.patch
new file mode 100644
index 0000000..d5c94e5
--- /dev/null
+++ b/SOURCES/libvirt-virDevMapperGetTargetsImpl-Be-tolerant-to-kernels-without-DM-support.patch
@@ -0,0 +1,53 @@
+From a6cfd2e03c77fb54c384d66681900e32a80efdb7 Mon Sep 17 00:00:00 2001
+Message-Id: <a6cfd2e03c77fb54c384d66681900e32a80efdb7@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 11 May 2020 16:40:11 +0200
+Subject: [PATCH] virDevMapperGetTargetsImpl: Be tolerant to kernels without DM
+ support
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1591732
+
+If kernel is compiled without CONFIG_BLK_DEV_DM enabled, there is
+no /dev/mapper/control device and since dm_task_create() actually
+does some ioctl() over it creating a task may fail.
+To cope with this handle ENOENT and ENODEV gracefully.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 170d1e31df064108d064910c77f6316eb6726985)
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1823976
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Message-Id: <46a1c183bae2cf5070b54883d7a7540124822049.1589207928.git.mprivozn@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/util/virdevmapper.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
+index b365f20145..7da0dba911 100644
+--- a/src/util/virdevmapper.c
++++ b/src/util/virdevmapper.c
+@@ -87,8 +87,14 @@ virDevMapperGetTargetsImpl(const char *path,
+ return ret;
+ }
+
+- if (!(dmt = dm_task_create(DM_DEVICE_DEPS)))
++ if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) {
++ if (errno == ENOENT || errno == ENODEV) {
++ /* It's okay. Kernel is probably built without
++ * devmapper support. */
++ ret = 0;
++ }
+ return ret;
++ }
+
+ if (!dm_task_set_name(dmt, path)) {
+ if (errno == ENOENT) {
+--
+2.26.2
+
diff --git a/SOURCES/libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-not-a-devmapper-target.patch b/SOURCES/libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-not-a-devmapper-target.patch
new file mode 100644
index 0000000..623b863
--- /dev/null
+++ b/SOURCES/libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-not-a-devmapper-target.patch
@@ -0,0 +1,65 @@
+From 41d442c08990becc8adac8b6eede016a381d21ec Mon Sep 17 00:00:00 2001
+Message-Id: <41d442c08990becc8adac8b6eede016a381d21ec@dist-git>
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Mon, 11 May 2020 16:40:12 +0200
+Subject: [PATCH] virDevMapperGetTargetsImpl: quit early if device is not a
+ devmapper target
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+As suggested in the linked bug, libvirt should firstly check
+whether the major number of the device is device mapper major.
+Because if it isn't subsequent DM_DEVICE_DEPS task may not only
+fail, but also yield different results. In the bugzilla this is
+demonstrated by creating a devmapper target named 'loop0' and
+then creating loop target /dev/loop0. When the latter is then
+passed to a domain, our virDevMapperGetTargetsImpl() function
+blindly asks devmapper to provide target dependencies for
+/dev/loop0 and because of the way devmapper APIs work, it will
+'sanitize' the input by using the last component only which is
+'loop0' and thus return different results than expected.
+
+Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1823976
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
+(cherry picked from commit 01626c668ecfbe465d18799ac4628e6127ea1d47)
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Message-Id: <a3bc79b319dae9f6b4e6813399f2e5dc0ec077df.1589207928.git.mprivozn@redhat.com>
+Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
+---
+ src/util/virdevmapper.c | 10 ++++++++++
+ 1 file changed, 10 insertions(+)
+
+diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
+index 7da0dba911..a360c3e677 100644
+--- a/src/util/virdevmapper.c
++++ b/src/util/virdevmapper.c
+@@ -69,6 +69,7 @@ virDevMapperGetTargetsImpl(const char *path,
+ char ***devPaths_ret,
+ unsigned int ttl)
+ {
++ struct stat sb;
+ struct dm_task *dmt = NULL;
+ struct dm_deps *deps;
+ struct dm_info info;
+@@ -87,6 +88,15 @@ virDevMapperGetTargetsImpl(const char *path,
+ return ret;
+ }
+
++ if (stat(path, &sb) < 0) {
++ if (errno == ENOENT)
++ return 0;
++ return -1;
++ }
++
++ if (!dm_is_dm_major(major(sb.st_dev)))
++ return 0;
++
+ if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) {
+ if (errno == ENOENT || errno == ENODEV) {
+ /* It's okay. Kernel is probably built without
+--
+2.26.2
+
diff --git a/SOURCES/libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch b/SOURCES/libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch
index 8ba56a5..ea293dd 100644
--- a/SOURCES/libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch
+++ b/SOURCES/libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch
@@ -1,5 +1,5 @@
-From 4dc1cae9cd7838a2d9dabac09d96955d95445449 Mon Sep 17 00:00:00 2001
-Message-Id: <4dc1cae9cd7838a2d9dabac09d96955d95445449@dist-git>
+From 7fd73c056fa74ab32f5976ccbd2ce516f504088a Mon Sep 17 00:00:00 2001
+Message-Id: <7fd73c056fa74ab32f5976ccbd2ce516f504088a@dist-git>
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 23 Mar 2020 08:49:58 +0100
Subject: [PATCH] vmx: make 'fileName' optional for CD-ROMs
@@ -27,6 +27,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1816034
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Message-Id: <20200323074958.377314-3-ptoscano@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/vmx/vmx.c | 25 ++++++++++---------
.../vmx2xmldata/vmx2xml-cdrom-ide-empty-2.vmx | 4 +++
@@ -196,5 +197,5 @@ index 7289dc91e3..143ff4c937 100644
DO_TEST("cdrom-ide-raw-device", "cdrom-ide-raw-device");
DO_TEST("cdrom-ide-raw-auto-detect", "cdrom-ide-raw-auto-detect");
--
-2.25.2
+2.26.0
diff --git a/SOURCES/libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch b/SOURCES/libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch
index 7ac8a59..de0aff4 100644
--- a/SOURCES/libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch
+++ b/SOURCES/libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch
@@ -1,5 +1,5 @@
-From 9258231d7ff91fab9af219a38fbf36f95d48aeb5 Mon Sep 17 00:00:00 2001
-Message-Id: <9258231d7ff91fab9af219a38fbf36f95d48aeb5@dist-git>
+From 6c30bd386f7039cf6f8828f4b8fa0865395828e1 Mon Sep 17 00:00:00 2001
+Message-Id: <6c30bd386f7039cf6f8828f4b8fa0865395828e1@dist-git>
From: Pino Toscano <ptoscano@redhat.com>
Date: Mon, 23 Mar 2020 08:49:57 +0100
Subject: [PATCH] vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk()
@@ -23,6 +23,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1816034
Signed-off-by: Pino Toscano <ptoscano@redhat.com>
Message-Id: <20200323074958.377314-2-ptoscano@redhat.com>
+Reviewed-by: Ján Tomko <jtomko@redhat.com>
---
src/vmx/vmx.c | 48 ++++++++++++++++++++++++------------------------
1 file changed, 24 insertions(+), 24 deletions(-)
@@ -108,5 +109,5 @@ index 937bf0c96b..89409870ff 100644
virDomainDiskSetType(*def, VIR_STORAGE_TYPE_BLOCK);
--
-2.25.2
+2.26.0
diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec
index 91e38c4..62685ce 100644
--- a/SPECS/libvirt.spec
+++ b/SPECS/libvirt.spec
@@ -253,7 +253,7 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 4.5.0
-Release: 33%{?dist}.1%{?extra_release}
+Release: 36%{?dist}%{?extra_release}
License: LGPLv2+
URL: https://libvirt.org/
@@ -632,6 +632,15 @@ Patch366: libvirt-node_device_conf-Don-t-leak-physical_function-in-virNodeDevice
Patch367: libvirt-RHEL-qemuCheckUnprivSGIO-use-sysfs_path-to-get-unpriv_sgio.patch
Patch368: libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch
Patch369: libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch
+Patch370: libvirt-RHEL-Fix-migration-on-AMD-hosts-with-old-QEMU.patch
+Patch371: libvirt-qemu-don-t-take-agent-and-monitor-job-for-shutdown.patch
+Patch372: libvirt-qemu-don-t-hold-a-monitor-and-agent-job-for-reboot.patch
+Patch373: libvirt-qemu-don-t-hold-monitor-and-agent-job-when-setting-time.patch
+Patch374: libvirt-qemu-remove-use-of-qemuDomainObjBeginJobWithAgent.patch
+Patch375: libvirt-qemu-remove-qemuDomainObjBegin-EndJobWithAgent.patch
+Patch376: libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch
+Patch377: libvirt-virDevMapperGetTargetsImpl-Be-tolerant-to-kernels-without-DM-support.patch
+Patch378: libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-not-a-devmapper-target.patch
Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release}
@@ -2534,9 +2543,22 @@ exit 0
%changelog
-* Mon Mar 23 2020 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-33.el7_8.1
-- vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (rhbz#1816035)
-- vmx: make 'fileName' optional for CD-ROMs (rhbz#1816035)
+* Wed May 13 2020 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-36
+- virDevMapperGetTargetsImpl: Be tolerant to kernels without DM support (rhbz#1823976)
+- virDevMapperGetTargetsImpl: quit early if device is not a devmapper target (rhbz#1823976)
+
+* Thu May 7 2020 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-35
+- qemu: don't take agent and monitor job for shutdown (CVE-2019-20485)
+- qemu: don't hold a monitor and agent job for reboot (CVE-2019-20485)
+- qemu: don't hold monitor and agent job when setting time (CVE-2019-20485)
+- qemu: remove use of qemuDomainObjBeginJobWithAgent() (CVE-2019-20485)
+- qemu: remove qemuDomainObjBegin/EndJobWithAgent() (CVE-2019-20485)
+- storage: Fix daemon crash on lookup storagepool by targetpath (CVE-2020-10703)
+
+* Fri Apr 24 2020 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-34
+- vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (rhbz#1815269)
+- vmx: make 'fileName' optional for CD-ROMs (rhbz#1815269)
+- RHEL: Fix migration on AMD hosts with old QEMU (rhbz#1815572)
* Fri Feb 14 2020 Jiri Denemark <jdenemar@redhat.com> - 4.5.0-33
- RHEL: qemuCheckUnprivSGIO: use @sysfs_path to get unpriv_sgio (rhbz#1801139)