From 2d83549a67a03493261255ca3a7584655a875848 Mon Sep 17 00:00:00 2001
From: JiaboFeng <fengjiabo1@huawei.com>
Date: Wed, 30 Jul 2025 17:42:41 +0800
Subject: [PATCH] libvirt update to version 9.10.0-17

- Revert "Automatically unbind all devices' driver under same root port and bind to vfio-pci in the context of CVM."

Signed-off-by: JiaboFeng <fengjiabo1@huawei.com>
(cherry picked from commit 7acbb8f959794c01e4553cfc0d9f7645768f8de5)
---
 ...ally-unbind-all-devices-driver-under.patch | 158 ++++++++++++++++++
 libvirt.spec                                  |   6 +-
 2 files changed, 163 insertions(+), 1 deletion(-)
 create mode 100644 Revert-Automatically-unbind-all-devices-driver-under.patch

diff --git a/Revert-Automatically-unbind-all-devices-driver-under.patch b/Revert-Automatically-unbind-all-devices-driver-under.patch
new file mode 100644
index 0000000..8b0d62e
--- /dev/null
+++ b/Revert-Automatically-unbind-all-devices-driver-under.patch
@@ -0,0 +1,158 @@
+From 13a0a3f735afbadbd8fbd42caa1dee57fdcc8ce4 Mon Sep 17 00:00:00 2001
+From: yxk <yangxiangkai@huawei.com>
+Date: Thu, 8 May 2025 16:13:12 +0000
+Subject: [PATCH] Revert "Automatically unbind all devices' driver under same
+ root port and bind to vfio-pci in the context of CVM."
+
+This reverts commit f81b9542f0d172c06cb38efb61b472786533ae3f.
+
+Given that virtCCA now supports SR-IOV, where the PF manages secure
+VFs in REE, we must avoid unbinding drivers for other PFs and
+VFs sharing the same root port.
+
+Signed-off-by: yxk <yangxiangkai@huawei.com>
+---
+ src/hypervisor/virhostdev.c |  5 ----
+ src/hypervisor/virhostdev.h |  1 -
+ src/qemu/qemu_process.c     |  3 ---
+ src/util/virpci.c           | 53 -------------------------------------
+ src/util/virpci.h           |  3 ---
+ 5 files changed, 65 deletions(-)
+
+diff --git a/src/hypervisor/virhostdev.c b/src/hypervisor/virhostdev.c
+index 43493fc64a..4672bd8785 100644
+--- a/src/hypervisor/virhostdev.c
++++ b/src/hypervisor/virhostdev.c
+@@ -707,8 +707,6 @@ virHostdevPreparePCIDevicesImpl(virHostdevManager *mgr,
+          * shared across guests. Check if that's the case. */
+         if (usesVFIO) {
+             data.usesVFIO = true;
+-            if (flags & VIR_HOSTDEV_SP_SECURE)
+-                virtccaVirPCIDeviceSetSecure(pci, true);
+             if (virPCIDeviceAddressIOMMUGroupIterate(devAddr,
+                                                      virHostdevIsPCINodeDeviceUsed,
+                                                      &data) < 0)
+@@ -737,9 +735,6 @@ virHostdevPreparePCIDevicesImpl(virHostdevManager *mgr,
+              * actual device going forward */
+             VIR_DEBUG("Detaching managed PCI device %s",
+                       virPCIDeviceGetName(pci));
+-            if (virtccaVirPCIDeviceGetSecure(pci))
+-                virtccaVirPCIDeviceDetach(pci);
+-
+             if (virPCIDeviceDetach(pci,
+                                    mgr->activePCIHostdevs,
+                                    mgr->inactivePCIHostdevs) < 0)
+diff --git a/src/hypervisor/virhostdev.h b/src/hypervisor/virhostdev.h
+index 6150d327aa..642d753ffb 100644
+--- a/src/hypervisor/virhostdev.h
++++ b/src/hypervisor/virhostdev.h
+@@ -38,7 +38,6 @@ typedef enum {
+     VIR_HOSTDEV_SP_PCI               = (1 << 8), /* support pci passthrough */
+     VIR_HOSTDEV_SP_USB               = (1 << 9), /* support usb passthrough */
+     VIR_HOSTDEV_SP_SCSI              = (1 << 10), /* support scsi passthrough */
+-    VIR_HOSTDEV_SP_SECURE            = (1 << 11), /* support secure dev passthrough */
+ } virHostdevFlag;
+ 
+ 
+diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
+index 9c8d787df7..49eaed4d6f 100644
+--- a/src/qemu/qemu_process.c
++++ b/src/qemu/qemu_process.c
+@@ -7518,9 +7518,6 @@ qemuProcessPrepareHost(virQEMUDriver *driver,
+         hostdev_flags |= VIR_HOSTDEV_STRICT_ACS_CHECK;
+     if (flags & VIR_QEMU_PROCESS_START_NEW)
+         hostdev_flags |= VIR_HOSTDEV_COLD_BOOT;
+-    if (vm->def->sec && vm->def->sec->sectype == VIR_DOMAIN_LAUNCH_SECURITY_CVM) {
+-        hostdev_flags |= VIR_HOSTDEV_SP_SECURE;
+-    }
+     if (qemuHostdevPrepareDomainDevices(driver, vm->def, hostdev_flags) < 0)
+         return -1;
+ 
+diff --git a/src/util/virpci.c b/src/util/virpci.c
+index c5ae10956f..baacde4c14 100644
+--- a/src/util/virpci.c
++++ b/src/util/virpci.c
+@@ -94,9 +94,6 @@ struct _virPCIDevice {
+     bool          unbind_from_stub;
+     bool          remove_slot;
+     bool          reprobe;
+-    
+-    /* used by virtcca CoDA feature*/
+-    bool          secure;
+ };
+ 
+ struct _virPCIDeviceList {
+@@ -1380,56 +1377,6 @@ virPCIDeviceDetach(virPCIDevice *dev,
+     return 0;
+ }
+ 
+-int
+-virtccaVirPCIDeviceDetach(virPCIDevice *_dev)
+-{
+-    int ret = 0;
+-    virPCIDevice *dev = NULL;
+-    size_t i, j;
+-
+-    /* Given bus number, there are 32 devices and 8 functions */
+-    for (i = 0; i < 32; i++) {
+-        for (j = 0; j < 8; j++) {
+-            virPCIDeviceAddress devAddr = {.domain = _dev->address.domain,
+-                                           .bus = _dev->address.bus,
+-                                           .slot = i, .function = j};
+-            g_autofree char *name = virPCIDeviceAddressAsString(&devAddr);
+-            g_autofree char *path = g_strdup_printf(PCI_SYSFS "devices/%s/config", name);
+-
+-            if (!virFileExists(path))
+-                continue;
+-
+-            if (!(dev = virPCIDeviceNew(&devAddr)))
+-                continue;
+-
+-            virPCIDeviceSetStubDriverType(dev, VIR_PCI_STUB_DRIVER_VFIO);
+-
+-            if (virPCIDeviceBindToStub(dev) < 0) {
+-                ret = -1;
+-                goto cleanup;
+-            }
+-            virPCIDeviceFree(dev);
+-        }
+-    }
+-    return ret;
+-
+-cleanup:
+-    virPCIDeviceFree(dev);
+-    return ret;
+-}
+-
+-bool
+-virtccaVirPCIDeviceGetSecure(virPCIDevice *dev)
+-{
+-    return dev->secure;
+-}
+-
+-void
+-virtccaVirPCIDeviceSetSecure(virPCIDevice *dev, bool secure)
+-{
+-    dev->secure = secure;
+-}
+-
+ /*
+  * Pre-condition: inactivePCIHostdevs & activePCIHostdevs
+  * are locked
+diff --git a/src/util/virpci.h b/src/util/virpci.h
+index 7cc754f4af..faca6cf6f9 100644
+--- a/src/util/virpci.h
++++ b/src/util/virpci.h
+@@ -302,9 +302,6 @@ void virPCIEDeviceInfoFree(virPCIEDeviceInfo *dev);
+ 
+ void virPCIDeviceAddressFree(virPCIDeviceAddress *address);
+ 
+-int virtccaVirPCIDeviceDetach(virPCIDevice *dev);
+-bool virtccaVirPCIDeviceGetSecure(virPCIDevice *dev);
+-void virtccaVirPCIDeviceSetSecure(virPCIDevice *dev, bool secure);
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIDevice, virPCIDeviceFree);
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIDeviceAddress, virPCIDeviceAddressFree);
+ G_DEFINE_AUTOPTR_CLEANUP_FUNC(virPCIEDeviceInfo, virPCIEDeviceInfoFree);
+-- 
+2.41.0.windows.1
+
diff --git a/libvirt.spec b/libvirt.spec
index 81cbef1..6c5e52f 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -262,7 +262,7 @@
 Summary: Library providing a simple virtualization API
 Name: libvirt
 Version: 9.10.0
-Release: 16
+Release: 17
 License: LGPLv2+
 URL: https://libvirt.org/
 
@@ -340,6 +340,7 @@ Patch0066: Revert-qemu-command-Delegate-qemuBuildDriveStr-to-SD.patch
 Patch0067: Revert-qemu-Remove-pre-blockdev-PFLASH-setup.patch
 Patch0068: qemu_command-get-disk-alias-from-disk-instead-of-nod.patch
 Patch0069: migration-Add-the-VIR_MIGRATE_RETURNPATH-flag.patch
+Patch0070: Revert-Automatically-unbind-all-devices-driver-under.patch
 
 
 Requires: libvirt-daemon = %{version}-%{release}
@@ -2632,6 +2633,9 @@ exit 0
 %endif
 
 %changelog
+* Wed Jul 30 2025 JiaboFeng <fengjiabo1@huawei.com> - 9.10.0-17
+- Revert "Automatically unbind all devices' driver under same root port and bind to vfio-pci in the context of CVM."
+
 * Thu May 29 2025 AlexChen <alex.chen@huawei.com> - 9.10.0-16
 - migration: Add the VIR_MIGRATE_RETURNPATH flag
 
-- 
Gitee