diff --git a/06e7ebb6-rpc-invoke-dispatch-unlocked.patch b/06e7ebb6-rpc-invoke-dispatch-unlocked.patch
new file mode 100644
index 0000000..6521958
--- /dev/null
+++ b/06e7ebb6-rpc-invoke-dispatch-unlocked.patch
@@ -0,0 +1,237 @@
+commit 06e7ebb60894ab43b5224752514049c1a286ee06
+Author: Daniel P. Berrangé <berrange@redhat.com>
+Date:   Tue Mar 6 17:05:16 2018 +0000
+
+    rpc: invoke the message dispatch callback with client unlocked
+    
+    Currently if the virNetServer instance is created with max_workers==0 to
+    request a non-threaded dispatch process, we deadlock during dispatch
+    
+      #0  0x00007fb845f6f42d in __lll_lock_wait () from /lib64/libpthread.so.0
+      #1  0x00007fb845f681d3 in pthread_mutex_lock () from /lib64/libpthread.so.0
+      #2  0x000055a6628bb305 in virMutexLock (m=<optimized out>) at util/virthread.c:89
+      #3  0x000055a6628a984b in virObjectLock (anyobj=<optimized out>) at util/virobject.c:435
+      #4  0x000055a66286fcde in virNetServerClientIsAuthenticated (client=client@entry=0x55a663a7b960)
+          at rpc/virnetserverclient.c:1565
+      #5  0x000055a66286cc17 in virNetServerProgramDispatchCall (msg=0x55a663a7bc50, client=0x55a663a7b960,
+          server=0x55a663a77550, prog=0x55a663a78020) at rpc/virnetserverprogram.c:407
+      #6  virNetServerProgramDispatch (prog=prog@entry=0x55a663a78020, server=server@entry=0x55a663a77550,
+          client=client@entry=0x55a663a7b960, msg=msg@entry=0x55a663a7bc50) at rpc/virnetserverprogram.c:307
+      #7  0x000055a662871d56 in virNetServerProcessMsg (msg=0x55a663a7bc50, prog=0x55a663a78020, client=0x55a663a7b960,
+          srv=0x55a663a77550) at rpc/virnetserver.c:148
+      #8  virNetServerDispatchNewMessage (client=0x55a663a7b960, msg=0x55a663a7bc50, opaque=0x55a663a77550)
+          at rpc/virnetserver.c:227
+      #9  0x000055a66286e4c0 in virNetServerClientDispatchRead (client=client@entry=0x55a663a7b960)
+          at rpc/virnetserverclient.c:1322
+      #10 0x000055a66286e813 in virNetServerClientDispatchEvent (sock=<optimized out>, events=1, opaque=0x55a663a7b960)
+          at rpc/virnetserverclient.c:1507
+      #11 0x000055a662899be0 in virEventPollDispatchHandles (fds=0x55a663a7bdc0, nfds=<optimized out>)
+          at util/vireventpoll.c:508
+      #12 virEventPollRunOnce () at util/vireventpoll.c:657
+      #13 0x000055a6628982f1 in virEventRunDefaultImpl () at util/virevent.c:327
+      #14 0x000055a6628716d5 in virNetDaemonRun (dmn=0x55a663a771b0) at rpc/virnetdaemon.c:858
+      #15 0x000055a662864c1d in main (argc=<optimized out>,
+      #argv=0x7ffd105b4838) at logging/log_daemon.c:1235
+    
+    Reviewed-by: John Ferlan <jferlan@redhat.com>
+    Reviewed-by: Jim Fehlig <jfehlig@suse.com>
+    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+
+Index: libvirt-4.1.0/src/rpc/virnetserverclient.c
+===================================================================
+--- libvirt-4.1.0.orig/src/rpc/virnetserverclient.c
++++ libvirt-4.1.0/src/rpc/virnetserverclient.c
+@@ -143,7 +143,7 @@ VIR_ONCE_GLOBAL_INIT(virNetServerClient)
+ 
+ static void virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque);
+ static void virNetServerClientUpdateEvent(virNetServerClientPtr client);
+-static void virNetServerClientDispatchRead(virNetServerClientPtr client);
++static virNetMessagePtr virNetServerClientDispatchRead(virNetServerClientPtr client);
+ static int virNetServerClientSendMessageLocked(virNetServerClientPtr client,
+                                                virNetMessagePtr msg);
+ 
+@@ -340,18 +340,40 @@ virNetServerClientCheckAccess(virNetServ
+ }
+ #endif
+ 
++static void virNetServerClientDispatchMessage(virNetServerClientPtr client,
++                                              virNetMessagePtr msg)
++{
++    virObjectLock(client);
++    if (!client->dispatchFunc) {
++        virNetMessageFree(msg);
++        client->wantClose = true;
++        virObjectUnlock(client);
++    } else {
++        virObjectUnlock(client);
++        /* Accessing 'client' is safe, because virNetServerClientSetDispatcher
++         * only permits setting 'dispatchFunc' once, so if non-NULL, it will
++         * never change again
++         */
++        client->dispatchFunc(client, msg, client->dispatchOpaque);
++    }
++}
++
+ 
+ static void virNetServerClientSockTimerFunc(int timer,
+                                             void *opaque)
+ {
+     virNetServerClientPtr client = opaque;
++    virNetMessagePtr msg = NULL;
+     virObjectLock(client);
+     virEventUpdateTimeout(timer, -1);
+     /* Although client->rx != NULL when this timer is enabled, it might have
+      * changed since the client was unlocked in the meantime. */
+     if (client->rx)
+-        virNetServerClientDispatchRead(client);
++        msg = virNetServerClientDispatchRead(client);
+     virObjectUnlock(client);
++
++    if (msg)
++        virNetServerClientDispatchMessage(client, msg);
+ }
+ 
+ 
+@@ -950,8 +972,13 @@ void virNetServerClientSetDispatcher(vir
+                                      void *opaque)
+ {
+     virObjectLock(client);
+-    client->dispatchFunc = func;
+-    client->dispatchOpaque = opaque;
++    /* Only set dispatcher if not already set, to avoid race
++     * with dispatch code that runs without locks held
++     */
++    if (!client->dispatchFunc) {
++        client->dispatchFunc = func;
++        client->dispatchOpaque = opaque;
++    }
+     virObjectUnlock(client);
+ }
+ 
+@@ -1196,26 +1223,32 @@ static ssize_t virNetServerClientRead(vi
+ 
+ 
+ /*
+- * Read data until we get a complete message to process
++ * Read data until we get a complete message to process.
++ * If a complete message is available, it will be returned
++ * from this method, for dispatch by the caller.
++ *
++ * Returns a complete message for dispatch, or NULL if none is
++ * yet available, or an error occurred. On error, the wantClose
++ * flag will be set.
+  */
+-static void virNetServerClientDispatchRead(virNetServerClientPtr client)
++static virNetMessagePtr virNetServerClientDispatchRead(virNetServerClientPtr client)
+ {
+  readmore:
+     if (client->rx->nfds == 0) {
+         if (virNetServerClientRead(client) < 0) {
+             client->wantClose = true;
+-            return; /* Error */
++            return NULL; /* Error */
+         }
+     }
+ 
+     if (client->rx->bufferOffset < client->rx->bufferLength)
+-        return; /* Still not read enough */
++        return NULL; /* Still not read enough */
+ 
+     /* Either done with length word header */
+     if (client->rx->bufferLength == VIR_NET_MESSAGE_LEN_MAX) {
+         if (virNetMessageDecodeLength(client->rx) < 0) {
+             client->wantClose = true;
+-            return;
++            return NULL;
+         }
+ 
+         virNetServerClientUpdateEvent(client);
+@@ -1236,7 +1269,7 @@ static void virNetServerClientDispatchRe
+             virNetMessageQueueServe(&client->rx);
+             virNetMessageFree(msg);
+             client->wantClose = true;
+-            return;
++            return NULL;
+         }
+ 
+         /* Now figure out if we need to read more data to get some
+@@ -1246,7 +1279,7 @@ static void virNetServerClientDispatchRe
+                 virNetMessageQueueServe(&client->rx);
+                 virNetMessageFree(msg);
+                 client->wantClose = true;
+-                return; /* Error */
++                return NULL; /* Error */
+             }
+ 
+             /* Try getting the file descriptors (may fail if blocking) */
+@@ -1256,7 +1289,7 @@ static void virNetServerClientDispatchRe
+                     virNetMessageQueueServe(&client->rx);
+                     virNetMessageFree(msg);
+                     client->wantClose = true;
+-                    return;
++                    return NULL;
+                 }
+                 if (rv == 0) /* Blocking */
+                     break;
+@@ -1270,7 +1303,7 @@ static void virNetServerClientDispatchRe
+                  * again next time we run this method
+                  */
+                 client->rx->bufferOffset = client->rx->bufferLength;
+-                return;
++                return NULL;
+             }
+         }
+ 
+@@ -1313,16 +1346,6 @@ static void virNetServerClientDispatchRe
+             }
+         }
+ 
+-        /* Send off to for normal dispatch to workers */
+-        if (msg) {
+-            if (!client->dispatchFunc) {
+-                virNetMessageFree(msg);
+-                client->wantClose = true;
+-            } else {
+-                client->dispatchFunc(client, msg, client->dispatchOpaque);
+-            }
+-        }
+-
+         /* Possibly need to create another receive buffer */
+         if (client->nrequests < client->nrequests_max) {
+             if (!(client->rx = virNetMessageNew(true))) {
+@@ -1338,6 +1361,8 @@ static void virNetServerClientDispatchRe
+             }
+         }
+         virNetServerClientUpdateEvent(client);
++
++        return msg;
+     }
+ }
+ 
+@@ -1482,6 +1507,7 @@ static void
+ virNetServerClientDispatchEvent(virNetSocketPtr sock, int events, void *opaque)
+ {
+     virNetServerClientPtr client = opaque;
++    virNetMessagePtr msg = NULL;
+ 
+     virObjectLock(client);
+ 
+@@ -1504,7 +1530,7 @@ virNetServerClientDispatchEvent(virNetSo
+                 virNetServerClientDispatchWrite(client);
+             if (events & VIR_EVENT_HANDLE_READABLE &&
+                 client->rx)
+-                virNetServerClientDispatchRead(client);
++                msg = virNetServerClientDispatchRead(client);
+ #if WITH_GNUTLS
+         }
+ #endif
+@@ -1517,6 +1543,9 @@ virNetServerClientDispatchEvent(virNetSo
+         client->wantClose = true;
+ 
+     virObjectUnlock(client);
++
++    if (msg)
++        virNetServerClientDispatchMessage(client, msg);
+ }
+ 
+ 
diff --git a/33c6eb96-fix-libvirtd-reload-deadlock.patch b/33c6eb96-fix-libvirtd-reload-deadlock.patch
new file mode 100644
index 0000000..40251b1
--- /dev/null
+++ b/33c6eb96-fix-libvirtd-reload-deadlock.patch
@@ -0,0 +1,115 @@
+commit 33c6eb9689eb51dfe31dd05b24b3b6b1c948c267
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Thu Mar 8 15:04:48 2018 -0700
+
+    libvirtd: fix potential deadlock when reloading
+    
+    It is possible to deadlock libvirtd when concurrently starting a domain
+    and restarting the daemon. Threads involved in the deadlock are
+    
+    Thread 4 (Thread 0x7fc13b53e700 (LWP 64084)):
+    /lib64/libpthread.so.0
+        at util/virthread.c:154
+        at qemu/qemu_monitor.c:1083
+        cmd=0x7fc110017700, scm_fd=-1, reply=0x7fc13b53d318) at
+    qemu/qemu_monitor_json.c:305
+    cmd=0x7fc110017700,
+        reply=0x7fc13b53d318) at qemu/qemu_monitor_json.c:335
+        at qemu/qemu_monitor_json.c:1298
+        at qemu/qemu_monitor.c:1697
+        vm=0x7fc110003d00, asyncJob=QEMU_ASYNC_JOB_START) at qemu/qemu_process.c:1763
+    vm=0x7fc110003d00,
+        asyncJob=6, logCtxt=0x7fc1100089c0) at qemu/qemu_process.c:1835
+        vm=0x7fc110003d00, asyncJob=6, logCtxt=0x7fc1100089c0) at
+    qemu/qemu_process.c:2180
+    driver=0x7fc12004e1e0,
+        vm=0x7fc110003d00, asyncJob=QEMU_ASYNC_JOB_START, incoming=0x0, snapshot=0x0,
+        vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=17) at qemu/qemu_process.c:6111
+    driver=0x7fc12004e1e0,
+        vm=0x7fc110003d00, updatedCPU=0x0, asyncJob=QEMU_ASYNC_JOB_START,
+    migrateFrom=0x0,
+        migrateFd=-1, migratePath=0x0, snapshot=0x0,
+    vmop=VIR_NETDEV_VPORT_PROFILE_OP_CREATE,
+        flags=17) at qemu/qemu_process.c:6334
+        xml=0x7fc110000ed0 "<!--\nWARNING: THIS IS AN AUTO-GENERATED FILE.
+    CHANGES TO IT ARE LIKELY TO BE\nOVERWRITTEN AND LOST. Changes to this xml
+    configuration should be made using:\n  virsh edit testvv\nor other
+    applicati"..., flags=0) at qemu/qemu_driver.c:1776
+    ...
+    
+    Thread 1 (Thread 0x7fc143c66880 (LWP 64081)):
+    /lib64/libpthread.so.0
+        at util/virthread.c:122
+    conf/nwfilter_conf.c:159
+    sig=0x7ffe0a831e30,
+        opaque=0x0) at remote/remote_daemon.c:724
+        opaque=0x558c5328b230) at rpc/virnetdaemon.c:654
+        at util/vireventpoll.c:508
+    rpc/virnetdaemon.c:858
+    remote/remote_daemon.c:1496
+    (gdb) thr 1
+    [Switching to thread 1 (Thread 0x7fc143c66880 (LWP 64081))]
+    /lib64/libpthread.so.0
+    (gdb) f 1
+        at util/virthread.c:122
+    122         pthread_rwlock_wrlock(&m->lock);
+    (gdb) p updateLock
+    $1 = {lock = {__data = {__lock = 0, __nr_readers = 1, __readers_wakeup = 0,
+          __writer_wakeup = 0, __nr_readers_queued = 0, __nr_writers_queued = 1,
+    __writer = 0,
+          __shared = 0, __rwelision = 0 '\000', __pad1 = "\000\000\000\000\000\000",
+          __pad2 = 0, __flags = 0},
+        __size = "\000\000\000\000\001", '\000' <repeats 15 times>, "\001",
+    '\000' <repeats 34 times>, __align = 4294967296}}
+    
+    Reloading of the nwfilter driver is stuck waiting for a write lock, which
+    already has a reader (from qemuDomainCreateXML) in the critical section.
+    Since the reload occurs in the context of the main event loop thread,
+    libvirtd becomes deadlocked. The deadlock can be avoided by offloading
+    the reload work to a thread.
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+    Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+
+Index: libvirt-4.1.0/src/remote/remote_daemon.c
+===================================================================
+--- libvirt-4.1.0.orig/src/remote/remote_daemon.c
++++ libvirt-4.1.0/src/remote/remote_daemon.c
+@@ -709,20 +709,32 @@ static void daemonShutdownHandler(virNet
+     virNetDaemonQuit(dmn);
+ }
+ 
++static void daemonReloadHandlerThread(void *opague ATTRIBUTE_UNUSED)
++{
++    VIR_INFO("Reloading configuration on SIGHUP");
++    virHookCall(VIR_HOOK_DRIVER_DAEMON, "-",
++                VIR_HOOK_DAEMON_OP_RELOAD, SIGHUP, "SIGHUP", NULL, NULL);
++    if (virStateReload() < 0)
++        VIR_WARN("Error while reloading drivers");
++}
++
+ static void daemonReloadHandler(virNetDaemonPtr dmn ATTRIBUTE_UNUSED,
+                                 siginfo_t *sig ATTRIBUTE_UNUSED,
+                                 void *opaque ATTRIBUTE_UNUSED)
+ {
++    virThread thr;
++
+     if (!driversInitialized) {
+         VIR_WARN("Drivers are not initialized, reload ignored");
+         return;
+     }
+ 
+-    VIR_INFO("Reloading configuration on SIGHUP");
+-    virHookCall(VIR_HOOK_DRIVER_DAEMON, "-",
+-                VIR_HOOK_DAEMON_OP_RELOAD, SIGHUP, "SIGHUP", NULL, NULL);
+-    if (virStateReload() < 0)
+-        VIR_WARN("Error while reloading drivers");
++    if (virThreadCreate(&thr, false, daemonReloadHandlerThread, NULL) < 0) {
++        /*
++         * Not much we can do on error here except log it.
++         */
++        VIR_ERROR(_("Failed to create thread to handle daemon restart"));
++    }
+ }
+ 
+ static int daemonSetupSignals(virNetDaemonPtr dmn)
diff --git a/464889ff-rpc-aquire-ref-dispatch.patch b/464889ff-rpc-aquire-ref-dispatch.patch
new file mode 100644
index 0000000..d021de2
--- /dev/null
+++ b/464889ff-rpc-aquire-ref-dispatch.patch
@@ -0,0 +1,49 @@
+commit 464889fff8174f560316c998f9f38814c9a57771
+Author: Daniel P. Berrangé <berrange@redhat.com>
+Date:   Tue Mar 6 16:07:35 2018 +0000
+
+    rpc: push ref acquisition into RPC dispatch function
+    
+    There's no reason why the virNetServerClientDispatchRead method needs to
+    acquire an extra reference on the "client" object. An extra reference is
+    only needed if the registered dispatch callback is going to keep hold of
+    the "client" for work in the background. Thus we can push reference
+    acquisition into virNetServerDispatchNewMessage.
+    
+    Reviewed-by: John Ferlan <jferlan@redhat.com>
+    Reviewed-by: Jim Fehlig <jfehlig@suse.com>
+    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+
+Index: libvirt-4.1.0/src/rpc/virnetserver.c
+===================================================================
+--- libvirt-4.1.0.orig/src/rpc/virnetserver.c
++++ libvirt-4.1.0/src/rpc/virnetserver.c
+@@ -217,9 +217,11 @@ static int virNetServerDispatchNewMessag
+             priority = virNetServerProgramGetPriority(prog, msg->header.proc);
+         }
+ 
++        virObjectRef(client);
+         ret = virThreadPoolSendJob(srv->workers, priority, job);
+ 
+         if (ret < 0) {
++            virObjectUnref(client);
+             VIR_FREE(job);
+             virObjectUnref(prog);
+         }
+Index: libvirt-4.1.0/src/rpc/virnetserverclient.c
+===================================================================
+--- libvirt-4.1.0.orig/src/rpc/virnetserverclient.c
++++ libvirt-4.1.0/src/rpc/virnetserverclient.c
+@@ -1315,12 +1315,10 @@ static void virNetServerClientDispatchRe
+ 
+         /* Send off to for normal dispatch to workers */
+         if (msg) {
+-            virObjectRef(client);
+             if (!client->dispatchFunc ||
+                 client->dispatchFunc(client, msg, client->dispatchOpaque) < 0) {
+                 virNetMessageFree(msg);
+                 client->wantClose = true;
+-                virObjectUnref(client);
+                 return;
+             }
+         }
diff --git a/86cae503-rpc-fix-pre-exec.patch b/86cae503-rpc-fix-pre-exec.patch
new file mode 100644
index 0000000..2098a44
--- /dev/null
+++ b/86cae503-rpc-fix-pre-exec.patch
@@ -0,0 +1,40 @@
+commit 86cae503a4404e068a11285564a0ee3862d1570c
+Author: Daniel P. Berrangé <berrange@redhat.com>
+Date:   Tue Mar 6 17:56:57 2018 +0000
+
+    rpc: avoid crashing in pre-exec if no workers are present
+    
+    If max_workers is set to zero, then the worker thread pool won't be
+    created, so when serializing state for pre-exec we must set various
+    parameters to zero.
+    
+    Reviewed-by: John Ferlan <jferlan@redhat.com>
+    Reviewed-by: Jim Fehlig <jfehlig@suse.com>
+    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+
+Index: libvirt-4.1.0/src/rpc/virnetserver.c
+===================================================================
+--- libvirt-4.1.0.orig/src/rpc/virnetserver.c
++++ libvirt-4.1.0/src/rpc/virnetserver.c
+@@ -580,18 +580,21 @@ virJSONValuePtr virNetServerPreExecResta
+         goto error;
+ 
+     if (virJSONValueObjectAppendNumberUint(object, "min_workers",
++                                           srv->workers == NULL ? 0 :
+                                            virThreadPoolGetMinWorkers(srv->workers)) < 0) {
+         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("Cannot set min_workers data in JSON document"));
+         goto error;
+     }
+     if (virJSONValueObjectAppendNumberUint(object, "max_workers",
++                                           srv->workers == NULL ? 0 :
+                                            virThreadPoolGetMaxWorkers(srv->workers)) < 0) {
+         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("Cannot set max_workers data in JSON document"));
+         goto error;
+     }
+     if (virJSONValueObjectAppendNumberUint(object, "priority_workers",
++                                           srv->workers == NULL ? 0 :
+                                            virThreadPoolGetPriorityWorkers(srv->workers)) < 0) {
+         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("Cannot set priority_workers data in JSON document"));
diff --git a/c6f1d519-rpc-simplify-dispatch.patch b/c6f1d519-rpc-simplify-dispatch.patch
new file mode 100644
index 0000000..ade4a80
--- /dev/null
+++ b/c6f1d519-rpc-simplify-dispatch.patch
@@ -0,0 +1,117 @@
+commit c6f1d5190bbe62dae6b32081c0edd141ee19e82f
+Author: Daniel P. Berrangé <berrange@redhat.com>
+Date:   Tue Mar 6 16:44:34 2018 +0000
+
+    rpc: simplify calling convention of virNetServerClientDispatchFunc
+    
+    Currently virNetServerClientDispatchFunc implementations are only
+    responsible for free'ing the "msg" parameter upon success. Simplify the
+    calling convention by making it their unconditional responsibility to
+    free the "msg", and close the client if desired.
+    
+    Reviewed-by: John Ferlan <jferlan@redhat.com>
+    Reviewed-by: Jim Fehlig <jfehlig@suse.com>
+    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+
+Index: libvirt-4.1.0/src/rpc/virnetserver.c
+===================================================================
+--- libvirt-4.1.0.orig/src/rpc/virnetserver.c
++++ libvirt-4.1.0/src/rpc/virnetserver.c
+@@ -182,15 +182,14 @@ static void virNetServerHandleJob(void *
+     VIR_FREE(job);
+ }
+ 
+-static int virNetServerDispatchNewMessage(virNetServerClientPtr client,
+-                                          virNetMessagePtr msg,
+-                                          void *opaque)
++static void virNetServerDispatchNewMessage(virNetServerClientPtr client,
++                                           virNetMessagePtr msg,
++                                           void *opaque)
+ {
+     virNetServerPtr srv = opaque;
+     virNetServerProgramPtr prog = NULL;
+     unsigned int priority = 0;
+     size_t i;
+-    int ret = -1;
+ 
+     VIR_DEBUG("server=%p client=%p message=%p",
+               srv, client, msg);
+@@ -207,7 +206,7 @@ static int virNetServerDispatchNewMessag
+         virNetServerJobPtr job;
+ 
+         if (VIR_ALLOC(job) < 0)
+-            goto cleanup;
++            goto error;
+ 
+         job->client = client;
+         job->msg = msg;
+@@ -218,21 +217,24 @@ static int virNetServerDispatchNewMessag
+         }
+ 
+         virObjectRef(client);
+-        ret = virThreadPoolSendJob(srv->workers, priority, job);
+-
+-        if (ret < 0) {
++        if (virThreadPoolSendJob(srv->workers, priority, job) < 0) {
+             virObjectUnref(client);
+             VIR_FREE(job);
+             virObjectUnref(prog);
++            goto error;
+         }
+     } else {
+-        ret = virNetServerProcessMsg(srv, client, prog, msg);
++        if (virNetServerProcessMsg(srv, client, prog, msg) < 0)
++            goto error;
+     }
+ 
+- cleanup:
+     virObjectUnlock(srv);
++    return;
+ 
+-    return ret;
++ error:
++    virNetMessageFree(msg);
++    virNetServerClientClose(client);
++    virObjectUnlock(srv);
+ }
+ 
+ /**
+Index: libvirt-4.1.0/src/rpc/virnetserverclient.c
+===================================================================
+--- libvirt-4.1.0.orig/src/rpc/virnetserverclient.c
++++ libvirt-4.1.0/src/rpc/virnetserverclient.c
+@@ -1315,11 +1315,11 @@ static void virNetServerClientDispatchRe
+ 
+         /* Send off to for normal dispatch to workers */
+         if (msg) {
+-            if (!client->dispatchFunc ||
+-                client->dispatchFunc(client, msg, client->dispatchOpaque) < 0) {
++            if (!client->dispatchFunc) {
+                 virNetMessageFree(msg);
+                 client->wantClose = true;
+-                return;
++            } else {
++                client->dispatchFunc(client, msg, client->dispatchOpaque);
+             }
+         }
+ 
+Index: libvirt-4.1.0/src/rpc/virnetserverclient.h
+===================================================================
+--- libvirt-4.1.0.orig/src/rpc/virnetserverclient.h
++++ libvirt-4.1.0/src/rpc/virnetserverclient.h
+@@ -36,9 +36,12 @@ typedef virNetServer *virNetServerPtr;
+ typedef struct _virNetServerClient virNetServerClient;
+ typedef virNetServerClient *virNetServerClientPtr;
+ 
+-typedef int (*virNetServerClientDispatchFunc)(virNetServerClientPtr client,
+-                                              virNetMessagePtr msg,
+-                                              void *opaque);
++/* This function owns the "msg" pointer it is passed and
++ * must arrange for virNetMessageFree to be called on it
++ */
++typedef void (*virNetServerClientDispatchFunc)(virNetServerClientPtr client,
++                                               virNetMessagePtr msg,
++                                               void *opaque);
+ 
+ typedef int (*virNetServerClientFilterFunc)(virNetServerClientPtr client,
+                                             virNetMessagePtr msg,
diff --git a/eefabb38-rpc-virtlockd-virtlogd-single-thread.patch b/eefabb38-rpc-virtlockd-virtlogd-single-thread.patch
new file mode 100644
index 0000000..e55d4f3
--- /dev/null
+++ b/eefabb38-rpc-virtlockd-virtlogd-single-thread.patch
@@ -0,0 +1,66 @@
+commit eefabb38c34cb61edcb4a233ebc7c764547e515e
+Author: Daniel P. Berrangé <berrange@redhat.com>
+Date:   Tue Mar 6 17:12:20 2018 +0000
+
+    rpc: switch virtlockd and virtlogd to use single-threaded dispatch
+    
+    Currently both virtlogd and virtlockd use a single worker thread for
+    dispatching RPC messages. Even this is overkill and their RPC message
+    handling callbacks all run in short, finite time and so blocking the
+    main loop is not an issue like you'd see in libvirtd with long running
+    QEMU commands.
+    
+    By setting max_workers==0, we can turn off the worker thread and run
+    these daemons single threaded. This in turn fixes a serious problem in
+    the virtlockd daemon whereby it loses all fcntl() locks at re-exec due
+    to multiple threads existing. fcntl() locks only get preserved if the
+    process is single threaded at time of exec().
+    
+    Reviewed-by: John Ferlan <jferlan@redhat.com>
+    Reviewed-by: Jim Fehlig <jfehlig@suse.com>
+    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+
+Index: libvirt-4.1.0/src/locking/lock_daemon.c
+===================================================================
+--- libvirt-4.1.0.orig/src/locking/lock_daemon.c
++++ libvirt-4.1.0/src/locking/lock_daemon.c
+@@ -165,7 +165,7 @@ virLockDaemonNew(virLockDaemonConfigPtr
+         goto error;
+ 
+     if (!(srv = virNetServerNew("virtlockd", 1,
+-                                1, 1, 0, config->max_clients,
++                                0, 0, 0, config->max_clients,
+                                 config->max_clients, -1, 0,
+                                 NULL,
+                                 virLockDaemonClientNew,
+@@ -180,7 +180,7 @@ virLockDaemonNew(virLockDaemonConfigPtr
+     srv = NULL;
+ 
+     if (!(srv = virNetServerNew("admin", 1,
+-                                1, 1, 0, config->admin_max_clients,
++                                0, 0, 0, config->admin_max_clients,
+                                 config->admin_max_clients, -1, 0,
+                                 NULL,
+                                 remoteAdmClientNew,
+Index: libvirt-4.1.0/src/logging/log_daemon.c
+===================================================================
+--- libvirt-4.1.0.orig/src/logging/log_daemon.c
++++ libvirt-4.1.0/src/logging/log_daemon.c
+@@ -154,7 +154,7 @@ virLogDaemonNew(virLogDaemonConfigPtr co
+         goto error;
+ 
+     if (!(srv = virNetServerNew("virtlogd", 1,
+-                                1, 1, 0, config->max_clients,
++                                0, 0, 0, config->max_clients,
+                                 config->max_clients, -1, 0,
+                                 NULL,
+                                 virLogDaemonClientNew,
+@@ -169,7 +169,7 @@ virLogDaemonNew(virLogDaemonConfigPtr co
+     srv = NULL;
+ 
+     if (!(srv = virNetServerNew("admin", 1,
+-                                1, 1, 0, config->admin_max_clients,
++                                0, 0, 0, config->admin_max_clients,
+                                 config->admin_max_clients, -1, 0,
+                                 NULL,
+                                 remoteAdmClientNew,
diff --git a/fb327ac2-virtlockd-admin-socket.patch b/fb327ac2-virtlockd-admin-socket.patch
new file mode 100644
index 0000000..15af471
--- /dev/null
+++ b/fb327ac2-virtlockd-admin-socket.patch
@@ -0,0 +1,29 @@
+commit fb327ac2c3d721b4002852c520d9f39a35183e0d
+Author: Jim Fehlig <jfehlig@suse.com>
+Date:   Wed Mar 14 16:42:39 2018 -0600
+
+    lockd: fix typo in virtlockd-admin.socket
+    
+    Commit ce7ae55ea1 introduced a typo in virtlockd-admin socket file
+    
+    /usr/lib/systemd/system/virtlockd-admin.socket:7: Unknown lvalue
+    'Server' in section 'Socket'
+    
+    Change 'Server' to 'Service'.
+    
+    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+    Reviewed-by: Erik Skultety <eskultet@redhat.com>
+
+Index: libvirt-4.1.0/src/locking/virtlockd-admin.socket.in
+===================================================================
+--- libvirt-4.1.0.orig/src/locking/virtlockd-admin.socket.in
++++ libvirt-4.1.0/src/locking/virtlockd-admin.socket.in
+@@ -4,7 +4,7 @@ Before=libvirtd.service
+ 
+ [Socket]
+ ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock
+-Server=virtlockd.service
++Service=virtlockd.service
+ 
+ [Install]
+ WantedBy=sockets.target
diff --git a/fbf31e1a-CVE-2018-1064.patch b/fbf31e1a-CVE-2018-1064.patch
new file mode 100644
index 0000000..fd9f682
--- /dev/null
+++ b/fbf31e1a-CVE-2018-1064.patch
@@ -0,0 +1,51 @@
+commit fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
+Author: Daniel P. Berrangé <berrange@redhat.com>
+Date:   Thu Mar 1 14:55:26 2018 +0000
+
+    qemu: avoid denial of service reading from QEMU guest agent (CVE-2018-1064)
+    
+    We read from the agent until seeing a \r\n pair to indicate a completed
+    reply or event. To avoid memory denial-of-service though, we must have a
+    size limit on amount of data we buffer. 10 MB is large enough that it
+    ought to cope with normal agent replies, and small enough that we're not
+    consuming unreasonable mem.
+    
+    This is identical to the flaw we had reading from the QEMU monitor
+    as CVE-2018-5748, so rather embarrassing that we forgot to fix
+    the agent code at the same time.
+    
+    Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
+
+Index: libvirt-4.1.0/src/qemu/qemu_agent.c
+===================================================================
+--- libvirt-4.1.0.orig/src/qemu/qemu_agent.c
++++ libvirt-4.1.0/src/qemu/qemu_agent.c
+@@ -53,6 +53,15 @@ VIR_LOG_INIT("qemu.qemu_agent");
+ #define DEBUG_IO 0
+ #define DEBUG_RAW_IO 0
+ 
++/* We read from QEMU until seeing a \r\n pair to indicate a
++ * completed reply or event. To avoid memory denial-of-service
++ * though, we must have a size limit on amount of data we
++ * buffer. 10 MB is large enough that it ought to cope with
++ * normal QEMU replies, and small enough that we're not
++ * consuming unreasonable mem.
++ */
++#define QEMU_AGENT_MAX_RESPONSE (10 * 1024 * 1024)
++
+ /* When you are the first to uncomment this,
+  * don't forget to uncomment the corresponding
+  * part in qemuAgentIOProcessEvent as well.
+@@ -535,6 +544,12 @@ qemuAgentIORead(qemuAgentPtr mon)
+     int ret = 0;
+ 
+     if (avail < 1024) {
++        if (mon->bufferLength >= QEMU_AGENT_MAX_RESPONSE) {
++            virReportSystemError(ERANGE,
++                                 _("No complete agent response found in %d bytes"),
++                                 QEMU_AGENT_MAX_RESPONSE);
++            return -1;
++        }
+         if (VIR_REALLOC_N(mon->buffer,
+                           mon->bufferLength + 1024) < 0)
+             return -1;
diff --git a/libvirt.changes b/libvirt.changes
index 9d2c15a..dcd6fcb 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Thu Mar 15 15:44:28 UTC 2018 - jfehlig@suse.com
+
+- lockd: fix typo in virtlockd-admin.socket
+  fb327ac2-virtlockd-admin-socket.patch
+  bsc#1085386
+
+-------------------------------------------------------------------
+Wed Mar 14 21:40:53 UTC 2018 - jfehlig@suse.com
+
+- Install correct firewall service file depending on availability
+  of firewalld vs SuSEfirewall2
+  libvirtd-relocation-server.xml
+  bsc#1083455
+
+-------------------------------------------------------------------
+Wed Mar 14 13:52:55 UTC 2018 - jfehlig@suse.com
+
+- qemu: avoid denial of service reading from QEMU guest agent
+  CVE-2018-1064
+  fbf31e1a-CVE-2018-1064.patch
+  bsc#1083625
+
+-------------------------------------------------------------------
+Tue Mar 13 22:09:26 UTC 2018 - jfehlig@suse.com
+
+- virtlockd: fix loosing lock on re-exec
+  464889ff-rpc-aquire-ref-dispatch.patch,
+  c6f1d519-rpc-simplify-dispatch.patch,
+  06e7ebb6-rpc-invoke-dispatch-unlocked.patch,
+  86cae503-rpc-fix-pre-exec.patch,
+  eefabb38-rpc-virtlockd-virtlogd-single-thread.patch
+  bsc#1076861
+
+-------------------------------------------------------------------
+Tue Mar 13 21:55:47 UTC 2018 - jfehlig@suse.com
+
+- libvirtd: fix potential deadlock when reloading
+  33c6eb96-fix-libvirtd-reload-deadlock.patch
+  bsc#1079150
+
 -------------------------------------------------------------------
 Mon Mar  5 15:55:07 UTC 2018 - jfehlig@suse.com
 
diff --git a/libvirt.spec b/libvirt.spec
index b528708..5e5ef4f 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -107,7 +107,7 @@
 %endif
 
 # Enable firewalld support in newer code bases
-%if 0%{?suse_version} >= 1330
+%if 0%{?suse_version} >= 1500
     %define with_firewalld 1
 %endif
 
@@ -167,7 +167,11 @@
     %define with_cgconfig  0%{!?_without_cgconfig:1}
 %endif
 
-%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services
+%if %{with_firewalld}
+    %define _fwdefdir %{_prefix}/lib/firewalld/services
+%else
+    %define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services
+%endif
 
 Name:           libvirt
 Url:            http://libvirt.org/
@@ -307,6 +311,9 @@ BuildRequires:  wireshark-devel >= 2.1.0
 %if %{with_libssh}
 BuildRequires:  libssh-devel >= 0.7.0
 %endif
+%if %{with_firewalld}
+BuildRequires:  firewall-macros
+%endif
 
 Source0:        %{name}-%{version}.tar.xz
 Source1:        %{name}-%{version}.tar.xz.asc
@@ -314,10 +321,19 @@ Source2:        %{name}.keyring
 Source3:        libvirtd-relocation-server.fw
 Source4:        libvirt-supportconfig
 Source5:        suse-qemu-domain-hook.py
+Source6:        libvirtd-relocation-server.xml
 Source99:       baselibs.conf
 Source100:      %{name}-rpmlintrc
 # Upstream patches
 Patch0:         6b3d716e-keycodemap-py3.patch
+Patch1:         33c6eb96-fix-libvirtd-reload-deadlock.patch
+Patch2:         464889ff-rpc-aquire-ref-dispatch.patch
+Patch3:         c6f1d519-rpc-simplify-dispatch.patch
+Patch4:         06e7ebb6-rpc-invoke-dispatch-unlocked.patch
+Patch5:         86cae503-rpc-fix-pre-exec.patch
+Patch6:         eefabb38-rpc-virtlockd-virtlogd-single-thread.patch
+Patch7:         fbf31e1a-CVE-2018-1064.patch
+Patch8:         fb327ac2-virtlockd-admin-socket.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@@ -924,6 +940,14 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 pushd src/keycodemapdb
 %patch0 -p1
 popd
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
 %patch100 -p1
 %patch101 -p1
 %patch150 -p1
@@ -1252,10 +1276,14 @@ ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtlogd
 ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rcvirtlockd
 ln -s %{_sbindir}/service %{buildroot}/%{_sbindir}/rclibvirt-guests
 
-#install firewall definitions format is described here:
-#/usr/share/SuSEfirewall2/services/TEMPLATE
+# install firewall services for migration ports
 mkdir -p %{buildroot}/%{_fwdefdir}
+%if %{with_firewalld}
+install -m 644 %{S:6} %{buildroot}/%{_fwdefdir}/libvirtd-relocation-server.xml
+%else
+# Format described in /usr/share/SuSEfirewall2/services/TEMPLATE
 install -m 644 %{S:3} %{buildroot}/%{_fwdefdir}/libvirtd-relocation-server
+%endif
 
 # install supportconfig plugin
 mkdir -p %{buildroot}/usr/lib/supportconfig/plugins
@@ -1307,6 +1335,9 @@ fi
 %if %{with_apparmor}
 %apparmor_reload /etc/apparmor.d/usr.sbin.libvirtd
 %endif
+%if %{with_firewalld}
+%firewalld_reload
+%endif
 %service_add_post libvirtd.service virtlockd.service virtlockd.socket virtlogd.service virtlogd.socket virtlockd-admin.socket virtlogd-admin.socket
 %{fillup_only -n libvirtd}
 %{fillup_only -n virtlockd}
@@ -1445,7 +1476,13 @@ fi
 %config(noreplace) %{_sysconfdir}/apparmor.d/local/usr.lib.libvirt.virt-aa-helper
 %{_libdir}/%{name}/virt-aa-helper
 %endif
+%if %{with_firewalld}
+%dir %{_prefix}/lib/firewalld
+%dir %{_fwdefdir}
+%{_fwdefdir}/libvirtd-relocation-server.xml
+%else
 %config %{_fwdefdir}/libvirtd-relocation-server
+%endif
 %dir /usr/lib/supportconfig
 %dir /usr/lib/supportconfig/plugins
 /usr/lib/supportconfig/plugins/libvirt
diff --git a/libvirtd-relocation-server.xml b/libvirtd-relocation-server.xml
new file mode 100644
index 0000000..20c720c
--- /dev/null
+++ b/libvirtd-relocation-server.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>libvirtd Migration Server</short>
+  <description>Enables TCP ports for libvirtd native migration</description>
+  <port protocol="tcp" port="49152-49215"/>
+</service>