diff --git a/kata-containers.spec b/kata-containers.spec
index 4c38634d36b43289057753171aafbce89abe1258..0468f81677ff296dcd14b77b71fb58ddecb7ac70 100644
--- a/kata-containers.spec
+++ b/kata-containers.spec
@@ -2,7 +2,7 @@
 %global debug_package %{nil}
 
 %define VERSION 1.11.1
-%define RELEASE 19
+%define RELEASE 23
 
 Name:           kata-containers
 Version:        %{VERSION}
@@ -61,6 +61,11 @@ make proxy
 make shim
 make initrd
 cp -f ./runtime/containerd-shim-kata-v2 ./build/
+%ifarch %{ix86} x86_64
+sed -i 's/^hypervisor_params.*$/hypervisor_params = \"\"/' ./runtime/cli/config/configuration-qemu.toml
+%else
+sed -i 's/^hypervisor_params.*$/hypervisor_params = \"kvm-pit.lost_tick_policy=discard pcie-root-port.x-speed=16 pcie-root-port.x-width=32\"/' ./runtime/cli/config/configuration-qemu.toml
+%endif
 
 %install
 mkdir -p -m 755  %{buildroot}/var/lib/kata
@@ -93,6 +98,30 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u
 %doc
 
 %changelog
+* Thu Mar 3 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-23
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:modify runtime build flags
+
+* Mon Feb 28 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-22
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:use host_device drive when call blockdev-add
+
+* Fri Feb 25 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-21
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:modify hypervisor parameters in config file
+
+* Mon Feb 21 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-20
+- Type:enhancement
+- ID:NA
+- SUG:NA
+- DESC:check file size before add nic
+
 * Fri Jan 7 2022 yangfeiyu <yangfeiyu2@huawei.com> - 1.11.1-19
 - Type:bugfix
 - ID:NA
@@ -105,13 +134,13 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u
 - SUG:NA
 - DESC:bump version to 18
 
-* Wed June 16 2021 gaohuatao <gaohuatao@huawei.com> - 1.11.1-17
+* Wed Jun 16 2021 gaohuatao <gaohuatao@huawei.com> - 1.11.1-17
 - Type:bugfix
 - ID:NA
 - SUG:NA
 - DESC:move timeout of waitProcess to stop process
 
-* Thu June 3 2021 gaohuatao <gaohuatao@huawei.com> - 1.11.1-16
+* Thu Jun 3 2021 gaohuatao <gaohuatao@huawei.com> - 1.11.1-16
 - Type:bugfix
 - ID:NA
 - SUG:NA
@@ -141,7 +170,7 @@ install -p -m 640 -D ./runtime/cli/config/configuration-qemu.toml %{buildroot}/u
 - SUG:NA
 - DESC:add linkmode to resolve build error
 
-* Thu Mar 17 2021 jikui <jikui2@huawei.com> - 1.11.1-11
+* Wed Mar 17 2021 jikui <jikui2@huawei.com> - 1.11.1-11
 - Type:enhancement
 - ID:NA
 - SUG:NA
diff --git a/runtime/patches/0076-kata-containers-check-file-size-before-creating-cont.patch b/runtime/patches/0076-kata-containers-check-file-size-before-creating-cont.patch
new file mode 100644
index 0000000000000000000000000000000000000000..03dca413068d4cd93ef007ca87951e1752196367
--- /dev/null
+++ b/runtime/patches/0076-kata-containers-check-file-size-before-creating-cont.patch
@@ -0,0 +1,91 @@
+From e0fdf20e84cf8c31eab33c562cefd943a6656215 Mon Sep 17 00:00:00 2001
+From: holyfei <yangfeiyu20092010@163.com>
+Date: Mon, 21 Feb 2022 09:58:04 +0800
+Subject: [PATCH] kata-runtime: check file size before creating container and
+ doing network operation
+
+reason: check file size before creating container and doing network operation
+
+Signed-off-by: holyfei <yangfeiyu20092010@163.com>
+---
+ cli/network.go                | 9 +++++++++
+ pkg/katautils/config.go       | 9 +++++++++
+ virtcontainers/utils/utils.go | 3 +++
+ 3 files changed, 21 insertions(+)
+
+diff --git a/cli/network.go b/cli/network.go
+index 7dce052..9d3a6dc 100644
+--- a/cli/network.go
++++ b/cli/network.go
+@@ -8,11 +8,13 @@ package main
+ import (
+ 	"context"
+ 	"encoding/json"
++	"errors"
+ 	"fmt"
+ 	"os"
+ 
+ 	vcTypes "github.com/kata-containers/runtime/virtcontainers/pkg/types"
+ 	"github.com/kata-containers/runtime/virtcontainers/types"
++	"github.com/kata-containers/runtime/virtcontainers/utils"
+ 	"github.com/sirupsen/logrus"
+ 	"github.com/urfave/cli"
+ )
+@@ -261,6 +263,13 @@ func networkModifyCommand(ctx context.Context, containerID, input string, opType
+ 	if input == "-" {
+ 		f = os.Stdin
+ 	} else {
++		st, err := os.Lstat(input)
++		if err != nil {
++			return err
++		}
++		if st.Size() > utils.MaxFileSize {
++			return errors.New("network file too big")
++		}
+ 		f, err = os.Open(input)
+ 		if err != nil {
+ 			return err
+diff --git a/pkg/katautils/config.go b/pkg/katautils/config.go
+index fd7f5eb..b0d8f71 100644
+--- a/pkg/katautils/config.go
++++ b/pkg/katautils/config.go
+@@ -10,6 +10,7 @@ import (
+ 	"errors"
+ 	"fmt"
+ 	"io/ioutil"
++	"os"
+ 	"path/filepath"
+ 	"strings"
+ 
+@@ -1291,6 +1292,14 @@ func decodeConfig(configPath string) (tomlConfig, string, error) {
+ 		return tomlConf, "", fmt.Errorf("Cannot find usable config file (%v)", err)
+ 	}
+ 
++	st, err := os.Lstat(resolved)
++	if err != nil {
++		return tomlConf, resolved, err
++	}
++	if st.Size() > utils.MaxFileSize {
++		return tomlConf, resolved, errors.New("config file too big")
++	}
++
+ 	configData, err := ioutil.ReadFile(resolved)
+ 	if err != nil {
+ 		return tomlConf, resolved, err
+diff --git a/virtcontainers/utils/utils.go b/virtcontainers/utils/utils.go
+index d4dad40..04b6bce 100644
+--- a/virtcontainers/utils/utils.go
++++ b/virtcontainers/utils/utils.go
+@@ -41,6 +41,9 @@ const (
+ 	// Max support memory size in the Kata VM
+ 	MaxMemorySizeInMB   = 512 * 1024
+ 	MaxMemorySizeInByte = MaxMemorySizeInMB << MibToBytesShift
++
++	// Max file size for config and network json file
++	MaxFileSize = 1 * 1024 * 1024
+ )
+ 
+ // MaxSocketPathLen is the effective maximum Unix domain socket length.
+-- 
+2.27.0
+
diff --git a/runtime/patches/0077-kata-containers-use-host_device-drive-when-call-bloc.patch b/runtime/patches/0077-kata-containers-use-host_device-drive-when-call-bloc.patch
new file mode 100644
index 0000000000000000000000000000000000000000..04b649a017dfbc96bb9e1d08c7c0f4174a4d6535
--- /dev/null
+++ b/runtime/patches/0077-kata-containers-use-host_device-drive-when-call-bloc.patch
@@ -0,0 +1,41 @@
+From 17cb805ec270d069f46e4138fc039d714cb381f1 Mon Sep 17 00:00:00 2001
+From: holyfei <yangfeiyu20092010@163.com>
+Date: Mon, 28 Feb 2022 10:22:40 +0800
+Subject: [PATCH] kata-containers: use host_device drive when call blockdev-add
+
+reason: use host_device drive when call blockdev-add
+
+Signed-off-by: holyfei <yangfeiyu20092010@163.com>
+---
+ vendor/github.com/intel/govmm/qemu/qmp.go | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/vendor/github.com/intel/govmm/qemu/qmp.go b/vendor/github.com/intel/govmm/qemu/qmp.go
+index 0cb82ff..1d6d9c6 100644
+--- a/vendor/github.com/intel/govmm/qemu/qmp.go
++++ b/vendor/github.com/intel/govmm/qemu/qmp.go
+@@ -781,7 +781,7 @@ func (q *QMP) blockdevAddBaseArgs(device, blockdevID string) (map[string]interfa
+ 	blockdevArgs := map[string]interface{}{
+ 		"driver": "raw",
+ 		"file": map[string]interface{}{
+-			"driver":   "file",
++			"driver":   "host_device",
+ 			"filename": device,
+ 		},
+ 	}
+@@ -972,9 +972,9 @@ func (q *QMP) ExecuteNetdevAdd(ctx context.Context, netdevType, netdevID, ifname
+ // Must be valid QMP identifier.
+ func (q *QMP) ExecuteNetdevChardevAdd(ctx context.Context, netdevType, netdevID, chardev string, vhostforce bool, queues int) error {
+ 	args := map[string]interface{}{
+-		"type":    netdevType,
+-		"id":      netdevID,
+-		"chardev": chardev,
++		"type":       netdevType,
++		"id":         netdevID,
++		"chardev":    chardev,
+ 		"vhostforce": vhostforce,
+ 	}
+ 	if queues > 1 {
+-- 
+2.27.0
+
diff --git a/runtime/patches/0078-kata-runtime-modify-build-flags-for-containerd-kata-.patch b/runtime/patches/0078-kata-runtime-modify-build-flags-for-containerd-kata-.patch
new file mode 100644
index 0000000000000000000000000000000000000000..858e4302bab35b055eab545673bf7acdb0b0616b
--- /dev/null
+++ b/runtime/patches/0078-kata-runtime-modify-build-flags-for-containerd-kata-.patch
@@ -0,0 +1,30 @@
+From a6e9215b77ee3e6d912b47dd70c219c0f5547ea2 Mon Sep 17 00:00:00 2001
+From: holyfei <yangfeiyu20092010@163.com>
+Date: Thu, 3 Mar 2022 14:36:23 +0800
+Subject: [PATCH] kata-runtime: modify build flags for containerd-kata-shimv2
+
+Signed-off-by: holyfei <yangfeiyu20092010@163.com>
+---
+ Makefile | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 9957db9..b71abbf 100644
+--- a/Makefile
++++ b/Makefile
+@@ -571,7 +571,11 @@ $(TARGET_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST) | show-summary
+ 	go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ -ldflags "-linkmode=external" .)
+ 
+ $(SHIMV2_OUTPUT): $(SOURCES) $(GENERATED_FILES) $(MAKEFILE_LIST)
+-	$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && go build $(KATA_LDFLAGS) -i -o $@ .)
++	$(QUIET_BUILD)(cd $(SHIMV2_DIR)/ && \
++	CGO_CFLAGS="-fstack-protector-strong -fPIE -D_FORTIFY_SOURCE=2 -O2" \
++	CGO_LDFLAGS_ALLOW="-Wl,-z,relro,-z,now" \
++	CGO_LDFLAGS="-Wl,-z,relro,-z,now -Wl,-z,noexecstack" \
++	go build $(KATA_LDFLAGS) $(BUILDFLAGS) -o $@ -ldflags "-linkmode=external" .)
+ 
+ .PHONY: \
+ 	check \
+-- 
+1.8.3.1
+
diff --git a/runtime/series.conf b/runtime/series.conf
index 3a82ab1bd0cdbf5bae9a6ba6845eb61e5a99df7a..2514bd9ee00714a8dddb43c152f72ed418c74d5f 100644
--- a/runtime/series.conf
+++ b/runtime/series.conf
@@ -73,3 +73,6 @@
 0073-write-exit-code-in-integer-byte-order.patch
 0074-add-timeout-for-grpcWaitProcessRequest.patch
 0075-move-waitProcess-timeout-to-stop-process.patch
+0076-kata-containers-check-file-size-before-creating-cont.patch
+0077-kata-containers-use-host_device-drive-when-call-bloc.patch
+0078-kata-runtime-modify-build-flags-for-containerd-kata-.patch