From 1054c2ab4381145ddc9e937a40c109980f15cf69 Mon Sep 17 00:00:00 2001

Message-Id: <1054c2ab4381145ddc9e937a40c109980f15cf69@dist-git>

From: Jiri Denemark <jdenemar@redhat.com>

Date: Fri, 5 Apr 2019 11:33:32 +0200

Subject: [PATCH] cpu_x86: Do not cache microcode version

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

The microcode version checks are used to invalidate cached CPU data we

get from QEMU. To minimize /proc/cpuinfo parsing the microcode version

was only read when libvirtd started and cached for the daemon's

lifetime. However, the CPU microcode can change anytime (updating the

microcode package can automatically upload it to the CPU) and we need to

stop caching it to avoid using stale CPU model data.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Reviewed-by: Ján Tomko <jtomko@redhat.com>

(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

---

 src/cpu/cpu_x86.c | 5 +----

 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c

index cf3d80eeb5..1acd8c4f49 100644

--- a/src/cpu/cpu_x86.c

+++ b/src/cpu/cpu_x86.c

@@ -155,7 +155,6 @@ struct _virCPUx86Map {

 };

 static virCPUx86MapPtr cpuMap;

-static unsigned int microcodeVersion;

 int virCPUx86DriverOnceInit(void);

 VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);

@@ -1469,8 +1468,6 @@ virCPUx86DriverOnceInit(void)

     if (!(cpuMap = virCPUx86LoadMap()))

         return -1;

-    microcodeVersion = virHostCPUGetMicrocodeVersion();

-

     return 0;

 }

@@ -2553,7 +2550,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,

         goto cleanup;

     ret = x86DecodeCPUData(cpu, cpuData, models);

-    cpu->microcodeVersion = microcodeVersion;

+    cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();

  cleanup:

     virCPUx86DataFree(cpuData);

-- 

2.21.0