c480ed
From f574d83a57b54248bc1f1c7fd3b25894d579c8e3 Mon Sep 17 00:00:00 2001
c480ed
Message-Id: <f574d83a57b54248bc1f1c7fd3b25894d579c8e3@dist-git>
e90370
From: Jiri Denemark <jdenemar@redhat.com>
e90370
Date: Fri, 5 Apr 2019 11:33:32 +0200
e90370
Subject: [PATCH] cpu_x86: Do not cache microcode version
e90370
MIME-Version: 1.0
e90370
Content-Type: text/plain; charset=UTF-8
e90370
Content-Transfer-Encoding: 8bit
e90370
e90370
The microcode version checks are used to invalidate cached CPU data we
e90370
get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
e90370
was only read when libvirtd started and cached for the daemon's
e90370
lifetime. However, the CPU microcode can change anytime (updating the
e90370
microcode package can automatically upload it to the CPU) and we need to
e90370
stop caching it to avoid using stale CPU model data.
e90370
e90370
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
e90370
Reviewed-by: Ján Tomko <jtomko@redhat.com>
e90370
(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)
e90370
c480ed
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
e90370
e90370
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
e90370
---
e90370
 src/cpu/cpu_x86.c | 5 +----
e90370
 1 file changed, 1 insertion(+), 4 deletions(-)
e90370
e90370
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
e90370
index 7fa84f6014..89baf94d7d 100644
e90370
--- a/src/cpu/cpu_x86.c
e90370
+++ b/src/cpu/cpu_x86.c
e90370
@@ -163,7 +163,6 @@ struct _virCPUx86Map {
e90370
 };
e90370
 
e90370
 static virCPUx86MapPtr cpuMap;
e90370
-static unsigned int microcodeVersion;
e90370
 
e90370
 int virCPUx86DriverOnceInit(void);
e90370
 VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
e90370
@@ -1422,8 +1421,6 @@ virCPUx86DriverOnceInit(void)
e90370
     if (!(cpuMap = virCPUx86LoadMap()))
e90370
         return -1;
e90370
 
e90370
-    microcodeVersion = virHostCPUGetMicrocodeVersion();
e90370
-
e90370
     return 0;
e90370
 }
e90370
 
e90370
@@ -2463,7 +2460,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
e90370
         goto cleanup;
e90370
 
e90370
     ret = x86DecodeCPUData(cpu, cpuData, models);
e90370
-    cpu->microcodeVersion = microcodeVersion;
e90370
+    cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
e90370
 
e90370
  cleanup:
e90370
     virCPUx86DataFree(cpuData);
e90370
-- 
e90370
2.21.0
e90370