|
 |
e90370 |
From b41057952aa267335c7e00380e77952a8b65086a Mon Sep 17 00:00:00 2001
|
|
|
e90370 |
Message-Id: <b41057952aa267335c7e00380e77952a8b65086a@dist-git>
|
|
|
e90370 |
From: Jiri Denemark <jdenemar@redhat.com>
|
|
|
e90370 |
Date: Fri, 12 Apr 2019 21:21:05 +0200
|
|
|
e90370 |
Subject: [PATCH] qemu: Don't cache microcode version
|
|
|
e90370 |
MIME-Version: 1.0
|
|
|
e90370 |
Content-Type: text/plain; charset=UTF-8
|
|
|
e90370 |
Content-Transfer-Encoding: 8bit
|
|
|
e90370 |
|
|
|
e90370 |
My earlier commit be46f61326 was incomplete. It removed caching of
|
|
|
e90370 |
microcode version in the CPU driver, which means the capabilities XML
|
|
|
e90370 |
will see the correct microcode version. But it is also cached in the
|
|
|
e90370 |
QEMU capabilities cache where it is used to detect whether we need to
|
|
|
e90370 |
reprobe QEMU. By missing the second place, the original commit
|
|
|
e90370 |
be46f61326 made the situation even worse since libvirt would report
|
|
|
e90370 |
correct microcode version while still using the old host CPU model
|
|
|
e90370 |
(visible in domain capabilities XML).
|
|
|
e90370 |
|
|
|
e90370 |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
e90370 |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
e90370 |
(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9)
|
|
|
e90370 |
|
|
|
e90370 |
CVE-2018-11091, CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
|
|
|
e90370 |
|
|
|
e90370 |
Conflicts:
|
|
|
e90370 |
src/qemu/qemu_capabilities.c
|
|
|
e90370 |
- virQEMUCapsCacheLookupByArch refactoring (commits
|
|
|
e90370 |
7948ad4129a and 1a3de67001c) are missing
|
|
|
e90370 |
|
|
|
e90370 |
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
|
|
|
e90370 |
---
|
|
|
e90370 |
src/qemu/qemu_capabilities.c | 12 ++++++++----
|
|
|
e90370 |
src/qemu/qemu_capabilities.h | 3 +--
|
|
|
e90370 |
src/qemu/qemu_driver.c | 9 +--------
|
|
|
e90370 |
tests/testutilsqemu.c | 2 +-
|
|
|
e90370 |
4 files changed, 11 insertions(+), 15 deletions(-)
|
|
|
e90370 |
|
|
|
e90370 |
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
|
|
|
e90370 |
index 912f758bcd..0d6fa02560 100644
|
|
|
e90370 |
--- a/src/qemu/qemu_capabilities.c
|
|
|
e90370 |
+++ b/src/qemu/qemu_capabilities.c
|
|
|
e90370 |
@@ -4684,7 +4684,7 @@ virQEMUCapsNewData(const char *binary,
|
|
|
e90370 |
priv->libDir,
|
|
|
e90370 |
priv->runUid,
|
|
|
e90370 |
priv->runGid,
|
|
|
e90370 |
- priv->microcodeVersion,
|
|
|
e90370 |
+ virHostCPUGetMicrocodeVersion(),
|
|
|
e90370 |
priv->kernelVersion);
|
|
|
e90370 |
}
|
|
|
e90370 |
|
|
|
e90370 |
@@ -4767,8 +4767,7 @@ virFileCachePtr
|
|
|
e90370 |
virQEMUCapsCacheNew(const char *libDir,
|
|
|
e90370 |
const char *cacheDir,
|
|
|
e90370 |
uid_t runUid,
|
|
|
e90370 |
- gid_t runGid,
|
|
|
e90370 |
- unsigned int microcodeVersion)
|
|
|
e90370 |
+ gid_t runGid)
|
|
|
e90370 |
{
|
|
|
e90370 |
char *capsCacheDir = NULL;
|
|
|
e90370 |
virFileCachePtr cache = NULL;
|
|
|
e90370 |
@@ -4792,7 +4791,6 @@ virQEMUCapsCacheNew(const char *libDir,
|
|
|
e90370 |
|
|
|
e90370 |
priv->runUid = runUid;
|
|
|
e90370 |
priv->runGid = runGid;
|
|
|
e90370 |
- priv->microcodeVersion = microcodeVersion;
|
|
|
e90370 |
|
|
|
e90370 |
if (uname(&uts) == 0 &&
|
|
|
e90370 |
virAsprintf(&priv->kernelVersion, "%s %s", uts.release, uts.version) < 0)
|
|
|
e90370 |
@@ -4813,8 +4811,11 @@ virQEMUCapsPtr
|
|
|
e90370 |
virQEMUCapsCacheLookup(virFileCachePtr cache,
|
|
|
e90370 |
const char *binary)
|
|
|
e90370 |
{
|
|
|
e90370 |
+ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
|
|
|
e90370 |
virQEMUCapsPtr ret = NULL;
|
|
|
e90370 |
|
|
|
e90370 |
+ priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
|
|
|
e90370 |
+
|
|
|
e90370 |
ret = virFileCacheLookup(cache, binary);
|
|
|
e90370 |
|
|
|
e90370 |
VIR_DEBUG("Returning caps %p for %s", ret, binary);
|
|
|
e90370 |
@@ -4860,10 +4861,13 @@ virQEMUCapsPtr
|
|
|
e90370 |
virQEMUCapsCacheLookupByArch(virFileCachePtr cache,
|
|
|
e90370 |
virArch arch)
|
|
|
e90370 |
{
|
|
|
e90370 |
+ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache);
|
|
|
e90370 |
virQEMUCapsPtr ret = NULL;
|
|
|
e90370 |
virArch target;
|
|
|
e90370 |
struct virQEMUCapsSearchData data = { .arch = arch };
|
|
|
e90370 |
|
|
|
e90370 |
+ priv->microcodeVersion = virHostCPUGetMicrocodeVersion();
|
|
|
e90370 |
+
|
|
|
e90370 |
ret = virFileCacheLookupByFunc(cache, virQEMUCapsCompareArch, &data);
|
|
|
e90370 |
if (!ret) {
|
|
|
e90370 |
/* If the first attempt at finding capabilities has failed, try
|
|
|
e90370 |
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
|
|
|
e90370 |
index 0c06081107..9550df2cd5 100644
|
|
|
e90370 |
--- a/src/qemu/qemu_capabilities.h
|
|
|
e90370 |
+++ b/src/qemu/qemu_capabilities.h
|
|
|
e90370 |
@@ -574,8 +574,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr qemuCaps,
|
|
|
e90370 |
virFileCachePtr virQEMUCapsCacheNew(const char *libDir,
|
|
|
e90370 |
const char *cacheDir,
|
|
|
e90370 |
uid_t uid,
|
|
|
e90370 |
- gid_t gid,
|
|
|
e90370 |
- unsigned int microcodeVersion);
|
|
|
e90370 |
+ gid_t gid);
|
|
|
e90370 |
virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache,
|
|
|
e90370 |
const char *binary);
|
|
|
e90370 |
virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache,
|
|
|
e90370 |
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
|
|
|
e90370 |
index bafef1e3b5..88c08f88ee 100644
|
|
|
e90370 |
--- a/src/qemu/qemu_driver.c
|
|
|
e90370 |
+++ b/src/qemu/qemu_driver.c
|
|
|
e90370 |
@@ -592,8 +592,6 @@ qemuStateInitialize(bool privileged,
|
|
|
e90370 |
char *hugepagePath = NULL;
|
|
|
e90370 |
char *memoryBackingPath = NULL;
|
|
|
e90370 |
size_t i;
|
|
|
e90370 |
- virCPUDefPtr hostCPU = NULL;
|
|
|
e90370 |
- unsigned int microcodeVersion = 0;
|
|
|
e90370 |
|
|
|
e90370 |
if (VIR_ALLOC(qemu_driver) < 0)
|
|
|
e90370 |
return -1;
|
|
|
e90370 |
@@ -813,15 +811,10 @@ qemuStateInitialize(bool privileged,
|
|
|
e90370 |
run_gid = cfg->group;
|
|
|
e90370 |
}
|
|
|
e90370 |
|
|
|
e90370 |
- if ((hostCPU = virCPUProbeHost(virArchFromHost())))
|
|
|
e90370 |
- microcodeVersion = hostCPU->microcodeVersion;
|
|
|
e90370 |
- virCPUDefFree(hostCPU);
|
|
|
e90370 |
-
|
|
|
e90370 |
qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
|
|
|
e90370 |
cfg->cacheDir,
|
|
|
e90370 |
run_uid,
|
|
|
e90370 |
- run_gid,
|
|
|
e90370 |
- microcodeVersion);
|
|
|
e90370 |
+ run_gid);
|
|
|
e90370 |
if (!qemu_driver->qemuCapsCache)
|
|
|
e90370 |
goto error;
|
|
|
e90370 |
|
|
|
e90370 |
diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c
|
|
|
e90370 |
index dc7e90b952..3e0b753549 100644
|
|
|
e90370 |
--- a/tests/testutilsqemu.c
|
|
|
e90370 |
+++ b/tests/testutilsqemu.c
|
|
|
e90370 |
@@ -617,7 +617,7 @@ int qemuTestDriverInit(virQEMUDriver *driver)
|
|
|
e90370 |
|
|
|
e90370 |
/* Using /dev/null for libDir and cacheDir automatically produces errors
|
|
|
e90370 |
* upon attempt to use any of them */
|
|
|
e90370 |
- driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0, 0);
|
|
|
e90370 |
+ driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0);
|
|
|
e90370 |
if (!driver->qemuCapsCache)
|
|
|
e90370 |
goto error;
|
|
|
e90370 |
|
|
|
e90370 |
--
|
|
|
e90370 |
2.21.0
|
|
|
e90370 |
|