Blob Blame History Raw
From 1054c2ab4381145ddc9e937a40c109980f15cf69 Mon Sep 17 00:00:00 2001
Message-Id: <1054c2ab4381145ddc9e937a40c109980f15cf69@dist-git>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Fri, 5 Apr 2019 11:33:32 +0200
Subject: [PATCH] cpu_x86: Do not cache microcode version
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The microcode version checks are used to invalidate cached CPU data we
get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
was only read when libvirtd started and cached for the daemon's
lifetime. However, the CPU microcode can change anytime (updating the
microcode package can automatically upload it to the CPU) and we need to
stop caching it to avoid using stale CPU model data.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/cpu/cpu_x86.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index cf3d80eeb5..1acd8c4f49 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -155,7 +155,6 @@ struct _virCPUx86Map {
 };
 
 static virCPUx86MapPtr cpuMap;
-static unsigned int microcodeVersion;
 
 int virCPUx86DriverOnceInit(void);
 VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
@@ -1469,8 +1468,6 @@ virCPUx86DriverOnceInit(void)
     if (!(cpuMap = virCPUx86LoadMap()))
         return -1;
 
-    microcodeVersion = virHostCPUGetMicrocodeVersion();
-
     return 0;
 }
 
@@ -2553,7 +2550,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
         goto cleanup;
 
     ret = x86DecodeCPUData(cpu, cpuData, models);
-    cpu->microcodeVersion = microcodeVersion;
+    cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
 
  cleanup:
     virCPUx86DataFree(cpuData);
-- 
2.21.0