From 03cc27a65fda2237ca499c00d2b00a6dea3d45f9 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Sep 29 2020 07:04:16 +0000 Subject: import libvirt-4.5.0-36.el7 --- diff --git a/SOURCES/libvirt-RHEL-Fix-migration-on-AMD-hosts-with-old-QEMU.patch b/SOURCES/libvirt-RHEL-Fix-migration-on-AMD-hosts-with-old-QEMU.patch new file mode 100644 index 0000000..6d2dc11 --- /dev/null +++ b/SOURCES/libvirt-RHEL-Fix-migration-on-AMD-hosts-with-old-QEMU.patch @@ -0,0 +1,81 @@ +From 3ff107d00519e66ee350f34fcad7739df32411a5 Mon Sep 17 00:00:00 2001 +Message-Id: <3ff107d00519e66ee350f34fcad7739df32411a5@dist-git> +From: Jiri Denemark +Date: Thu, 23 Apr 2020 20:59:53 +0200 +Subject: [PATCH] =?UTF-8?q?RHEL:=20Fix=20migration=20on=20AMD=C2=A0hosts?= + =?UTF-8?q?=20with=20old=20QEMU?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fix for a RHEL-only hack for qemu-kvm-1.5.3-* + +Downstream commit 6244ce5a6f started adding virt-ssbd feature to all +host-model CPUs before starting a domain to make sure it is enabled if +possible (qemu-kvm-1.5.3-* is too old for probing whether virt-ssbd may +be enabled, we just have to try). However, we add this feature to the +CPU definition before the definition is copied to priv->origCPU and the +definition stored there is used with QEMU older than 2.10 to start the +domain after it's been saved or during migration. And because the CPU +definition contains virt-ssbd which is not provided by the host CPU, +starting or migrating fails with + + the CPU is incompatible with host CPU: Host CPU does not provide + required features: virt-ssbd + +We need to copy the original CPU definition to priv->origCPU before +adding virt-ssbd there (normally priv->origCPU is set in +qemuProcessUpdateLiveGuestCPU when QEMU is already running). + +https://bugzilla.redhat.com/show_bug.cgi?id=1815572 + +Signed-off-by: Jiri Denemark +Message-Id: +Reviewed-by: Ján Tomko +--- + src/qemu/qemu_process.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c +index 7a7fc8f205..ea55ccf7ec 100644 +--- a/src/qemu/qemu_process.c ++++ b/src/qemu/qemu_process.c +@@ -5776,10 +5776,11 @@ qemuProcessSetupHotpluggableVcpus(virQEMUDriverPtr driver, + + static int + qemuProcessUpdateGuestCPU(virDomainDefPtr def, +- virQEMUCapsPtr qemuCaps, ++ qemuDomainObjPrivatePtr priv, + virCapsPtr caps, + unsigned int flags) + { ++ virQEMUCapsPtr qemuCaps = priv->qemuCaps; + int ret = -1; + bool host_model = false; + +@@ -5846,8 +5847,12 @@ qemuProcessUpdateGuestCPU(virDomainDefPtr def, + virCPUDefPtr hostCPU; + hostCPU = virQEMUCapsGetHostModel(qemuCaps, def->virtType, + VIR_QEMU_CAPS_HOST_CPU_REPORTED); +- if (hostCPU->fallback == VIR_CPU_FALLBACK_ALLOW) ++ if (hostCPU->fallback == VIR_CPU_FALLBACK_ALLOW) { ++ if (!priv->origCPU && !(priv->origCPU = virCPUDefCopy(def->cpu))) ++ goto cleanup; ++ + virCPUDefUpdateFeature(def->cpu, "virt-ssbd", VIR_CPU_FEATURE_REQUIRE); ++ } + } + + def->cpu->fallback = VIR_CPU_FALLBACK_FORBID; +@@ -6069,7 +6074,7 @@ qemuProcessPrepareDomain(virQEMUDriverPtr driver, + priv->runningReason = VIR_DOMAIN_RUNNING_UNKNOWN; + + VIR_DEBUG("Updating guest CPU definition"); +- if (qemuProcessUpdateGuestCPU(vm->def, priv->qemuCaps, caps, flags) < 0) ++ if (qemuProcessUpdateGuestCPU(vm->def, priv, caps, flags) < 0) + goto cleanup; + + for (i = 0; i < vm->def->nshmems; i++) { +-- +2.26.0 + diff --git a/SOURCES/libvirt-qemu-don-t-hold-a-monitor-and-agent-job-for-reboot.patch b/SOURCES/libvirt-qemu-don-t-hold-a-monitor-and-agent-job-for-reboot.patch new file mode 100644 index 0000000..94a591a --- /dev/null +++ b/SOURCES/libvirt-qemu-don-t-hold-a-monitor-and-agent-job-for-reboot.patch @@ -0,0 +1,186 @@ +From b54ac47536056f26c724c7997e2aa96009b79ebd Mon Sep 17 00:00:00 2001 +Message-Id: +From: Jonathon Jongsma +Date: Fri, 1 May 2020 16:53:38 -0500 +Subject: [PATCH] qemu: don't hold a monitor and agent job for reboot + +We have to assume that the guest agent may be malicious so we don't want +to allow any agent queries to block any other libvirt API. By holding +a monitor job while we're querying the agent, we open ourselves up to a +DoS. + +Split the function so that we only hold the appropriate type of job +while rebooting. + +Signed-off-by: Jonathon Jongsma +Signed-off-by: Michal Privoznik +Reviewed-by: Michal Privoznik +(cherry picked from commit 0a9893121187c0c3f9807e9164366e1f6977619c) + +CVE-2019-20485 + +Signed-off-by: Jonathon Jongsma +Message-Id: <20200501215341.27683-3-jjongsma@redhat.com> +Reviewed-by: Michal Privoznik +--- + src/qemu/qemu_driver.c | 112 +++++++++++++++++++++++++---------------- + 1 file changed, 70 insertions(+), 42 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index bdc955e1fa..888c586a79 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -2049,6 +2049,72 @@ static int qemuDomainShutdown(virDomainPtr dom) + } + + ++static int ++qemuDomainRebootAgent(virQEMUDriverPtr driver, ++ virDomainObjPtr vm, ++ bool isReboot, ++ bool agentForced) ++{ ++ qemuAgentPtr agent; ++ int ret = -1; ++ int agentFlag = QEMU_AGENT_SHUTDOWN_REBOOT; ++ ++ if (!isReboot) ++ agentFlag = QEMU_AGENT_SHUTDOWN_POWERDOWN; ++ ++ if (qemuDomainObjBeginAgentJob(driver, vm, ++ QEMU_AGENT_JOB_MODIFY) < 0) ++ return -1; ++ ++ if (!qemuDomainAgentAvailable(vm, agentForced)) ++ goto endjob; ++ ++ if (virDomainObjCheckActive(vm) < 0) ++ goto endjob; ++ ++ qemuDomainSetFakeReboot(driver, vm, false); ++ agent = qemuDomainObjEnterAgent(vm); ++ ret = qemuAgentShutdown(agent, agentFlag); ++ qemuDomainObjExitAgent(vm, agent); ++ ++ endjob: ++ qemuDomainObjEndAgentJob(vm); ++ return ret; ++} ++ ++ ++static int ++qemuDomainRebootMonitor(virQEMUDriverPtr driver, ++ virDomainObjPtr vm, ++ bool isReboot) ++{ ++ qemuDomainObjPrivatePtr priv = vm->privateData; ++ int ret = -1; ++ ++ if (qemuDomainObjBeginJob(driver, vm, ++ QEMU_JOB_MODIFY) < 0) ++ return -1; ++ ++ if (virDomainObjCheckActive(vm) < 0) ++ goto endjob; ++ ++#if !WITH_YAJL ++ virReportError(VIR_ERR_OPERATION_INVALID, "%s", ++ _("ACPI reboot is not supported without the JSON monitor")); ++ goto endjob; ++#endif ++ qemuDomainSetFakeReboot(driver, vm, isReboot); ++ qemuDomainObjEnterMonitor(driver, vm); ++ ret = qemuMonitorSystemPowerdown(priv->mon); ++ if (qemuDomainObjExitMonitor(driver, vm) < 0) ++ ret = -1; ++ ++ endjob: ++ qemuDomainObjEndJob(driver, vm); ++ return ret; ++} ++ ++ + static int + qemuDomainReboot(virDomainPtr dom, unsigned int flags) + { +@@ -2059,8 +2125,6 @@ qemuDomainReboot(virDomainPtr dom, unsigned int flags) + bool useAgent = false, agentRequested, acpiRequested; + bool isReboot = true; + bool agentForced; +- qemuDomainAgentJob agentJob = QEMU_AGENT_JOB_NONE; +- int agentFlag = QEMU_AGENT_SHUTDOWN_REBOOT; + + virCheckFlags(VIR_DOMAIN_REBOOT_ACPI_POWER_BTN | + VIR_DOMAIN_REBOOT_GUEST_AGENT, -1); +@@ -2070,7 +2134,6 @@ qemuDomainReboot(virDomainPtr dom, unsigned int flags) + + if (vm->def->onReboot == VIR_DOMAIN_LIFECYCLE_ACTION_DESTROY || + vm->def->onReboot == VIR_DOMAIN_LIFECYCLE_ACTION_PRESERVE) { +- agentFlag = QEMU_AGENT_SHUTDOWN_POWERDOWN; + isReboot = false; + VIR_INFO("Domain on_reboot setting overridden, shutting down"); + } +@@ -2086,56 +2149,21 @@ qemuDomainReboot(virDomainPtr dom, unsigned int flags) + if (virDomainRebootEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + ++ agentForced = agentRequested && !acpiRequested; + if (useAgent) +- agentJob = QEMU_AGENT_JOB_MODIFY; ++ ret = qemuDomainRebootAgent(driver, vm, isReboot, agentForced); + +- if (qemuDomainObjBeginJobWithAgent(driver, vm, +- QEMU_JOB_MODIFY, +- agentJob) < 0) ++ if (ret < 0 && agentForced) + goto cleanup; + +- agentForced = agentRequested && !acpiRequested; +- if (!qemuDomainAgentAvailable(vm, agentForced)) { +- if (agentForced) +- goto endjob; +- useAgent = false; +- } +- +- if (virDomainObjCheckActive(vm) < 0) +- goto endjob; +- +- if (useAgent) { +- qemuAgentPtr agent; +- +- qemuDomainSetFakeReboot(driver, vm, false); +- agent = qemuDomainObjEnterAgent(vm); +- ret = qemuAgentShutdown(agent, agentFlag); +- qemuDomainObjExitAgent(vm, agent); +- } +- + /* If we are not enforced to use just an agent, try ACPI + * shutdown as well in case agent did not succeed. + */ + if ((!useAgent) || + (ret < 0 && (acpiRequested || !flags))) { +-#if !WITH_YAJL +- virReportError(VIR_ERR_OPERATION_INVALID, "%s", +- _("ACPI reboot is not supported without the JSON monitor")); +- goto endjob; +-#endif +- qemuDomainSetFakeReboot(driver, vm, isReboot); +- qemuDomainObjEnterMonitor(driver, vm); +- ret = qemuMonitorSystemPowerdown(priv->mon); +- if (qemuDomainObjExitMonitor(driver, vm) < 0) +- ret = -1; ++ ret = qemuDomainRebootMonitor(driver, vm, isReboot); + } + +- endjob: +- if (agentJob) +- qemuDomainObjEndJobWithAgent(driver, vm); +- else +- qemuDomainObjEndJob(driver, vm); +- + cleanup: + virDomainObjEndAPI(&vm); + return ret; +-- +2.26.2 + diff --git a/SOURCES/libvirt-qemu-don-t-hold-monitor-and-agent-job-when-setting-time.patch b/SOURCES/libvirt-qemu-don-t-hold-monitor-and-agent-job-when-setting-time.patch new file mode 100644 index 0000000..8abc43f --- /dev/null +++ b/SOURCES/libvirt-qemu-don-t-hold-monitor-and-agent-job-when-setting-time.patch @@ -0,0 +1,128 @@ +From 1abebbf11f518fcd8a70133245be7b8ea4b094ea Mon Sep 17 00:00:00 2001 +Message-Id: <1abebbf11f518fcd8a70133245be7b8ea4b094ea@dist-git> +From: Jonathon Jongsma +Date: Fri, 1 May 2020 16:53:39 -0500 +Subject: [PATCH] qemu: don't hold monitor and agent job when setting time + +We have to assume that the guest agent may be malicious so we don't want +to allow any agent queries to block any other libvirt API. By holding +a monitor job while we're querying the agent, we open ourselves up to a +DoS. + +Split the function so that the portion issuing the agent command only +holds an agent job and the portion issuing the monitor command holds +only a monitor job. + +Signed-off-by: Jonathon Jongsma +Signed-off-by: Michal Privoznik +Reviewed-by: Michal Privoznik +(cherry picked from commit e005c95f56fee9ed780be7f8db103d690bd34cbd) + +CVE-2019-20485 + +Signed-off-by: Jonathon Jongsma +Message-Id: <20200501215341.27683-4-jjongsma@redhat.com> +Reviewed-by: Michal Privoznik +--- + src/qemu/qemu_driver.c | 54 +++++++++++++++++++++++++++--------------- + 1 file changed, 35 insertions(+), 19 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 888c586a79..0f6641702d 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -19455,6 +19455,35 @@ qemuDomainGetTime(virDomainPtr dom, + return ret; + } + ++static int ++qemuDomainSetTimeAgent(virQEMUDriverPtr driver, ++ virDomainObjPtr vm, ++ long long seconds, ++ unsigned int nseconds, ++ bool rtcSync) ++{ ++ qemuAgentPtr agent; ++ int ret = -1; ++ ++ if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_MODIFY) < 0) ++ return -1; ++ ++ if (virDomainObjCheckActive(vm) < 0) ++ goto endjob; ++ ++ if (!qemuDomainAgentAvailable(vm, true)) ++ goto endjob; ++ ++ agent = qemuDomainObjEnterAgent(vm); ++ ret = qemuAgentSetTime(agent, seconds, nseconds, rtcSync); ++ qemuDomainObjExitAgent(vm, agent); ++ ++ endjob: ++ qemuDomainObjEndJob(driver, vm); ++ return ret; ++} ++ ++ + static int + qemuDomainSetTime(virDomainPtr dom, + long long seconds, +@@ -19464,7 +19493,6 @@ qemuDomainSetTime(virDomainPtr dom, + virQEMUDriverPtr driver = dom->conn->privateData; + qemuDomainObjPrivatePtr priv; + virDomainObjPtr vm; +- qemuAgentPtr agent; + bool rtcSync = flags & VIR_DOMAIN_TIME_SYNC; + int ret = -1; + int rv; +@@ -19479,14 +19507,6 @@ qemuDomainSetTime(virDomainPtr dom, + + priv = vm->privateData; + +- if (qemuDomainObjBeginJobWithAgent(driver, vm, +- QEMU_JOB_MODIFY, +- QEMU_AGENT_JOB_MODIFY) < 0) +- goto cleanup; +- +- if (virDomainObjCheckActive(vm) < 0) +- goto endjob; +- + /* On x86, the rtc-reset-reinjection QMP command must be called after + * setting the time to avoid trouble down the line. If the command is + * not available, don't set the time at all and report an error */ +@@ -19496,18 +19516,14 @@ qemuDomainSetTime(virDomainPtr dom, + virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", + _("cannot set time: qemu doesn't support " + "rtc-reset-reinjection command")); +- goto endjob; ++ goto cleanup; + } + +- if (!qemuDomainAgentAvailable(vm, true)) +- goto endjob; +- +- agent = qemuDomainObjEnterAgent(vm); +- rv = qemuAgentSetTime(agent, seconds, nseconds, rtcSync); +- qemuDomainObjExitAgent(vm, agent); ++ if (qemuDomainSetTimeAgent(driver, vm, seconds, nseconds, rtcSync) < 0) ++ goto cleanup; + +- if (rv < 0) +- goto endjob; ++ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) ++ goto cleanup; + + if (virDomainObjCheckActive(vm) < 0) + goto endjob; +@@ -19526,7 +19542,7 @@ qemuDomainSetTime(virDomainPtr dom, + ret = 0; + + endjob: +- qemuDomainObjEndJobWithAgent(driver, vm); ++ qemuDomainObjEndJob(driver, vm); + + cleanup: + virDomainObjEndAPI(&vm); +-- +2.26.2 + diff --git a/SOURCES/libvirt-qemu-don-t-take-agent-and-monitor-job-for-shutdown.patch b/SOURCES/libvirt-qemu-don-t-take-agent-and-monitor-job-for-shutdown.patch new file mode 100644 index 0000000..716786b --- /dev/null +++ b/SOURCES/libvirt-qemu-don-t-take-agent-and-monitor-job-for-shutdown.patch @@ -0,0 +1,198 @@ +From 5975af3d23091c73737968cea32490bca31c0479 Mon Sep 17 00:00:00 2001 +Message-Id: <5975af3d23091c73737968cea32490bca31c0479@dist-git> +From: Jonathon Jongsma +Date: Fri, 1 May 2020 16:53:37 -0500 +Subject: [PATCH] qemu: don't take agent and monitor job for shutdown + +We have to assume that the guest agent may be malicious so we don't want +to allow any agent queries to block any other libvirt API. By holding +a monitor job while we're querying the agent, we open ourselves up to a +DoS. So split the function into separate parts: one that does the agent +shutdown and one that does the monitor shutdown. Each part holds only a +job of the appropriate type. + +Signed-off-by: Jonathon Jongsma +Signed-off-by: Michal Privoznik +Reviewed-by: Michal Privoznik +(cherry picked from commit 1cb8bc52c1035573a0c1a87f724a6c7dfee82f12) + +CVE-2019-20485 + +Signed-off-by: Jonathon Jongsma +Message-Id: <20200501215341.27683-2-jjongsma@redhat.com> +Reviewed-by: Michal Privoznik +--- + src/qemu/qemu_driver.c | 121 ++++++++++++++++++++++++++--------------- + 1 file changed, 77 insertions(+), 44 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 2852b96edd..bdc955e1fa 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -1913,6 +1913,77 @@ static int qemuDomainResume(virDomainPtr dom) + return ret; + } + ++ ++static int ++qemuDomainShutdownFlagsAgent(virQEMUDriverPtr driver, ++ virDomainObjPtr vm, ++ bool isReboot, ++ bool reportError) ++{ ++ int ret = -1; ++ qemuAgentPtr agent; ++ int agentFlag = isReboot ? QEMU_AGENT_SHUTDOWN_REBOOT : ++ QEMU_AGENT_SHUTDOWN_POWERDOWN; ++ ++ if (qemuDomainObjBeginAgentJob(driver, vm, ++ QEMU_AGENT_JOB_MODIFY) < 0) ++ goto cleanup; ++ ++ if (virDomainObjGetState(vm, NULL) != VIR_DOMAIN_RUNNING) { ++ virReportError(VIR_ERR_OPERATION_INVALID, ++ "%s", _("domain is not running")); ++ goto endjob; ++ } ++ ++ if (!qemuDomainAgentAvailable(vm, reportError)) ++ goto endjob; ++ ++ qemuDomainSetFakeReboot(driver, vm, false); ++ agent = qemuDomainObjEnterAgent(vm); ++ ret = qemuAgentShutdown(agent, agentFlag); ++ qemuDomainObjExitAgent(vm, agent); ++ ++ endjob: ++ qemuDomainObjEndAgentJob(vm); ++ ++ cleanup: ++ return ret; ++} ++ ++ ++static int ++qemuDomainShutdownFlagsMonitor(virQEMUDriverPtr driver, ++ virDomainObjPtr vm, ++ bool isReboot) ++{ ++ int ret = -1; ++ qemuDomainObjPrivatePtr priv; ++ ++ priv = vm->privateData; ++ ++ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) ++ goto cleanup; ++ ++ if (virDomainObjGetState(vm, NULL) != VIR_DOMAIN_RUNNING) { ++ virReportError(VIR_ERR_OPERATION_INVALID, ++ "%s", _("domain is not running")); ++ goto endjob; ++ } ++ ++ qemuDomainSetFakeReboot(driver, vm, isReboot); ++ qemuDomainObjEnterMonitor(driver, vm); ++ ret = qemuMonitorSystemPowerdown(priv->mon); ++ if (qemuDomainObjExitMonitor(driver, vm) < 0) ++ ret = -1; ++ ++ endjob: ++ qemuDomainObjEndJob(driver, vm); ++ ++ cleanup: ++ return ret; ++} ++ ++ + static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags) + { + virQEMUDriverPtr driver = dom->conn->privateData; +@@ -1922,8 +1993,6 @@ static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags) + bool useAgent = false, agentRequested, acpiRequested; + bool isReboot = false; + bool agentForced; +- qemuDomainAgentJob agentJob = QEMU_AGENT_JOB_NONE; +- int agentFlag = QEMU_AGENT_SHUTDOWN_POWERDOWN; + + virCheckFlags(VIR_DOMAIN_SHUTDOWN_ACPI_POWER_BTN | + VIR_DOMAIN_SHUTDOWN_GUEST_AGENT, -1); +@@ -1934,7 +2003,6 @@ static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags) + if (vm->def->onPoweroff == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART || + vm->def->onPoweroff == VIR_DOMAIN_LIFECYCLE_ACTION_RESTART_RENAME) { + isReboot = true; +- agentFlag = QEMU_AGENT_SHUTDOWN_REBOOT; + VIR_INFO("Domain on_poweroff setting overridden, attempting reboot"); + } + +@@ -1949,62 +2017,27 @@ static int qemuDomainShutdownFlags(virDomainPtr dom, unsigned int flags) + if (virDomainShutdownFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + +- if (useAgent) +- agentJob = QEMU_AGENT_JOB_MODIFY; +- +- if (qemuDomainObjBeginJobWithAgent(driver, vm, +- QEMU_JOB_MODIFY, +- agentJob) < 0) +- goto cleanup; +- +- if (virDomainObjGetState(vm, NULL) != VIR_DOMAIN_RUNNING) { +- virReportError(VIR_ERR_OPERATION_INVALID, +- "%s", _("domain is not running")); +- goto endjob; +- } +- + agentForced = agentRequested && !acpiRequested; +- if (!qemuDomainAgentAvailable(vm, agentForced)) { +- if (agentForced) +- goto endjob; +- useAgent = false; +- } +- +- + if (useAgent) { +- qemuAgentPtr agent; +- qemuDomainSetFakeReboot(driver, vm, false); +- agent = qemuDomainObjEnterAgent(vm); +- ret = qemuAgentShutdown(agent, agentFlag); +- qemuDomainObjExitAgent(vm, agent); ++ ret = qemuDomainShutdownFlagsAgent(driver, vm, isReboot, agentForced); ++ if (ret < 0 && agentForced) ++ goto cleanup; + } + + /* If we are not enforced to use just an agent, try ACPI + * shutdown as well in case agent did not succeed. + */ +- if (!useAgent || +- (ret < 0 && (acpiRequested || !flags))) { +- ++ if (!useAgent || (ret < 0 && (acpiRequested || !flags))) { + /* Even if agent failed, we have to check if guest went away + * by itself while our locks were down. */ + if (useAgent && !virDomainObjIsActive(vm)) { + ret = 0; +- goto endjob; ++ goto cleanup; + } + +- qemuDomainSetFakeReboot(driver, vm, isReboot); +- qemuDomainObjEnterMonitor(driver, vm); +- ret = qemuMonitorSystemPowerdown(priv->mon); +- if (qemuDomainObjExitMonitor(driver, vm) < 0) +- ret = -1; ++ ret = qemuDomainShutdownFlagsMonitor(driver, vm, isReboot); + } + +- endjob: +- if (agentJob) +- qemuDomainObjEndJobWithAgent(driver, vm); +- else +- qemuDomainObjEndJob(driver, vm); +- + cleanup: + virDomainObjEndAPI(&vm); + return ret; +-- +2.26.2 + diff --git a/SOURCES/libvirt-qemu-remove-qemuDomainObjBegin-EndJobWithAgent.patch b/SOURCES/libvirt-qemu-remove-qemuDomainObjBegin-EndJobWithAgent.patch new file mode 100644 index 0000000..c78f125 --- /dev/null +++ b/SOURCES/libvirt-qemu-remove-qemuDomainObjBegin-EndJobWithAgent.patch @@ -0,0 +1,227 @@ +From ff8c9ca6d8b5e74d59013d063cc12323622d8fb1 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Jonathon Jongsma +Date: Fri, 1 May 2020 16:53:41 -0500 +Subject: [PATCH] qemu: remove qemuDomainObjBegin/EndJobWithAgent() + +This function potentially grabs both a monitor job and an agent job at +the same time. This is problematic because it means that a malicious (or +just buggy) guest agent can cause a denial of service on the host. The +presence of this function makes it easy to do the wrong thing and hold +both jobs at the same time. All existing uses have already been removed +by previous commits. + +Signed-off-by: Jonathon Jongsma +Reviewed-by: Michal Privoznik +(cherry picked from commit 3c436c22a4f94c85c2b5e7b5fb84af48219d78e3) + +CVE-2019-20485 + +Signed-off-by: Jonathon Jongsma +Message-Id: <20200501215341.27683-6-jjongsma@redhat.com> +Reviewed-by: Michal Privoznik +--- + src/qemu/THREADS.txt | 58 +++++------------------------------------- + src/qemu/qemu_domain.c | 56 ++++------------------------------------ + src/qemu/qemu_domain.h | 7 ----- + 3 files changed, 11 insertions(+), 110 deletions(-) + +diff --git a/src/qemu/THREADS.txt b/src/qemu/THREADS.txt +index d17f3f4e0c..b34235075a 100644 +--- a/src/qemu/THREADS.txt ++++ b/src/qemu/THREADS.txt +@@ -71,11 +71,12 @@ There are a number of locks on various objects + + Agent job condition is then used when thread wishes to talk to qemu + agent monitor. It is possible to acquire just agent job +- (qemuDomainObjBeginAgentJob), or only normal job +- (qemuDomainObjBeginJob) or both at the same time +- (qemuDomainObjBeginJobWithAgent). Which type of job to grab depends +- whether caller wishes to communicate only with agent socket, or only +- with qemu monitor socket or both, respectively. ++ (qemuDomainObjBeginAgentJob), or only normal job (qemuDomainObjBeginJob) ++ but not both at the same time. Holding an agent job and a normal job would ++ allow an unresponsive or malicious agent to block normal libvirt API and ++ potentially result in a denial of service. Which type of job to grab ++ depends whether caller wishes to communicate only with agent socket, or ++ only with qemu monitor socket. + + Immediately after acquiring the virDomainObjPtr lock, any method + which intends to update state must acquire asynchronous, normal or +@@ -151,18 +152,6 @@ To acquire the agent job condition + + + +-To acquire both normal and agent job condition +- +- qemuDomainObjBeginJobWithAgent() +- - Waits until there is no normal and no agent job set +- - Sets both job.active and job.agentActive with required job types +- +- qemuDomainObjEndJobWithAgent() +- - Sets both job.active and job.agentActive to 0 +- - Signals on job.cond condition +- +- +- + To acquire the asynchronous job condition + + qemuDomainObjBeginAsyncJob() +@@ -302,41 +291,6 @@ Design patterns + virDomainObjEndAPI(&obj); + + +- * Invoking both monitor and agent commands on a virDomainObjPtr +- +- virDomainObjPtr obj; +- qemuAgentPtr agent; +- +- obj = qemuDomObjFromDomain(dom); +- +- qemuDomainObjBeginJobWithAgent(obj, QEMU_JOB_TYPE, QEMU_AGENT_JOB_TYPE); +- +- if (!virDomainObjIsActive(dom)) +- goto cleanup; +- +- ...do prep work... +- +- if (!qemuDomainAgentAvailable(obj, true)) +- goto cleanup; +- +- agent = qemuDomainObjEnterAgent(obj); +- qemuAgentXXXX(agent, ..); +- qemuDomainObjExitAgent(obj, agent); +- +- ... +- +- qemuDomainObjEnterMonitor(obj); +- qemuMonitorXXXX(priv->mon); +- qemuDomainObjExitMonitor(obj); +- +- /* Alternatively, talk to the monitor first and then talk to the agent. */ +- +- ...do final work... +- +- qemuDomainObjEndJobWithAgent(obj); +- virDomainObjEndAPI(&obj); +- +- + * Running asynchronous job + + virDomainObjPtr obj; +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index 3c67769771..b4792c9476 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -6905,26 +6905,6 @@ qemuDomainObjBeginAgentJob(virQEMUDriverPtr driver, + QEMU_ASYNC_JOB_NONE, false); + } + +-/** +- * qemuDomainObjBeginJobWithAgent: +- * +- * Grabs both monitor and agent types of job. Use if caller talks to +- * both monitor and guest agent. However, if @job (or @agentJob) is +- * QEMU_JOB_NONE (or QEMU_AGENT_JOB_NONE) only agent job is acquired (or +- * monitor job). +- * +- * To end job call qemuDomainObjEndJobWithAgent. +- */ +-int +-qemuDomainObjBeginJobWithAgent(virQEMUDriverPtr driver, +- virDomainObjPtr obj, +- qemuDomainJob job, +- qemuDomainAgentJob agentJob) +-{ +- return qemuDomainObjBeginJobInternal(driver, obj, job, agentJob, +- QEMU_ASYNC_JOB_NONE, false); +-} +- + int qemuDomainObjBeginAsyncJob(virQEMUDriverPtr driver, + virDomainObjPtr obj, + qemuDomainAsyncJob asyncJob, +@@ -7039,31 +7019,6 @@ qemuDomainObjEndAgentJob(virDomainObjPtr obj) + virCondBroadcast(&priv->job.cond); + } + +-void +-qemuDomainObjEndJobWithAgent(virQEMUDriverPtr driver, +- virDomainObjPtr obj) +-{ +- qemuDomainObjPrivatePtr priv = obj->privateData; +- qemuDomainJob job = priv->job.active; +- qemuDomainAgentJob agentJob = priv->job.agentActive; +- +- priv->jobs_queued--; +- +- VIR_DEBUG("Stopping both jobs: %s %s (async=%s vm=%p name=%s)", +- qemuDomainJobTypeToString(job), +- qemuDomainAgentJobTypeToString(agentJob), +- qemuDomainAsyncJobTypeToString(priv->job.asyncJob), +- obj, obj->def->name); +- +- qemuDomainObjResetJob(priv); +- qemuDomainObjResetAgentJob(priv); +- if (qemuDomainTrackJob(job)) +- qemuDomainObjSaveJob(driver, obj); +- /* We indeed need to wake up ALL threads waiting because +- * grabbing a job requires checking more variables. */ +- virCondBroadcast(&priv->job.cond); +-} +- + void + qemuDomainObjEndAsyncJob(virQEMUDriverPtr driver, virDomainObjPtr obj) + { +@@ -7097,9 +7052,9 @@ qemuDomainObjAbortAsyncJob(virDomainObjPtr obj) + * obj must be locked before calling + * + * To be called immediately before any QEMU monitor API call +- * Must have already either called qemuDomainObjBeginJob() or +- * qemuDomainObjBeginJobWithAgent() and checked that the VM is +- * still active; may not be used for nested async jobs. ++ * Must have already called qemuDomainObjBeginJob() and checked ++ * that the VM is still active; may not be used for nested async ++ * jobs. + * + * To be followed with qemuDomainObjExitMonitor() once complete + */ +@@ -7216,9 +7171,8 @@ qemuDomainObjEnterMonitorAsync(virQEMUDriverPtr driver, + * obj must be locked before calling + * + * To be called immediately before any QEMU agent API call. +- * Must have already called qemuDomainObjBeginAgentJob() or +- * qemuDomainObjBeginJobWithAgent() and checked that the VM is +- * still active. ++ * Must have already called qemuDomainObjBeginAgentJob() and ++ * checked that the VM is still active. + * + * To be followed with qemuDomainObjExitAgent() once complete + */ +diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h +index daed69e856..e4cc65c4cc 100644 +--- a/src/qemu/qemu_domain.h ++++ b/src/qemu/qemu_domain.h +@@ -527,11 +527,6 @@ int qemuDomainObjBeginAgentJob(virQEMUDriverPtr driver, + virDomainObjPtr obj, + qemuDomainAgentJob agentJob) + ATTRIBUTE_RETURN_CHECK; +-int qemuDomainObjBeginJobWithAgent(virQEMUDriverPtr driver, +- virDomainObjPtr obj, +- qemuDomainJob job, +- qemuDomainAgentJob agentJob) +- ATTRIBUTE_RETURN_CHECK; + int qemuDomainObjBeginAsyncJob(virQEMUDriverPtr driver, + virDomainObjPtr obj, + qemuDomainAsyncJob asyncJob, +@@ -550,8 +545,6 @@ int qemuDomainObjBeginJobNowait(virQEMUDriverPtr driver, + void qemuDomainObjEndJob(virQEMUDriverPtr driver, + virDomainObjPtr obj); + void qemuDomainObjEndAgentJob(virDomainObjPtr obj); +-void qemuDomainObjEndJobWithAgent(virQEMUDriverPtr driver, +- virDomainObjPtr obj); + void qemuDomainObjEndAsyncJob(virQEMUDriverPtr driver, + virDomainObjPtr obj); + void qemuDomainObjAbortAsyncJob(virDomainObjPtr obj); +-- +2.26.2 + diff --git a/SOURCES/libvirt-qemu-remove-use-of-qemuDomainObjBeginJobWithAgent.patch b/SOURCES/libvirt-qemu-remove-use-of-qemuDomainObjBeginJobWithAgent.patch new file mode 100644 index 0000000..d864ad2 --- /dev/null +++ b/SOURCES/libvirt-qemu-remove-use-of-qemuDomainObjBeginJobWithAgent.patch @@ -0,0 +1,75 @@ +From 618400932103613617f361134e446c6937c747c6 Mon Sep 17 00:00:00 2001 +Message-Id: <618400932103613617f361134e446c6937c747c6@dist-git> +From: Jonathon Jongsma +Date: Fri, 1 May 2020 16:53:40 -0500 +Subject: [PATCH] qemu: remove use of qemuDomainObjBeginJobWithAgent() + +This function will be removed in a future commit because it allows the +caller to acquire both monitor and agent jobs at the same time. Holding +both job types creates a vulnerability to denial of service from a +malicious guest agent. + +qemuDomainSetVcpusFlags() always passes NONE for either the monitor job +or the agent job (and thus is not vulnerable to the DoS), so we can +simply replace this function with the functions for acquiring the +appropriate type of job. + +Signed-off-by: Jonathon Jongsma +Reviewed-by: Michal Privoznik +(cherry picked from commit ffa5066a49686e61991759983b0d7d1ba707fe50) + +CVE-2019-20485 + +Signed-off-by: Jonathon Jongsma +Message-Id: <20200501215341.27683-5-jjongsma@redhat.com> +Reviewed-by: Michal Privoznik +--- + src/qemu/qemu_driver.c | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 0f6641702d..e1d9bbae99 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -5003,8 +5003,6 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, + virDomainDefPtr persistentDef; + bool hotpluggable = !!(flags & VIR_DOMAIN_VCPU_HOTPLUGGABLE); + bool useAgent = !!(flags & VIR_DOMAIN_VCPU_GUEST); +- qemuDomainJob job = QEMU_JOB_NONE; +- qemuDomainAgentJob agentJob = QEMU_AGENT_JOB_NONE; + int ret = -1; + + virCheckFlags(VIR_DOMAIN_AFFECT_LIVE | +@@ -5019,13 +5017,14 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, + if (virDomainSetVcpusFlagsEnsureACL(dom->conn, vm->def, flags) < 0) + goto cleanup; + +- if (useAgent) +- agentJob = QEMU_AGENT_JOB_MODIFY; +- else +- job = QEMU_JOB_MODIFY; + +- if (qemuDomainObjBeginJobWithAgent(driver, vm, job, agentJob) < 0) +- goto cleanup; ++ if (useAgent) { ++ if (qemuDomainObjBeginAgentJob(driver, vm, QEMU_AGENT_JOB_MODIFY) < 0) ++ goto cleanup; ++ } else { ++ if (qemuDomainObjBeginJob(driver, vm, QEMU_JOB_MODIFY) < 0) ++ goto cleanup; ++ } + + if (virDomainObjGetDefs(vm, flags, &def, &persistentDef) < 0) + goto endjob; +@@ -5039,7 +5038,7 @@ qemuDomainSetVcpusFlags(virDomainPtr dom, + nvcpus, hotpluggable); + + endjob: +- if (agentJob) ++ if (useAgent) + qemuDomainObjEndAgentJob(vm); + else + qemuDomainObjEndJob(driver, vm); +-- +2.26.2 + diff --git a/SOURCES/libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch b/SOURCES/libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch new file mode 100644 index 0000000..23740fd --- /dev/null +++ b/SOURCES/libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch @@ -0,0 +1,58 @@ +From 803a78645bdde8369ead4bc2f63fa878b2ac8d18 Mon Sep 17 00:00:00 2001 +Message-Id: <803a78645bdde8369ead4bc2f63fa878b2ac8d18@dist-git> +From: Yi Li +Date: Thu, 30 Apr 2020 09:49:12 -0400 +Subject: [PATCH] storage: Fix daemon crash on lookup storagepool by targetpath + +Causing a crash when storagePoolLookupByTargetPath beacuse of +Some types of storage pool have no target elements. +Use STREQ_NULLABLE instead of STREQ +Avoids segfaults when using NULL arguments. + +Core was generated by `/usr/sbin/libvirtd'. +Program terminated with signal 11, Segmentation fault. +(gdb) bt +0 0x0000ffff9e951388 in strcmp () from /lib64/libc.so.6 +1 0x0000ffff92103e9c in storagePoolLookupByTargetPathCallback ( + obj=0xffff7009aab0, opaque=0xffff801058b0) at storage/storage_driver.c:1649 +2 0x0000ffff9f2c52a4 in virStoragePoolObjListSearchCb ( + payload=0xffff801058b0, name=, opaque=) + at conf/virstorageobj.c:476 +3 0x0000ffff9f1f2f7c in virHashSearch (ctable=0xffff800f4f60, + iter=iter@entry=0xffff9f2c5278 , + data=data@entry=0xffff95af7488, name=name@entry=0x0) at util/virhash.c:696 +4 0x0000ffff9f2c64f0 in virStoragePoolObjListSearch (pools=0xffff800f2ce0, + searcher=searcher@entry=0xffff92103e68 , + opaque=) at conf/virstorageobj.c:505 +5 0x0000ffff92101f54 in storagePoolLookupByTargetPath (conn=0xffff5c0009f0, +path=0xffff7009a850 "/vms/images") at storage/storage_driver.c:1672 + +Reviewed-by: Cole Robinson +Signed-off-by: Yi Li +(cherry picked from commit dfff16a7c261f8d28e3abe60a47165f845fa952f) + +CVE-2020-10703 + +Signed-off-by: Cole Robinson +Message-Id: +Reviewed-by: Jiri Denemark +--- + src/storage/storage_driver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c +index 254818e308..f82f38d5e5 100644 +--- a/src/storage/storage_driver.c ++++ b/src/storage/storage_driver.c +@@ -1647,7 +1647,7 @@ storagePoolLookupByTargetPathCallback(virStoragePoolObjPtr obj, + return false; + + def = virStoragePoolObjGetDef(obj); +- return STREQ(path, def->target.path); ++ return STREQ_NULLABLE(path, def->target.path); + } + + +-- +2.26.2 + diff --git a/SOURCES/libvirt-virDevMapperGetTargetsImpl-Be-tolerant-to-kernels-without-DM-support.patch b/SOURCES/libvirt-virDevMapperGetTargetsImpl-Be-tolerant-to-kernels-without-DM-support.patch new file mode 100644 index 0000000..d5c94e5 --- /dev/null +++ b/SOURCES/libvirt-virDevMapperGetTargetsImpl-Be-tolerant-to-kernels-without-DM-support.patch @@ -0,0 +1,53 @@ +From a6cfd2e03c77fb54c384d66681900e32a80efdb7 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Michal Privoznik +Date: Mon, 11 May 2020 16:40:11 +0200 +Subject: [PATCH] virDevMapperGetTargetsImpl: Be tolerant to kernels without DM + support +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +https://bugzilla.redhat.com/show_bug.cgi?id=1591732 + +If kernel is compiled without CONFIG_BLK_DEV_DM enabled, there is +no /dev/mapper/control device and since dm_task_create() actually +does some ioctl() over it creating a task may fail. +To cope with this handle ENOENT and ENODEV gracefully. + +Signed-off-by: Michal Privoznik +Reviewed-by: Ján Tomko +(cherry picked from commit 170d1e31df064108d064910c77f6316eb6726985) + +https://bugzilla.redhat.com/show_bug.cgi?id=1823976 + +Signed-off-by: Michal Privoznik +Message-Id: <46a1c183bae2cf5070b54883d7a7540124822049.1589207928.git.mprivozn@redhat.com> +Reviewed-by: Jiri Denemark +--- + src/util/virdevmapper.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c +index b365f20145..7da0dba911 100644 +--- a/src/util/virdevmapper.c ++++ b/src/util/virdevmapper.c +@@ -87,8 +87,14 @@ virDevMapperGetTargetsImpl(const char *path, + return ret; + } + +- if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) ++ if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) { ++ if (errno == ENOENT || errno == ENODEV) { ++ /* It's okay. Kernel is probably built without ++ * devmapper support. */ ++ ret = 0; ++ } + return ret; ++ } + + if (!dm_task_set_name(dmt, path)) { + if (errno == ENOENT) { +-- +2.26.2 + diff --git a/SOURCES/libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-not-a-devmapper-target.patch b/SOURCES/libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-not-a-devmapper-target.patch new file mode 100644 index 0000000..623b863 --- /dev/null +++ b/SOURCES/libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-not-a-devmapper-target.patch @@ -0,0 +1,65 @@ +From 41d442c08990becc8adac8b6eede016a381d21ec Mon Sep 17 00:00:00 2001 +Message-Id: <41d442c08990becc8adac8b6eede016a381d21ec@dist-git> +From: Michal Privoznik +Date: Mon, 11 May 2020 16:40:12 +0200 +Subject: [PATCH] virDevMapperGetTargetsImpl: quit early if device is not a + devmapper target +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +As suggested in the linked bug, libvirt should firstly check +whether the major number of the device is device mapper major. +Because if it isn't subsequent DM_DEVICE_DEPS task may not only +fail, but also yield different results. In the bugzilla this is +demonstrated by creating a devmapper target named 'loop0' and +then creating loop target /dev/loop0. When the latter is then +passed to a domain, our virDevMapperGetTargetsImpl() function +blindly asks devmapper to provide target dependencies for +/dev/loop0 and because of the way devmapper APIs work, it will +'sanitize' the input by using the last component only which is +'loop0' and thus return different results than expected. + +Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1823976 + +Signed-off-by: Michal Privoznik +Reviewed-by: Ján Tomko +(cherry picked from commit 01626c668ecfbe465d18799ac4628e6127ea1d47) +Signed-off-by: Michal Privoznik +Message-Id: +Reviewed-by: Jiri Denemark +--- + src/util/virdevmapper.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c +index 7da0dba911..a360c3e677 100644 +--- a/src/util/virdevmapper.c ++++ b/src/util/virdevmapper.c +@@ -69,6 +69,7 @@ virDevMapperGetTargetsImpl(const char *path, + char ***devPaths_ret, + unsigned int ttl) + { ++ struct stat sb; + struct dm_task *dmt = NULL; + struct dm_deps *deps; + struct dm_info info; +@@ -87,6 +88,15 @@ virDevMapperGetTargetsImpl(const char *path, + return ret; + } + ++ if (stat(path, &sb) < 0) { ++ if (errno == ENOENT) ++ return 0; ++ return -1; ++ } ++ ++ if (!dm_is_dm_major(major(sb.st_dev))) ++ return 0; ++ + if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) { + if (errno == ENOENT || errno == ENODEV) { + /* It's okay. Kernel is probably built without +-- +2.26.2 + diff --git a/SOURCES/libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch b/SOURCES/libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch index 8ba56a5..ea293dd 100644 --- a/SOURCES/libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch +++ b/SOURCES/libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch @@ -1,5 +1,5 @@ -From 4dc1cae9cd7838a2d9dabac09d96955d95445449 Mon Sep 17 00:00:00 2001 -Message-Id: <4dc1cae9cd7838a2d9dabac09d96955d95445449@dist-git> +From 7fd73c056fa74ab32f5976ccbd2ce516f504088a Mon Sep 17 00:00:00 2001 +Message-Id: <7fd73c056fa74ab32f5976ccbd2ce516f504088a@dist-git> From: Pino Toscano Date: Mon, 23 Mar 2020 08:49:58 +0100 Subject: [PATCH] vmx: make 'fileName' optional for CD-ROMs @@ -27,6 +27,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1816034 Signed-off-by: Pino Toscano Message-Id: <20200323074958.377314-3-ptoscano@redhat.com> +Reviewed-by: Ján Tomko --- src/vmx/vmx.c | 25 ++++++++++--------- .../vmx2xmldata/vmx2xml-cdrom-ide-empty-2.vmx | 4 +++ @@ -196,5 +197,5 @@ index 7289dc91e3..143ff4c937 100644 DO_TEST("cdrom-ide-raw-device", "cdrom-ide-raw-device"); DO_TEST("cdrom-ide-raw-auto-detect", "cdrom-ide-raw-auto-detect"); -- -2.25.2 +2.26.0 diff --git a/SOURCES/libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch b/SOURCES/libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch index 7ac8a59..de0aff4 100644 --- a/SOURCES/libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch +++ b/SOURCES/libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch @@ -1,5 +1,5 @@ -From 9258231d7ff91fab9af219a38fbf36f95d48aeb5 Mon Sep 17 00:00:00 2001 -Message-Id: <9258231d7ff91fab9af219a38fbf36f95d48aeb5@dist-git> +From 6c30bd386f7039cf6f8828f4b8fa0865395828e1 Mon Sep 17 00:00:00 2001 +Message-Id: <6c30bd386f7039cf6f8828f4b8fa0865395828e1@dist-git> From: Pino Toscano Date: Mon, 23 Mar 2020 08:49:57 +0100 Subject: [PATCH] vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() @@ -23,6 +23,7 @@ https://bugzilla.redhat.com/show_bug.cgi?id=1816034 Signed-off-by: Pino Toscano Message-Id: <20200323074958.377314-2-ptoscano@redhat.com> +Reviewed-by: Ján Tomko --- src/vmx/vmx.c | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) @@ -108,5 +109,5 @@ index 937bf0c96b..89409870ff 100644 virDomainDiskSetType(*def, VIR_STORAGE_TYPE_BLOCK); -- -2.25.2 +2.26.0 diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec index 91e38c4..62685ce 100644 --- a/SPECS/libvirt.spec +++ b/SPECS/libvirt.spec @@ -253,7 +253,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 4.5.0 -Release: 33%{?dist}.1%{?extra_release} +Release: 36%{?dist}%{?extra_release} License: LGPLv2+ URL: https://libvirt.org/ @@ -632,6 +632,15 @@ Patch366: libvirt-node_device_conf-Don-t-leak-physical_function-in-virNodeDevice Patch367: libvirt-RHEL-qemuCheckUnprivSGIO-use-sysfs_path-to-get-unpriv_sgio.patch Patch368: libvirt-vmx-shortcut-earlier-few-ignore-cases-in-virVMXParseDisk.patch Patch369: libvirt-vmx-make-fileName-optional-for-CD-ROMs.patch +Patch370: libvirt-RHEL-Fix-migration-on-AMD-hosts-with-old-QEMU.patch +Patch371: libvirt-qemu-don-t-take-agent-and-monitor-job-for-shutdown.patch +Patch372: libvirt-qemu-don-t-hold-a-monitor-and-agent-job-for-reboot.patch +Patch373: libvirt-qemu-don-t-hold-monitor-and-agent-job-when-setting-time.patch +Patch374: libvirt-qemu-remove-use-of-qemuDomainObjBeginJobWithAgent.patch +Patch375: libvirt-qemu-remove-qemuDomainObjBegin-EndJobWithAgent.patch +Patch376: libvirt-storage-Fix-daemon-crash-on-lookup-storagepool-by-targetpath.patch +Patch377: libvirt-virDevMapperGetTargetsImpl-Be-tolerant-to-kernels-without-DM-support.patch +Patch378: libvirt-virDevMapperGetTargetsImpl-quit-early-if-device-is-not-a-devmapper-target.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -2534,9 +2543,22 @@ exit 0 %changelog -* Mon Mar 23 2020 Jiri Denemark - 4.5.0-33.el7_8.1 -- vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (rhbz#1816035) -- vmx: make 'fileName' optional for CD-ROMs (rhbz#1816035) +* Wed May 13 2020 Jiri Denemark - 4.5.0-36 +- virDevMapperGetTargetsImpl: Be tolerant to kernels without DM support (rhbz#1823976) +- virDevMapperGetTargetsImpl: quit early if device is not a devmapper target (rhbz#1823976) + +* Thu May 7 2020 Jiri Denemark - 4.5.0-35 +- qemu: don't take agent and monitor job for shutdown (CVE-2019-20485) +- qemu: don't hold a monitor and agent job for reboot (CVE-2019-20485) +- qemu: don't hold monitor and agent job when setting time (CVE-2019-20485) +- qemu: remove use of qemuDomainObjBeginJobWithAgent() (CVE-2019-20485) +- qemu: remove qemuDomainObjBegin/EndJobWithAgent() (CVE-2019-20485) +- storage: Fix daemon crash on lookup storagepool by targetpath (CVE-2020-10703) + +* Fri Apr 24 2020 Jiri Denemark - 4.5.0-34 +- vmx: shortcut earlier few 'ignore' cases in virVMXParseDisk() (rhbz#1815269) +- vmx: make 'fileName' optional for CD-ROMs (rhbz#1815269) +- RHEL: Fix migration on AMD hosts with old QEMU (rhbz#1815572) * Fri Feb 14 2020 Jiri Denemark - 4.5.0-33 - RHEL: qemuCheckUnprivSGIO: use @sysfs_path to get unpriv_sgio (rhbz#1801139)