From 6ff34c6314c5169b38af089b1cbbaec83b3aee4a Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Jun 18 2019 16:42:52 +0000 Subject: import virt-manager-2.0.0-5.1.el8_0 --- diff --git a/SOURCES/virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch b/SOURCES/virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch new file mode 100644 index 0000000..db4a432 --- /dev/null +++ b/SOURCES/virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch @@ -0,0 +1,61 @@ +From 6ba190915ed0be80b67423003dfdf183c47a2fb8 Mon Sep 17 00:00:00 2001 +Message-Id: <6ba190915ed0be80b67423003dfdf183c47a2fb8@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:55 +0200 +Subject: [PATCH] DomainCpu: check CPU model name only if model exists + +For CPU modes other then "custom" there is no model so we should not +check the suffix of model name. + +Signed-off-by: Pavel Hrdina +Reviewed-by: Cole Robinson +(cherry picked from commit c1ebd6730cb25b57124fad6c4030345356703320) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + tests/xmlparse.py | 4 ++++ + virtinst/domain/cpu.py | 9 +++++---- + 2 files changed, 9 insertions(+), 4 deletions(-) + +diff --git a/tests/xmlparse.py b/tests/xmlparse.py +index c9828fc8..58d3c1a6 100644 +--- a/tests/xmlparse.py ++++ b/tests/xmlparse.py +@@ -335,8 +335,12 @@ class XMLParseTest(unittest.TestCase): + check = self._make_checker(guest.cpu) + check("mode", "host-passthrough", "custom") + check("mode", "custom", "host-model") ++ guest.cpu.check_security_features(guest) ++ check("secure", False) + guest.cpu.set_model(guest, "qemu64") + check("model", "qemu64") ++ guest.cpu.check_security_features(guest) ++ check("secure", False) + + self._alter_compare(guest.get_xml(), outfile) + +diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py +index 1d468468..66fa649b 100644 +--- a/virtinst/domain/cpu.py ++++ b/virtinst/domain/cpu.py +@@ -136,10 +136,11 @@ class DomainCpu(XMLBuilder): + return + + guestFeatures = [f.name for f in self.features if f.policy == "require"] +- if self.model.endswith("IBRS"): +- guestFeatures.append("spec-ctrl") +- if self.model.endswith("IBPB"): +- guestFeatures.append("ibpb") ++ if self.model: ++ if self.model.endswith("IBRS"): ++ guestFeatures.append("spec-ctrl") ++ if self.model.endswith("IBPB"): ++ guestFeatures.append("ibpb") + + self.secure = set(features) <= set(guestFeatures) + +-- +2.21.0 + diff --git a/SOURCES/virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch b/SOURCES/virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch new file mode 100644 index 0000000..580e683 --- /dev/null +++ b/SOURCES/virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch @@ -0,0 +1,56 @@ +From 703abe06db1ecfadb7e5a5f877f86d41f367300d Mon Sep 17 00:00:00 2001 +Message-Id: <703abe06db1ecfadb7e5a5f877f86d41f367300d@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:54 +0200 +Subject: [PATCH] DomainCpu: fix detection of CPU security features + +VM configured with mode="host-model" will have the CPU definition +expanded once the VM is started. Libvirt will try to use the closest +CPU model with some features enabled/disabled. + +The issue is that there are some models that include spec-ctrl or ibpb +features and they will not appear in the explicit list of features and +virt-manager will not correctly detect if all security features are +enabled or not. As a workaround we can check the suffix of CPU model to +figure out which security features are enabled by the model itself. + +Signed-off-by: Pavel Hrdina +(cherry picked from commit 291f2ef21486cb54aadd40f07052aedfebef3792) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + virtinst/domain/cpu.py | 16 +++++++--------- + 1 file changed, 7 insertions(+), 9 deletions(-) + +diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py +index c6a411bb..1d468468 100644 +--- a/virtinst/domain/cpu.py ++++ b/virtinst/domain/cpu.py +@@ -135,15 +135,13 @@ class DomainCpu(XMLBuilder): + self.secure = False + return + +- for feature in features: +- exists = False +- for f in self.features: +- if f.name == feature and f.policy == "require": +- exists = True +- break +- if not exists: +- self.secure = False +- return ++ guestFeatures = [f.name for f in self.features if f.policy == "require"] ++ if self.model.endswith("IBRS"): ++ guestFeatures.append("spec-ctrl") ++ if self.model.endswith("IBPB"): ++ guestFeatures.append("ibpb") ++ ++ self.secure = set(features) <= set(guestFeatures) + + def _remove_security_features(self, guest): + domcaps = guest.lookup_domcaps() +-- +2.21.0 + diff --git a/SOURCES/virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch b/SOURCES/virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch new file mode 100644 index 0000000..ce5241e --- /dev/null +++ b/SOURCES/virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch @@ -0,0 +1,45 @@ +From 8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff Mon Sep 17 00:00:00 2001 +Message-Id: <8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 08:06:09 -0400 +Subject: [PATCH] cli: Fix pool=default when path belongs to another pool (bz + 1692489) + +From: Cole Robinson + +Using 'virt-install --disk size=X' implicitly uses pool=default. If +a pool named 'default' exists we use that; if not, and a pool using +the default path exists under a different name, we attempt to use +that as well, and if that doesn't exist, we create pool=default + +The second case is broken, so if there's no pool=default and eg. +pool=FOO points to /var/lib/libvirt/images, we still attempt to +look up pool=default which understandably fails + +https://bugzilla.redhat.com/show_bug.cgi?id=1692489 +(cherry picked from commit a0ca387aad0fde19683aa8b5b5636add6455b8b4) +Signed-off-by: Cole Robinson + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752 +--- + virtinst/cli.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/virtinst/cli.py b/virtinst/cli.py +index 21467a4d..63acb642 100644 +--- a/virtinst/cli.py ++++ b/virtinst/cli.py +@@ -2029,7 +2029,9 @@ class ParserDisk(VirtCLIParser): + poolobj = None + if poolname: + if poolname == "default": +- StoragePool.build_default_pool(self.guest.conn) ++ poolxml = StoragePool.build_default_pool(self.guest.conn) ++ if poolxml: ++ poolname = poolxml.name + poolobj = self.guest.conn.storagePoolLookupByName(poolname) + + if volname: +-- +2.21.0 + diff --git a/SOURCES/virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch b/SOURCES/virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch new file mode 100644 index 0000000..c86e925 --- /dev/null +++ b/SOURCES/virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch @@ -0,0 +1,40 @@ +From dc5ec3458d325c3824c62517d72d802b2c3caee2 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Pavel Hrdina +Date: Wed, 22 May 2019 18:08:31 +0200 +Subject: [PATCH] cli: fix cpu secure option to actually work + +The 'secure' option is processed after the model is already set. +CPU security options are resolved while setting CPU model so we need +to know the 'secure' option value before we set the CPU model. + +Signed-off-by: Pavel Hrdina +(cherry picked from commit 06c2f873972fd4c60a57c8b8f07fe3cec4ddfcf4) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + virtinst/cli.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/virtinst/cli.py b/virtinst/cli.py +index 0bfa3b94..139be8f9 100644 +--- a/virtinst/cli.py ++++ b/virtinst/cli.py +@@ -1493,11 +1493,11 @@ class ParserCPU(VirtCLIParser): + + + _register_virt_parser(ParserCPU) ++ParserCPU.add_arg("secure", "secure", is_onoff=True) + ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb) + ParserCPU.add_arg("mode", "mode") + ParserCPU.add_arg("match", "match") + ParserCPU.add_arg("vendor", "vendor") +-ParserCPU.add_arg("secure", "secure", is_onoff=True) + + ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb) + ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb) +-- +2.21.0 + diff --git a/SOURCES/virt-manager-cli-introduce-CPU-secure-parameter.patch b/SOURCES/virt-manager-cli-introduce-CPU-secure-parameter.patch new file mode 100644 index 0000000..bd17080 --- /dev/null +++ b/SOURCES/virt-manager-cli-introduce-CPU-secure-parameter.patch @@ -0,0 +1,202 @@ +From 55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e Mon Sep 17 00:00:00 2001 +Message-Id: <55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:51 +0200 +Subject: [PATCH] cli: introduce CPU secure parameter +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This will allow users to override the default behavior of virt-install +which copies CPU security features available on the host to the guest +XML if specific CPU model is configured. + +Signed-off-by: Pavel Hrdina +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 22342ef7ee526f8a5b5a65266363c33c70c8be43) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + man/virt-install.pod | 11 ++- + .../compare/virt-install-cpu-disable-sec.xml | 93 +++++++++++++++++++ + tests/clitest.py | 1 + + virtinst/cli.py | 1 + + virtinst/domain/cpu.py | 7 +- + 5 files changed, 111 insertions(+), 2 deletions(-) + create mode 100644 tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml + +diff --git a/man/virt-install.pod b/man/virt-install.pod +index 5b7a784c..1cd31fa2 100644 +--- a/man/virt-install.pod ++++ b/man/virt-install.pod +@@ -216,7 +216,16 @@ required value is MODEL, which is a valid CPU model as known to libvirt. + + Libvirt's feature policy values force, require, optional, disable, or forbid, + or with the shorthand '+feature' and '-feature', which equal 'force=feature' +-and 'disable=feature' respectively ++and 'disable=feature' respectively. ++ ++If exact CPU model is specified virt-install will automatically copy CPU ++features available on the host to mitigate recent CPU speculative execution ++side channel security vulnerabilities. This however will have some impact ++on performance and will break migration to hosts without security patches. ++In order to control this behavior there is a B parameter. Possible ++values are I and I, with I as the default. It is highly ++recommended to leave this enabled and ensure all virtualization hosts have ++fully up to date microcode, kernel & virtualization software installed. + + Some examples: + +diff --git a/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml +new file mode 100644 +index 00000000..a86d6926 +--- /dev/null ++++ b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml +@@ -0,0 +1,93 @@ ++ ++ foobar ++ 00000000-1111-2222-3333-444444444444 ++ 65536 ++ 65536 ++ 1 ++ ++ hvm ++ ++ ++ ++ ++ ++ ++ ++ qemu64 ++ ++ ++ ++ ++ ++ ++ destroy ++ ++ ++ ++ ++ ++ /usr/bin/qemu-kvm ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ foobar ++ 00000000-1111-2222-3333-444444444444 ++ 65536 ++ 65536 ++ 1 ++ ++ hvm ++ ++ ++ ++ ++ ++ ++ ++ qemu64 ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ /usr/bin/qemu-kvm ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ +diff --git a/tests/clitest.py b/tests/clitest.py +index ecdf3731..32ce66e6 100644 +--- a/tests/clitest.py ++++ b/tests/clitest.py +@@ -568,6 +568,7 @@ c.add_invalid("--clock foo_tickpolicy=merge") # Unknown timer + c.add_invalid("--security foobar") # Busted --security + c.add_compare("--cpuset auto --vcpus 2", "cpuset-auto") # --cpuset=auto actually works + c.add_compare("--memory 1024,hotplugmemorymax=2048,hotplugmemoryslots=2 --cpu cell0.cpus=0,cell0.memory=1048576 --memdev dimm,access=private,target_size=512,target_node=0,source_pagesize=4,source_nodemask=1-2 --memdev nvdimm,source_path=/path/to/nvdimm,target_size=512,target_node=0,target_label_size=128", "memory-hotplug") ++c.add_compare("--connect " + utils.URIs.kvm_q35 + " --cpu qemu64,secure=off", "cpu-disable-sec") # disable security features that are added by default + + + +diff --git a/virtinst/cli.py b/virtinst/cli.py +index b10c22aa..0bfa3b94 100644 +--- a/virtinst/cli.py ++++ b/virtinst/cli.py +@@ -1497,6 +1497,7 @@ ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb) + ParserCPU.add_arg("mode", "mode") + ParserCPU.add_arg("match", "match") + ParserCPU.add_arg("vendor", "vendor") ++ParserCPU.add_arg("secure", "secure", is_onoff=True) + + ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb) + ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb) +diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py +index e3992cf4..ab40f788 100644 +--- a/virtinst/domain/cpu.py ++++ b/virtinst/domain/cpu.py +@@ -65,6 +65,8 @@ class DomainCpu(XMLBuilder): + _XML_PROP_ORDER = ["mode", "match", "model", "vendor", + "sockets", "cores", "threads", "features"] + ++ secure = True ++ + special_mode_was_set = False + # These values are exposed on the command line, so are stable API + SPECIAL_MODE_HOST_MODEL_ONLY = "host-model-only" +@@ -127,7 +129,10 @@ class DomainCpu(XMLBuilder): + self.mode = "custom" + if not self.match: + self.match = "exact" +- self._add_security_features(guest) ++ if self.secure: ++ self._add_security_features(guest) ++ else: ++ self._remove_security_features(guest) + self.model = val + + def add_feature(self, name, policy="require"): +-- +2.21.0 + diff --git a/SOURCES/virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch b/SOURCES/virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch new file mode 100644 index 0000000..543db20 --- /dev/null +++ b/SOURCES/virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch @@ -0,0 +1,180 @@ +From 9080810abab3d5679d20b3b8874d2fce2c28d522 Mon Sep 17 00:00:00 2001 +Message-Id: <9080810abab3d5679d20b3b8874d2fce2c28d522@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:48 +0200 +Subject: [PATCH] domain: cpu: automatically add CPU security features for + "custom" mode + +If user selects specific CPU model to be configured for guest we will +automatically add CPU security features to make sure that the guest is +not vulnerable to these CPU HW bugs. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1582667 + +Signed-off-by: Pavel Hrdina +Reviewed-by: Cole Robinson +(cherry picked from commit fb5136a6a9457894ff1e24a1f9d5f0af0a8e8bd1) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + .../compare/virt-install-qemu-plain.xml | 2 ++ + .../virt-install-singleton-config-2.xml | 4 ++++ + tests/xmlparse.py | 6 +++--- + virtManager/domain.py | 2 +- + virtinst/cli.py | 2 +- + virtinst/domain/cpu.py | 20 +++++++++++++++---- + 6 files changed, 27 insertions(+), 9 deletions(-) + +diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml +index d00e0cf4..eb1542c3 100644 +--- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml ++++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml +@@ -20,6 +20,8 @@ + + + Penryn ++ ++ + + + +diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml +index 621639e1..0861f62a 100644 +--- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml ++++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml +@@ -93,6 +93,8 @@ + foobar + meee + ++ ++ + + + +@@ -282,6 +284,8 @@ + foobar + meee + ++ ++ + + + +diff --git a/tests/xmlparse.py b/tests/xmlparse.py +index 61552720..c9828fc8 100644 +--- a/tests/xmlparse.py ++++ b/tests/xmlparse.py +@@ -176,7 +176,7 @@ class XMLParseTest(unittest.TestCase): + + check = self._make_checker(guest.cpu) + check("match", "exact", "strict") +- guest.cpu.set_model("qemu64") ++ guest.cpu.set_model(guest, "qemu64") + check("model", "qemu64") + check("vendor", "Intel", "qemuvendor") + check("threads", 2, 1) +@@ -269,7 +269,7 @@ class XMLParseTest(unittest.TestCase): + + check = self._make_checker(guest.cpu) + check("model", None) +- guest.cpu.set_model("foobar") ++ guest.cpu.set_model(guest, "foobar") + check("model", "foobar") + check("model_fallback", None, "allow") + check("cores", None, 4) +@@ -335,7 +335,7 @@ class XMLParseTest(unittest.TestCase): + check = self._make_checker(guest.cpu) + check("mode", "host-passthrough", "custom") + check("mode", "custom", "host-model") +- guest.cpu.set_model("qemu64") ++ guest.cpu.set_model(guest, "qemu64") + check("model", "qemu64") + + self._alter_compare(guest.get_xml(), outfile) +diff --git a/virtManager/domain.py b/virtManager/domain.py +index 96469969..5b3f1e44 100644 +--- a/virtManager/domain.py ++++ b/virtManager/domain.py +@@ -513,7 +513,7 @@ class vmmDomain(vmmLibvirtObject): + if model in guest.cpu.SPECIAL_MODES: + guest.cpu.set_special_mode(guest, model) + else: +- guest.cpu.set_model(model) ++ guest.cpu.set_model(guest, model) + self._redefine_xmlobj(guest) + + def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL): +diff --git a/virtinst/cli.py b/virtinst/cli.py +index e384b03a..b10c22aa 100644 +--- a/virtinst/cli.py ++++ b/virtinst/cli.py +@@ -1442,7 +1442,7 @@ class ParserCPU(VirtCLIParser): + if val in inst.SPECIAL_MODES: + inst.set_special_mode(self.guest, val) + else: +- inst.set_model(val) ++ inst.set_model(self.guest, val) + + def set_feature_cb(self, inst, val, virtarg): + policy = virtarg.cliname +diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py +index 0673324c..e3992cf4 100644 +--- a/virtinst/domain/cpu.py ++++ b/virtinst/domain/cpu.py +@@ -103,19 +103,31 @@ class DomainCpu(XMLBuilder): + elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY: + if self.conn.caps.host.cpu.model: + self.clear() +- self.set_model(self.conn.caps.host.cpu.model) ++ self.set_model(guest, self.conn.caps.host.cpu.model) + else: + raise RuntimeError("programming error: unknown " + "special cpu mode '%s'" % val) + + self.special_mode_was_set = True + +- def set_model(self, val): ++ def _add_security_features(self, guest): ++ domcaps = guest.lookup_domcaps() ++ for feature in domcaps.get_cpu_security_features(): ++ exists = False ++ for f in self.features: ++ if f.name == feature: ++ exists = True ++ break ++ if not exists: ++ self.add_feature(feature) ++ ++ def set_model(self, guest, val): + logging.debug("setting cpu model %s", val) + if val: + self.mode = "custom" + if not self.match: + self.match = "exact" ++ self._add_security_features(guest) + self.model = val + + def add_feature(self, name, policy="require"): +@@ -147,7 +159,7 @@ class DomainCpu(XMLBuilder): + + self.mode = "custom" + self.match = "exact" +- self.set_model(model) ++ self.set_model(guest, model) + if fallback: + self.model_fallback = fallback + self.vendor = cpu.vendor +@@ -271,7 +283,7 @@ class DomainCpu(XMLBuilder): + + elif guest.os.is_arm64() and guest.os.is_arm_machvirt(): + # -M virt defaults to a 32bit CPU, even if using aarch64 +- self.set_model("cortex-a57") ++ self.set_model(guest, "cortex-a57") + + elif guest.os.is_x86() and guest.type == "kvm": + self._set_cpu_x86_kvm_default(guest) +-- +2.21.0 + diff --git a/SOURCES/virt-manager-domain-cpu-introduce-set_model-function.patch b/SOURCES/virt-manager-domain-cpu-introduce-set_model-function.patch new file mode 100644 index 0000000..fbc3871 --- /dev/null +++ b/SOURCES/virt-manager-domain-cpu-introduce-set_model-function.patch @@ -0,0 +1,161 @@ +From 220390ebd48b33d1d1fae747dc41f1aedd7646e0 Mon Sep 17 00:00:00 2001 +Message-Id: <220390ebd48b33d1d1fae747dc41f1aedd7646e0@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:47 +0200 +Subject: [PATCH] domain: cpu: introduce set_model function + +We will need to pass another variable into the setter so we cannot use +the property setter. + +Signed-off-by: Pavel Hrdina +Reviewed-by: Cole Robinson +(cherry picked from commit 6423f653fd2d895d5addf37a6d504dbc9a4a0d6f) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + tests/xmlparse.py | 11 +++++++---- + virtManager/domain.py | 2 +- + virtinst/cli.py | 2 +- + virtinst/domain/cpu.py | 28 +++++++++++++--------------- + 4 files changed, 22 insertions(+), 21 deletions(-) + +diff --git a/tests/xmlparse.py b/tests/xmlparse.py +index 709bc48f..61552720 100644 +--- a/tests/xmlparse.py ++++ b/tests/xmlparse.py +@@ -176,7 +176,8 @@ class XMLParseTest(unittest.TestCase): + + check = self._make_checker(guest.cpu) + check("match", "exact", "strict") +- check("model", "footest", "qemu64") ++ guest.cpu.set_model("qemu64") ++ check("model", "qemu64") + check("vendor", "Intel", "qemuvendor") + check("threads", 2, 1) + check("cores", 5, 3) +@@ -267,7 +268,9 @@ class XMLParseTest(unittest.TestCase): + guest.seclabels[0].get_xml().startswith(" XML + """ + XML_NAME = "cpu" +- _XML_PROP_ORDER = ["mode", "match", "_model", "vendor", ++ _XML_PROP_ORDER = ["mode", "match", "model", "vendor", + "sockets", "cores", "threads", "features"] + + special_mode_was_set = False +@@ -103,13 +103,21 @@ class DomainCpu(XMLBuilder): + elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY: + if self.conn.caps.host.cpu.model: + self.clear() +- self.model = self.conn.caps.host.cpu.model ++ self.set_model(self.conn.caps.host.cpu.model) + else: + raise RuntimeError("programming error: unknown " + "special cpu mode '%s'" % val) + + self.special_mode_was_set = True + ++ def set_model(self, val): ++ logging.debug("setting cpu model %s", val) ++ if val: ++ self.mode = "custom" ++ if not self.match: ++ self.match = "exact" ++ self.model = val ++ + def add_feature(self, name, policy="require"): + feature = self.features.add_new() + feature.name = name +@@ -139,7 +147,7 @@ class DomainCpu(XMLBuilder): + + self.mode = "custom" + self.match = "exact" +- self.model = model ++ self.set_model(model) + if fallback: + self.model_fallback = fallback + self.vendor = cpu.vendor +@@ -201,17 +209,7 @@ class DomainCpu(XMLBuilder): + # XML properties # + ################## + +- def _set_model(self, val): +- if val: +- self.mode = "custom" +- if not self.match: +- self.match = "exact" +- self._model = val +- def _get_model(self): +- return self._model +- _model = XMLProperty("./model") +- model = property(_get_model, _set_model) +- ++ model = XMLProperty("./model") + model_fallback = XMLProperty("./model/@fallback") + + match = XMLProperty("./@match") +@@ -273,7 +271,7 @@ class DomainCpu(XMLBuilder): + + elif guest.os.is_arm64() and guest.os.is_arm_machvirt(): + # -M virt defaults to a 32bit CPU, even if using aarch64 +- self.model = "cortex-a57" ++ self.set_model("cortex-a57") + + elif guest.os.is_x86() and guest.type == "kvm": + self._set_cpu_x86_kvm_default(guest) +-- +2.21.0 + diff --git a/SOURCES/virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch b/SOURCES/virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch new file mode 100644 index 0000000..7a84422 --- /dev/null +++ b/SOURCES/virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch @@ -0,0 +1,64 @@ +From 0424ece6003d2a06f41f4277bb258d6f753c70c6 Mon Sep 17 00:00:00 2001 +Message-Id: <0424ece6003d2a06f41f4277bb258d6f753c70c6@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:52 +0200 +Subject: [PATCH] domcapabilities: add caching of CPU security features +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We will call this function multiple times so it makes sense to cache the +result so we don't have to call libvirt APIs every time we will check +what security features are available on the host. + +Signed-off-by: Pavel Hrdina +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 00f8dea370ae0874dc655d3718978a6a8e397a34) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + virtinst/domcapabilities.py | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py +index 2905aa9e..6636addf 100644 +--- a/virtinst/domcapabilities.py ++++ b/virtinst/domcapabilities.py +@@ -260,6 +260,8 @@ class DomainCapabilities(XMLBuilder): + + return DomainCpu(self.conn, expandedXML) + ++ _features = None ++ + def get_cpu_security_features(self): + sec_features = [ + 'spec-ctrl', +@@ -267,7 +269,10 @@ class DomainCapabilities(XMLBuilder): + 'ibpb', + 'virt-ssbd'] + +- features = [] ++ if self._features: ++ return self._features ++ ++ self._features = [] + + for m in self.cpu.modes: + if m.name != "host-model" or not m.supported: +@@ -281,9 +286,9 @@ class DomainCapabilities(XMLBuilder): + + for feature in cpu.features: + if feature.name in sec_features: +- features.append(feature.name) ++ self._features.append(feature.name) + +- return features ++ return self._features + + + XML_NAME = "domainCapabilities" +-- +2.21.0 + diff --git a/SOURCES/virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch b/SOURCES/virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch new file mode 100644 index 0000000..ded1bf9 --- /dev/null +++ b/SOURCES/virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch @@ -0,0 +1,61 @@ +From 961ffb1709e7af8c394093aca94f64b4c5ffda36 Mon Sep 17 00:00:00 2001 +Message-Id: <961ffb1709e7af8c394093aca94f64b4c5ffda36@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:56 +0200 +Subject: [PATCH] domcapabilities: detect MDS new vulnerability + +There is a new security feature 'md-clear' that mitigates recent CPU +Microarchitectural Store Buffer Data vulnerability. + +Signed-off-by: Pavel Hrdina +(cherry picked from commit c11d6ba4d7024eaac83b6e2d6ae88172f4c01e98) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + man/virt-install.pod | 13 +++++++------ + virtinst/domcapabilities.py | 3 ++- + 2 files changed, 9 insertions(+), 7 deletions(-) + +diff --git a/man/virt-install.pod b/man/virt-install.pod +index 1cd31fa2..f845ccb3 100644 +--- a/man/virt-install.pod ++++ b/man/virt-install.pod +@@ -220,12 +220,13 @@ and 'disable=feature' respectively. + + If exact CPU model is specified virt-install will automatically copy CPU + features available on the host to mitigate recent CPU speculative execution +-side channel security vulnerabilities. This however will have some impact +-on performance and will break migration to hosts without security patches. +-In order to control this behavior there is a B parameter. Possible +-values are I and I, with I as the default. It is highly +-recommended to leave this enabled and ensure all virtualization hosts have +-fully up to date microcode, kernel & virtualization software installed. ++side channel and Microarchitectural Store Buffer Data security vulnerabilities. ++This however will have some impact on performance and will break migration ++to hosts without security patches. In order to control this behavior there ++is a B parameter. Possible values are I and I, with I ++as the default. It is highly recommended to leave this enabled and ensure all ++virtualization hosts have fully up to date microcode, kernel & virtualization ++software installed. + + Some examples: + +diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py +index 6636addf..74e5c842 100644 +--- a/virtinst/domcapabilities.py ++++ b/virtinst/domcapabilities.py +@@ -267,7 +267,8 @@ class DomainCapabilities(XMLBuilder): + 'spec-ctrl', + 'ssbd', + 'ibpb', +- 'virt-ssbd'] ++ 'virt-ssbd', ++ 'md-clear'] + + if self._features: + return self._features +-- +2.21.0 + diff --git a/SOURCES/virt-manager-domcapabilities-fix-typo-in-function-name.patch b/SOURCES/virt-manager-domcapabilities-fix-typo-in-function-name.patch new file mode 100644 index 0000000..cab17ba --- /dev/null +++ b/SOURCES/virt-manager-domcapabilities-fix-typo-in-function-name.patch @@ -0,0 +1,45 @@ +From 7c3db309efe09e0bdf8834842525c5aa91a80387 Mon Sep 17 00:00:00 2001 +Message-Id: <7c3db309efe09e0bdf8834842525c5aa91a80387@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:50 +0200 +Subject: [PATCH] domcapabilities: fix typo in function name +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Pavel Hrdina +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit b711b28b1af6998f57d5610139439518545663f0) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + virtinst/domcapabilities.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py +index 42a18f1e..2905aa9e 100644 +--- a/virtinst/domcapabilities.py ++++ b/virtinst/domcapabilities.py +@@ -244,7 +244,7 @@ class DomainCapabilities(XMLBuilder): + arch.text = self.arch + return ET.tostring(root, encoding="unicode") + +- def _get_expandned_cpu(self, mode): ++ def _get_expanded_cpu(self, mode): + cpuXML = self._convert_mode_to_cpu(mode.get_xml()) + logging.debug("CPU XML for security flag baseline: %s", cpuXML) + +@@ -274,7 +274,7 @@ class DomainCapabilities(XMLBuilder): + continue + + try: +- cpu = self._get_expandned_cpu(m) ++ cpu = self._get_expanded_cpu(m) + except libvirt.libvirtError as e: + logging.warning(_("Failed to get expanded CPU XML: %s"), e) + break +-- +2.21.0 + diff --git a/SOURCES/virt-manager-domcapabilities-introduce-get_cpu_security_features.patch b/SOURCES/virt-manager-domcapabilities-introduce-get_cpu_security_features.patch new file mode 100644 index 0000000..8abb577 --- /dev/null +++ b/SOURCES/virt-manager-domcapabilities-introduce-get_cpu_security_features.patch @@ -0,0 +1,108 @@ +From 6088fe594a3a5d383e345029473e2dd933dc8220 Mon Sep 17 00:00:00 2001 +Message-Id: <6088fe594a3a5d383e345029473e2dd933dc8220@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:46 +0200 +Subject: [PATCH] domcapabilities: introduce get_cpu_security_features + +Get all CPU security features that we should enable for guests. + +In order to do that we need to get CPU definition from domain +capabilities and modify the XML so it is in required format for +libvirt CPU baseline APIs. We will prefer the baselineHypervisorCPU +API because that considers what QEMU actually supports and we will +fallback to baselineCPU API if the better one is not supported by +libvirt. + +This way we can figure out which of the security features are actually +available on that specific host for that specific QEMU binary. + +Signed-off-by: Pavel Hrdina +Reviewed-by: Cole Robinson +(cherry picked from commit 4a8b6363c0891e37d9532213a046c5c57aedfd8b) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + virtinst/domcapabilities.py | 57 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 57 insertions(+) + +diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py +index 4cbb7f20..28ed8630 100644 +--- a/virtinst/domcapabilities.py ++++ b/virtinst/domcapabilities.py +@@ -8,7 +8,11 @@ + + import logging + import re ++import xml.etree.ElementTree as ET + ++import libvirt ++ ++from .domain import DomainCpu + from .xmlbuilder import XMLBuilder, XMLChildProperty, XMLProperty + + +@@ -232,6 +236,59 @@ class DomainCapabilities(XMLBuilder): + return [(m.name == "host-model" and m.supported) + for m in self.cpu.modes] + ++ def _convert_mode_to_cpu(self, xml): ++ root = ET.fromstring(xml) ++ root.tag = "cpu" ++ root.attrib = None ++ arch = ET.SubElement(root, "arch") ++ arch.text = self.arch ++ return ET.tostring(root, encoding="unicode") ++ ++ def _get_expandned_cpu(self, mode): ++ cpuXML = self._convert_mode_to_cpu(mode.get_xml()) ++ logging.debug("CPU XML for security flag baseline: %s", cpuXML) ++ ++ try: ++ expandedXML = self.conn.baselineHypervisorCPU( ++ self.path, self.arch, self.machine, self.domain, [cpuXML], ++ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES) ++ except libvirt.libvirtError: ++ expandedXML = self.conn.baselineCPU([cpuXML], ++ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES) ++ ++ logging.debug("Expanded CPU XML: %s", expandedXML) ++ ++ return DomainCpu(self.conn, expandedXML) ++ ++ def get_cpu_security_features(self): ++ sec_features = [ ++ 'pcid', ++ 'spec-ctrl', ++ 'ssbd', ++ 'pdpe1gb', ++ 'ibpb', ++ 'virt-ssbd', ++ 'amd-ssbd', ++ 'amd-no-ssb'] ++ ++ features = [] ++ ++ for m in self.cpu.modes: ++ if m.name != "host-model" or not m.supported: ++ continue ++ ++ try: ++ cpu = self._get_expandned_cpu(m) ++ except libvirt.libvirtError as e: ++ logging.warning(_("Failed to get expanded CPU XML: %s"), e) ++ break ++ ++ for feature in cpu.features: ++ if feature.name in sec_features: ++ features.append(feature.name) ++ ++ return features ++ + + XML_NAME = "domainCapabilities" + os = XMLChildProperty(_OS, is_single=True) +-- +2.21.0 + diff --git a/SOURCES/virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch b/SOURCES/virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch new file mode 100644 index 0000000..e81c786 --- /dev/null +++ b/SOURCES/virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch @@ -0,0 +1,99 @@ +From 1e605c106819be56f16e6e057015d7a42600c0ba Mon Sep 17 00:00:00 2001 +Message-Id: <1e605c106819be56f16e6e057015d7a42600c0ba@dist-git> +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:49 +0200 +Subject: [PATCH] domcapabilities: remove recommended CPU features from + security features +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +These features are only recommended to be enabled since they improve +performance of the VMs if security features are enabled. + +pcid is a very useful perf feature, but missing in some silicon +so not portable. + +pdpe1gb lets the guest use 1 GB pages which is good for perf +but again not all silicon can do it. + +amd-ssbd is a security feature which fixes the same SSBD flaws as the +virt-ssbd feature does. virt-ssbd is usable across all CPU models +affected by SSBD, while amd-ssbd is only available in very new silicon. +So virt-ssbd is the bette rchoice. + +amd-no-ssb just indicates that the CPU is not affected by SSBD, so not +critical to expose. I expect a future named CPU model will include that +where appropriate. + +Signed-off-by: Pavel Hrdina +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 29f815fbd23082dff79d2d716e32a644b5a15d4a) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + tests/cli-test-xml/compare/virt-install-qemu-plain.xml | 2 -- + .../compare/virt-install-singleton-config-2.xml | 4 ---- + virtinst/domcapabilities.py | 6 +----- + 3 files changed, 1 insertion(+), 11 deletions(-) + +diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml +index eb1542c3..d00e0cf4 100644 +--- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml ++++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml +@@ -20,8 +20,6 @@ + + + Penryn +- +- + + + +diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml +index 0861f62a..621639e1 100644 +--- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml ++++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml +@@ -93,8 +93,6 @@ + foobar + meee + +- +- + + + +@@ -284,8 +282,6 @@ + foobar + meee + +- +- + + + +diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py +index 28ed8630..42a18f1e 100644 +--- a/virtinst/domcapabilities.py ++++ b/virtinst/domcapabilities.py +@@ -262,14 +262,10 @@ class DomainCapabilities(XMLBuilder): + + def get_cpu_security_features(self): + sec_features = [ +- 'pcid', + 'spec-ctrl', + 'ssbd', +- 'pdpe1gb', + 'ibpb', +- 'virt-ssbd', +- 'amd-ssbd', +- 'amd-no-ssb'] ++ 'virt-ssbd'] + + features = [] + +-- +2.21.0 + diff --git a/SOURCES/virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch b/SOURCES/virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch new file mode 100644 index 0000000..1386b10 --- /dev/null +++ b/SOURCES/virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch @@ -0,0 +1,102 @@ +From c4ce5e02fededc9121c181a7b20ea0e6ebd1c1de Mon Sep 17 00:00:00 2001 +Message-Id: +From: Pavel Hrdina +Date: Wed, 15 May 2019 08:06:10 -0400 +Subject: [PATCH] tests: clitest: Add a test case for the last commit + +From: Cole Robinson + +We need a custom test driver input to reproduce the pool collision + +(cherry picked from commit fcabcb7a95c9dd81fb7c1335c3c181bb08a31ad0) +Signed-off-by: Cole Robinson + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752 +--- + .../testdriver-defaultpool-collision.xml | 47 +++++++++++++++++++ + tests/clitest.py | 1 + + tests/utils.py | 2 + + 3 files changed, 50 insertions(+) + create mode 100644 tests/cli-test-xml/testdriver-defaultpool-collision.xml + +diff --git a/tests/cli-test-xml/testdriver-defaultpool-collision.xml b/tests/cli-test-xml/testdriver-defaultpool-collision.xml +new file mode 100644 +index 00000000..1343f812 +--- /dev/null ++++ b/tests/cli-test-xml/testdriver-defaultpool-collision.xml +@@ -0,0 +1,47 @@ ++ ++ ++ ++ 1 ++ 4 ++ 4 ++ 1 ++ 4 ++ 4000 ++ i686 ++ ++ 10000000 ++ ++ ++ ++ default ++ 715666b7-dbd4-6c78-fa55-94863da09f2d ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ ++ default-pool-path-collision ++ 35bb2ad9-388a-cdfe-461a-b8907f6e53fe ++ 107374182400 ++ 0 ++ 107374182400 ++ ++ ++ ++ /var/lib/libvirt/images ++ ++ 0700 ++ 10736 ++ 10736 ++ ++ ++ ++ ++ +diff --git a/tests/clitest.py b/tests/clitest.py +index 824293e4..ecdf3731 100644 +--- a/tests/clitest.py ++++ b/tests/clitest.py +@@ -684,6 +684,7 @@ c.add_valid("--nodisks --pxe", grep="VM performance may suffer") # os variant w + c.add_invalid("--hvm --nodisks --pxe foobar") # Positional arguments error + c.add_invalid("--nodisks --pxe --name test") # Colliding name + c.add_compare("--cdrom %(EXISTIMG1)s --disk size=1 --disk %(EXISTIMG2)s,device=cdrom", "cdrom-double") # ensure --disk device=cdrom is ordered after --cdrom, this is important for virtio-win installs with a driver ISO ++c.add_valid("--connect %s --pxe --disk size=1" % utils.URIs.test_defaultpool_collision) # testdriver already has a pool using the 'default' path, make sure we don't error + + + +diff --git a/tests/utils.py b/tests/utils.py +index d22933d3..ef7c613a 100644 +--- a/tests/utils.py ++++ b/tests/utils.py +@@ -56,6 +56,8 @@ class _URIs(object): + self.test_full = _testtmpl % (os.getcwd() + "/tests/testdriver.xml") + self.test_suite = _testtmpl % (os.getcwd() + "/tests/testsuite.xml") + self.test_remote = self.test_full + ",remote" ++ self.test_defaultpool_collision = (_testtmpl % (os.getcwd() + ++ "/tests/cli-test-xml/testdriver-defaultpool-collision.xml")) + + self.xen = self.test_full + _caps("xen-rhel5.4.xml") + ",xen" + self.lxc = self.test_full + _caps("lxc.xml") + ",lxc" +-- +2.21.0 + diff --git a/SOURCES/virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch b/SOURCES/virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch new file mode 100644 index 0000000..903944b --- /dev/null +++ b/SOURCES/virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch @@ -0,0 +1,186 @@ +From c05e60de1acb174bb40257d3481267e35dc62960 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Pavel Hrdina +Date: Wed, 15 May 2019 10:37:53 +0200 +Subject: [PATCH] virt-manager: add new checkbox to control CPU security + features +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +By default we copy CPU security features to the guest if specific CPU +model is selected. However, this may break migration and will affect +performance of the guest. This adds an option to disable this default +behavior. + +The checkbox is clickable only on x86 and only on host where we can +detect any CPU security features, otherwise a tooltip is set to notify +users that there is nothing to copy. + +Signed-off-by: Pavel Hrdina +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 8720637cff7b0766d9e27a60b0f81740176d70c8) + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402 + +Signed-off-by: Pavel Hrdina +--- + ui/details.ui | 15 +++++++++++++++ + virtManager/details.py | 21 +++++++++++++++++++++ + virtManager/domain.py | 5 +++-- + virtinst/domain/cpu.py | 30 ++++++++++++++++++++++++++++++ + 4 files changed, 69 insertions(+), 2 deletions(-) + +diff --git a/ui/details.ui b/ui/details.ui +index c18070c8..1e1be759 100644 +--- a/ui/details.ui ++++ b/ui/details.ui +@@ -2122,6 +2122,21 @@ + 1 + + ++ ++ ++ Enable available CPU security flaw mitigations ++ True ++ True ++ False ++ True ++ ++ ++ ++ 0 ++ 2 ++ 2 ++ ++ + + + +diff --git a/virtManager/details.py b/virtManager/details.py +index b7e7fc14..b8899d77 100644 +--- a/virtManager/details.py ++++ b/virtManager/details.py +@@ -523,6 +523,7 @@ class vmmDetails(vmmGObjectUI): + "on_cpu_maxvcpus_changed": self.config_maxvcpus_changed, + "on_cpu_model_changed": lambda *x: self.config_cpu_model_changed(x), + "on_cpu_copy_host_clicked": self.on_cpu_copy_host_clicked, ++ "on_cpu_secure_toggled": self.on_cpu_secure_toggled, + "on_cpu_cores_changed": self.config_cpu_topology_changed, + "on_cpu_sockets_changed": self.config_cpu_topology_changed, + "on_cpu_threads_changed": self.config_cpu_topology_changed, +@@ -1716,6 +1717,11 @@ class vmmDetails(vmmGObjectUI): + def on_cpu_copy_host_clicked(self, src): + uiutil.set_grid_row_visible( + self.widget("cpu-model"), not src.get_active()) ++ uiutil.set_grid_row_visible( ++ self.widget("cpu-secure"), not src.get_active()) ++ self.enable_apply(EDIT_CPU) ++ ++ def on_cpu_secure_toggled(self, ignore): + self.enable_apply(EDIT_CPU) + + def config_cpu_model_changed(self, ignore): +@@ -2014,6 +2020,7 @@ class vmmDetails(vmmGObjectUI): + + if self.edited(EDIT_CPU): + kwargs["model"] = self.get_config_cpu_model() ++ kwargs["secure"] = self.widget("cpu-secure").get_active() + + if self.edited(EDIT_TOPOLOGY): + do_top = self.widget("cpu-topology-enable").get_active() +@@ -2574,6 +2581,11 @@ class vmmDetails(vmmGObjectUI): + n1, n2 = self.vm.network_traffic_vectors() + self.network_traffic_graph.set_property("data_array", n1 + n2) + ++ def _cpu_secure_is_available(self): ++ domcaps = self.vm.get_domain_capabilities() ++ features = domcaps.get_cpu_security_features() ++ return self.vm.get_xmlobj().os.is_x86() and len(features) > 0 ++ + def refresh_config_cpu(self): + # Set topology first, because it impacts maxvcpus values + cpu = self.vm.get_cpu_config() +@@ -2627,6 +2639,15 @@ class vmmDetails(vmmGObjectUI): + self.widget("cpu-copy-host").set_active(bool(is_host)) + self.on_cpu_copy_host_clicked(self.widget("cpu-copy-host")) + ++ if not self._cpu_secure_is_available(): ++ self.widget("cpu-secure").set_sensitive(False) ++ self.widget("cpu-secure").set_tooltip_text( ++ "No security features to copy, the host is missing " ++ "security patches or the host CPU is not vulnerable.") ++ ++ cpu.check_security_features(self.vm.get_xmlobj()) ++ self.widget("cpu-secure").set_active(cpu.secure) ++ + def refresh_config_memory(self): + host_mem_widget = self.widget("state-host-memory") + host_mem = self.vm.conn.host_memory_size() // 1024 +diff --git a/virtManager/domain.py b/virtManager/domain.py +index 5b3f1e44..c8f4e822 100644 +--- a/virtManager/domain.py ++++ b/virtManager/domain.py +@@ -495,7 +495,7 @@ class vmmDomain(vmmLibvirtObject): + self._redefine_xmlobj(xmlobj) + + def define_cpu(self, vcpus=_SENTINEL, maxvcpus=_SENTINEL, +- model=_SENTINEL, sockets=_SENTINEL, ++ model=_SENTINEL, secure=_SENTINEL, sockets=_SENTINEL, + cores=_SENTINEL, threads=_SENTINEL): + guest = self._make_xmlobj_to_define() + +@@ -509,7 +509,8 @@ class vmmDomain(vmmLibvirtObject): + guest.cpu.cores = cores + guest.cpu.threads = threads + +- if model != _SENTINEL: ++ if secure != _SENTINEL or model != _SENTINEL: ++ guest.cpu.secure = secure + if model in guest.cpu.SPECIAL_MODES: + guest.cpu.set_special_mode(guest, model) + else: +diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py +index ab40f788..c6a411bb 100644 +--- a/virtinst/domain/cpu.py ++++ b/virtinst/domain/cpu.py +@@ -123,6 +123,36 @@ class DomainCpu(XMLBuilder): + if not exists: + self.add_feature(feature) + ++ def check_security_features(self, guest): ++ """ ++ Since 'secure' property is not exported into the domain XML ++ we might need to refresh its state. ++ """ ++ domcaps = guest.lookup_domcaps() ++ features = domcaps.get_cpu_security_features() ++ ++ if len(features) == 0: ++ self.secure = False ++ return ++ ++ for feature in features: ++ exists = False ++ for f in self.features: ++ if f.name == feature and f.policy == "require": ++ exists = True ++ break ++ if not exists: ++ self.secure = False ++ return ++ ++ def _remove_security_features(self, guest): ++ domcaps = guest.lookup_domcaps() ++ for feature in domcaps.get_cpu_security_features(): ++ for f in self.features: ++ if f.name == feature and f.policy == "require": ++ self.remove_child(f) ++ break ++ + def set_model(self, guest, val): + logging.debug("setting cpu model %s", val) + if val: +-- +2.21.0 + diff --git a/SPECS/virt-manager.spec b/SPECS/virt-manager.spec index 85293ec..e7dec3d 100644 --- a/SPECS/virt-manager.spec +++ b/SPECS/virt-manager.spec @@ -13,7 +13,7 @@ Name: virt-manager Version: 2.0.0 -Release: 5%{?dist}%{?extra_release} +Release: 5.1%{?dist}%{?extra_release} %global verrel %{version}-%{release} Summary: Desktop tool for managing virtual machines via libvirt @@ -32,6 +32,20 @@ Patch6: virt-manager-cli-s390x-graphics-specified-use-video-virtio-bz-1654994.pa Patch7: virt-manager-diskbackend-Fix-backtrace-cloning-with-block-storage-bz-1661986.patch Patch8: virt-manager-inspection-fix-check-of-null-icon.patch Patch9: virt-manager-urldetect-Check-also-for-treeinfo-bz-1689252.patch +Patch10: virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch +Patch11: virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch +Patch12: virt-manager-domcapabilities-introduce-get_cpu_security_features.patch +Patch13: virt-manager-domain-cpu-introduce-set_model-function.patch +Patch14: virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch +Patch15: virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch +Patch16: virt-manager-domcapabilities-fix-typo-in-function-name.patch +Patch17: virt-manager-cli-introduce-CPU-secure-parameter.patch +Patch18: virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch +Patch19: virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch +Patch20: virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch +Patch21: virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch +Patch22: virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch +Patch23: virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch Requires: virt-manager-common = %{verrel} @@ -217,6 +231,22 @@ done %changelog +* Mon Jun 3 2019 Pavel Hrdina - 2.0.0-5.1.el8 +- cli: Fix pool=default when path belongs to another pool (bz 1692489) (rhbz#1714752) +- tests: clitest: Add a test case for the last commit (rhbz#1714752) +- domcapabilities: introduce get_cpu_security_features (rhbz#1716402) +- domain: cpu: introduce set_model function (rhbz#1716402) +- domain: cpu: automatically add CPU security features for "custom" mode (rhbz#1716402) +- domcapabilities: remove recommended CPU features from security features (rhbz#1716402) +- domcapabilities: fix typo in function name (rhbz#1716402) +- cli: introduce CPU secure parameter (rhbz#1716402) +- domcapabilities: add caching of CPU security features (rhbz#1716402) +- virt-manager: add new checkbox to control CPU security features (rhbz#1716402) +- DomainCpu: fix detection of CPU security features (rhbz#1716402) +- DomainCpu: check CPU model name only if model exists (rhbz#1716402) +- domcapabilities: detect MDS new vulnerability (rhbz#1716402) +- cli: fix cpu secure option to actually work (rhbz#1716402) + * Thu Mar 21 2019 Pavel Hrdina - 2.0.0-5 - urldetect: Check also for 'treeinfo' (bz 1689252) (rhbz#1689252)