diff options
Diffstat (limited to 'external/meta-virtualization/recipes-extended/libvirt/libvirt')
11 files changed, 1631 insertions, 0 deletions
diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/0001-cpu_x86-Do-not-cache-microcode-version.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/0001-cpu_x86-Do-not-cache-microcode-version.patch new file mode 100644 index 00000000..4413d5fb --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/0001-cpu_x86-Do-not-cache-microcode-version.patch @@ -0,0 +1,59 @@ +From 33998cdd47300fc3ca6cb8f85714c149440b9c8b Mon Sep 17 00:00:00 2001 +From: Jiri Denemark <jdenemar@redhat.com> +Date: Fri, 5 Apr 2019 11:33:32 +0200 +Subject: [PATCH 01/11] cpu_x86: Do not cache microcode version +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The microcode version checks are used to invalidate cached CPU data we +get from QEMU. To minimize /proc/cpuinfo parsing the microcode version +was only read when libvirtd started and cached for the daemon's +lifetime. However, the CPU microcode can change anytime (updating the +microcode package can automatically upload it to the CPU) and we need to +stop caching it to avoid using stale CPU model data. + +Signed-off-by: Jiri Denemark <jdenemar@redhat.com> +Reviewed-by: Ján Tomko <jtomko@redhat.com> +(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b) + +Upstream-Status: Backport +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/cpu/cpu_x86.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c +index cb27550..ce48ca6 100644 +--- a/src/cpu/cpu_x86.c ++++ b/src/cpu/cpu_x86.c +@@ -163,7 +163,6 @@ struct _virCPUx86Map { + }; + + static virCPUx86MapPtr cpuMap; +-static unsigned int microcodeVersion; + + int virCPUx86DriverOnceInit(void); + VIR_ONCE_GLOBAL_INIT(virCPUx86Driver); +@@ -1331,8 +1330,6 @@ virCPUx86DriverOnceInit(void) + if (!(cpuMap = virCPUx86LoadMap())) + return -1; + +- microcodeVersion = virHostCPUGetMicrocodeVersion(); +- + return 0; + } + +@@ -2372,7 +2369,7 @@ virCPUx86GetHost(virCPUDefPtr cpu, + goto cleanup; + + ret = x86DecodeCPUData(cpu, cpuData, models); +- cpu->microcodeVersion = microcodeVersion; ++ cpu->microcodeVersion = virHostCPUGetMicrocodeVersion(); + + cleanup: + virCPUx86DataFree(cpuData); +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/0002-qemu-Don-t-cache-microcode-version.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/0002-qemu-Don-t-cache-microcode-version.patch new file mode 100644 index 00000000..6d0f2986 --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/0002-qemu-Don-t-cache-microcode-version.patch @@ -0,0 +1,155 @@ +From d606ac113007901522dab6c4b3979686d43eaa87 Mon Sep 17 00:00:00 2001 +From: Jiri Denemark <jdenemar@redhat.com> +Date: Fri, 12 Apr 2019 21:21:05 +0200 +Subject: [PATCH 02/11] qemu: Don't cache microcode version +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +My earlier commit be46f61326 was incomplete. It removed caching of +microcode version in the CPU driver, which means the capabilities XML +will see the correct microcode version. But it is also cached in the +QEMU capabilities cache where it is used to detect whether we need to +reprobe QEMU. By missing the second place, the original commit +be46f61326 made the situation even worse since libvirt would report +correct microcode version while still using the old host CPU model +(visible in domain capabilities XML). + +Signed-off-by: Jiri Denemark <jdenemar@redhat.com> +Reviewed-by: Ján Tomko <jtomko@redhat.com> +(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9) + +Conflicts: + src/qemu/qemu_capabilities.c + - virQEMUCapsCacheLookupByArch refactoring (commits + 7948ad4129a and 1a3de67001c) are missing + +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> + +Upstream-Status: Backport +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/qemu/qemu_capabilities.c | 12 ++++++++---- + src/qemu/qemu_capabilities.h | 3 +-- + src/qemu/qemu_driver.c | 9 +-------- + tests/testutilsqemu.c | 2 +- + 4 files changed, 11 insertions(+), 15 deletions(-) + +diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c +index a075677..eaf369f 100644 +--- a/src/qemu/qemu_capabilities.c ++++ b/src/qemu/qemu_capabilities.c +@@ -4700,7 +4700,7 @@ virQEMUCapsNewData(const char *binary, + priv->libDir, + priv->runUid, + priv->runGid, +- priv->microcodeVersion, ++ virHostCPUGetMicrocodeVersion(), + priv->kernelVersion); + } + +@@ -4783,8 +4783,7 @@ virFileCachePtr + virQEMUCapsCacheNew(const char *libDir, + const char *cacheDir, + uid_t runUid, +- gid_t runGid, +- unsigned int microcodeVersion) ++ gid_t runGid) + { + char *capsCacheDir = NULL; + virFileCachePtr cache = NULL; +@@ -4808,7 +4807,6 @@ virQEMUCapsCacheNew(const char *libDir, + + priv->runUid = runUid; + priv->runGid = runGid; +- priv->microcodeVersion = microcodeVersion; + + if (uname(&uts) == 0 && + virAsprintf(&priv->kernelVersion, "%s %s", uts.release, uts.version) < 0) +@@ -4829,8 +4827,11 @@ virQEMUCapsPtr + virQEMUCapsCacheLookup(virFileCachePtr cache, + const char *binary) + { ++ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache); + virQEMUCapsPtr ret = NULL; + ++ priv->microcodeVersion = virHostCPUGetMicrocodeVersion(); ++ + ret = virFileCacheLookup(cache, binary); + + VIR_DEBUG("Returning caps %p for %s", ret, binary); +@@ -4876,10 +4877,13 @@ virQEMUCapsPtr + virQEMUCapsCacheLookupByArch(virFileCachePtr cache, + virArch arch) + { ++ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache); + virQEMUCapsPtr ret = NULL; + virArch target; + struct virQEMUCapsSearchData data = { .arch = arch }; + ++ priv->microcodeVersion = virHostCPUGetMicrocodeVersion(); ++ + ret = virFileCacheLookupByFunc(cache, virQEMUCapsCompareArch, &data); + if (!ret) { + /* If the first attempt at finding capabilities has failed, try +diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h +index 3d3a978..956babc 100644 +--- a/src/qemu/qemu_capabilities.h ++++ b/src/qemu/qemu_capabilities.h +@@ -574,8 +574,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr qemuCaps, + virFileCachePtr virQEMUCapsCacheNew(const char *libDir, + const char *cacheDir, + uid_t uid, +- gid_t gid, +- unsigned int microcodeVersion); ++ gid_t gid); + virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache, + const char *binary); + virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache, +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index a0f7c71..75f8699 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -592,8 +592,6 @@ qemuStateInitialize(bool privileged, + char *hugepagePath = NULL; + char *memoryBackingPath = NULL; + size_t i; +- virCPUDefPtr hostCPU = NULL; +- unsigned int microcodeVersion = 0; + + if (VIR_ALLOC(qemu_driver) < 0) + return -1; +@@ -813,15 +811,10 @@ qemuStateInitialize(bool privileged, + run_gid = cfg->group; + } + +- if ((hostCPU = virCPUProbeHost(virArchFromHost()))) +- microcodeVersion = hostCPU->microcodeVersion; +- virCPUDefFree(hostCPU); +- + qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir, + cfg->cacheDir, + run_uid, +- run_gid, +- microcodeVersion); ++ run_gid); + if (!qemu_driver->qemuCapsCache) + goto error; + +diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c +index 8438613..4e53f03 100644 +--- a/tests/testutilsqemu.c ++++ b/tests/testutilsqemu.c +@@ -707,7 +707,7 @@ int qemuTestDriverInit(virQEMUDriver *driver) + + /* Using /dev/null for libDir and cacheDir automatically produces errors + * upon attempt to use any of them */ +- driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0, 0); ++ driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", 0, 0); + if (!driver->qemuCapsCache) + goto error; + +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p1.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p1.patch new file mode 100644 index 00000000..45f51d4a --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p1.patch @@ -0,0 +1,894 @@ +From b15a3c9f9bd24d12082b5a6ea505eb3ea48137cb Mon Sep 17 00:00:00 2001 +From: Jiri Denemark <jdenemar@redhat.com> +Date: Fri, 5 Apr 2019 11:19:30 +0200 +Subject: [PATCH 03/11] cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Jiri Denemark <jdenemar@redhat.com> +(cherry picked from commit 5cd9db3ac11e88846cbcf95fad9f6fae9d880dee) + +CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + +Conflicts: + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml + - intel-pt feature is missing + - stibp feature is missing + +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> + +Upstream-Status: Backport + +CVE: CVE-2018-12126 +CVE: CVE-2018-12127 +CVE: CVE-2018-12130 +CVE: CVE-2019-11091 + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + tests/cputest.c | 1 + + .../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml | 7 + + .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 8 + + .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 26 + + .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 27 + + .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 10 + + .../cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json | 652 +++++++++++++++++++++ + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig | 4 + + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml | 47 ++ + 9 files changed, 782 insertions(+) + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml + +diff --git a/tests/cputest.c b/tests/cputest.c +index baf2b3c..fbb2a86 100644 +--- a/tests/cputest.c ++++ b/tests/cputest.c +@@ -1190,6 +1190,7 @@ mymain(void) + DO_TEST_CPUID(VIR_ARCH_X86_64, "Phenom-B95", JSON_HOST); + DO_TEST_CPUID(VIR_ARCH_X86_64, "Ryzen-7-1800X-Eight-Core", JSON_HOST); + DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-5110", JSON_NONE); ++ DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1225-v5", JSON_MODELS); + DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1245-v5", JSON_MODELS); + DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2609-v3", JSON_MODELS); + DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2623-v4", JSON_MODELS); +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml +new file mode 100644 +index 0000000..ce51903 +--- /dev/null ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml +@@ -0,0 +1,7 @@ ++<!-- Features disabled by QEMU --> ++<cpudata arch='x86'> ++ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x0800c1fc' edx='0xb0600000'/> ++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x02000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/> ++</cpudata> +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml +new file mode 100644 +index 0000000..0deca9f +--- /dev/null ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml +@@ -0,0 +1,8 @@ ++<!-- Features enabled by QEMU --> ++<cpudata arch='x86'> ++ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/> ++ <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/> ++ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/> ++</cpudata> +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml +new file mode 100644 +index 0000000..993db80 +--- /dev/null ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml +@@ -0,0 +1,26 @@ ++<cpu mode='custom' match='exact'> ++ <model fallback='forbid'>Skylake-Client-IBRS</model> ++ <vendor>Intel</vendor> ++ <feature policy='require' name='ds'/> ++ <feature policy='require' name='acpi'/> ++ <feature policy='require' name='ss'/> ++ <feature policy='require' name='ht'/> ++ <feature policy='require' name='tm'/> ++ <feature policy='require' name='pbe'/> ++ <feature policy='require' name='dtes64'/> ++ <feature policy='require' name='monitor'/> ++ <feature policy='require' name='ds_cpl'/> ++ <feature policy='require' name='vmx'/> ++ <feature policy='require' name='smx'/> ++ <feature policy='require' name='est'/> ++ <feature policy='require' name='tm2'/> ++ <feature policy='require' name='xtpr'/> ++ <feature policy='require' name='pdcm'/> ++ <feature policy='require' name='osxsave'/> ++ <feature policy='require' name='tsc_adjust'/> ++ <feature policy='require' name='clflushopt'/> ++ <feature policy='require' name='ssbd'/> ++ <feature policy='require' name='xsaves'/> ++ <feature policy='require' name='pdpe1gb'/> ++ <feature policy='require' name='invtsc'/> ++</cpu> +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml +new file mode 100644 +index 0000000..074a39b +--- /dev/null ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml +@@ -0,0 +1,27 @@ ++<cpu> ++ <arch>x86_64</arch> ++ <model>Skylake-Client-IBRS</model> ++ <vendor>Intel</vendor> ++ <feature name='ds'/> ++ <feature name='acpi'/> ++ <feature name='ss'/> ++ <feature name='ht'/> ++ <feature name='tm'/> ++ <feature name='pbe'/> ++ <feature name='dtes64'/> ++ <feature name='monitor'/> ++ <feature name='ds_cpl'/> ++ <feature name='vmx'/> ++ <feature name='smx'/> ++ <feature name='est'/> ++ <feature name='tm2'/> ++ <feature name='xtpr'/> ++ <feature name='pdcm'/> ++ <feature name='osxsave'/> ++ <feature name='tsc_adjust'/> ++ <feature name='clflushopt'/> ++ <feature name='ssbd'/> ++ <feature name='xsaves'/> ++ <feature name='pdpe1gb'/> ++ <feature name='invtsc'/> ++</cpu> +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml +new file mode 100644 +index 0000000..1984bd4 +--- /dev/null ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml +@@ -0,0 +1,10 @@ ++<cpu mode='custom' match='exact'> ++ <model fallback='forbid'>Skylake-Client-IBRS</model> ++ <vendor>Intel</vendor> ++ <feature policy='require' name='ss'/> ++ <feature policy='require' name='hypervisor'/> ++ <feature policy='require' name='tsc_adjust'/> ++ <feature policy='require' name='clflushopt'/> ++ <feature policy='require' name='ssbd'/> ++ <feature policy='require' name='pdpe1gb'/> ++</cpu> +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json +new file mode 100644 +index 0000000..0847475 +--- /dev/null ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json +@@ -0,0 +1,652 @@ ++{ ++ "return": { ++ "model": { ++ "name": "base", ++ "props": { ++ "phys-bits": 0, ++ "core-id": -1, ++ "xlevel": 2147483656, ++ "cmov": true, ++ "ia64": false, ++ "aes": true, ++ "mmx": true, ++ "rdpid": false, ++ "arat": true, ++ "gfni": false, ++ "pause-filter": false, ++ "xsavec": true, ++ "intel-pt": false, ++ "osxsave": false, ++ "hv-frequencies": false, ++ "tsc-frequency": 0, ++ "xd": true, ++ "hv-vendor-id": "", ++ "kvm-asyncpf": true, ++ "kvm_asyncpf": true, ++ "perfctr_core": false, ++ "perfctr-core": false, ++ "mpx": true, ++ "pbe": false, ++ "decodeassists": false, ++ "avx512cd": false, ++ "sse4_1": true, ++ "sse4.1": true, ++ "sse4-1": true, ++ "family": 6, ++ "legacy-cache": true, ++ "vmware-cpuid-freq": true, ++ "avx512f": false, ++ "msr": true, ++ "mce": true, ++ "mca": true, ++ "hv-runtime": false, ++ "xcrypt": false, ++ "thread-id": -1, ++ "min-level": 13, ++ "xgetbv1": true, ++ "cid": false, ++ "hv-relaxed": false, ++ "hv-crash": false, ++ "ds": false, ++ "fxsr": true, ++ "xsaveopt": true, ++ "xtpr": false, ++ "avx512vl": false, ++ "avx512-vpopcntdq": false, ++ "phe": false, ++ "extapic": false, ++ "3dnowprefetch": true, ++ "avx512vbmi2": false, ++ "cr8legacy": false, ++ "stibp": true, ++ "cpuid-0xb": true, ++ "xcrypt-en": false, ++ "kvm_pv_eoi": true, ++ "apic-id": 4294967295, ++ "pn": false, ++ "dca": false, ++ "vendor": "GenuineIntel", ++ "pku": false, ++ "smx": false, ++ "cmp_legacy": false, ++ "cmp-legacy": false, ++ "node-id": -1, ++ "avx512-4fmaps": false, ++ "vmcb_clean": false, ++ "vmcb-clean": false, ++ "3dnowext": false, ++ "hle": true, ++ "npt": false, ++ "memory": "/machine/unattached/system[0]", ++ "clwb": false, ++ "lbrv": false, ++ "adx": true, ++ "ss": true, ++ "pni": true, ++ "svm_lock": false, ++ "svm-lock": false, ++ "pfthreshold": false, ++ "smep": true, ++ "smap": true, ++ "x2apic": true, ++ "avx512vbmi": false, ++ "avx512vnni": false, ++ "hv-stimer": false, ++ "i64": true, ++ "flushbyasid": false, ++ "f16c": true, ++ "ace2-en": false, ++ "pat": true, ++ "pae": true, ++ "sse": true, ++ "phe-en": false, ++ "kvm_nopiodelay": true, ++ "kvm-nopiodelay": true, ++ "tm": false, ++ "kvmclock-stable-bit": true, ++ "hypervisor": true, ++ "socket-id": -1, ++ "pcommit": false, ++ "syscall": true, ++ "level": 13, ++ "avx512dq": false, ++ "svm": false, ++ "full-cpuid-auto-level": true, ++ "hv-reset": false, ++ "invtsc": false, ++ "sse3": true, ++ "sse2": true, ++ "ssbd": true, ++ "est": false, ++ "avx512ifma": false, ++ "tm2": false, ++ "kvm-pv-eoi": true, ++ "cx8": true, ++ "kvm_mmu": false, ++ "kvm-mmu": false, ++ "sse4_2": true, ++ "sse4.2": true, ++ "sse4-2": true, ++ "pge": true, ++ "fill-mtrr-mask": true, ++ "avx512bitalg": false, ++ "nodeid_msr": false, ++ "pdcm": false, ++ "movbe": true, ++ "model": 94, ++ "nrip_save": false, ++ "nrip-save": false, ++ "kvm_pv_unhalt": true, ++ "ssse3": true, ++ "sse4a": false, ++ "invpcid": true, ++ "pdpe1gb": true, ++ "tsc-deadline": true, ++ "fma": true, ++ "cx16": true, ++ "de": true, ++ "enforce": false, ++ "stepping": 3, ++ "xsave": true, ++ "clflush": true, ++ "skinit": false, ++ "tsc": true, ++ "tce": false, ++ "fpu": true, ++ "ibs": false, ++ "ds_cpl": false, ++ "ds-cpl": false, ++ "host-phys-bits": true, ++ "fma4": false, ++ "la57": false, ++ "osvw": false, ++ "check": true, ++ "hv-spinlocks": -1, ++ "pmu": false, ++ "pmm": false, ++ "apic": true, ++ "spec-ctrl": true, ++ "min-xlevel2": 0, ++ "tsc-adjust": true, ++ "tsc_adjust": true, ++ "kvm-steal-time": true, ++ "kvm_steal_time": true, ++ "kvmclock": true, ++ "l3-cache": true, ++ "lwp": false, ++ "ibpb": false, ++ "xop": false, ++ "avx": true, ++ "ospke": false, ++ "ace2": false, ++ "avx512bw": false, ++ "acpi": false, ++ "hv-vapic": false, ++ "fsgsbase": true, ++ "ht": false, ++ "nx": true, ++ "pclmulqdq": true, ++ "mmxext": false, ++ "vaes": false, ++ "popcnt": true, ++ "xsaves": false, ++ "tcg-cpuid": true, ++ "lm": true, ++ "umip": false, ++ "pse": true, ++ "avx2": true, ++ "sep": true, ++ "pclmuldq": true, ++ "virt-ssbd": false, ++ "x-hv-max-vps": -1, ++ "nodeid-msr": false, ++ "md-clear": true, ++ "kvm": true, ++ "misalignsse": false, ++ "min-xlevel": 2147483656, ++ "kvm-pv-unhalt": true, ++ "bmi2": true, ++ "bmi1": true, ++ "realized": false, ++ "tsc_scale": false, ++ "tsc-scale": false, ++ "topoext": false, ++ "hv-vpindex": false, ++ "xlevel2": 0, ++ "clflushopt": true, ++ "kvm-no-smi-migration": false, ++ "monitor": false, ++ "avx512er": false, ++ "pmm-en": false, ++ "pcid": true, ++ "3dnow": false, ++ "erms": true, ++ "lahf-lm": true, ++ "lahf_lm": true, ++ "vpclmulqdq": false, ++ "fxsr-opt": false, ++ "hv-synic": false, ++ "xstore": false, ++ "fxsr_opt": false, ++ "kvm-hint-dedicated": false, ++ "rtm": true, ++ "lmce": true, ++ "hv-time": false, ++ "perfctr-nb": false, ++ "perfctr_nb": false, ++ "ffxsr": false, ++ "rdrand": true, ++ "rdseed": true, ++ "avx512-4vnniw": false, ++ "vmx": false, ++ "vme": true, ++ "dtes64": false, ++ "mtrr": true, ++ "rdtscp": true, ++ "pse36": true, ++ "kvm-pv-tlb-flush": false, ++ "tbm": false, ++ "wdt": false, ++ "pause_filter": false, ++ "sha-ni": false, ++ "model-id": "Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz", ++ "abm": true, ++ "avx512pf": false, ++ "xstore-en": false ++ } ++ } ++ }, ++ "id": "model-expansion" ++} ++ ++{ ++ "return": [ ++ { ++ "name": "max", ++ "typename": "max-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": false ++ }, ++ { ++ "name": "host", ++ "typename": "host-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": false ++ }, ++ { ++ "name": "base", ++ "typename": "base-x86_64-cpu", ++ "unavailable-features": [], ++ "static": true, ++ "migration-safe": true ++ }, ++ { ++ "name": "qemu64", ++ "typename": "qemu64-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "qemu32", ++ "typename": "qemu32-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "phenom", ++ "typename": "phenom-x86_64-cpu", ++ "unavailable-features": [ ++ "mmxext", ++ "fxsr-opt", ++ "3dnowext", ++ "3dnow", ++ "sse4a", ++ "npt" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "pentium3", ++ "typename": "pentium3-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "pentium2", ++ "typename": "pentium2-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "pentium", ++ "typename": "pentium-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "n270", ++ "typename": "n270-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "kvm64", ++ "typename": "kvm64-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "kvm32", ++ "typename": "kvm32-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "cpu64-rhel6", ++ "typename": "cpu64-rhel6-x86_64-cpu", ++ "unavailable-features": [ ++ "sse4a" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "coreduo", ++ "typename": "coreduo-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "core2duo", ++ "typename": "core2duo-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "athlon", ++ "typename": "athlon-x86_64-cpu", ++ "unavailable-features": [ ++ "mmxext", ++ "3dnowext", ++ "3dnow" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Westmere", ++ "typename": "Westmere-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Westmere-IBRS", ++ "typename": "Westmere-IBRS-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Skylake-Server", ++ "typename": "Skylake-Server-x86_64-cpu", ++ "unavailable-features": [ ++ "avx512f", ++ "avx512dq", ++ "clwb", ++ "avx512cd", ++ "avx512bw", ++ "avx512vl", ++ "avx512f", ++ "avx512f", ++ "avx512f" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Skylake-Server-IBRS", ++ "typename": "Skylake-Server-IBRS-x86_64-cpu", ++ "unavailable-features": [ ++ "avx512f", ++ "avx512dq", ++ "clwb", ++ "avx512cd", ++ "avx512bw", ++ "avx512vl", ++ "avx512f", ++ "avx512f", ++ "avx512f" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Skylake-Client", ++ "typename": "Skylake-Client-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Skylake-Client-IBRS", ++ "typename": "Skylake-Client-IBRS-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "SandyBridge", ++ "typename": "SandyBridge-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "SandyBridge-IBRS", ++ "typename": "SandyBridge-IBRS-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Penryn", ++ "typename": "Penryn-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Opteron_G5", ++ "typename": "Opteron_G5-x86_64-cpu", ++ "unavailable-features": [ ++ "sse4a", ++ "misalignsse", ++ "xop", ++ "fma4", ++ "tbm" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Opteron_G4", ++ "typename": "Opteron_G4-x86_64-cpu", ++ "unavailable-features": [ ++ "sse4a", ++ "misalignsse", ++ "xop", ++ "fma4" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Opteron_G3", ++ "typename": "Opteron_G3-x86_64-cpu", ++ "unavailable-features": [ ++ "sse4a", ++ "misalignsse" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Opteron_G2", ++ "typename": "Opteron_G2-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Opteron_G1", ++ "typename": "Opteron_G1-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Nehalem", ++ "typename": "Nehalem-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Nehalem-IBRS", ++ "typename": "Nehalem-IBRS-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "IvyBridge", ++ "typename": "IvyBridge-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "IvyBridge-IBRS", ++ "typename": "IvyBridge-IBRS-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Haswell", ++ "typename": "Haswell-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Haswell-noTSX", ++ "typename": "Haswell-noTSX-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Haswell-noTSX-IBRS", ++ "typename": "Haswell-noTSX-IBRS-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Haswell-IBRS", ++ "typename": "Haswell-IBRS-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "EPYC", ++ "typename": "EPYC-x86_64-cpu", ++ "unavailable-features": [ ++ "sha-ni", ++ "mmxext", ++ "fxsr-opt", ++ "cr8legacy", ++ "sse4a", ++ "misalignsse", ++ "osvw" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "EPYC-IBPB", ++ "typename": "EPYC-IBPB-x86_64-cpu", ++ "unavailable-features": [ ++ "sha-ni", ++ "mmxext", ++ "fxsr-opt", ++ "cr8legacy", ++ "sse4a", ++ "misalignsse", ++ "osvw", ++ "ibpb" ++ ], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Conroe", ++ "typename": "Conroe-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Broadwell", ++ "typename": "Broadwell-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Broadwell-noTSX", ++ "typename": "Broadwell-noTSX-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Broadwell-noTSX-IBRS", ++ "typename": "Broadwell-noTSX-IBRS-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "Broadwell-IBRS", ++ "typename": "Broadwell-IBRS-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ }, ++ { ++ "name": "486", ++ "typename": "486-x86_64-cpu", ++ "unavailable-features": [], ++ "static": false, ++ "migration-safe": true ++ } ++ ], ++ "id": "definitions" ++} +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig +new file mode 100644 +index 0000000..7e57c2d +--- /dev/null ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig +@@ -0,0 +1,4 @@ ++0506e3 ++family: 6 (0x06) ++model: 94 (0x5e) ++stepping: 3 (0x03) +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml +new file mode 100644 +index 0000000..437429d +--- /dev/null ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml +@@ -0,0 +1,47 @@ ++<!-- Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz --> ++<cpudata arch='x86'> ++ <cpuid eax_in='0x00000000' ecx_in='0x00' eax='0x00000016' ebx='0x756e6547' ecx='0x6c65746e' edx='0x49656e69'/> ++ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x000506e3' ebx='0x06100800' ecx='0x7ffafbff' edx='0xbfebfbff'/> ++ <cpuid eax_in='0x00000002' ecx_in='0x00' eax='0x76036301' ebx='0x00f0b6ff' ecx='0x00000000' edx='0x00c30000'/> ++ <cpuid eax_in='0x00000003' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000004' ecx_in='0x00' eax='0x1c004121' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/> ++ <cpuid eax_in='0x00000004' ecx_in='0x01' eax='0x1c004122' ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/> ++ <cpuid eax_in='0x00000004' ecx_in='0x02' eax='0x1c004143' ebx='0x00c0003f' ecx='0x000003ff' edx='0x00000000'/> ++ <cpuid eax_in='0x00000004' ecx_in='0x03' eax='0x1c03c163' ebx='0x03c0003f' ecx='0x00001fff' edx='0x00000006'/> ++ <cpuid eax_in='0x00000005' ecx_in='0x00' eax='0x00000040' ebx='0x00000040' ecx='0x00000003' edx='0x00142120'/> ++ <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x000027f7' ebx='0x00000002' ecx='0x00000009' edx='0x00000000'/> ++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x029c6fbf' ecx='0x00000000' edx='0x9c002400'/> ++ <cpuid eax_in='0x00000008' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000009' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000a' ecx_in='0x00' eax='0x07300804' ebx='0x00000000' ecx='0x00000000' edx='0x00000603'/> ++ <cpuid eax_in='0x0000000b' ecx_in='0x00' eax='0x00000001' ebx='0x00000001' ecx='0x00000100' edx='0x00000006'/> ++ <cpuid eax_in='0x0000000b' ecx_in='0x01' eax='0x00000004' ebx='0x00000004' ecx='0x00000201' edx='0x00000006'/> ++ <cpuid eax_in='0x0000000c' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000d' ecx_in='0x00' eax='0x0000001f' ebx='0x00000440' ecx='0x00000440' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x0000000f' ebx='0x000003c0' ecx='0x00000100' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000d' ecx_in='0x02' eax='0x00000100' ebx='0x00000240' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000d' ecx_in='0x03' eax='0x00000040' ebx='0x000003c0' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000d' ecx_in='0x04' eax='0x00000040' ebx='0x00000400' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000d' ecx_in='0x08' eax='0x00000080' ebx='0x00000000' ecx='0x00000001' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000e' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x0000000f' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000010' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000011' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000012' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000013' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000014' ecx_in='0x00' eax='0x00000001' ebx='0x0000000f' ecx='0x00000007' edx='0x00000000'/> ++ <cpuid eax_in='0x00000014' ecx_in='0x01' eax='0x02490002' ebx='0x003f3fff' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000015' ecx_in='0x00' eax='0x00000002' ebx='0x00000114' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x00000016' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/> ++ <cpuid eax_in='0x80000000' ecx_in='0x00' eax='0x80000008' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/> ++ <cpuid eax_in='0x80000002' ecx_in='0x00' eax='0x65746e49' ebx='0x2952286c' ecx='0x6f655820' edx='0x2952286e'/> ++ <cpuid eax_in='0x80000003' ecx_in='0x00' eax='0x55504320' ebx='0x2d334520' ecx='0x35323231' edx='0x20357620'/> ++ <cpuid eax_in='0x80000004' ecx_in='0x00' eax='0x2e332040' ebx='0x48473033' ecx='0x0000007a' edx='0x00000000'/> ++ <cpuid eax_in='0x80000005' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x80000006' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x01006040' edx='0x00000000'/> ++ <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/> ++ <cpuid eax_in='0x80000008' ecx_in='0x00' eax='0x00003027' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> ++ <cpuid eax_in='0x80860000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/> ++ <cpuid eax_in='0xc0000000' ecx_in='0x00' eax='0x00000ce4' ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/> ++</cpudata> +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch new file mode 100644 index 00000000..b39e8662 --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch @@ -0,0 +1,116 @@ +From c811c618c114c4a6493ede602bdca22d33c1972a Mon Sep 17 00:00:00 2001 +From: Jiri Denemark <jdenemar@redhat.com> +Date: Tue, 9 Apr 2019 12:35:52 +0200 +Subject: [PATCH 04/11] cpu_map: Define md-clear CPUID bit +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 + +The bit is set when microcode provides the mechanism to invoke a flush +of various exploitable CPU buffers by invoking the VERW instruction. + +Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> +Signed-off-by: Jiri Denemark <jdenemar@redhat.com> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85) + +Conflicts: + src/cpu_map/x86_features.xml + - missing pconfig feature + + tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml + tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml + - test data missing downstream + + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml + - intel-pt feature is missing + - stibp feature is missing + +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> + +Upstream-Status: Backport + +CVE: CVE-2018-12126 +CVE: CVE-2018-12127 +CVE: CVE-2018-12130 +CVE: CVE-2019-11091 + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/cpu_map/x86_features.xml | 3 +++ + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +- + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 + + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 + + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 1 + + 5 files changed, 7 insertions(+), 1 deletion(-) + +diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml +index 109c653..c8ae540 100644 +--- a/src/cpu_map/x86_features.xml ++++ b/src/cpu_map/x86_features.xml +@@ -290,6 +290,9 @@ + <feature name='avx512-4fmaps'> + <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/> + </feature> ++ <feature name='md-clear'> <!-- md_clear --> ++ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/> ++ </feature> + <feature name='spec-ctrl'> + <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/> + </feature> +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml +index 0deca9f..74763a4 100644 +--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml +@@ -2,7 +2,7 @@ + <cpudata arch='x86'> + <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/> + <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> +- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/> ++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/> + <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> + <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/> + </cpudata> +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml +index 993db80..29c1fdb 100644 +--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml +@@ -19,6 +19,7 @@ + <feature policy='require' name='osxsave'/> + <feature policy='require' name='tsc_adjust'/> + <feature policy='require' name='clflushopt'/> ++ <feature policy='require' name='md-clear'/> + <feature policy='require' name='ssbd'/> + <feature policy='require' name='xsaves'/> + <feature policy='require' name='pdpe1gb'/> +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml +index 074a39b..2003ca9 100644 +--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml +@@ -20,6 +20,7 @@ + <feature name='osxsave'/> + <feature name='tsc_adjust'/> + <feature name='clflushopt'/> ++ <feature name='md-clear'/> + <feature name='ssbd'/> + <feature name='xsaves'/> + <feature name='pdpe1gb'/> +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml +index 1984bd4..d6529c5 100644 +--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml +@@ -5,6 +5,7 @@ + <feature policy='require' name='hypervisor'/> + <feature policy='require' name='tsc_adjust'/> + <feature policy='require' name='clflushopt'/> ++ <feature policy='require' name='md-clear'/> + <feature policy='require' name='ssbd'/> + <feature policy='require' name='pdpe1gb'/> + </cpu> +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch new file mode 100644 index 00000000..11c1c5df --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch @@ -0,0 +1,63 @@ +From dfd22fc50f8f268b9810d2ef21adada021f740eb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> +Date: Tue, 30 Apr 2019 17:26:13 +0100 +Subject: [PATCH 05/11] admin: reject clients unless their UID matches the + current UID +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The admin protocol RPC messages are only intended for use by the user +running the daemon. As such they should not be allowed for any client +UID that does not match the server UID. + +Fixes CVE-2019-10132 + +Reviewed-by: Ján Tomko <jtomko@redhat.com> +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7) + +Upstream-Status: Backport +CVE: CVE-2019-10132 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++ + 1 file changed, 22 insertions(+) + +diff --git a/src/admin/admin_server_dispatch.c b/src/admin/admin_server_dispatch.c +index b78ff90..9f25813 100644 +--- a/src/admin/admin_server_dispatch.c ++++ b/src/admin/admin_server_dispatch.c +@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client ATTRIBUTE_UNUSED, + void *opaque) + { + struct daemonAdmClientPrivate *priv; ++ uid_t clientuid; ++ gid_t clientgid; ++ pid_t clientpid; ++ unsigned long long timestamp; ++ ++ if (virNetServerClientGetUNIXIdentity(client, ++ &clientuid, ++ &clientgid, ++ &clientpid, ++ ×tamp) < 0) ++ return NULL; ++ ++ VIR_DEBUG("New client pid %lld uid %lld", ++ (long long)clientpid, ++ (long long)clientuid); ++ ++ if (geteuid() != clientuid) { ++ virReportRestrictedError(_("Disallowing client %lld with uid %lld"), ++ (long long)clientpid, ++ (long long)clientuid); ++ return NULL; ++ } + + if (VIR_ALLOC(priv) < 0) + return NULL; +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch new file mode 100644 index 00000000..860c1e53 --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch @@ -0,0 +1,56 @@ +From 54005b84b0165b62b2ef88c7df229bddbaa29e76 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> +Date: Tue, 30 Apr 2019 16:51:37 +0100 +Subject: [PATCH 06/11] locking: restrict sockets to mode 0600 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The virtlockd daemon's only intended client is the libvirtd daemon. As +such it should never allow clients from other user accounts to connect. +The code already enforces this and drops clients from other UIDs, but +we can get earlier (and thus stronger) protection against DoS by setting +the socket permissions to 0600 + +Fixes CVE-2019-10132 + +Reviewed-by: Ján Tomko <jtomko@redhat.com> +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1) + +Upstream-Status: Backport +CVE: CVE-2019-10132 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/locking/virtlockd-admin.socket.in | 1 + + src/locking/virtlockd.socket.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/src/locking/virtlockd-admin.socket.in b/src/locking/virtlockd-admin.socket.in +index 2a7500f..f674c49 100644 +--- a/src/locking/virtlockd-admin.socket.in ++++ b/src/locking/virtlockd-admin.socket.in +@@ -5,6 +5,7 @@ Before=libvirtd.service + [Socket] + ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock + Service=virtlockd.service ++SocketMode=0600 + + [Install] + WantedBy=sockets.target +diff --git a/src/locking/virtlockd.socket.in b/src/locking/virtlockd.socket.in +index 45e0f20..d701b27 100644 +--- a/src/locking/virtlockd.socket.in ++++ b/src/locking/virtlockd.socket.in +@@ -4,6 +4,7 @@ Before=libvirtd.service + + [Socket] + ListenStream=@localstatedir@/run/libvirt/virtlockd-sock ++SocketMode=0600 + + [Install] + WantedBy=sockets.target +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch new file mode 100644 index 00000000..ddd0740e --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch @@ -0,0 +1,56 @@ +From 030fdf57255f97289a407529194bf26c77548acb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com> +Date: Tue, 30 Apr 2019 17:27:41 +0100 +Subject: [PATCH 07/11] logging: restrict sockets to mode 0600 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The virtlogd daemon's only intended client is the libvirtd daemon. As +such it should never allow clients from other user accounts to connect. +The code already enforces this and drops clients from other UIDs, but +we can get earlier (and thus stronger) protection against DoS by setting +the socket permissions to 0600 + +Fixes CVE-2019-10132 + +Reviewed-by: Ján Tomko <jtomko@redhat.com> +Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f) + +Upstream-Status: Backport +CVE: CVE-2019-10132 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/logging/virtlogd-admin.socket.in | 1 + + src/logging/virtlogd.socket.in | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/src/logging/virtlogd-admin.socket.in b/src/logging/virtlogd-admin.socket.in +index 595e6c4..5c41dfe 100644 +--- a/src/logging/virtlogd-admin.socket.in ++++ b/src/logging/virtlogd-admin.socket.in +@@ -5,6 +5,7 @@ Before=libvirtd.service + [Socket] + ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock + Service=virtlogd.service ++SocketMode=0600 + + [Install] + WantedBy=sockets.target +diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in +index 22b9360..ae48cda 100644 +--- a/src/logging/virtlogd.socket.in ++++ b/src/logging/virtlogd.socket.in +@@ -4,6 +4,7 @@ Before=libvirtd.service + + [Socket] + ListenStream=@localstatedir@/run/libvirt/virtlogd-sock ++SocketMode=0600 + + [Install] + WantedBy=sockets.target +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch new file mode 100644 index 00000000..118ece4c --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch @@ -0,0 +1,99 @@ +From 3352c8af264a7b9b741208790ecca0bbc6733f42 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com> +Date: Fri, 14 Jun 2019 08:47:42 +0200 +Subject: [PATCH 08/11] api: disallow virDomainSaveImageGetXMLDesc on read-only + connections +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The virDomainSaveImageGetXMLDesc API is taking a path parameter, +which can point to any path on the system. This file will then be +read and parsed by libvirtd running with root privileges. + +Forbid it on read-only connections. + +Fixes: CVE-2019-10161 +Reported-by: Matthias Gerstner <mgerstner@suse.de> +Signed-off-by: Ján Tomko <jtomko@redhat.com> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit aed6a032cead4386472afb24b16196579e239580) +Signed-off-by: Ján Tomko <jtomko@redhat.com> + +Conflicts: + src/libvirt-domain.c + src/remote/remote_protocol.x + +Upstream commit 12a51f372 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE +alias for VIR_DOMAIN_XML_SECURE is not backported. +Just skip the commit since we now disallow the whole API on read-only +connections, regardless of the flag. + +Signed-off-by: Ján Tomko <jtomko@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2019-10161 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/libvirt-domain.c | 11 ++--------- + src/qemu/qemu_driver.c | 2 +- + src/remote/remote_protocol.x | 3 +-- + 3 files changed, 4 insertions(+), 12 deletions(-) + +Index: libvirt-4.7.0/src/libvirt-domain.c +=================================================================== +--- libvirt-4.7.0.orig/src/libvirt-domain.c ++++ libvirt-4.7.0/src/libvirt-domain.c +@@ -1073,9 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn + * previously by virDomainSave() or virDomainSaveFlags(). + * + * No security-sensitive data will be included unless @flags contains +- * VIR_DOMAIN_XML_SECURE; this flag is rejected on read-only +- * connections. For this API, @flags should not contain either +- * VIR_DOMAIN_XML_INACTIVE or VIR_DOMAIN_XML_UPDATE_CPU. ++ * VIR_DOMAIN_XML_SECURE. + * + * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of + * error. The caller must free() the returned value. +@@ -1091,12 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectP + + virCheckConnectReturn(conn, NULL); + virCheckNonNullArgGoto(file, error); +- +- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { +- virReportError(VIR_ERR_OPERATION_DENIED, "%s", +- _("virDomainSaveImageGetXMLDesc with secure flag")); +- goto error; +- } ++ virCheckReadOnlyGoto(conn->flags, error); + + if (conn->driver->domainSaveImageGetXMLDesc) { + char *ret; +Index: libvirt-4.7.0/src/qemu/qemu_driver.c +=================================================================== +--- libvirt-4.7.0.orig/src/qemu/qemu_driver.c ++++ libvirt-4.7.0/src/qemu/qemu_driver.c +@@ -6791,7 +6791,7 @@ qemuDomainSaveImageGetXMLDesc(virConnect + if (fd < 0) + goto cleanup; + +- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0) ++ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0) + goto cleanup; + + ret = qemuDomainDefFormatXML(driver, def, flags); +Index: libvirt-4.7.0/src/remote/remote_protocol.x +=================================================================== +--- libvirt-4.7.0.orig/src/remote/remote_protocol.x ++++ libvirt-4.7.0/src/remote/remote_protocol.x +@@ -5226,8 +5226,7 @@ enum remote_procedure { + /** + * @generate: both + * @priority: high +- * @acl: domain:read +- * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE ++ * @acl: domain:write + */ + REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235, + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10166.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10166.patch new file mode 100644 index 00000000..12ab5436 --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10166.patch @@ -0,0 +1,43 @@ +From 6da721ea37bf3624ff9922637cfa657d2dcb20f9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com> +Date: Fri, 14 Jun 2019 09:14:53 +0200 +Subject: [PATCH 09/11] api: disallow virDomainManagedSaveDefineXML on + read-only connections +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The virDomainManagedSaveDefineXML can be used to alter the domain's +config used for managedsave or even execute arbitrary emulator binaries. +Forbid it on read-only connections. + +Fixes: CVE-2019-10166 +Reported-by: Matthias Gerstner <mgerstner@suse.de> +Signed-off-by: Ján Tomko <jtomko@redhat.com> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a) +Signed-off-by: Ján Tomko <jtomko@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2019-10166 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/libvirt-domain.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c +index 270e10e..5c764aa 100644 +--- a/src/libvirt-domain.c ++++ b/src/libvirt-domain.c +@@ -9482,6 +9482,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, const char *dxml, + + virCheckDomainReturn(domain, -1); + conn = domain->conn; ++ virCheckReadOnlyGoto(conn->flags, error); + + if (conn->driver->domainManagedSaveDefineXML) { + int ret; +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch new file mode 100644 index 00000000..576f46c7 --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch @@ -0,0 +1,41 @@ +From 5441f05a42a90779b0df86518286bf527e94aafb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com> +Date: Fri, 14 Jun 2019 09:16:14 +0200 +Subject: [PATCH 10/11] api: disallow virConnectGetDomainCapabilities on + read-only connections +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This API can be used to execute arbitrary emulators. +Forbid it on read-only connections. + +Fixes: CVE-2019-10167 +Signed-off-by: Ján Tomko <jtomko@redhat.com> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26) +Signed-off-by: Ján Tomko <jtomko@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2019-10167 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/libvirt-domain.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c +index 5c764aa..9862a5d 100644 +--- a/src/libvirt-domain.c ++++ b/src/libvirt-domain.c +@@ -11274,6 +11274,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn, + virResetLastError(); + + virCheckConnectReturn(conn, NULL); ++ virCheckReadOnlyGoto(conn->flags, error); + + if (conn->driver->connectGetDomainCapabilities) { + char *ret; +-- +2.7.4 + diff --git a/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10168.patch b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10168.patch new file mode 100644 index 00000000..16f1a6d9 --- /dev/null +++ b/external/meta-virtualization/recipes-extended/libvirt/libvirt/CVE-2019-10168.patch @@ -0,0 +1,49 @@ +From f5ace9c05d59b70d4899199a187cb32ec6f600d8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com> +Date: Fri, 14 Jun 2019 09:17:39 +0200 +Subject: [PATCH 11/11] api: disallow virConnect*HypervisorCPU on read-only + connections +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +These APIs can be used to execute arbitrary emulators. +Forbid them on read-only connections. + +Fixes: CVE-2019-10168 +Signed-off-by: Ján Tomko <jtomko@redhat.com> +Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> +(cherry picked from commit bf6c2830b6c338b1f5699b095df36f374777b291) +Signed-off-by: Ján Tomko <jtomko@redhat.com> + +Upstream-Status: Backport +CVE: CVE-2019-10168 +Signed-off-by: Armin Kuster <akuster@mvista.com> + +--- + src/libvirt-host.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/libvirt-host.c b/src/libvirt-host.c +index e20d6ee..2978825 100644 +--- a/src/libvirt-host.c ++++ b/src/libvirt-host.c +@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn, + + virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR); + virCheckNonNullArgGoto(xmlCPU, error); ++ virCheckReadOnlyGoto(conn->flags, error); + + if (conn->driver->connectCompareHypervisorCPU) { + int ret; +@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn, + + virCheckConnectReturn(conn, NULL); + virCheckNonNullArgGoto(xmlCPUs, error); ++ virCheckReadOnlyGoto(conn->flags, error); + + if (conn->driver->connectBaselineHypervisorCPU) { + char *cpu; +-- +2.7.4 + |