File libvirt-qemu-capabilities-force-update-if-the-m... of Package libvirt.6841

Overview Repositories Revisions Requests Users Attributes Meta

File libvirt-qemu-capabilities-force-update-if-the-microcode-version-does-not-match.patch of Package libvirt.6841

From 880bf81b173e53c53427a7b22ae577ecc0d48038 Mon Sep 17 00:00:00 2001
Message-Id: <880bf81b173e53c53427a7b22ae577ecc0d48038@dist-git>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 12 Dec 2017 16:23:41 +0100
Subject: [PATCH] qemu: capabilities: force update if the microcode version
 does not match

A microcode update can cause the CPUID bits to change; an example
from the past was the update that disabled TSX on several Haswell
and Broadwell machines.

Therefore, place microcode version in the virQEMUCaps struct and
XML, and rebuild the cache if the versions do not match.

CVE-2017-5715

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Conflicts:
	src/qemu/qemu_capabilities.c
	src/qemu/qemu_capabilities.h
            - QEMU capabilities cache was refactored since 7.3

src/qemu/qemu_capspriv.h
            - context; more functions were added since 7.3

tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml
            - context; different package version in 7.3

tests/qemucapabilitiesdata/caps_2.10.0-gicv2.aarch64.xml
	tests/qemucapabilitiesdata/caps_2.10.0-gicv3.aarch64.xml
	tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml
	tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml
	tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml
	tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml
	tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml
	tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml
	tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml
	tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml
	tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml
            - missing in 7.3

tests/qemucapabilitiestest.c
            - no explicit TCG caps probing for KVM binaries in 7.3 yet

tests/qemucapsprobe.c
            - the caps parameter for virQEMUCapsNewForBinaryInternal
              added in 7.4 is missing in 7.3 (which matches 7.5 in this
              respect)

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/qemu/qemu_capabilities.c                       | 57 ++++++++++++++++++++--
 src/qemu/qemu_capspriv.h                           |  5 ++
 tests/qemucapabilitiesdata/caps_1.2.2.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_1.3.1.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_1.4.2.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml   |  1 +
 .../caps_2.6.0-gicv2.aarch64.xml                   |  1 +
 .../caps_2.6.0-gicv3.aarch64.xml                   |  1 +
 tests/qemucapabilitiesdata/caps_2.6.0.ppc64le.xml  |  1 +
 tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml   |  1 +
 tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml   |  1 +
 tests/qemucapabilitiestest.c                       |  8 +++
 tests/qemucapsprobe.c                              |  2 +-
 18 files changed, 80 insertions(+), 6 deletions(-)

Index: libvirt-2.0.0/src/qemu/qemu_capabilities.c
===================================================================
--- libvirt-2.0.0.orig/src/qemu/qemu_capabilities.c
+++ libvirt-2.0.0/src/qemu/qemu_capabilities.c
@@ -359,6 +359,7 @@ struct _virQEMUCaps {
 
     unsigned int version;
     unsigned int kvmVersion;
+    unsigned int microcodeVersion;
     char *package;
 
     virArch arch;
@@ -2035,6 +2036,7 @@ virQEMUCapsPtr virQEMUCapsNewCopy(virQEM
     ret->usedQMP = qemuCaps->usedQMP;
     ret->version = qemuCaps->version;
     ret->kvmVersion = qemuCaps->kvmVersion;
+    ret->microcodeVersion = qemuCaps->microcodeVersion;
 
     if (VIR_STRDUP(ret->package, qemuCaps->package) < 0)
         goto error;
@@ -2882,6 +2884,13 @@ virQEMUCapsLoadCache(virQEMUCapsPtr qemu
         goto cleanup;
     }
 
+    if (virXPathUInt("string(./microcodeVersion)", ctxt,
+                     &qemuCaps->microcodeVersion) < 0) {
+        virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                       _("missing microcode version in QEMU capabilities cache"));
+        goto cleanup;
+    }
+
     /* Don't check for NULL, since it is optional and thus may be missing */
     qemuCaps->package = virXPathString("string(./package)", ctxt);
 
@@ -3065,6 +3074,9 @@ virQEMUCapsFormatCache(virQEMUCapsPtr qe
     virBufferAsprintf(&buf, "<kvmVersion>%d</kvmVersion>\n",
                       qemuCaps->kvmVersion);
 
+    virBufferAsprintf(&buf, "<microcodeVersion>%u</microcodeVersion>\n",
+                      qemuCaps->microcodeVersion);
+
     if (qemuCaps->package)
         virBufferAsprintf(&buf, "<package>%s</package>\n",
                           qemuCaps->package);
@@ -3211,7 +3223,8 @@ virQEMUCapsReset(virQEMUCapsPtr qemuCaps
 
 static int
 virQEMUCapsInitCached(virQEMUCapsPtr qemuCaps,
-                      const char *cacheDir)
+                      const char *cacheDir,
+                      unsigned int microcodeVersion)
 {
     char *capsdir = NULL;
     char *capsfile = NULL;
@@ -3263,6 +3276,20 @@ virQEMUCapsInitCached(virQEMUCapsPtr qem
         goto cleanup;
     }
 
+    if ((virQEMUCapsGet(qemuCaps, QEMU_CAPS_KVM) ||
+         virQEMUCapsGet(qemuCaps, QEMU_CAPS_ENABLE_KVM)) &&
+        microcodeVersion != qemuCaps->microcodeVersion) {
+        VIR_DEBUG("Outdated capabilities for '%s': microcode version changed "
+                  "(%u vs %u)",
+                  qemuCaps->binary,
+                  microcodeVersion,
+                  qemuCaps->microcodeVersion);
+        ignore_value(unlink(capsfile));
+        virQEMUCapsReset(qemuCaps);
+        ret = 0;
+        goto cleanup;
+    }
+
     /* Discard cache if QEMU binary or libvirtd changed */
     if (qemuctime != qemuCaps->ctime ||
         selfctime != virGetSelfLastChanged() ||
@@ -3739,6 +3766,7 @@ virQEMUCapsNewForBinaryInternal(const ch
                                 const char *cacheDir,
                                 uid_t runUid,
                                 gid_t runGid,
+                                unsigned int microcodeVersion,
                                 bool qmpOnly)
 {
     virQEMUCapsPtr qemuCaps;
@@ -3773,7 +3801,7 @@ virQEMUCapsNewForBinaryInternal(const ch
 
     if (!cacheDir)
         rv = 0;
-    else if ((rv = virQEMUCapsInitCached(qemuCaps, cacheDir)) < 0)
+    else if ((rv = virQEMUCapsInitCached(qemuCaps, cacheDir, microcodeVersion)) < 0)
         goto error;
 
     if (rv == 0) {
@@ -3796,6 +3824,10 @@ virQEMUCapsNewForBinaryInternal(const ch
             goto error;
         }
 
+        if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_KVM) ||
+            virQEMUCapsGet(qemuCaps, QEMU_CAPS_ENABLE_KVM))
+            qemuCaps->microcodeVersion = microcodeVersion;
+
         if (cacheDir &&
             virQEMUCapsRememberCached(qemuCaps, cacheDir) < 0)
             goto error;
@@ -3816,10 +3848,12 @@ virQEMUCapsNewForBinary(const char *bina
                         const char *libDir,
                         const char *cacheDir,
                         uid_t runUid,
-                        gid_t runGid)
+                        gid_t runGid,
+                        unsigned int microcodeVersion)
 {
     return virQEMUCapsNewForBinaryInternal(binary, libDir, cacheDir,
-                                           runUid, runGid, false);
+                                           runUid, runGid,
+                                           microcodeVersion, false);
 }
 
 
@@ -3881,6 +3915,9 @@ virQEMUCapsCacheNew(const char *libDir,
 {
     virQEMUCapsCachePtr cache;
 
+    if (virQEMUCapsInitialize() < 0)
+        return NULL;
+
     if (VIR_ALLOC(cache) < 0)
         return NULL;
 
@@ -3900,6 +3937,7 @@ virQEMUCapsCacheNew(const char *libDir,
 
     cache->runUid = runUid;
     cache->runGid = runGid;
+    cache->microcodeVersion = cpuMicrocodeVersion;
 
     return cache;
 
@@ -3933,7 +3971,8 @@ virQEMUCapsCacheLookup(virQEMUCapsCacheP
                   binary);
         ret = virQEMUCapsNewForBinary(binary, cache->libDir,
                                       cache->cacheDir,
-                                      cache->runUid, cache->runGid);
+                                      cache->runUid, cache->runGid,
+                                      cache->microcodeVersion);
         if (ret) {
             VIR_DEBUG("Caching capabilities %p for %s",
                       ret, binary);
@@ -4375,3 +4414,11 @@ virQEMUCapsFillDomainCaps(virDomainCapsP
         return -1;
     return 0;
 }
+
+
+void
+virQEMUCapsSetMicrocodeVersion(virQEMUCapsPtr qemuCaps,
+                               unsigned int microcodeVersion)
+{
+    qemuCaps->microcodeVersion = microcodeVersion;
+}
Index: libvirt-2.0.0/src/qemu/qemu_capspriv.h
===================================================================
--- libvirt-2.0.0.orig/src/qemu/qemu_capspriv.h
+++ libvirt-2.0.0/src/qemu/qemu_capspriv.h
@@ -35,6 +35,7 @@ struct _virQEMUCapsCache {
     char *cacheDir;
     uid_t runUid;
     gid_t runGid;
+    unsigned int microcodeVersion;
 };
 
 virQEMUCapsPtr
@@ -43,6 +44,7 @@ virQEMUCapsNewForBinaryInternal(const ch
                                 const char *cacheDir,
                                 uid_t runUid,
                                 gid_t runGid,
+                                unsigned int microcodeVersion,
                                 bool qmpOnly);
 
 int virQEMUCapsLoadCache(virQEMUCapsPtr qemuCaps,
@@ -54,4 +56,7 @@ char *virQEMUCapsFormatCache(virQEMUCaps
                              time_t selfCTime,
                              unsigned long selfVersion);
 
+void
+virQEMUCapsSetMicrocodeVersion(virQEMUCapsPtr qemuCaps,
+                               unsigned int microcodeVersion);
 #endif
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.2.2.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_1.2.2.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.2.2.x86_64.xml
@@ -116,6 +116,7 @@
   <flag name='device-tray-moved-event'/>
   <version>1002002</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>26869</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='qemu64'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.3.1.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_1.3.1.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.3.1.x86_64.xml
@@ -134,6 +134,7 @@
   <flag name='nec-usb-xhci-ports'/>
   <version>1003001</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>30151</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='qemu64'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.4.2.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_1.4.2.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.4.2.x86_64.xml
@@ -135,6 +135,7 @@
   <flag name='nec-usb-xhci-ports'/>
   <version>1004002</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>30868</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='Opteron_G5'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml
@@ -145,6 +145,7 @@
   <flag name='nec-usb-xhci-ports'/>
   <version>1005003</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>46972</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='Opteron_G5'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml
@@ -150,6 +150,7 @@
   <flag name='nec-usb-xhci-ports'/>
   <version>1006000</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>45201</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='Opteron_G5'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml
@@ -152,6 +152,7 @@
   <flag name='nec-usb-xhci-ports'/>
   <version>1007000</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>50645</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='Opteron_G5'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml
@@ -167,6 +167,7 @@
   <flag name='drive-detect-zeroes'/>
   <version>2001001</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>59399</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='Opteron_G5'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml
@@ -184,6 +184,7 @@
   <flag name='drive-detect-zeroes'/>
   <version>2004000</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>75168</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='Opteron_G5'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml
@@ -189,6 +189,7 @@
   <flag name='tls-creds-x509'/>
   <version>2005000</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>79203</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='Opteron_G5'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.6.0-gicv2.aarch64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_2.6.0-gicv2.aarch64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.6.0-gicv2.aarch64.xml
@@ -159,6 +159,7 @@
   <flag name='tls-creds-x509'/>
   <version>2005094</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>81580</microcodeVersion>
   <package></package>
   <arch>aarch64</arch>
   <cpu name='pxa262'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.6.0-gicv3.aarch64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_2.6.0-gicv3.aarch64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.6.0-gicv3.aarch64.xml
@@ -159,6 +159,7 @@
   <flag name='tls-creds-x509'/>
   <version>2005094</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>81580</microcodeVersion>
   <package></package>
   <arch>aarch64</arch>
   <cpu name='pxa262'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.6.0.ppc64le.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_2.6.0.ppc64le.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.6.0.ppc64le.xml
@@ -153,6 +153,7 @@
   <flag name='tls-creds-x509'/>
   <version>2005094</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>100397</microcodeVersion>
   <package></package>
   <arch>ppc64</arch>
   <cpu name='default'/>
Index: libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml
+++ libvirt-2.0.0/tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml
@@ -195,6 +195,7 @@
   <flag name='tls-creds-x509'/>
   <version>2006000</version>
   <kvmVersion>0</kvmVersion>
+  <microcodeVersion>81329</microcodeVersion>
   <package></package>
   <arch>x86_64</arch>
   <cpu name='Opteron_G5'/>
Index: libvirt-2.0.0/tests/qemucapabilitiestest.c
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapabilitiestest.c
+++ libvirt-2.0.0/tests/qemucapabilitiestest.c
@@ -61,6 +61,14 @@ testQemuCaps(const void *opaque)
                                   qemuMonitorTestGetMonitor(mon)) < 0)
         goto cleanup;
 
+    if (virQEMUCapsGet(capsActual, QEMU_CAPS_KVM) ||
+        virQEMUCapsGet(capsActual, QEMU_CAPS_ENABLE_KVM)) {
+        /* Fill microcodeVersion with a "random" value which is the file
+         * length to provide a reproducible number for testing.
+         */
+        virQEMUCapsSetMicrocodeVersion(capsActual, virFileLength(repliesFile, -1));
+    }
+
     if (!(actual = virQEMUCapsFormatCache(capsActual, 0, 0)))
         goto cleanup;
 
Index: libvirt-2.0.0/tests/qemucapsprobe.c
===================================================================
--- libvirt-2.0.0.orig/tests/qemucapsprobe.c
+++ libvirt-2.0.0/tests/qemucapsprobe.c
@@ -71,7 +71,7 @@ main(int argc, char **argv)
         return EXIT_FAILURE;
 
     if (!(caps = virQEMUCapsNewForBinaryInternal(argv[1], "/tmp", NULL,
-                                                 -1, -1, true)))
+                                                 -1, -1, 0, true)))
         return EXIT_FAILURE;
 
     virObjectUnref(caps);

Places

File libvirt-qemu-capabilities-force-update-if-the-microcode-version-does-not-match.patch of Package libvirt.6841

Places