Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
qemu.12241
0119-spapr-Simplify-handling-of-host-ser.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0119-spapr-Simplify-handling-of-host-ser.patch of Package qemu.12241
From d2f47ef530c273adf019323e4621a6a59e46d4a6 Mon Sep 17 00:00:00 2001 From: David Gibson <david@gibson.dropbear.id.au> Date: Wed, 27 Mar 2019 13:54:11 +1100 Subject: [PATCH] spapr: Simplify handling of host-serial and host-model values MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 27461d69a0f "ppc: add host-serial and host-model machine attributes (CVE-2019-8934)" introduced 'host-serial' and 'host-model' machine properties for spapr to explicitly control the values advertised to the guest in device tree properties with the same names. The previous behaviour on KVM was to unconditionally populate the device tree with the real host serial number and model, which leaks possibly sensitive information about the host to the guest. To maintain compatibility for old machine types, we allowed those props to be set to "passthrough" to take the value from the host as before. Or they could be set to "none" to explicitly omit the device tree items. Special casing specific values on what's otherwise a user supplied string is very ugly. So, this patch simplifies things by implementing the backwards compatibility in a different way: we have a machine class flag set for the older machines, and we only load the host values into the device tree if A) they're not set by the user and B) we have that flag set. This does mean that the "passthrough" functionality is no longer available with the current machine type. That's ok though: if a user or management layer really wants the information passed through they can read it themselves (OpenStack Nova already does something similar for x86). It also means the user can't explicitly ask for the values to be omitted on the old machine types. I think that's an acceptable trade-off: if you care enough about not leaking the host information you can either move to the new machine type, or use a dummy value for the properties. For the new machine type, this also removes an odd inconsistency between running on a POWER and non-POWER (or non-Linux) hosts: if the host information couldn't be read from where we expect (in the host's device tree as exposed by Linux), we'd fallback to omitting the guest device tree items. While we're there, improve some poorly worded comments, and the help text for the properties. Signed-off-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Greg Kurz <groug@kaod.org> Tested-by: Greg Kurz <groug@kaod.org> (cherry picked from commit 0a794529bd1109aeea0c407784b40a2605e808b9) [LM: BSC#1126455 CVE-2019-03812] Signed-off-by: Lin Ma <lma@suse.com> --- hw/ppc/spapr.c | 57 ++++++++++++++---------------------------- include/hw/ppc/spapr.h | 1 + 2 files changed, 20 insertions(+), 38 deletions(-) diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index 41b52a4b09..ebb9bb102f 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -1076,38 +1076,8 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr, _FDT(fdt_setprop_string(fdt, 0, "model", "IBM pSeries (emulated by qemu)")); _FDT(fdt_setprop_string(fdt, 0, "compatible", "qemu,pseries")); - /* - * Add info to guest to indentify which host is it being run on - * and what is the uuid of the guest - */ - if (spapr->host_model && !g_str_equal(spapr->host_model, "none")) { - if (g_str_equal(spapr->host_model, "passthrough")) { - /* -M host-model=passthrough */ - if (kvmppc_get_host_model(&buf)) { - _FDT(fdt_setprop_string(fdt, 0, "host-model", buf)); - g_free(buf); - } - } else { - /* -M host-model=<user-string> */ - _FDT(fdt_setprop_string(fdt, 0, "host-model", spapr->host_model)); - } - } - - if (spapr->host_serial && !g_str_equal(spapr->host_serial, "none")) { - if (g_str_equal(spapr->host_serial, "passthrough")) { - /* -M host-serial=passthrough */ - if (kvmppc_get_host_serial(&buf)) { - _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf)); - g_free(buf); - } - } else { - /* -M host-serial=<user-string> */ - _FDT(fdt_setprop_string(fdt, 0, "host-serial", spapr->host_serial)); - } - } - + /* Guest UUID & Name*/ buf = qemu_uuid_unparse_strdup(&qemu_uuid); - _FDT(fdt_setprop_string(fdt, 0, "vm,uuid", buf)); if (qemu_uuid_set) { _FDT(fdt_setprop_string(fdt, 0, "system-id", buf)); @@ -1119,6 +1089,21 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr, qemu_get_vm_name())); } + /* Host Model & Serial Number */ + if (spapr->host_model) { + _FDT(fdt_setprop_string(fdt, 0, "host-model", spapr->host_model)); + } else if (smc->broken_host_serial_model && kvmppc_get_host_model(&buf)) { + _FDT(fdt_setprop_string(fdt, 0, "host-model", buf)); + g_free(buf); + } + + if (spapr->host_serial) { + _FDT(fdt_setprop_string(fdt, 0, "host-serial", spapr->host_serial)); + } else if (smc->broken_host_serial_model && kvmppc_get_host_serial(&buf)) { + _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf)); + g_free(buf); + } + _FDT(fdt_setprop_cell(fdt, 0, "#address-cells", 2)); _FDT(fdt_setprop_cell(fdt, 0, "#size-cells", 2)); @@ -2959,12 +2944,12 @@ static void spapr_machine_initfn(Object *obj) spapr_get_host_model, spapr_set_host_model, &error_abort); object_property_set_description(obj, "host-model", - "Set host's model-id to use - none|passthrough|string", &error_abort); + "Host model to advertise in guest device tree", &error_abort); object_property_add_str(obj, "host-serial", spapr_get_host_serial, spapr_set_host_serial, &error_abort); object_property_set_description(obj, "host-serial", - "Set host's system-id to use - none|passthrough|string", &error_abort); + "Host serial number to advertise in guest device tree", &error_abort); } static void spapr_machine_finalizefn(Object *obj) @@ -3899,13 +3884,9 @@ static void spapr_machine_2_11_instance_options(MachineState *machine) static void spapr_machine_2_11_class_options(MachineClass *mc) { sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc); - static GlobalProperty compat[] = { - { TYPE_SPAPR_MACHINE, "host-model", "passthrough" }, - { TYPE_SPAPR_MACHINE, "host-serial", "passthrough" }, - }; spapr_machine_2_12_class_options(mc); - compat_props_add(mc->compat_props, compat, G_N_ELEMENTS(compat)); + smc->broken_host_serial_model = true; smc->default_caps.caps[SPAPR_CAP_HTM] = SPAPR_CAP_ON; SET_MACHINE_COMPAT(mc, SPAPR_COMPAT_2_11); } diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h index c43948803d..2155bc1078 100644 --- a/include/hw/ppc/spapr.h +++ b/include/hw/ppc/spapr.h @@ -96,6 +96,7 @@ struct sPAPRMachineClass { bool dr_lmb_enabled; /* enable dynamic-reconfig/hotplug of LMBs */ bool use_ohci_by_default; /* use USB-OHCI instead of XHCI */ bool pre_2_10_has_unused_icps; + bool broken_host_serial_model; /* present real host info to the guest */ void (*phb_placement)(sPAPRMachineState *spapr, uint32_t index, uint64_t *buid, hwaddr *pio, hwaddr *mmio32, hwaddr *mmio64,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor