File libvirt-util-introduce-virHostCPUGetMicrocodeVersion.patch of Package libvirt.11509

From e1b4f285cc8c5e64bcbf5000095bac1e20ed1934 Mon Sep 17 00:00:00 2001
Message-Id: <e1b4f285cc8c5e64bcbf5000095bac1e20ed1934@dist-git>
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Tue, 12 Dec 2017 16:23:41 +0100
Subject: [PATCH] util: introduce virHostCPUGetMicrocodeVersion

This new API reads host's CPU microcode version from /proc/cpuinfo.

Unfortunately, there is no other way of reading microcode version which
would be usable from both system and session daemon.

CVE-2017-5715

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>

Conflicts:
	src/libvirt_private.syms
            - all other virHostCPU* APIs were wrongly exported in
              nodeinfo.h section

	src/util/virhostcpu.c
	src/util/virhostcpu.h
            - several APIs are missing in 7.3

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
 src/libvirt_private.syms |  4 ++++
 src/util/virhostcpu.c    | 43 +++++++++++++++++++++++++++++++++++++++++++
 src/util/virhostcpu.h    |  2 ++
 3 files changed, 49 insertions(+)

Index: libvirt-2.0.0/src/libvirt_private.syms
===================================================================
--- libvirt-2.0.0.orig/src/libvirt_private.syms
+++ libvirt-2.0.0/src/libvirt_private.syms
@@ -1626,6 +1626,10 @@ virHookInitialize;
 virHookPresent;
 
 
+# util/virhostcpu.h
+virHostCPUGetMicrocodeVersion;
+
+
 # util/virhostdev.h
 virHostdevFindUSBDevice;
 virHostdevManagerGetDefault;
Index: libvirt-2.0.0/src/util/virhostcpu.c
===================================================================
--- libvirt-2.0.0.orig/src/util/virhostcpu.c
+++ libvirt-2.0.0/src/util/virhostcpu.c
@@ -1330,3 +1330,46 @@ virHostCPUGetKVMMaxVCPUs(void)
     VIR_FORCE_CLOSE(fd);
     return ret;
 }
+
+
+#ifdef __linux__
+
+unsigned int
+virHostCPUGetMicrocodeVersion(void)
+{
+    char *outbuf = NULL;
+    char *cur;
+    unsigned int version = 0;
+
+    if (virFileReadHeaderQuiet(CPUINFO_PATH, 4096, &outbuf) < 0) {
+        char ebuf[1024];
+        VIR_DEBUG("Failed to read microcode version from %s: %s",
+                  CPUINFO_PATH, virStrerror(errno, ebuf, sizeof(ebuf)));
+        return 0;
+    }
+
+    /* Account for format 'microcode    : XXXX'*/
+    if (!(cur = strstr(outbuf, "microcode")) ||
+        !(cur = strchr(cur, ':')))
+        goto cleanup;
+    cur++;
+
+    /* Linux places the microcode revision in a 32-bit integer, so
+     * ui is fine for us too.  */
+    if (virStrToLong_ui(cur, &cur, 0, &version) < 0)
+        goto cleanup;
+
+ cleanup:
+    VIR_FREE(outbuf);
+    return version;
+}
+
+#else
+
+unsigned int
+virHostCPUGetMicrocodeVersion(void)
+{
+    return 0;
+}
+
+#endif
Index: libvirt-2.0.0/src/util/virhostcpu.h
===================================================================
--- libvirt-2.0.0.orig/src/util/virhostcpu.h
+++ libvirt-2.0.0/src/util/virhostcpu.h
@@ -53,4 +53,6 @@ int virHostCPUGetInfo(virArch hostarch,
 
 int virHostCPUGetKVMMaxVCPUs(void);
 
+unsigned int virHostCPUGetMicrocodeVersion(void);
+
 #endif /* __VIR_HOSTCPU_H__*/