Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:Update
libvirt.6841
libvirt-conf-include-x86-microcode-version-in-v...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File libvirt-conf-include-x86-microcode-version-in-virsh-capabiltiies.patch of Package libvirt.6841
From 8938484e8362f60ac2b890193d0f624a149bdf1b Mon Sep 17 00:00:00 2001 Message-Id: <8938484e8362f60ac2b890193d0f624a149bdf1b@dist-git> From: Paolo Bonzini <pbonzini@redhat.com> Date: Tue, 12 Dec 2017 16:23:40 +0100 Subject: [PATCH] conf: include x86 microcode version in virsh capabiltiies A microcode update can cause the CPUID bits to change; an example from the past was the update that disabled TSX on several Haswell and Broadwell machines. In order to track the x86 microcode version in the QEMU capabilities, we have to fetch it and store it in the host CPU. This also makes the version visible in "virsh capabilities", which is a nice side effect. CVE-2017-5715 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Jiri Denemark <jdenemar@redhat.com> Conflicts: src/conf/capabilities.h src/libvirt_private.syms - context src/conf/cpu_conf.c - no virCPUDefStealModel API in 7.3 src/cpu/cpu_x86.c - CPU driver was heavily refactored since 7.3; the code had to be moved to the caller of cpuNodeData Signed-off-by: Jiri Denemark <jdenemar@redhat.com> --- src/conf/capabilities.c | 12 ++++++++++++ src/conf/capabilities.h | 2 ++ src/conf/cpu_conf.c | 13 +++++++++++++ src/conf/cpu_conf.h | 1 + src/libvirt_private.syms | 1 + src/qemu/qemu_capabilities.c | 13 ++++++++++++- tests/testutilsqemu.c | 2 ++ 7 files changed, 43 insertions(+), 1 deletion(-) diff --git a/src/conf/capabilities.c b/src/conf/capabilities.c index 9ab343bc65..1631407d21 100644 --- a/src/conf/capabilities.c +++ b/src/conf/capabilities.c @@ -338,6 +338,18 @@ virCapabilitiesAddHostNUMACell(virCapsPtr caps, } +/** + * virCapabilitiesGetMicrocodeVersion: + * @caps: capabilities to access + * + * Get host CPU microcode version, or 0 if unavailable + */ +unsigned int +virCapabilitiesGetMicrocodeVersion(virCapsPtr caps) +{ + return caps->host.cpu ? caps->host.cpu->microcodeVersion : 0; +} + /** * virCapabilitiesSetHostCPU: * @caps: capabilities to extend diff --git a/src/conf/capabilities.h b/src/conf/capabilities.h index cfdc34a66b..e58b95974a 100644 --- a/src/conf/capabilities.h +++ b/src/conf/capabilities.h @@ -294,4 +294,6 @@ virCapabilitiesFormatXML(virCapsPtr caps); virBitmapPtr virCapabilitiesGetCpusForNodemask(virCapsPtr caps, virBitmapPtr nodemask); +unsigned int virCapabilitiesGetMicrocodeVersion(virCapsPtr caps); + #endif /* __VIR_CAPABILITIES_H */ diff --git a/src/conf/cpu_conf.c b/src/conf/cpu_conf.c index d16864a9fd..90bd4db706 100644 --- a/src/conf/cpu_conf.c +++ b/src/conf/cpu_conf.c @@ -100,6 +100,7 @@ virCPUDefCopyModel(virCPUDefPtr dst, VIR_STRDUP(dst->vendor_id, src->vendor_id) < 0 || VIR_ALLOC_N(dst->features, src->nfeatures) < 0) return -1; + dst->microcodeVersion = src->microcodeVersion; dst->nfeatures_max = dst->nfeatures = src->nfeatures; for (i = 0; i < dst->nfeatures; i++) { @@ -254,6 +255,14 @@ virCPUDefParseXML(xmlNodePtr node, goto error; } VIR_FREE(arch); + + if (virXPathBoolean("boolean(./microcode[1]/@version)", ctxt) > 0 && + virXPathUInt("string(./microcode[1]/@version)", ctxt, + &def->microcodeVersion) < 0) { + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", + _("invalid microcode version")); + goto cleanup; + } } if (!(def->model = virXPathString("string(./model[1])", ctxt)) && @@ -598,6 +607,10 @@ virCPUDefFormatBuf(virBufferPtr buf, if (formatModel && def->vendor) virBufferEscapeString(buf, "<vendor>%s</vendor>\n", def->vendor); + if (def->type == VIR_CPU_TYPE_HOST && def->microcodeVersion) + virBufferAsprintf(buf, "<microcode version='%u'/>\n", + def->microcodeVersion); + if (def->sockets && def->cores && def->threads) { virBufferAddLit(buf, "<topology"); virBufferAsprintf(buf, " sockets='%u'", def->sockets); diff --git a/src/conf/cpu_conf.h b/src/conf/cpu_conf.h index 53541d15fe..7d27f6910e 100644 --- a/src/conf/cpu_conf.h +++ b/src/conf/cpu_conf.h @@ -121,6 +121,7 @@ struct _virCPUDef { char *vendor_id; /* vendor id returned by CPUID in the guest */ int fallback; /* enum virCPUFallback */ char *vendor; + unsigned int microcodeVersion; unsigned int sockets; unsigned int cores; unsigned int threads; diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 7bd6b81a5e..aac421ef02 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -56,6 +56,7 @@ virCapabilitiesFormatXML; virCapabilitiesFreeMachines; virCapabilitiesFreeNUMAInfo; virCapabilitiesGetCpusForNodemask; +virCapabilitiesGetMicrocodeVersion; virCapabilitiesHostSecModelAddBaseLabel; virCapabilitiesNew; virCapabilitiesSetHostCPU; diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c index e511b8e257..1b6d1e7e23 100644 --- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -394,6 +394,8 @@ struct virQEMUCapsSearchData { static virClassPtr virQEMUCapsClass; static void virQEMUCapsDispose(void *obj); +static unsigned int cpuMicrocodeVersion; + static int virQEMUCapsOnceInit(void) { if (!(virQEMUCapsClass = virClassNew(virClassForObject(), @@ -402,6 +404,8 @@ static int virQEMUCapsOnceInit(void) virQEMUCapsDispose))) return -1; + cpuMicrocodeVersion = virHostCPUGetMicrocodeVersion(); + return 0; } @@ -1013,6 +1017,9 @@ virQEMUCapsInitCPU(virCapsPtr caps, virNodeInfo nodeinfo; int ret = -1; + if (virQEMUCapsInitialize() < 0) + goto error; + if (VIR_ALLOC(cpu) < 0) goto error; @@ -1031,6 +1038,9 @@ virQEMUCapsInitCPU(virCapsPtr caps, || cpuDecode(cpu, data, NULL, 0, NULL) < 0) goto cleanup; + if (ARCH_IS_X86(arch)) + cpu->microcodeVersion = cpuMicrocodeVersion; + ret = 0; cleanup: @@ -3203,7 +3213,8 @@ virQEMUCapsReset(virQEMUCapsPtr qemuCaps) static int -virQEMUCapsInitCached(virQEMUCapsPtr qemuCaps, const char *cacheDir) +virQEMUCapsInitCached(virQEMUCapsPtr qemuCaps, + const char *cacheDir) { char *capsdir = NULL; char *capsfile = NULL; diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c index f41b0b692c..8f3fea7b33 100644 --- a/tests/testutilsqemu.c +++ b/tests/testutilsqemu.c @@ -41,6 +41,7 @@ static virCPUDef cpuDefaultData = { NULL, /* vendor_id */ 0, /* fallback */ (char *) "Intel", /* vendor */ + 0, /* microcodeVersion */ 1, /* sockets */ 2, /* cores */ 1, /* threads */ @@ -84,6 +85,7 @@ static virCPUDef cpuHaswellData = { NULL, /* vendor_id */ 0, /* fallback */ (char *) "Intel", /* vendor */ + 0, /* microcodeVersion */ 1, /* sockets */ 2, /* cores */ 2, /* threads */ -- 2.15.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor