From 2c9b2aeb63e27360481084e65fda98e3ffff1ba2 Mon Sep 17 00:00:00 2001 From: Xu Yandong Date: Tue, 24 Dec 2019 11:30:51 +0800 Subject: [PATCH 1/2] cpu_map: cherry pick patches about CVE-2019-11135 Signed-off-by: Xu Yandong --- ...NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch | 37 ++++++++++++++++++ ...CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch | 38 +++++++++++++++++++ libvirt.spec | 6 ++- 3 files changed, 80 insertions(+), 1 deletion(-) create mode 100644 libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch create mode 100644 libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch diff --git a/libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch b/libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch new file mode 100644 index 0000000..92d6519 --- /dev/null +++ b/libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch @@ -0,0 +1,37 @@ +From 3b401713bcd5acfd1030425832becad34a7eaac8 Mon Sep 17 00:00:00 2001 +From: Jiri Denemark +Date: Thu, 12 Dec 2019 15:12:05 +0100 +Subject: [PATCH 1/2] cpu_map: Add TAA_NO bit for IA32_ARCH_CAPABILITIES MSR +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2019-11135 + +CPUs with TAA_NO bit of IA32_ARCH_CAPABILITIES MSR set to 1 are not +vulnerable to TSX Asynchronous Abort and passing this bit to a guest +may avoid unnecessary mitigations. + +Signed-off-by: Jiri Denemark +Reviewed-by: Ján Tomko +(cherry-picked from commit 07aaced4e6ea6db8b27f44636f51cafa6f1847a8) +Signed-off-by: Xu Yandong +--- + src/cpu_map/x86_features.xml | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml +index 2bed1e0..d1180ed 100644 +--- a/src/cpu_map/x86_features.xml ++++ b/src/cpu_map/x86_features.xml +@@ -502,4 +502,7 @@ + + + ++ ++ ++ + +-- +2.21.0 + diff --git a/libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch b/libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch new file mode 100644 index 0000000..6a499cf --- /dev/null +++ b/libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch @@ -0,0 +1,38 @@ +From 7ab3dc8c831d5777bce7ced1a07158199049566c Mon Sep 17 00:00:00 2001 +From: Jiri Denemark +Date: Thu, 12 Dec 2019 15:12:05 +0100 +Subject: [PATCH] cpu_map: Add TSX_CTRL bit for IA32_ARCH_CAPABILITIES MSR +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2019-11135 + +When TSX_CTRL bit of IA32_ARCH_CAPABILITIES MSR is set to 1, the CPU +supports IA32_TSX_CTRL MSR which can be used to disable and/or mask TSX. + +Signed-off-by: Jiri Denemark +Reviewed-by: Ján Tomko +(cherry-picked from commit f411b7ef68221e82dec0129aaf2f2a26a8987504) +Signed-off-by: Xu Yandong +--- + src/cpu_map/x86_features.xml | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml +index d1180ed..b42b490 100644 +--- a/src/cpu_map/x86_features.xml ++++ b/src/cpu_map/x86_features.xml +@@ -502,6 +502,9 @@ + + + ++ ++ ++ + + + +-- +2.21.0 + diff --git a/libvirt.spec b/libvirt.spec index 48fdbc4..1ed1a60 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -114,7 +114,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 5.5.0 -Release: 2 +Release: 3 License: LGPLv2+ URL: https://libvirt.org/ @@ -156,6 +156,8 @@ Patch30: libvirt-cpu-add-getHostCPU-for-ARM-CPUS.patch Patch31: libvirt-cpu-Introduce-mock-checkFeature-method-for-ARM-CPUS.patch Patch32: libvirt-tests-add-baseline-test-cases-for-arm-CPU.patch Patch33: libvirt-tests-add-cpu-compare-test-cases-for-arm-CPU.patch +Patch34: libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch +Patch35: libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch Requires: libvirt-daemon = %{version}-%{release} @@ -1799,6 +1801,8 @@ exit 0 %changelog +* Tue Dec 24 2019 Xu Yandong - 5.5.0-2 +- Cherry-pick CVE-2019-11135 patches. * Fri Nov 29 2019 openEuler Buildteam - 5.5.0-1 - Remove zfs-fuse support for x86_64. * Fri Sep 6 2019 openEuler Buildteam - 5.5.0-1 -- Gitee From c94ecc7dd193facf5a779e874bb16d3ac4c2283e Mon Sep 17 00:00:00 2001 From: Xu Yandong Date: Wed, 25 Dec 2019 11:45:28 +0800 Subject: [PATCH 2/2] sync-patch: cherry pick patches from upstream Signed-off-by: Xu Yandong --- ...rect-addition-to-virAccessPermNetwor.patch | 58 ++++++++ ...-leak-of-typed-parameters-getting-cl.patch | 35 +++++ ...h-during-cleanup-from-failure-to-all.patch | 64 +++++++++ ...domain-def-when-RevertToSnapshot-fai.patch | 81 +++++++++++ ...emu-Forcibly-mknod-even-if-it-exists.patch | 92 +++++++++++++ ...ate-qomName-of-disk-with-useraliases.patch | 55 ++++++++ ...e-reservation-of-PCI-address-for-int.patch | 89 ++++++++++++ ...nize-MAC-address-in-live-config-when.patch | 128 ++++++++++++++++++ ...rcgroupv2-fix-setting-cpu.max-period.patch | 39 ++++++ ...t-virsh-Fix-help-for-net-port-delete.patch | 37 +++++ libvirt.spec | 15 +- 11 files changed, 692 insertions(+), 1 deletion(-) create mode 100644 libvirt-access-fix-incorrect-addition-to-virAccessPermNetwor.patch create mode 100644 libvirt-admin-fix-memory-leak-of-typed-parameters-getting-cl.patch create mode 100644 libvirt-network-fix-crash-during-cleanup-from-failure-to-all.patch create mode 100644 libvirt-qemu-Don-t-leak-domain-def-when-RevertToSnapshot-fai.patch create mode 100644 libvirt-qemu-Forcibly-mknod-even-if-it-exists.patch create mode 100644 libvirt-qemu-alias-Generate-qomName-of-disk-with-useraliases.patch create mode 100644 libvirt-qemu-avoid-double-reservation-of-PCI-address-for-int.patch create mode 100644 libvirt-qemu-homogenize-MAC-address-in-live-config-when.patch create mode 100644 libvirt-vircgroupv2-fix-setting-cpu.max-period.patch create mode 100644 libvirt-virsh-Fix-help-for-net-port-delete.patch diff --git a/libvirt-access-fix-incorrect-addition-to-virAccessPermNetwor.patch b/libvirt-access-fix-incorrect-addition-to-virAccessPermNetwor.patch new file mode 100644 index 0000000..36b025f --- /dev/null +++ b/libvirt-access-fix-incorrect-addition-to-virAccessPermNetwor.patch @@ -0,0 +1,58 @@ +From b6c2dcd8e18e218cd352c92651e3314f13bef6c7 Mon Sep 17 00:00:00 2001 +From: Laine Stump +Date: Thu, 15 Aug 2019 16:34:21 -0400 +Subject: [PATCH] access: fix incorrect addition to virAccessPermNetwork + +Commit e69444e17 (first appeared in libvirt-5.5.0) added the new value +"VIR_ACCESS_PERM_NETWORK_SEARCH_PORTS" to the virAccessPerNetwork +enum, and also the string "search_ports" to the VIR_ENUM_IMPL() macro +for that enum. Unfortunately, the enum value was added in the middle +of the list, while the string was added to the end of the +VIR_ENUM_IMPL(). + +This patch corrects that error by moving the new value to the end of +the enum definition, so that the order matches that of the string +list. + +Resolves: https://bugzilla.redhat.com/1741428 + +Signed-off-by: Laine Stump +Reviewed-by: Michal Privoznik +(cherry-picked from commit 8d6eaf5e099dab8400aa76bcc9a0ac74ff6f46e1) +Signed-off-by: Xu Yandong +--- + src/access/viraccessperm.h | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/access/viraccessperm.h b/src/access/viraccessperm.h +index d4b9c69..52905e5 100644 +--- a/src/access/viraccessperm.h ++++ b/src/access/viraccessperm.h +@@ -404,18 +404,18 @@ typedef enum { + */ + VIR_ACCESS_PERM_NETWORK_START, + +- /** +- * @desc: List network ports +- * @message: Listing network ports requires authorization +- */ +- VIR_ACCESS_PERM_NETWORK_SEARCH_PORTS, +- + /** + * @desc: Stop network + * @message: Stopping network requires authorization + */ + VIR_ACCESS_PERM_NETWORK_STOP, + ++ /** ++ * @desc: List network ports ++ * @message: Listing network ports requires authorization ++ */ ++ VIR_ACCESS_PERM_NETWORK_SEARCH_PORTS, ++ + VIR_ACCESS_PERM_NETWORK_LAST + } virAccessPermNetwork; + +-- +2.21.0 + diff --git a/libvirt-admin-fix-memory-leak-of-typed-parameters-getting-cl.patch b/libvirt-admin-fix-memory-leak-of-typed-parameters-getting-cl.patch new file mode 100644 index 0000000..fd58c8d --- /dev/null +++ b/libvirt-admin-fix-memory-leak-of-typed-parameters-getting-cl.patch @@ -0,0 +1,35 @@ +From 52aa54af3b65069d9abaebf943ff19fb6c4d3037 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 30 Sep 2019 16:56:33 +0100 +Subject: [PATCH] admin: fix memory leak of typed parameters getting client + info +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In the error code path, the temporary parameters are not freed. + +Reviewed-by: Daniel Henrique Barboza +Signed-off-by: Daniel P. Berrangé +(cherry-picked from commit c76dc0ea39b4cbddaf9be22d50d13c4f529d6e2e) +Signed-off-by: Xu Yandong +--- + src/admin/admin_server.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/admin/admin_server.c b/src/admin/admin_server.c +index f2a38f6..ebf940d 100644 +--- a/src/admin/admin_server.c ++++ b/src/admin/admin_server.c +@@ -296,6 +296,8 @@ adminClientGetInfo(virNetServerClientPtr client, + ret = 0; + + cleanup: ++ if (tmpparams) ++ virTypedParamsFree(tmpparams, *nparams); + virObjectUnref(identity); + VIR_FREE(sock_addr); + return ret; +-- +2.21.0 + diff --git a/libvirt-network-fix-crash-during-cleanup-from-failure-to-all.patch b/libvirt-network-fix-crash-during-cleanup-from-failure-to-all.patch new file mode 100644 index 0000000..7f5c581 --- /dev/null +++ b/libvirt-network-fix-crash-during-cleanup-from-failure-to-all.patch @@ -0,0 +1,64 @@ +From 9b51935a361e04633cbdecd19a65e99205415b81 Mon Sep 17 00:00:00 2001 +From: Laine Stump +Date: Thu, 15 Aug 2019 21:52:28 -0400 +Subject: [PATCH] network: fix crash during cleanup from failure to allocate + port + +During networkPortCreateXML, if networkAllocatePort() failed, +networkReleasePort() would be called, which would (in the case of +network pools of macvtap passthrough devices) attempt to find the +allocated device by comparing port->plug.direct.linkdev to each device +in the pool. Since port->plug.direct.linkdev was still NULL, the +attempted strcmp would result in a SEGV. + +Calling networkReleasePort() during error cleanup is something that +should only be done if networkAllocatePort() has already succeeded. It +turns out there is one other possible error exit from +networkPortCreateXML() that happens after networkAllocatePort() has +succeeded, so the code to call networkReleasePort() was just moved +down to there. + +Resolves: https://bugzilla.redhat.com/1741390 + +Signed-off-by: Laine Stump +Reviewed-by: Michal Privoznik +(cherry-picked from commit dac697e8d7d6d9a607e61caeeec06b259edf513f) +Signed-off-by: Xu Yandong +--- + src/network/bridge_driver.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c +index 19faf7d..8005883 100644 +--- a/src/network/bridge_driver.c ++++ b/src/network/bridge_driver.c +@@ -5434,20 +5434,20 @@ networkPortCreateXML(virNetworkPtr net, + rc = networkNotifyPort(obj, portdef); + else + rc = networkAllocatePort(obj, portdef); +- if (rc < 0) { ++ if (rc < 0) ++ goto cleanup; ++ ++ if (virNetworkObjAddPort(obj, portdef, driver->stateDir) < 0) { + virErrorPtr saved; ++ + saved = virSaveLastError(); + ignore_value(networkReleasePort(obj, portdef)); ++ virNetworkPortDefFree(portdef); + virSetError(saved); + virFreeError(saved); + goto cleanup; + } + +- if (virNetworkObjAddPort(obj, portdef, driver->stateDir) < 0) { +- virNetworkPortDefFree(portdef); +- goto cleanup; +- } +- + ret = virGetNetworkPort(net, portdef->uuid); + cleanup: + virNetworkObjEndAPI(&obj); +-- +2.21.0 + diff --git a/libvirt-qemu-Don-t-leak-domain-def-when-RevertToSnapshot-fai.patch b/libvirt-qemu-Don-t-leak-domain-def-when-RevertToSnapshot-fai.patch new file mode 100644 index 0000000..67640e6 --- /dev/null +++ b/libvirt-qemu-Don-t-leak-domain-def-when-RevertToSnapshot-fai.patch @@ -0,0 +1,81 @@ +From 1cbe145af6e59574945cf43ad9bed7d4d6961fbf Mon Sep 17 00:00:00 2001 +From: Xu Yandong +Date: Wed, 25 Dec 2019 10:37:54 +0800 +Subject: [PATCH] qemu: Don't leak domain def when RevertToSnapshot fails + +Once we copy the domain definition from virDomainSnapshotDef, we either +need to assign it to the domain object or free it to avoid memory leaks. + +Signed-off-by: Jiri Denemark +Reviewed-by: Pavel Hrdina +(cherry-picked from commit 33c05f8b446f859d7b72780e584b941705470fea) +Signed-off-by: Xu Yandong +--- + src/qemu/qemu_driver.c | 16 +++++++++++++--- + 1 file changed, 13 insertions(+), 3 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 296f27e..7ff7d92 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -16204,6 +16204,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, + virCPUDefPtr origCPU = NULL; + unsigned int start_flags = VIR_QEMU_PROCESS_START_GEN_VMID; + qemuDomainAsyncJob jobType = QEMU_ASYNC_JOB_START; ++ bool defined = false; + + virCheckFlags(VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING | + VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED | +@@ -16414,13 +16415,18 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, + virDomainObjAssignDef(vm, config, false, NULL); + virCPUDefFree(priv->origCPU); + VIR_STEAL_PTR(priv->origCPU, origCPU); ++ config = NULL; ++ defined = true; + } + } else { + /* Transitions 2, 3 */ + load: + was_stopped = true; +- if (config) ++ if (config) { + virDomainObjAssignDef(vm, config, false, NULL); ++ config = NULL; ++ defined = true; ++ } + + /* No cookie means libvirt which saved the domain was too old to + * mess up the CPU definitions. +@@ -16506,8 +16512,11 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, + qemuProcessEndJob(driver, vm); + goto cleanup; + } +- if (config) ++ if (config) { + virDomainObjAssignDef(vm, config, false, NULL); ++ config = NULL; ++ defined = true; ++ } + + if (flags & (VIR_DOMAIN_SNAPSHOT_REVERT_RUNNING | + VIR_DOMAIN_SNAPSHOT_REVERT_PAUSED)) { +@@ -16575,7 +16584,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, + } else if (snap) { + virDomainSnapshotSetCurrent(vm->snapshots, NULL); + } +- if (ret == 0 && config && vm->persistent && ++ if (ret == 0 && defined && vm->persistent && + !(ret = virDomainSaveConfig(cfg->configDir, driver->caps, + vm->newDef ? vm->newDef : vm->def))) { + detail = VIR_DOMAIN_EVENT_DEFINED_FROM_SNAPSHOT; +@@ -16591,6 +16600,7 @@ qemuDomainRevertToSnapshot(virDomainSnapshotPtr snapshot, + virObjectUnref(cfg); + virNWFilterUnlockFilterUpdates(); + virCPUDefFree(origCPU); ++ virDomainDefFree(config); + + return ret; + } +-- +2.21.0 + diff --git a/libvirt-qemu-Forcibly-mknod-even-if-it-exists.patch b/libvirt-qemu-Forcibly-mknod-even-if-it-exists.patch new file mode 100644 index 0000000..5c3350d --- /dev/null +++ b/libvirt-qemu-Forcibly-mknod-even-if-it-exists.patch @@ -0,0 +1,92 @@ +From f7d778d4d6cbbc7422b9beae4b1f4a2e0f040464 Mon Sep 17 00:00:00 2001 +From: Michal Privoznik +Date: Fri, 8 Nov 2019 09:41:35 +0100 +Subject: [PATCH] qemu: Forcibly mknod() even if it exists +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Another weird bug appeared concerning qemu namespaces. Basically +the problem is as follows: + +1) Issue an API that causes libvirt to create a node in domain's + namespace, say /dev/nvme0n1 with 8:0 as major:minor (the API can + be attach-disk for instance). Or simply create the node from a + console by hand. + +2) Detach the disk from qemu. + +3) Do something that makes /dev/nvme0n1 change it's minor number. + +4) Try to attach the disk again. + +The problem is, in a few cases - like disk-detach - we don't +remove the corresponding /dev node from the mount namespace +(because it may be used by some other disk's backing chain). But +this creates a problem, because if the node changes its MAJ:MIN +numbers we don't propagate the change into the domain's +namespace. We do plain mknod() and ignore EEXIST which obviously +is not enough because it doesn't guarantee that the node has +updated MAJ:MIN pair. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1752978 + +Signed-off-by: Michal Privoznik +Reviewed-by: Daniel P. Berrangé +(cherry-picked from commit cdd8a6690ee3fa4b4b8ca1d4531924bd33be136a) +Signed-off-by: Xu Yandong +--- + src/qemu/qemu_domain.c | 25 +++++++++---------------- + 1 file changed, 9 insertions(+), 16 deletions(-) + +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index 56fadd5..cfc2b0e 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -12194,16 +12194,14 @@ qemuDomainCreateDeviceRecursive(const char *device, + allow_noent, ttl - 1) < 0) + goto cleanup; + } else if (isDev) { +- if (create && +- mknod(devicePath, sb.st_mode, sb.st_rdev) < 0) { +- if (errno == EEXIST) { +- ret = 0; +- } else { ++ if (create) { ++ unlink(devicePath); ++ if (mknod(devicePath, sb.st_mode, sb.st_rdev) < 0) { + virReportSystemError(errno, + _("Failed to make device %s"), + devicePath); ++ goto cleanup; + } +- goto cleanup; + } + } else if (isReg) { + if (create && +@@ -12996,17 +12994,12 @@ qemuDomainAttachDeviceMknodHelper(pid_t pid ATTRIBUTE_UNUSED, + } else if (isDev) { + VIR_DEBUG("Creating dev %s (%d,%d)", + data->file, major(data->sb.st_rdev), minor(data->sb.st_rdev)); ++ unlink(data->file); + if (mknod(data->file, data->sb.st_mode, data->sb.st_rdev) < 0) { +- /* Because we are not removing devices on hotunplug, or +- * we might be creating part of backing chain that +- * already exist due to a different disk plugged to +- * domain, accept EEXIST. */ +- if (errno != EEXIST) { +- virReportSystemError(errno, +- _("Unable to create device %s"), +- data->file); +- goto cleanup; +- } ++ virReportSystemError(errno, ++ _("Unable to create device %s"), ++ data->file); ++ goto cleanup; + } else { + delDevice = true; + } +-- +2.21.0 + diff --git a/libvirt-qemu-alias-Generate-qomName-of-disk-with-useraliases.patch b/libvirt-qemu-alias-Generate-qomName-of-disk-with-useraliases.patch new file mode 100644 index 0000000..2d29a7d --- /dev/null +++ b/libvirt-qemu-alias-Generate-qomName-of-disk-with-useraliases.patch @@ -0,0 +1,55 @@ +From 505d6028f8d9351165e1cf42701ba83c68be4bbe Mon Sep 17 00:00:00 2001 +From: Peter Krempa +Date: Fri, 16 Aug 2019 17:01:10 +0200 +Subject: [PATCH] qemu: alias: Generate 'qomName' of disk with useraliases +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Commit fb64e176f4f forgot to delete the check that short-circuits the +disk alias creation if the alias is already present. The side effect +of this is that the creation qomName which is necessary to be able to +refer to disk frontends when -blockdev is used was skipped when user +aliases are used. + +Fix it by deleting the check. Also prevent any potential memory leaks +from calling this function repeatedly by creating the qomName only when +it's not present. + +https://bugzilla.redhat.com/show_bug.cgi?id=1741838 + +Signed-off-by: Peter Krempa +Reviewed-by: Ján Tomko +(cherry-picked from commit b8222be5831261578e60ce2e867a968a6f80f67d) +Signed-off-by: Xu Yandong +--- + src/qemu/qemu_alias.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/src/qemu/qemu_alias.c b/src/qemu/qemu_alias.c +index 585cc97..216a18d 100644 +--- a/src/qemu/qemu_alias.c ++++ b/src/qemu/qemu_alias.c +@@ -182,9 +182,6 @@ qemuAssignDeviceDiskAlias(virDomainDefPtr def, + const char *prefix = virDomainDiskBusTypeToString(disk->bus); + int controllerModel = -1; + +- if (disk->info.alias) +- return 0; +- + if (!disk->info.alias) { + if (disk->info.type == VIR_DOMAIN_DEVICE_ADDRESS_TYPE_DRIVE) { + if (disk->bus == VIR_DOMAIN_DISK_BUS_SCSI) { +@@ -220,7 +217,8 @@ qemuAssignDeviceDiskAlias(virDomainDefPtr def, + * on the alias in qemu. While certain disk types use just the alias, some + * need the full path into /machine/peripheral as a historical artifact. + */ +- if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) { ++ if (!diskPriv->qomName && ++ virQEMUCapsGet(qemuCaps, QEMU_CAPS_BLOCKDEV)) { + switch ((virDomainDiskBus) disk->bus) { + case VIR_DOMAIN_DISK_BUS_FDC: + case VIR_DOMAIN_DISK_BUS_IDE: +-- +2.21.0 + diff --git a/libvirt-qemu-avoid-double-reservation-of-PCI-address-for-int.patch b/libvirt-qemu-avoid-double-reservation-of-PCI-address-for-int.patch new file mode 100644 index 0000000..3d8d689 --- /dev/null +++ b/libvirt-qemu-avoid-double-reservation-of-PCI-address-for-int.patch @@ -0,0 +1,89 @@ +From 23a7b3445fb342b02326e9cb6ea5ee5f80e680c1 Mon Sep 17 00:00:00 2001 +From: Xu Yandong +Date: Wed, 25 Dec 2019 11:04:59 +0800 +Subject: [PATCH] qemu: avoid double reservation of PCI address for interface + type='hostdev' + +Commit 01ca4010d86 (libvirt v5.1.0) moved address reservation for +hotplugged interface devices up to an earlier point in +qemuDomainAttachNetDevice(), because that function calls +qemuDomainSupportsNicdev() (in the case of +VIR_DOMAIN_NET_TYPE_VHOSTUSER), and qemuDomainSupportsNicdev() needs +to know the address type (for ARM machinetypes) and returns incorrect +results when the address type is "none". + +This bugfix unfortunately caused a regression, because it also made PCI +address reservation happen before we noticed that the device was a +*hostdev* interface. Those interfaces are hotplugged by just calling +out to qemuDomainAttachHostdevDevice() - that function would then also +attempt to reserve the *same PCI address* that had just been reserved +in qemuDomainAttachNetDevice(). + +The solution is to move the bit of code that short-circuits out to +virDomainHostdevAttach() up *even earlier* so that no PCI address has +been allocated by the time it's called. + +https://bugzilla.redhat.com/show_bug.cgi?id=1744523 +Signed-off-by: Laine Stump +Reviewed-by: Andrea Bolognani +(cherry-picked from commit 47a7b8a96b6343d4af18ef80330f805ef031fe9b) +Signed-off-by: Xu Yandong +--- + src/qemu/qemu_hotplug.c | 27 ++++++++++++++++----------- + 1 file changed, 16 insertions(+), 11 deletions(-) + +diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c +index 08b6e8b..a26a3c2 100644 +--- a/src/qemu/qemu_hotplug.c ++++ b/src/qemu/qemu_hotplug.c +@@ -1129,6 +1129,18 @@ qemuDomainAttachNetDevice(virQEMUDriverPtr driver, + if (qemuAssignDeviceNetAlias(vm->def, net, -1) < 0) + goto cleanup; + ++ if (actualType == VIR_DOMAIN_NET_TYPE_HOSTDEV) { ++ /* This is really a "smart hostdev", so it should be attached ++ * as a hostdev (the hostdev code will reach over into the ++ * netdev-specific code as appropriate), then also added to ++ * the nets list (see cleanup:) if successful. ++ */ ++ ret = qemuDomainAttachHostDevice(driver, vm, ++ virDomainNetGetActualHostdev(net)); ++ goto cleanup; ++ } ++ ++ + if (qemuDomainIsS390CCW(vm->def) && + net->info.type != VIR_DOMAIN_DEVICE_ADDRESS_TYPE_PCI && + virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_CCW)) { +@@ -1208,17 +1220,6 @@ qemuDomainAttachNetDevice(virQEMUDriverPtr driver, + goto cleanup; + break; + +- case VIR_DOMAIN_NET_TYPE_HOSTDEV: +- /* This is really a "smart hostdev", so it should be attached +- * as a hostdev (the hostdev code will reach over into the +- * netdev-specific code as appropriate), then also added to +- * the nets list (see cleanup:) if successful. +- */ +- ret = qemuDomainAttachHostDevice(driver, vm, +- virDomainNetGetActualHostdev(net)); +- goto cleanup; +- break; +- + case VIR_DOMAIN_NET_TYPE_VHOSTUSER: + queueSize = net->driver.virtio.queues; + if (!queueSize) +@@ -1242,6 +1243,10 @@ qemuDomainAttachNetDevice(virQEMUDriverPtr driver, + /* No preparation needed. */ + break; + ++ case VIR_DOMAIN_NET_TYPE_HOSTDEV: ++ /* hostdev interfaces were handled earlier in this function */ ++ break; ++ + case VIR_DOMAIN_NET_TYPE_SERVER: + case VIR_DOMAIN_NET_TYPE_CLIENT: + case VIR_DOMAIN_NET_TYPE_MCAST: +-- +2.21.0 + diff --git a/libvirt-qemu-homogenize-MAC-address-in-live-config-when.patch b/libvirt-qemu-homogenize-MAC-address-in-live-config-when.patch new file mode 100644 index 0000000..cf1ebc3 --- /dev/null +++ b/libvirt-qemu-homogenize-MAC-address-in-live-config-when.patch @@ -0,0 +1,128 @@ +From 448fde35ded33356308f630959a1f96c89739b97 Mon Sep 17 00:00:00 2001 +From: Xu Yandong +Date: Wed, 25 Dec 2019 11:14:53 +0800 +Subject: [PATCH] qemu: homogenize MAC address in live & config when + hotplugging a netdev + +Prior to commit 55ce6564634 (first in libvirt 4.6.0), the XML sent to +virDomainAttachDeviceFlags() was parsed only once, and the results of +that parse were inserted into both the live object of the running +domain and into the persistent config. Thus, if MAC address was +omitted from in XML for a network device (), both the live +and config object would have the same MAC address. + +Commit 55ce6564634 changed the code to parse the incoming XML twice - +once for live and once for config. This does eliminate the problem of +PCI (/scsi/sata) address conflicts caused by allocating an address +based on existing devices in live object, but then inserting the +result into the config (which may already have a device using that +address), BUT it also means that when the MAC address of a network +device hasn't been specified in the XML, each copy will get a +different auto-generated MAC address. + +This results in the MAC address of the device changing the next time +the domain is shutdown and restarted, which creates havoc with the +guest OS's network config. + +There have been several discussions about this in the last > 1 year, +attempting to find the ideal solution to this problem that makes MAC +addresses consistent and accounts for all sorts of corner cases with +PCI/scsi/sata addresses. All of these discussions fizzled out because +every proposal was either too difficult to implement or failed to fix +some esoteric case someone thought up. + +So, in the interest of solving the MAC address problem while not +making the "other address" situation any worse than before, this patch +simply adds a qemuDomainAttachDeviceLiveAndConfigHomogenize() function +that (for now) copies the MAC address from the config object to the +live object (if the original xml had then this +will be an effective NOP (as the macs already match)). + +Any downstream libvirt containing upstream commit +55ce6564634 should have this patch as well. + +https://bugzilla.redhat.com/1783411 + +Signed-off-by: Laine Stump +Reviewed-by: Michal Privoznik +(cherry-picked from commit 6c17606b7cce7bf77baef956bde8a0b056666011) +Signed-off-by: Xu Yandong +--- + src/qemu/qemu_driver.c | 40 ++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 40 insertions(+) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 7ff7d92..8749c53 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -8592,6 +8592,35 @@ qemuDomainUpdateDeviceConfig(virDomainDefPtr vmdef, + return 0; + } + ++ ++static void ++qemuDomainAttachDeviceLiveAndConfigHomogenize(const virDomainDeviceDef *devConf, ++ virDomainDeviceDefPtr devLive) ++{ ++ /* ++ * Fixup anything that needs to be identical in the live and ++ * config versions of DeviceDef, but might not be. Do this by ++ * changing the contents of devLive. This is done after all ++ * post-parse tweaks and validation, so be very careful about what ++ * changes are made. (For example, it would be a very bad idea to ++ * change assigned PCI, scsi, or sata addresses, as it could lead ++ * to a conflict and there would be nothing to catch it except ++ * qemu itself!) ++ */ ++ ++ /* MAC address should be identical in both DeviceDefs, but if it ++ * wasn't specified in the XML, and was instead autogenerated, it ++ * will be different for the two since they are each the result of ++ * a separate parser call. If it *was* specified, it will already ++ * be the same, so copying does no harm. ++ */ ++ ++ if (devConf->type == VIR_DOMAIN_DEVICE_NET) ++ virMacAddrSet(&devLive->data.net->mac, &devConf->data.net->mac); ++ ++} ++ ++ + static int + qemuDomainAttachDeviceLiveAndConfig(virDomainObjPtr vm, + virQEMUDriverPtr driver, +@@ -8601,6 +8630,7 @@ qemuDomainAttachDeviceLiveAndConfig(virDomainObjPtr vm, + virDomainDefPtr vmdef = NULL; + virQEMUDriverConfigPtr cfg = NULL; + virDomainDeviceDefPtr devConf = NULL; ++ virDomainDeviceDef devConfSave = { 0 }; + virDomainDeviceDefPtr devLive = NULL; + int ret = -1; + virCapsPtr caps = NULL; +@@ -8627,6 +8657,13 @@ qemuDomainAttachDeviceLiveAndConfig(virDomainObjPtr vm, + driver->xmlopt, parse_flags))) + goto cleanup; + ++ /* ++ * devConf will be NULLed out by ++ * qemuDomainAttachDeviceConfig(), so save it for later use by ++ * qemuDomainAttachDeviceLiveAndConfigHomogenize() ++ */ ++ devConfSave = *devConf; ++ + if (virDomainDeviceValidateAliasForHotplug(vm, devConf, + VIR_DOMAIN_AFFECT_CONFIG) < 0) + goto cleanup; +@@ -8647,6 +8684,9 @@ qemuDomainAttachDeviceLiveAndConfig(virDomainObjPtr vm, + driver->xmlopt, parse_flags))) + goto cleanup; + ++ if (flags & VIR_DOMAIN_AFFECT_CONFIG) ++ qemuDomainAttachDeviceLiveAndConfigHomogenize(&devConfSave, devLive); ++ + if (virDomainDeviceValidateAliasForHotplug(vm, devLive, + VIR_DOMAIN_AFFECT_LIVE) < 0) + goto cleanup; +-- +2.21.0 + diff --git a/libvirt-vircgroupv2-fix-setting-cpu.max-period.patch b/libvirt-vircgroupv2-fix-setting-cpu.max-period.patch new file mode 100644 index 0000000..71faa97 --- /dev/null +++ b/libvirt-vircgroupv2-fix-setting-cpu.max-period.patch @@ -0,0 +1,39 @@ +From eb22236a7bbb8f4e694b4a5a107e852c3f2be591 Mon Sep 17 00:00:00 2001 +From: Pavel Hrdina +Date: Thu, 5 Sep 2019 11:22:11 +0200 +Subject: [PATCH] vircgroupv2: fix setting cpu.max period + +When we set cpu.max period we need to parse the cpu.max file first as +it contains both quota and period values separated by space. When only +a single number is written to that file it will set quota. However, +in order to change period we need to write both values. + +The code was prepared for that but mistakenly used new line to end the +string with the first value. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1749227 + +Signed-off-by: Pavel Hrdina +Reviewed-by: Erik Skultety +(cherry-picked from commit 0bd4ad193d8ba7f0104f4739f19f2731e7cf9f56) +Signed-off-by: Xu Yandong +--- + src/util/vircgroupv2.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/util/vircgroupv2.c b/src/util/vircgroupv2.c +index 9d8a389..6cbb2a5 100644 +--- a/src/util/vircgroupv2.c ++++ b/src/util/vircgroupv2.c +@@ -1495,7 +1495,7 @@ virCgroupV2SetCpuCfsPeriod(virCgroupPtr group, + _("Invalid 'cpu.max' data.")); + return -1; + } +- *tmp = '\n'; ++ *tmp = '\0'; + + if (virAsprintf(&value, "%s %llu", str, cfs_period) < 0) + return -1; +-- +2.21.0 + diff --git a/libvirt-virsh-Fix-help-for-net-port-delete.patch b/libvirt-virsh-Fix-help-for-net-port-delete.patch new file mode 100644 index 0000000..8d005a6 --- /dev/null +++ b/libvirt-virsh-Fix-help-for-net-port-delete.patch @@ -0,0 +1,37 @@ +From 501ce10b135c1edcf5e05996ff85f7a35bdc2ecc Mon Sep 17 00:00:00 2001 +From: Jonathon Jongsma +Date: Tue, 3 Sep 2019 11:47:29 -0500 +Subject: [PATCH] virsh: Fix help for net-port-delete + +Apparently a copy/paste error. The net-port-delete help string was in +fact from net-port-dumpxml. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1747826 + +Signed-off-by: Jonathon Jongsma +(cherry-picked from commit 7d5f0fda306f02021dc26e67c2778f44d22465b9) +Signed-off-by: Xu Yandong +--- + tools/virsh-network.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/virsh-network.c b/tools/virsh-network.c +index af08441..be16f79 100644 +--- a/tools/virsh-network.c ++++ b/tools/virsh-network.c +@@ -1593,10 +1593,10 @@ cmdNetworkPortDumpXML(vshControl *ctl, const vshCmd *cmd) + */ + static const vshCmdInfo info_network_port_delete[] = { + {.name = "help", +- .data = N_("network port information in XML") ++ .data = N_("delete the specified network port") + }, + {.name = "desc", +- .data = N_("Output the network port information as an XML dump to stdout.") ++ .data = N_("Delete the specified network port.") + }, + {.name = NULL} + }; +-- +2.21.0 + diff --git a/libvirt.spec b/libvirt.spec index 1ed1a60..d7682e4 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -114,7 +114,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 5.5.0 -Release: 3 +Release: 5 License: LGPLv2+ URL: https://libvirt.org/ @@ -158,6 +158,17 @@ Patch32: libvirt-tests-add-baseline-test-cases-for-arm-CPU.patch Patch33: libvirt-tests-add-cpu-compare-test-cases-for-arm-CPU.patch Patch34: libvirt-cpu_map-Add-TAA_NO-bit-for-IA32_ARCH_CAPABILITIES-MS.patch Patch35: libvirt-cpu_map-Add-TSX_CTRL-bit-for-IA32_ARCH_CAPABILITIES-.patch +Patch36: libvirt-qemu-Don-t-leak-domain-def-when-RevertToSnapshot-fai.patch +Patch37: libvirt-admin-fix-memory-leak-of-typed-parameters-getting-cl.patch +Patch38: libvirt-access-fix-incorrect-addition-to-virAccessPermNetwor.patch +Patch39: libvirt-network-fix-crash-during-cleanup-from-failure-to-all.patch +Patch40: libvirt-qemu-alias-Generate-qomName-of-disk-with-useraliases.patch +Patch41: libvirt-vircgroupv2-fix-setting-cpu.max-period.patch +Patch42: libvirt-virsh-Fix-help-for-net-port-delete.patch +Patch43: libvirt-qemu-avoid-double-reservation-of-PCI-address-for-int.patch +Patch44: libvirt-qemu-Forcibly-mknod-even-if-it-exists.patch +Patch45: libvirt-qemu-homogenize-MAC-address-in-live-config-when.patch + Requires: libvirt-daemon = %{version}-%{release} @@ -1801,6 +1812,8 @@ exit 0 %changelog +* Wed Dec 25 2019 2019 Xu Yandong - 5.5.0-5 +- cherry-pick bugfix from upstream. * Tue Dec 24 2019 Xu Yandong - 5.5.0-2 - Cherry-pick CVE-2019-11135 patches. * Fri Nov 29 2019 openEuler Buildteam - 5.5.0-1 -- Gitee