In message: [meta-virtualization] [thud][PATCH] libvirt: 9 Security fixes plus on 06/09/2019 Armin Kuster wrote:
> From: Armin Kuster <[email protected]> > > Source: libvirt.org > MR: 98352, 99240, 99137, 99245, 99132 > Type: Security Fix > Disposition: Backport from > https://libvirt.org/git/?p=libvirt.git;a=log;h=refs/heads/v4.7-maint > ChangeID: 95f822542723d4bf910c1b4159e1431d7d46c969 > Description: merged to thud. Bruce > > Update to 4.7 maint tip all bug fixes. > Includes: > CVE-2018-12126 > CVE-2018-12127 > CVE-2018-12130 > CVE-2019-11091 > CVE-2019-10132 > CVE-2019-10161 > CVE-2019-10166 > CVE-2019-10167 > CVE-2019-10168 > > Signed-off-by: Armin Kuster <[email protected]> > --- > ...01-cpu_x86-Do-not-cache-microcode-version.patch | 59 ++ > .../0002-qemu-Don-t-cache-microcode-version.patch | 155 ++++ > ...18-12127_CVE-2018-12130_CVE-2019-11091_p1.patch | 894 > +++++++++++++++++++++ > ...18-12127_CVE-2018-12130_CVE-2019-11091_p2.patch | 116 +++ > .../libvirt/libvirt/CVE-2019-10132_p1.patch | 63 ++ > .../libvirt/libvirt/CVE-2019-10132_p2.patch | 56 ++ > .../libvirt/libvirt/CVE-2019-10132_p3.patch | 56 ++ > .../libvirt/libvirt/CVE-2019-10161.patch | 99 +++ > .../libvirt/libvirt/CVE-2019-10166.patch | 43 + > .../libvirt/libvirt/CVE-2019-10167.patch | 41 + > .../libvirt/libvirt/CVE-2019-10168.patch | 49 ++ > recipes-extended/libvirt/libvirt_4.7.0.bb | 11 + > 12 files changed, 1642 insertions(+) > create mode 100644 > recipes-extended/libvirt/libvirt/0001-cpu_x86-Do-not-cache-microcode-version.patch > create mode 100644 > recipes-extended/libvirt/libvirt/0002-qemu-Don-t-cache-microcode-version.patch > create mode 100644 > recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p1.patch > create mode 100644 > recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10161.patch > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10166.patch > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10167.patch > create mode 100644 recipes-extended/libvirt/libvirt/CVE-2019-10168.patch > > diff --git > a/recipes-extended/libvirt/libvirt/0001-cpu_x86-Do-not-cache-microcode-version.patch > > b/recipes-extended/libvirt/libvirt/0001-cpu_x86-Do-not-cache-microcode-version.patch > new file mode 100644 > index 0000000..4413d5f > --- /dev/null > +++ > b/recipes-extended/libvirt/libvirt/0001-cpu_x86-Do-not-cache-microcode-version.patch > @@ -0,0 +1,59 @@ > +From 33998cdd47300fc3ca6cb8f85714c149440b9c8b Mon Sep 17 00:00:00 2001 > +From: Jiri Denemark <[email protected]> > +Date: Fri, 5 Apr 2019 11:33:32 +0200 > +Subject: [PATCH 01/11] cpu_x86: Do not cache microcode version > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +The microcode version checks are used to invalidate cached CPU data we > +get from QEMU. To minimize /proc/cpuinfo parsing the microcode version > +was only read when libvirtd started and cached for the daemon's > +lifetime. However, the CPU microcode can change anytime (updating the > +microcode package can automatically upload it to the CPU) and we need to > +stop caching it to avoid using stale CPU model data. > + > +Signed-off-by: Jiri Denemark <[email protected]> > +Reviewed-by: Ján Tomko <[email protected]> > +(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b) > + > +Upstream-Status: Backport > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/cpu/cpu_x86.c | 5 +---- > + 1 file changed, 1 insertion(+), 4 deletions(-) > + > +diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c > +index cb27550..ce48ca6 100644 > +--- a/src/cpu/cpu_x86.c > ++++ b/src/cpu/cpu_x86.c > +@@ -163,7 +163,6 @@ struct _virCPUx86Map { > + }; > + > + static virCPUx86MapPtr cpuMap; > +-static unsigned int microcodeVersion; > + > + int virCPUx86DriverOnceInit(void); > + VIR_ONCE_GLOBAL_INIT(virCPUx86Driver); > +@@ -1331,8 +1330,6 @@ virCPUx86DriverOnceInit(void) > + if (!(cpuMap = virCPUx86LoadMap())) > + return -1; > + > +- microcodeVersion = virHostCPUGetMicrocodeVersion(); > +- > + return 0; > + } > + > +@@ -2372,7 +2369,7 @@ virCPUx86GetHost(virCPUDefPtr cpu, > + goto cleanup; > + > + ret = x86DecodeCPUData(cpu, cpuData, models); > +- cpu->microcodeVersion = microcodeVersion; > ++ cpu->microcodeVersion = virHostCPUGetMicrocodeVersion(); > + > + cleanup: > + virCPUx86DataFree(cpuData); > +-- > +2.7.4 > + > diff --git > a/recipes-extended/libvirt/libvirt/0002-qemu-Don-t-cache-microcode-version.patch > > b/recipes-extended/libvirt/libvirt/0002-qemu-Don-t-cache-microcode-version.patch > new file mode 100644 > index 0000000..6d0f298 > --- /dev/null > +++ > b/recipes-extended/libvirt/libvirt/0002-qemu-Don-t-cache-microcode-version.patch > @@ -0,0 +1,155 @@ > +From d606ac113007901522dab6c4b3979686d43eaa87 Mon Sep 17 00:00:00 2001 > +From: Jiri Denemark <[email protected]> > +Date: Fri, 12 Apr 2019 21:21:05 +0200 > +Subject: [PATCH 02/11] qemu: Don't cache microcode version > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +My earlier commit be46f61326 was incomplete. It removed caching of > +microcode version in the CPU driver, which means the capabilities XML > +will see the correct microcode version. But it is also cached in the > +QEMU capabilities cache where it is used to detect whether we need to > +reprobe QEMU. By missing the second place, the original commit > +be46f61326 made the situation even worse since libvirt would report > +correct microcode version while still using the old host CPU model > +(visible in domain capabilities XML). > + > +Signed-off-by: Jiri Denemark <[email protected]> > +Reviewed-by: Ján Tomko <[email protected]> > +(cherry picked from commit 673c62a3b7855a0685d8f116e227c402720b9ee9) > + > +Conflicts: > + src/qemu/qemu_capabilities.c > + - virQEMUCapsCacheLookupByArch refactoring (commits > + 7948ad4129a and 1a3de67001c) are missing > + > +Signed-off-by: Daniel P. Berrangé <[email protected]> > + > +Upstream-Status: Backport > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/qemu/qemu_capabilities.c | 12 ++++++++---- > + src/qemu/qemu_capabilities.h | 3 +-- > + src/qemu/qemu_driver.c | 9 +-------- > + tests/testutilsqemu.c | 2 +- > + 4 files changed, 11 insertions(+), 15 deletions(-) > + > +diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c > +index a075677..eaf369f 100644 > +--- a/src/qemu/qemu_capabilities.c > ++++ b/src/qemu/qemu_capabilities.c > +@@ -4700,7 +4700,7 @@ virQEMUCapsNewData(const char *binary, > + priv->libDir, > + priv->runUid, > + priv->runGid, > +- priv->microcodeVersion, > ++ virHostCPUGetMicrocodeVersion(), > + priv->kernelVersion); > + } > + > +@@ -4783,8 +4783,7 @@ virFileCachePtr > + virQEMUCapsCacheNew(const char *libDir, > + const char *cacheDir, > + uid_t runUid, > +- gid_t runGid, > +- unsigned int microcodeVersion) > ++ gid_t runGid) > + { > + char *capsCacheDir = NULL; > + virFileCachePtr cache = NULL; > +@@ -4808,7 +4807,6 @@ virQEMUCapsCacheNew(const char *libDir, > + > + priv->runUid = runUid; > + priv->runGid = runGid; > +- priv->microcodeVersion = microcodeVersion; > + > + if (uname(&uts) == 0 && > + virAsprintf(&priv->kernelVersion, "%s %s", uts.release, > uts.version) < 0) > +@@ -4829,8 +4827,11 @@ virQEMUCapsPtr > + virQEMUCapsCacheLookup(virFileCachePtr cache, > + const char *binary) > + { > ++ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache); > + virQEMUCapsPtr ret = NULL; > + > ++ priv->microcodeVersion = virHostCPUGetMicrocodeVersion(); > ++ > + ret = virFileCacheLookup(cache, binary); > + > + VIR_DEBUG("Returning caps %p for %s", ret, binary); > +@@ -4876,10 +4877,13 @@ virQEMUCapsPtr > + virQEMUCapsCacheLookupByArch(virFileCachePtr cache, > + virArch arch) > + { > ++ virQEMUCapsCachePrivPtr priv = virFileCacheGetPriv(cache); > + virQEMUCapsPtr ret = NULL; > + virArch target; > + struct virQEMUCapsSearchData data = { .arch = arch }; > + > ++ priv->microcodeVersion = virHostCPUGetMicrocodeVersion(); > ++ > + ret = virFileCacheLookupByFunc(cache, virQEMUCapsCompareArch, &data); > + if (!ret) { > + /* If the first attempt at finding capabilities has failed, try > +diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h > +index 3d3a978..956babc 100644 > +--- a/src/qemu/qemu_capabilities.h > ++++ b/src/qemu/qemu_capabilities.h > +@@ -574,8 +574,7 @@ void virQEMUCapsFilterByMachineType(virQEMUCapsPtr > qemuCaps, > + virFileCachePtr virQEMUCapsCacheNew(const char *libDir, > + const char *cacheDir, > + uid_t uid, > +- gid_t gid, > +- unsigned int microcodeVersion); > ++ gid_t gid); > + virQEMUCapsPtr virQEMUCapsCacheLookup(virFileCachePtr cache, > + const char *binary); > + virQEMUCapsPtr virQEMUCapsCacheLookupCopy(virFileCachePtr cache, > +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c > +index a0f7c71..75f8699 100644 > +--- a/src/qemu/qemu_driver.c > ++++ b/src/qemu/qemu_driver.c > +@@ -592,8 +592,6 @@ qemuStateInitialize(bool privileged, > + char *hugepagePath = NULL; > + char *memoryBackingPath = NULL; > + size_t i; > +- virCPUDefPtr hostCPU = NULL; > +- unsigned int microcodeVersion = 0; > + > + if (VIR_ALLOC(qemu_driver) < 0) > + return -1; > +@@ -813,15 +811,10 @@ qemuStateInitialize(bool privileged, > + run_gid = cfg->group; > + } > + > +- if ((hostCPU = virCPUProbeHost(virArchFromHost()))) > +- microcodeVersion = hostCPU->microcodeVersion; > +- virCPUDefFree(hostCPU); > +- > + qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir, > + cfg->cacheDir, > + run_uid, > +- run_gid, > +- microcodeVersion); > ++ run_gid); > + if (!qemu_driver->qemuCapsCache) > + goto error; > + > +diff --git a/tests/testutilsqemu.c b/tests/testutilsqemu.c > +index 8438613..4e53f03 100644 > +--- a/tests/testutilsqemu.c > ++++ b/tests/testutilsqemu.c > +@@ -707,7 +707,7 @@ int qemuTestDriverInit(virQEMUDriver *driver) > + > + /* Using /dev/null for libDir and cacheDir automatically produces errors > + * upon attempt to use any of them */ > +- driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", > 0, 0, 0); > ++ driver->qemuCapsCache = virQEMUCapsCacheNew("/dev/null", "/dev/null", > 0, 0); > + if (!driver->qemuCapsCache) > + goto error; > + > +-- > +2.7.4 > + > diff --git > a/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p1.patch > > b/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p1.patch > new file mode 100644 > index 0000000..45f51d4 > --- /dev/null > +++ > b/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p1.patch > @@ -0,0 +1,894 @@ > +From b15a3c9f9bd24d12082b5a6ea505eb3ea48137cb Mon Sep 17 00:00:00 2001 > +From: Jiri Denemark <[email protected]> > +Date: Fri, 5 Apr 2019 11:19:30 +0200 > +Subject: [PATCH 03/11] cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5 > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +Signed-off-by: Jiri Denemark <[email protected]> > +(cherry picked from commit 5cd9db3ac11e88846cbcf95fad9f6fae9d880dee) > + > +CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 > + > +Conflicts: > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > + - intel-pt feature is missing > + - stibp feature is missing > + > +Signed-off-by: Daniel P. Berrangé <[email protected]> > + > +Upstream-Status: Backport > + > +CVE: CVE-2018-12126 > +CVE: CVE-2018-12127 > +CVE: CVE-2018-12130 > +CVE: CVE-2019-11091 > + > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + tests/cputest.c | 1 + > + .../x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml | 7 + > + .../x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 8 + > + .../x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 26 + > + .../x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 27 + > + .../x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 10 + > + .../cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json | 652 > +++++++++++++++++++++ > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig | 4 + > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml | 47 ++ > + 9 files changed, 782 insertions(+) > + create mode 100644 > tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml > + create mode 100644 > tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml > + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml > + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json > + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig > + create mode 100644 tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml > + > +diff --git a/tests/cputest.c b/tests/cputest.c > +index baf2b3c..fbb2a86 100644 > +--- a/tests/cputest.c > ++++ b/tests/cputest.c > +@@ -1190,6 +1190,7 @@ mymain(void) > + DO_TEST_CPUID(VIR_ARCH_X86_64, "Phenom-B95", JSON_HOST); > + DO_TEST_CPUID(VIR_ARCH_X86_64, "Ryzen-7-1800X-Eight-Core", JSON_HOST); > + DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-5110", JSON_NONE); > ++ DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1225-v5", JSON_MODELS); > + DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E3-1245-v5", JSON_MODELS); > + DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2609-v3", JSON_MODELS); > + DO_TEST_CPUID(VIR_ARCH_X86_64, "Xeon-E5-2623-v4", JSON_MODELS); > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml > +new file mode 100644 > +index 0000000..ce51903 > +--- /dev/null > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-disabled.xml > +@@ -0,0 +1,7 @@ > ++<!-- Features disabled by QEMU --> > ++<cpudata arch='x86'> > ++ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x0800c1fc' edx='0xb0600000'/> > ++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' > ebx='0x02000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000008' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/> > ++</cpudata> > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml > +new file mode 100644 > +index 0000000..0deca9f > +--- /dev/null > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml > +@@ -0,0 +1,8 @@ > ++<!-- Features enabled by QEMU --> > ++<cpudata arch='x86'> > ++ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/> > ++ <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' > ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/> > ++ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/> > ++</cpudata> > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > +new file mode 100644 > +index 0000000..993db80 > +--- /dev/null > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > +@@ -0,0 +1,26 @@ > ++<cpu mode='custom' match='exact'> > ++ <model fallback='forbid'>Skylake-Client-IBRS</model> > ++ <vendor>Intel</vendor> > ++ <feature policy='require' name='ds'/> > ++ <feature policy='require' name='acpi'/> > ++ <feature policy='require' name='ss'/> > ++ <feature policy='require' name='ht'/> > ++ <feature policy='require' name='tm'/> > ++ <feature policy='require' name='pbe'/> > ++ <feature policy='require' name='dtes64'/> > ++ <feature policy='require' name='monitor'/> > ++ <feature policy='require' name='ds_cpl'/> > ++ <feature policy='require' name='vmx'/> > ++ <feature policy='require' name='smx'/> > ++ <feature policy='require' name='est'/> > ++ <feature policy='require' name='tm2'/> > ++ <feature policy='require' name='xtpr'/> > ++ <feature policy='require' name='pdcm'/> > ++ <feature policy='require' name='osxsave'/> > ++ <feature policy='require' name='tsc_adjust'/> > ++ <feature policy='require' name='clflushopt'/> > ++ <feature policy='require' name='ssbd'/> > ++ <feature policy='require' name='xsaves'/> > ++ <feature policy='require' name='pdpe1gb'/> > ++ <feature policy='require' name='invtsc'/> > ++</cpu> > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > +new file mode 100644 > +index 0000000..074a39b > +--- /dev/null > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > +@@ -0,0 +1,27 @@ > ++<cpu> > ++ <arch>x86_64</arch> > ++ <model>Skylake-Client-IBRS</model> > ++ <vendor>Intel</vendor> > ++ <feature name='ds'/> > ++ <feature name='acpi'/> > ++ <feature name='ss'/> > ++ <feature name='ht'/> > ++ <feature name='tm'/> > ++ <feature name='pbe'/> > ++ <feature name='dtes64'/> > ++ <feature name='monitor'/> > ++ <feature name='ds_cpl'/> > ++ <feature name='vmx'/> > ++ <feature name='smx'/> > ++ <feature name='est'/> > ++ <feature name='tm2'/> > ++ <feature name='xtpr'/> > ++ <feature name='pdcm'/> > ++ <feature name='osxsave'/> > ++ <feature name='tsc_adjust'/> > ++ <feature name='clflushopt'/> > ++ <feature name='ssbd'/> > ++ <feature name='xsaves'/> > ++ <feature name='pdpe1gb'/> > ++ <feature name='invtsc'/> > ++</cpu> > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml > +new file mode 100644 > +index 0000000..1984bd4 > +--- /dev/null > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml > +@@ -0,0 +1,10 @@ > ++<cpu mode='custom' match='exact'> > ++ <model fallback='forbid'>Skylake-Client-IBRS</model> > ++ <vendor>Intel</vendor> > ++ <feature policy='require' name='ss'/> > ++ <feature policy='require' name='hypervisor'/> > ++ <feature policy='require' name='tsc_adjust'/> > ++ <feature policy='require' name='clflushopt'/> > ++ <feature policy='require' name='ssbd'/> > ++ <feature policy='require' name='pdpe1gb'/> > ++</cpu> > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json > +new file mode 100644 > +index 0000000..0847475 > +--- /dev/null > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.json > +@@ -0,0 +1,652 @@ > ++{ > ++ "return": { > ++ "model": { > ++ "name": "base", > ++ "props": { > ++ "phys-bits": 0, > ++ "core-id": -1, > ++ "xlevel": 2147483656, > ++ "cmov": true, > ++ "ia64": false, > ++ "aes": true, > ++ "mmx": true, > ++ "rdpid": false, > ++ "arat": true, > ++ "gfni": false, > ++ "pause-filter": false, > ++ "xsavec": true, > ++ "intel-pt": false, > ++ "osxsave": false, > ++ "hv-frequencies": false, > ++ "tsc-frequency": 0, > ++ "xd": true, > ++ "hv-vendor-id": "", > ++ "kvm-asyncpf": true, > ++ "kvm_asyncpf": true, > ++ "perfctr_core": false, > ++ "perfctr-core": false, > ++ "mpx": true, > ++ "pbe": false, > ++ "decodeassists": false, > ++ "avx512cd": false, > ++ "sse4_1": true, > ++ "sse4.1": true, > ++ "sse4-1": true, > ++ "family": 6, > ++ "legacy-cache": true, > ++ "vmware-cpuid-freq": true, > ++ "avx512f": false, > ++ "msr": true, > ++ "mce": true, > ++ "mca": true, > ++ "hv-runtime": false, > ++ "xcrypt": false, > ++ "thread-id": -1, > ++ "min-level": 13, > ++ "xgetbv1": true, > ++ "cid": false, > ++ "hv-relaxed": false, > ++ "hv-crash": false, > ++ "ds": false, > ++ "fxsr": true, > ++ "xsaveopt": true, > ++ "xtpr": false, > ++ "avx512vl": false, > ++ "avx512-vpopcntdq": false, > ++ "phe": false, > ++ "extapic": false, > ++ "3dnowprefetch": true, > ++ "avx512vbmi2": false, > ++ "cr8legacy": false, > ++ "stibp": true, > ++ "cpuid-0xb": true, > ++ "xcrypt-en": false, > ++ "kvm_pv_eoi": true, > ++ "apic-id": 4294967295, > ++ "pn": false, > ++ "dca": false, > ++ "vendor": "GenuineIntel", > ++ "pku": false, > ++ "smx": false, > ++ "cmp_legacy": false, > ++ "cmp-legacy": false, > ++ "node-id": -1, > ++ "avx512-4fmaps": false, > ++ "vmcb_clean": false, > ++ "vmcb-clean": false, > ++ "3dnowext": false, > ++ "hle": true, > ++ "npt": false, > ++ "memory": "/machine/unattached/system[0]", > ++ "clwb": false, > ++ "lbrv": false, > ++ "adx": true, > ++ "ss": true, > ++ "pni": true, > ++ "svm_lock": false, > ++ "svm-lock": false, > ++ "pfthreshold": false, > ++ "smep": true, > ++ "smap": true, > ++ "x2apic": true, > ++ "avx512vbmi": false, > ++ "avx512vnni": false, > ++ "hv-stimer": false, > ++ "i64": true, > ++ "flushbyasid": false, > ++ "f16c": true, > ++ "ace2-en": false, > ++ "pat": true, > ++ "pae": true, > ++ "sse": true, > ++ "phe-en": false, > ++ "kvm_nopiodelay": true, > ++ "kvm-nopiodelay": true, > ++ "tm": false, > ++ "kvmclock-stable-bit": true, > ++ "hypervisor": true, > ++ "socket-id": -1, > ++ "pcommit": false, > ++ "syscall": true, > ++ "level": 13, > ++ "avx512dq": false, > ++ "svm": false, > ++ "full-cpuid-auto-level": true, > ++ "hv-reset": false, > ++ "invtsc": false, > ++ "sse3": true, > ++ "sse2": true, > ++ "ssbd": true, > ++ "est": false, > ++ "avx512ifma": false, > ++ "tm2": false, > ++ "kvm-pv-eoi": true, > ++ "cx8": true, > ++ "kvm_mmu": false, > ++ "kvm-mmu": false, > ++ "sse4_2": true, > ++ "sse4.2": true, > ++ "sse4-2": true, > ++ "pge": true, > ++ "fill-mtrr-mask": true, > ++ "avx512bitalg": false, > ++ "nodeid_msr": false, > ++ "pdcm": false, > ++ "movbe": true, > ++ "model": 94, > ++ "nrip_save": false, > ++ "nrip-save": false, > ++ "kvm_pv_unhalt": true, > ++ "ssse3": true, > ++ "sse4a": false, > ++ "invpcid": true, > ++ "pdpe1gb": true, > ++ "tsc-deadline": true, > ++ "fma": true, > ++ "cx16": true, > ++ "de": true, > ++ "enforce": false, > ++ "stepping": 3, > ++ "xsave": true, > ++ "clflush": true, > ++ "skinit": false, > ++ "tsc": true, > ++ "tce": false, > ++ "fpu": true, > ++ "ibs": false, > ++ "ds_cpl": false, > ++ "ds-cpl": false, > ++ "host-phys-bits": true, > ++ "fma4": false, > ++ "la57": false, > ++ "osvw": false, > ++ "check": true, > ++ "hv-spinlocks": -1, > ++ "pmu": false, > ++ "pmm": false, > ++ "apic": true, > ++ "spec-ctrl": true, > ++ "min-xlevel2": 0, > ++ "tsc-adjust": true, > ++ "tsc_adjust": true, > ++ "kvm-steal-time": true, > ++ "kvm_steal_time": true, > ++ "kvmclock": true, > ++ "l3-cache": true, > ++ "lwp": false, > ++ "ibpb": false, > ++ "xop": false, > ++ "avx": true, > ++ "ospke": false, > ++ "ace2": false, > ++ "avx512bw": false, > ++ "acpi": false, > ++ "hv-vapic": false, > ++ "fsgsbase": true, > ++ "ht": false, > ++ "nx": true, > ++ "pclmulqdq": true, > ++ "mmxext": false, > ++ "vaes": false, > ++ "popcnt": true, > ++ "xsaves": false, > ++ "tcg-cpuid": true, > ++ "lm": true, > ++ "umip": false, > ++ "pse": true, > ++ "avx2": true, > ++ "sep": true, > ++ "pclmuldq": true, > ++ "virt-ssbd": false, > ++ "x-hv-max-vps": -1, > ++ "nodeid-msr": false, > ++ "md-clear": true, > ++ "kvm": true, > ++ "misalignsse": false, > ++ "min-xlevel": 2147483656, > ++ "kvm-pv-unhalt": true, > ++ "bmi2": true, > ++ "bmi1": true, > ++ "realized": false, > ++ "tsc_scale": false, > ++ "tsc-scale": false, > ++ "topoext": false, > ++ "hv-vpindex": false, > ++ "xlevel2": 0, > ++ "clflushopt": true, > ++ "kvm-no-smi-migration": false, > ++ "monitor": false, > ++ "avx512er": false, > ++ "pmm-en": false, > ++ "pcid": true, > ++ "3dnow": false, > ++ "erms": true, > ++ "lahf-lm": true, > ++ "lahf_lm": true, > ++ "vpclmulqdq": false, > ++ "fxsr-opt": false, > ++ "hv-synic": false, > ++ "xstore": false, > ++ "fxsr_opt": false, > ++ "kvm-hint-dedicated": false, > ++ "rtm": true, > ++ "lmce": true, > ++ "hv-time": false, > ++ "perfctr-nb": false, > ++ "perfctr_nb": false, > ++ "ffxsr": false, > ++ "rdrand": true, > ++ "rdseed": true, > ++ "avx512-4vnniw": false, > ++ "vmx": false, > ++ "vme": true, > ++ "dtes64": false, > ++ "mtrr": true, > ++ "rdtscp": true, > ++ "pse36": true, > ++ "kvm-pv-tlb-flush": false, > ++ "tbm": false, > ++ "wdt": false, > ++ "pause_filter": false, > ++ "sha-ni": false, > ++ "model-id": "Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz", > ++ "abm": true, > ++ "avx512pf": false, > ++ "xstore-en": false > ++ } > ++ } > ++ }, > ++ "id": "model-expansion" > ++} > ++ > ++{ > ++ "return": [ > ++ { > ++ "name": "max", > ++ "typename": "max-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": false > ++ }, > ++ { > ++ "name": "host", > ++ "typename": "host-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": false > ++ }, > ++ { > ++ "name": "base", > ++ "typename": "base-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": true, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "qemu64", > ++ "typename": "qemu64-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "qemu32", > ++ "typename": "qemu32-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "phenom", > ++ "typename": "phenom-x86_64-cpu", > ++ "unavailable-features": [ > ++ "mmxext", > ++ "fxsr-opt", > ++ "3dnowext", > ++ "3dnow", > ++ "sse4a", > ++ "npt" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "pentium3", > ++ "typename": "pentium3-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "pentium2", > ++ "typename": "pentium2-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "pentium", > ++ "typename": "pentium-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "n270", > ++ "typename": "n270-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "kvm64", > ++ "typename": "kvm64-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "kvm32", > ++ "typename": "kvm32-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "cpu64-rhel6", > ++ "typename": "cpu64-rhel6-x86_64-cpu", > ++ "unavailable-features": [ > ++ "sse4a" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "coreduo", > ++ "typename": "coreduo-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "core2duo", > ++ "typename": "core2duo-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "athlon", > ++ "typename": "athlon-x86_64-cpu", > ++ "unavailable-features": [ > ++ "mmxext", > ++ "3dnowext", > ++ "3dnow" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Westmere", > ++ "typename": "Westmere-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Westmere-IBRS", > ++ "typename": "Westmere-IBRS-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Skylake-Server", > ++ "typename": "Skylake-Server-x86_64-cpu", > ++ "unavailable-features": [ > ++ "avx512f", > ++ "avx512dq", > ++ "clwb", > ++ "avx512cd", > ++ "avx512bw", > ++ "avx512vl", > ++ "avx512f", > ++ "avx512f", > ++ "avx512f" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Skylake-Server-IBRS", > ++ "typename": "Skylake-Server-IBRS-x86_64-cpu", > ++ "unavailable-features": [ > ++ "avx512f", > ++ "avx512dq", > ++ "clwb", > ++ "avx512cd", > ++ "avx512bw", > ++ "avx512vl", > ++ "avx512f", > ++ "avx512f", > ++ "avx512f" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Skylake-Client", > ++ "typename": "Skylake-Client-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Skylake-Client-IBRS", > ++ "typename": "Skylake-Client-IBRS-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "SandyBridge", > ++ "typename": "SandyBridge-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "SandyBridge-IBRS", > ++ "typename": "SandyBridge-IBRS-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Penryn", > ++ "typename": "Penryn-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Opteron_G5", > ++ "typename": "Opteron_G5-x86_64-cpu", > ++ "unavailable-features": [ > ++ "sse4a", > ++ "misalignsse", > ++ "xop", > ++ "fma4", > ++ "tbm" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Opteron_G4", > ++ "typename": "Opteron_G4-x86_64-cpu", > ++ "unavailable-features": [ > ++ "sse4a", > ++ "misalignsse", > ++ "xop", > ++ "fma4" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Opteron_G3", > ++ "typename": "Opteron_G3-x86_64-cpu", > ++ "unavailable-features": [ > ++ "sse4a", > ++ "misalignsse" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Opteron_G2", > ++ "typename": "Opteron_G2-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Opteron_G1", > ++ "typename": "Opteron_G1-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Nehalem", > ++ "typename": "Nehalem-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Nehalem-IBRS", > ++ "typename": "Nehalem-IBRS-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "IvyBridge", > ++ "typename": "IvyBridge-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "IvyBridge-IBRS", > ++ "typename": "IvyBridge-IBRS-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Haswell", > ++ "typename": "Haswell-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Haswell-noTSX", > ++ "typename": "Haswell-noTSX-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Haswell-noTSX-IBRS", > ++ "typename": "Haswell-noTSX-IBRS-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Haswell-IBRS", > ++ "typename": "Haswell-IBRS-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "EPYC", > ++ "typename": "EPYC-x86_64-cpu", > ++ "unavailable-features": [ > ++ "sha-ni", > ++ "mmxext", > ++ "fxsr-opt", > ++ "cr8legacy", > ++ "sse4a", > ++ "misalignsse", > ++ "osvw" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "EPYC-IBPB", > ++ "typename": "EPYC-IBPB-x86_64-cpu", > ++ "unavailable-features": [ > ++ "sha-ni", > ++ "mmxext", > ++ "fxsr-opt", > ++ "cr8legacy", > ++ "sse4a", > ++ "misalignsse", > ++ "osvw", > ++ "ibpb" > ++ ], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Conroe", > ++ "typename": "Conroe-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Broadwell", > ++ "typename": "Broadwell-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Broadwell-noTSX", > ++ "typename": "Broadwell-noTSX-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Broadwell-noTSX-IBRS", > ++ "typename": "Broadwell-noTSX-IBRS-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "Broadwell-IBRS", > ++ "typename": "Broadwell-IBRS-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ }, > ++ { > ++ "name": "486", > ++ "typename": "486-x86_64-cpu", > ++ "unavailable-features": [], > ++ "static": false, > ++ "migration-safe": true > ++ } > ++ ], > ++ "id": "definitions" > ++} > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig > +new file mode 100644 > +index 0000000..7e57c2d > +--- /dev/null > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.sig > +@@ -0,0 +1,4 @@ > ++0506e3 > ++family: 6 (0x06) > ++model: 94 (0x5e) > ++stepping: 3 (0x03) > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml > +new file mode 100644 > +index 0000000..437429d > +--- /dev/null > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5.xml > +@@ -0,0 +1,47 @@ > ++<!-- Intel(R) Xeon(R) CPU E3-1225 v5 @ 3.30GHz --> > ++<cpudata arch='x86'> > ++ <cpuid eax_in='0x00000000' ecx_in='0x00' eax='0x00000016' > ebx='0x756e6547' ecx='0x6c65746e' edx='0x49656e69'/> > ++ <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x000506e3' > ebx='0x06100800' ecx='0x7ffafbff' edx='0xbfebfbff'/> > ++ <cpuid eax_in='0x00000002' ecx_in='0x00' eax='0x76036301' > ebx='0x00f0b6ff' ecx='0x00000000' edx='0x00c30000'/> > ++ <cpuid eax_in='0x00000003' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000004' ecx_in='0x00' eax='0x1c004121' > ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000004' ecx_in='0x01' eax='0x1c004122' > ebx='0x01c0003f' ecx='0x0000003f' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000004' ecx_in='0x02' eax='0x1c004143' > ebx='0x00c0003f' ecx='0x000003ff' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000004' ecx_in='0x03' eax='0x1c03c163' > ebx='0x03c0003f' ecx='0x00001fff' edx='0x00000006'/> > ++ <cpuid eax_in='0x00000005' ecx_in='0x00' eax='0x00000040' > ebx='0x00000040' ecx='0x00000003' edx='0x00142120'/> > ++ <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x000027f7' > ebx='0x00000002' ecx='0x00000009' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' > ebx='0x029c6fbf' ecx='0x00000000' edx='0x9c002400'/> > ++ <cpuid eax_in='0x00000008' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000009' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000a' ecx_in='0x00' eax='0x07300804' > ebx='0x00000000' ecx='0x00000000' edx='0x00000603'/> > ++ <cpuid eax_in='0x0000000b' ecx_in='0x00' eax='0x00000001' > ebx='0x00000001' ecx='0x00000100' edx='0x00000006'/> > ++ <cpuid eax_in='0x0000000b' ecx_in='0x01' eax='0x00000004' > ebx='0x00000004' ecx='0x00000201' edx='0x00000006'/> > ++ <cpuid eax_in='0x0000000c' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000d' ecx_in='0x00' eax='0x0000001f' > ebx='0x00000440' ecx='0x00000440' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x0000000f' > ebx='0x000003c0' ecx='0x00000100' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000d' ecx_in='0x02' eax='0x00000100' > ebx='0x00000240' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000d' ecx_in='0x03' eax='0x00000040' > ebx='0x000003c0' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000d' ecx_in='0x04' eax='0x00000040' > ebx='0x00000400' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000d' ecx_in='0x08' eax='0x00000080' > ebx='0x00000000' ecx='0x00000001' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000e' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x0000000f' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000010' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000011' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000012' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000013' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000014' ecx_in='0x00' eax='0x00000001' > ebx='0x0000000f' ecx='0x00000007' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000014' ecx_in='0x01' eax='0x02490002' > ebx='0x003f3fff' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000015' ecx_in='0x00' eax='0x00000002' > ebx='0x00000114' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x00000016' ecx_in='0x00' eax='0x00000ce4' > ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/> > ++ <cpuid eax_in='0x80000000' ecx_in='0x00' eax='0x80000008' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/> > ++ <cpuid eax_in='0x80000002' ecx_in='0x00' eax='0x65746e49' > ebx='0x2952286c' ecx='0x6f655820' edx='0x2952286e'/> > ++ <cpuid eax_in='0x80000003' ecx_in='0x00' eax='0x55504320' > ebx='0x2d334520' ecx='0x35323231' edx='0x20357620'/> > ++ <cpuid eax_in='0x80000004' ecx_in='0x00' eax='0x2e332040' > ebx='0x48473033' ecx='0x0000007a' edx='0x00000000'/> > ++ <cpuid eax_in='0x80000005' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x80000006' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x01006040' edx='0x00000000'/> > ++ <cpuid eax_in='0x80000007' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000000' edx='0x00000100'/> > ++ <cpuid eax_in='0x80000008' ecx_in='0x00' eax='0x00003027' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > ++ <cpuid eax_in='0x80860000' ecx_in='0x00' eax='0x00000ce4' > ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/> > ++ <cpuid eax_in='0xc0000000' ecx_in='0x00' eax='0x00000ce4' > ebx='0x00000e74' ecx='0x00000064' edx='0x00000000'/> > ++</cpudata> > +-- > +2.7.4 > + > diff --git > a/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch > > b/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch > new file mode 100644 > index 0000000..b39e866 > --- /dev/null > +++ > b/recipes-extended/libvirt/libvirt/CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch > @@ -0,0 +1,116 @@ > +From c811c618c114c4a6493ede602bdca22d33c1972a Mon Sep 17 00:00:00 2001 > +From: Jiri Denemark <[email protected]> > +Date: Tue, 9 Apr 2019 12:35:52 +0200 > +Subject: [PATCH 04/11] cpu_map: Define md-clear CPUID bit > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 > + > +The bit is set when microcode provides the mechanism to invoke a flush > +of various exploitable CPU buffers by invoking the VERW instruction. > + > +Signed-off-by: Paolo Bonzini <[email protected]> > +Signed-off-by: Jiri Denemark <[email protected]> > +Reviewed-by: Daniel P. Berrangé <[email protected]> > +(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85) > + > +Conflicts: > + src/cpu_map/x86_features.xml > + - missing pconfig feature > + > + tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml > + tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml > + - test data missing downstream > + > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > + - intel-pt feature is missing > + - stibp feature is missing > + > +Signed-off-by: Daniel P. Berrangé <[email protected]> > + > +Upstream-Status: Backport > + > +CVE: CVE-2018-12126 > +CVE: CVE-2018-12127 > +CVE: CVE-2018-12130 > +CVE: CVE-2019-11091 > + > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/cpu_map/x86_features.xml | 3 +++ > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml | 2 +- > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml | 1 + > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml | 1 + > + tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml | 1 + > + 5 files changed, 7 insertions(+), 1 deletion(-) > + > +diff --git a/src/cpu_map/x86_features.xml b/src/cpu_map/x86_features.xml > +index 109c653..c8ae540 100644 > +--- a/src/cpu_map/x86_features.xml > ++++ b/src/cpu_map/x86_features.xml > +@@ -290,6 +290,9 @@ > + <feature name='avx512-4fmaps'> > + <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000008'/> > + </feature> > ++ <feature name='md-clear'> <!-- md_clear --> > ++ <cpuid eax_in='0x07' ecx_in='0x00' edx='0x00000400'/> > ++ </feature> > + <feature name='spec-ctrl'> > + <cpuid eax_in='0x07' ecx_in='0x00' edx='0x04000000'/> > + </feature> > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml > +index 0deca9f..74763a4 100644 > +--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-enabled.xml > +@@ -2,7 +2,7 @@ > + <cpudata arch='x86'> > + <cpuid eax_in='0x00000001' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0xf7fa3203' edx='0x0f8bfbff'/> > + <cpuid eax_in='0x00000006' ecx_in='0x00' eax='0x00000004' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > +- <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' > ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000000'/> > ++ <cpuid eax_in='0x00000007' ecx_in='0x00' eax='0x00000000' > ebx='0x009c4fbb' ecx='0x00000000' edx='0x8c000400'/> > + <cpuid eax_in='0x0000000d' ecx_in='0x01' eax='0x00000007' > ebx='0x00000000' ecx='0x00000000' edx='0x00000000'/> > + <cpuid eax_in='0x80000001' ecx_in='0x00' eax='0x00000000' > ebx='0x00000000' ecx='0x00000121' edx='0x2c100800'/> > + </cpudata> > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > +index 993db80..29c1fdb 100644 > +--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml > +@@ -19,6 +19,7 @@ > + <feature policy='require' name='osxsave'/> > + <feature policy='require' name='tsc_adjust'/> > + <feature policy='require' name='clflushopt'/> > ++ <feature policy='require' name='md-clear'/> > + <feature policy='require' name='ssbd'/> > + <feature policy='require' name='xsaves'/> > + <feature policy='require' name='pdpe1gb'/> > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > +index 074a39b..2003ca9 100644 > +--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml > +@@ -20,6 +20,7 @@ > + <feature name='osxsave'/> > + <feature name='tsc_adjust'/> > + <feature name='clflushopt'/> > ++ <feature name='md-clear'/> > + <feature name='ssbd'/> > + <feature name='xsaves'/> > + <feature name='pdpe1gb'/> > +diff --git a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml > b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml > +index 1984bd4..d6529c5 100644 > +--- a/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml > ++++ b/tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-json.xml > +@@ -5,6 +5,7 @@ > + <feature policy='require' name='hypervisor'/> > + <feature policy='require' name='tsc_adjust'/> > + <feature policy='require' name='clflushopt'/> > ++ <feature policy='require' name='md-clear'/> > + <feature policy='require' name='ssbd'/> > + <feature policy='require' name='pdpe1gb'/> > + </cpu> > +-- > +2.7.4 > + > diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch > b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch > new file mode 100644 > index 0000000..11c1c5d > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p1.patch > @@ -0,0 +1,63 @@ > +From dfd22fc50f8f268b9810d2ef21adada021f740eb Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <[email protected]> > +Date: Tue, 30 Apr 2019 17:26:13 +0100 > +Subject: [PATCH 05/11] admin: reject clients unless their UID matches the > + current UID > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +The admin protocol RPC messages are only intended for use by the user > +running the daemon. As such they should not be allowed for any client > +UID that does not match the server UID. > + > +Fixes CVE-2019-10132 > + > +Reviewed-by: Ján Tomko <[email protected]> > +Signed-off-by: Daniel P. Berrangé <[email protected]> > +(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7) > + > +Upstream-Status: Backport > +CVE: CVE-2019-10132 > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/admin/admin_server_dispatch.c | 22 ++++++++++++++++++++++ > + 1 file changed, 22 insertions(+) > + > +diff --git a/src/admin/admin_server_dispatch.c > b/src/admin/admin_server_dispatch.c > +index b78ff90..9f25813 100644 > +--- a/src/admin/admin_server_dispatch.c > ++++ b/src/admin/admin_server_dispatch.c > +@@ -66,6 +66,28 @@ remoteAdmClientNew(virNetServerClientPtr client > ATTRIBUTE_UNUSED, > + void *opaque) > + { > + struct daemonAdmClientPrivate *priv; > ++ uid_t clientuid; > ++ gid_t clientgid; > ++ pid_t clientpid; > ++ unsigned long long timestamp; > ++ > ++ if (virNetServerClientGetUNIXIdentity(client, > ++ &clientuid, > ++ &clientgid, > ++ &clientpid, > ++ ×tamp) < 0) > ++ return NULL; > ++ > ++ VIR_DEBUG("New client pid %lld uid %lld", > ++ (long long)clientpid, > ++ (long long)clientuid); > ++ > ++ if (geteuid() != clientuid) { > ++ virReportRestrictedError(_("Disallowing client %lld with uid %lld"), > ++ (long long)clientpid, > ++ (long long)clientuid); > ++ return NULL; > ++ } > + > + if (VIR_ALLOC(priv) < 0) > + return NULL; > +-- > +2.7.4 > + > diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch > b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch > new file mode 100644 > index 0000000..860c1e5 > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p2.patch > @@ -0,0 +1,56 @@ > +From 54005b84b0165b62b2ef88c7df229bddbaa29e76 Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <[email protected]> > +Date: Tue, 30 Apr 2019 16:51:37 +0100 > +Subject: [PATCH 06/11] locking: restrict sockets to mode 0600 > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +The virtlockd daemon's only intended client is the libvirtd daemon. As > +such it should never allow clients from other user accounts to connect. > +The code already enforces this and drops clients from other UIDs, but > +we can get earlier (and thus stronger) protection against DoS by setting > +the socket permissions to 0600 > + > +Fixes CVE-2019-10132 > + > +Reviewed-by: Ján Tomko <[email protected]> > +Signed-off-by: Daniel P. Berrangé <[email protected]> > +(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1) > + > +Upstream-Status: Backport > +CVE: CVE-2019-10132 > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/locking/virtlockd-admin.socket.in | 1 + > + src/locking/virtlockd.socket.in | 1 + > + 2 files changed, 2 insertions(+) > + > +diff --git a/src/locking/virtlockd-admin.socket.in > b/src/locking/virtlockd-admin.socket.in > +index 2a7500f..f674c49 100644 > +--- a/src/locking/virtlockd-admin.socket.in > ++++ b/src/locking/virtlockd-admin.socket.in > +@@ -5,6 +5,7 @@ Before=libvirtd.service > + [Socket] > + ListenStream=@localstatedir@/run/libvirt/virtlockd-admin-sock > + Service=virtlockd.service > ++SocketMode=0600 > + > + [Install] > + WantedBy=sockets.target > +diff --git a/src/locking/virtlockd.socket.in > b/src/locking/virtlockd.socket.in > +index 45e0f20..d701b27 100644 > +--- a/src/locking/virtlockd.socket.in > ++++ b/src/locking/virtlockd.socket.in > +@@ -4,6 +4,7 @@ Before=libvirtd.service > + > + [Socket] > + ListenStream=@localstatedir@/run/libvirt/virtlockd-sock > ++SocketMode=0600 > + > + [Install] > + WantedBy=sockets.target > +-- > +2.7.4 > + > diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch > b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch > new file mode 100644 > index 0000000..ddd0740 > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10132_p3.patch > @@ -0,0 +1,56 @@ > +From 030fdf57255f97289a407529194bf26c77548acb Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <[email protected]> > +Date: Tue, 30 Apr 2019 17:27:41 +0100 > +Subject: [PATCH 07/11] logging: restrict sockets to mode 0600 > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +The virtlogd daemon's only intended client is the libvirtd daemon. As > +such it should never allow clients from other user accounts to connect. > +The code already enforces this and drops clients from other UIDs, but > +we can get earlier (and thus stronger) protection against DoS by setting > +the socket permissions to 0600 > + > +Fixes CVE-2019-10132 > + > +Reviewed-by: Ján Tomko <[email protected]> > +Signed-off-by: Daniel P. Berrangé <[email protected]> > +(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f) > + > +Upstream-Status: Backport > +CVE: CVE-2019-10132 > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/logging/virtlogd-admin.socket.in | 1 + > + src/logging/virtlogd.socket.in | 1 + > + 2 files changed, 2 insertions(+) > + > +diff --git a/src/logging/virtlogd-admin.socket.in > b/src/logging/virtlogd-admin.socket.in > +index 595e6c4..5c41dfe 100644 > +--- a/src/logging/virtlogd-admin.socket.in > ++++ b/src/logging/virtlogd-admin.socket.in > +@@ -5,6 +5,7 @@ Before=libvirtd.service > + [Socket] > + ListenStream=@localstatedir@/run/libvirt/virtlogd-admin-sock > + Service=virtlogd.service > ++SocketMode=0600 > + > + [Install] > + WantedBy=sockets.target > +diff --git a/src/logging/virtlogd.socket.in b/src/logging/virtlogd.socket.in > +index 22b9360..ae48cda 100644 > +--- a/src/logging/virtlogd.socket.in > ++++ b/src/logging/virtlogd.socket.in > +@@ -4,6 +4,7 @@ Before=libvirtd.service > + > + [Socket] > + ListenStream=@localstatedir@/run/libvirt/virtlogd-sock > ++SocketMode=0600 > + > + [Install] > + WantedBy=sockets.target > +-- > +2.7.4 > + > diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch > b/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch > new file mode 100644 > index 0000000..118ece4 > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10161.patch > @@ -0,0 +1,99 @@ > +From 3352c8af264a7b9b741208790ecca0bbc6733f42 Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <[email protected]> > +Date: Fri, 14 Jun 2019 08:47:42 +0200 > +Subject: [PATCH 08/11] api: disallow virDomainSaveImageGetXMLDesc on > read-only > + connections > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +The virDomainSaveImageGetXMLDesc API is taking a path parameter, > +which can point to any path on the system. This file will then be > +read and parsed by libvirtd running with root privileges. > + > +Forbid it on read-only connections. > + > +Fixes: CVE-2019-10161 > +Reported-by: Matthias Gerstner <[email protected]> > +Signed-off-by: Ján Tomko <[email protected]> > +Reviewed-by: Daniel P. Berrangé <[email protected]> > +(cherry picked from commit aed6a032cead4386472afb24b16196579e239580) > +Signed-off-by: Ján Tomko <[email protected]> > + > +Conflicts: > + src/libvirt-domain.c > + src/remote/remote_protocol.x > + > +Upstream commit 12a51f372 which introduced the > VIR_DOMAIN_SAVE_IMAGE_XML_SECURE > +alias for VIR_DOMAIN_XML_SECURE is not backported. > +Just skip the commit since we now disallow the whole API on read-only > +connections, regardless of the flag. > + > +Signed-off-by: Ján Tomko <[email protected]> > + > +Upstream-Status: Backport > +CVE: CVE-2019-10161 > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/libvirt-domain.c | 11 ++--------- > + src/qemu/qemu_driver.c | 2 +- > + src/remote/remote_protocol.x | 3 +-- > + 3 files changed, 4 insertions(+), 12 deletions(-) > + > +Index: libvirt-4.7.0/src/libvirt-domain.c > +=================================================================== > +--- libvirt-4.7.0.orig/src/libvirt-domain.c > ++++ libvirt-4.7.0/src/libvirt-domain.c > +@@ -1073,9 +1073,7 @@ virDomainRestoreFlags(virConnectPtr conn > + * previously by virDomainSave() or virDomainSaveFlags(). > + * > + * No security-sensitive data will be included unless @flags contains > +- * VIR_DOMAIN_XML_SECURE; this flag is rejected on read-only > +- * connections. For this API, @flags should not contain either > +- * VIR_DOMAIN_XML_INACTIVE or VIR_DOMAIN_XML_UPDATE_CPU. > ++ * VIR_DOMAIN_XML_SECURE. > + * > + * Returns a 0 terminated UTF-8 encoded XML instance, or NULL in case of > + * error. The caller must free() the returned value. > +@@ -1091,12 +1089,7 @@ virDomainSaveImageGetXMLDesc(virConnectP > + > + virCheckConnectReturn(conn, NULL); > + virCheckNonNullArgGoto(file, error); > +- > +- if ((conn->flags & VIR_CONNECT_RO) && (flags & VIR_DOMAIN_XML_SECURE)) { > +- virReportError(VIR_ERR_OPERATION_DENIED, "%s", > +- _("virDomainSaveImageGetXMLDesc with secure flag")); > +- goto error; > +- } > ++ virCheckReadOnlyGoto(conn->flags, error); > + > + if (conn->driver->domainSaveImageGetXMLDesc) { > + char *ret; > +Index: libvirt-4.7.0/src/qemu/qemu_driver.c > +=================================================================== > +--- libvirt-4.7.0.orig/src/qemu/qemu_driver.c > ++++ libvirt-4.7.0/src/qemu/qemu_driver.c > +@@ -6791,7 +6791,7 @@ qemuDomainSaveImageGetXMLDesc(virConnect > + if (fd < 0) > + goto cleanup; > + > +- if (virDomainSaveImageGetXMLDescEnsureACL(conn, def, flags) < 0) > ++ if (virDomainSaveImageGetXMLDescEnsureACL(conn, def) < 0) > + goto cleanup; > + > + ret = qemuDomainDefFormatXML(driver, def, flags); > +Index: libvirt-4.7.0/src/remote/remote_protocol.x > +=================================================================== > +--- libvirt-4.7.0.orig/src/remote/remote_protocol.x > ++++ libvirt-4.7.0/src/remote/remote_protocol.x > +@@ -5226,8 +5226,7 @@ enum remote_procedure { > + /** > + * @generate: both > + * @priority: high > +- * @acl: domain:read > +- * @acl: domain:read_secure:VIR_DOMAIN_XML_SECURE > ++ * @acl: domain:write > + */ > + REMOTE_PROC_DOMAIN_SAVE_IMAGE_GET_XML_DESC = 235, > + > diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10166.patch > b/recipes-extended/libvirt/libvirt/CVE-2019-10166.patch > new file mode 100644 > index 0000000..12ab543 > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10166.patch > @@ -0,0 +1,43 @@ > +From 6da721ea37bf3624ff9922637cfa657d2dcb20f9 Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <[email protected]> > +Date: Fri, 14 Jun 2019 09:14:53 +0200 > +Subject: [PATCH 09/11] api: disallow virDomainManagedSaveDefineXML on > + read-only connections > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +The virDomainManagedSaveDefineXML can be used to alter the domain's > +config used for managedsave or even execute arbitrary emulator binaries. > +Forbid it on read-only connections. > + > +Fixes: CVE-2019-10166 > +Reported-by: Matthias Gerstner <[email protected]> > +Signed-off-by: Ján Tomko <[email protected]> > +Reviewed-by: Daniel P. Berrangé <[email protected]> > +(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a) > +Signed-off-by: Ján Tomko <[email protected]> > + > +Upstream-Status: Backport > +CVE: CVE-2019-10166 > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/libvirt-domain.c | 1 + > + 1 file changed, 1 insertion(+) > + > +diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c > +index 270e10e..5c764aa 100644 > +--- a/src/libvirt-domain.c > ++++ b/src/libvirt-domain.c > +@@ -9482,6 +9482,7 @@ virDomainManagedSaveDefineXML(virDomainPtr domain, > const char *dxml, > + > + virCheckDomainReturn(domain, -1); > + conn = domain->conn; > ++ virCheckReadOnlyGoto(conn->flags, error); > + > + if (conn->driver->domainManagedSaveDefineXML) { > + int ret; > +-- > +2.7.4 > + > diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch > b/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch > new file mode 100644 > index 0000000..576f46c > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10167.patch > @@ -0,0 +1,41 @@ > +From 5441f05a42a90779b0df86518286bf527e94aafb Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <[email protected]> > +Date: Fri, 14 Jun 2019 09:16:14 +0200 > +Subject: [PATCH 10/11] api: disallow virConnectGetDomainCapabilities on > + read-only connections > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +This API can be used to execute arbitrary emulators. > +Forbid it on read-only connections. > + > +Fixes: CVE-2019-10167 > +Signed-off-by: Ján Tomko <[email protected]> > +Reviewed-by: Daniel P. Berrangé <[email protected]> > +(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26) > +Signed-off-by: Ján Tomko <[email protected]> > + > +Upstream-Status: Backport > +CVE: CVE-2019-10167 > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/libvirt-domain.c | 1 + > + 1 file changed, 1 insertion(+) > + > +diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c > +index 5c764aa..9862a5d 100644 > +--- a/src/libvirt-domain.c > ++++ b/src/libvirt-domain.c > +@@ -11274,6 +11274,7 @@ virConnectGetDomainCapabilities(virConnectPtr conn, > + virResetLastError(); > + > + virCheckConnectReturn(conn, NULL); > ++ virCheckReadOnlyGoto(conn->flags, error); > + > + if (conn->driver->connectGetDomainCapabilities) { > + char *ret; > +-- > +2.7.4 > + > diff --git a/recipes-extended/libvirt/libvirt/CVE-2019-10168.patch > b/recipes-extended/libvirt/libvirt/CVE-2019-10168.patch > new file mode 100644 > index 0000000..16f1a6d > --- /dev/null > +++ b/recipes-extended/libvirt/libvirt/CVE-2019-10168.patch > @@ -0,0 +1,49 @@ > +From f5ace9c05d59b70d4899199a187cb32ec6f600d8 Mon Sep 17 00:00:00 2001 > +From: =?UTF-8?q?J=C3=A1n=20Tomko?= <[email protected]> > +Date: Fri, 14 Jun 2019 09:17:39 +0200 > +Subject: [PATCH 11/11] api: disallow virConnect*HypervisorCPU on read-only > + connections > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +These APIs can be used to execute arbitrary emulators. > +Forbid them on read-only connections. > + > +Fixes: CVE-2019-10168 > +Signed-off-by: Ján Tomko <[email protected]> > +Reviewed-by: Daniel P. Berrangé <[email protected]> > +(cherry picked from commit bf6c2830b6c338b1f5699b095df36f374777b291) > +Signed-off-by: Ján Tomko <[email protected]> > + > +Upstream-Status: Backport > +CVE: CVE-2019-10168 > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + src/libvirt-host.c | 2 ++ > + 1 file changed, 2 insertions(+) > + > +diff --git a/src/libvirt-host.c b/src/libvirt-host.c > +index e20d6ee..2978825 100644 > +--- a/src/libvirt-host.c > ++++ b/src/libvirt-host.c > +@@ -1041,6 +1041,7 @@ virConnectCompareHypervisorCPU(virConnectPtr conn, > + > + virCheckConnectReturn(conn, VIR_CPU_COMPARE_ERROR); > + virCheckNonNullArgGoto(xmlCPU, error); > ++ virCheckReadOnlyGoto(conn->flags, error); > + > + if (conn->driver->connectCompareHypervisorCPU) { > + int ret; > +@@ -1234,6 +1235,7 @@ virConnectBaselineHypervisorCPU(virConnectPtr conn, > + > + virCheckConnectReturn(conn, NULL); > + virCheckNonNullArgGoto(xmlCPUs, error); > ++ virCheckReadOnlyGoto(conn->flags, error); > + > + if (conn->driver->connectBaselineHypervisorCPU) { > + char *cpu; > +-- > +2.7.4 > + > diff --git a/recipes-extended/libvirt/libvirt_4.7.0.bb > b/recipes-extended/libvirt/libvirt_4.7.0.bb > index 270dc72..1d3b48e 100644 > --- a/recipes-extended/libvirt/libvirt_4.7.0.bb > +++ b/recipes-extended/libvirt/libvirt_4.7.0.bb > @@ -37,6 +37,17 @@ SRC_URI = > "http://libvirt.org/sources/libvirt-${PV}.tar.xz;name=libvirt \ > file://configure.ac-search-for-rpc-rpc.h-in-the-sysroot.patch \ > file://lxc_monitor-Avoid-AB-BA-lock-race.patch \ > file://CVE-2019-3840.patch \ > + file://0001-cpu_x86-Do-not-cache-microcode-version.patch \ > + file://0002-qemu-Don-t-cache-microcode-version.patch \ > + > file://CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p1.patch \ > + > file://CVE-2018-12126_CVE-2018-12127_CVE-2018-12130_CVE-2019-11091_p2.patch \ > + file://CVE-2019-10132_p1.patch \ > + file://CVE-2019-10132_p2.patch \ > + file://CVE-2019-10132_p3.patch \ > + file://CVE-2019-10161.patch \ > + file://CVE-2019-10166.patch \ > + file://CVE-2019-10167.patch \ > + file://CVE-2019-10168.patch \ > " > > SRC_URI[libvirt.md5sum] = "38da6c33250dcbc0a6d68de5c758262b" > -- > 2.7.4 > > -- > _______________________________________________ > meta-virtualization mailing list > [email protected] > https://lists.yoctoproject.org/listinfo/meta-virtualization -- _______________________________________________ meta-virtualization mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-virtualization
