Skip to content
Commits on Source (2)
Show whitespace changes
Inline Side-by-side
debian/changelog
View file @ 54755e02
libvirt (5.0.0-4+deb10u1) buster; urgency=medium
[ Tobias Wolter ]
* [711f612] apparmor: Allow one to run pygrub
[ Guido Günther ]
* [3bcbf56] Don't render osxsave, ospke into QEMU comman line.
This helps newer QEMU with some configs generated by virt-install.
Thanks to Michal Arbet for digging out the patches (Closes: #944248)
-- Guido Günther <agx@sigxcpu.org> Thu, 05 Dec 2019 00:22:14 +0100
libvirt (5.0.0-4) unstable; urgency=medium
* [0fdc2af] Fix multiple CVEs related to privilege escalations on R/O
......
debian/patches/qemu-Drop-qemuFeatureNoEffect.patch 0 → 100644
View file @ 54755e02
From: Jiri Denemark <jdenemar@redhat.com>
Date: Thu, 6 Jun 2019 14:39:52 +0200
Subject: qemu: Drop qemuFeatureNoEffect
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
We already have virQEMUCapsCPUFilterFeatures for filtering features
which QEMU does not know about. Let's move osxsave and ospke from
qemuFeatureNoEffect there.
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit b12865260a0f24ab86ddaf3547b2f2e2c595d429)
---
src/qemu/qemu_capabilities.c | 9 ++++++++-
src/qemu/qemu_command.c | 24 ++----------------------
2 files changed, 10 insertions(+), 23 deletions(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index f504db7..64203de 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -2748,6 +2748,11 @@ virQEMUCapsProbeQMPSEVCapabilities(virQEMUCapsPtr qemuCaps,
}
+/*
+ * Filter for features which should never be passed to QEMU. Either because
+ * QEMU never supported them or they were dropped as they never did anything
+ * useful.
+ */
bool
virQEMUCapsCPUFilterFeatures(const char *name,
void *opaque)
@@ -2759,7 +2764,9 @@ virQEMUCapsCPUFilterFeatures(const char *name,
if (STREQ(name, "cmt") ||
STREQ(name, "mbm_total") ||
- STREQ(name, "mbm_local"))
+ STREQ(name, "mbm_local") ||
+ STREQ(name, "osxsave") ||
+ STREQ(name, "ospke"))
return false;
return true;
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index dbb3d74..26c28fe 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6844,27 +6844,6 @@ qemuBuildGlobalControllerCommandLine(virCommandPtr cmd,
return 0;
}
-/**
- * qemuFeatureNoEffect:
- * @feature: CPU Feature
- *
- * Returns true, if the feature is known to have (never had) an effect on QEMU.
- * Those features might be dropped in qemu without a longer deprecation cycle
- * and must therefore be known e.g. to no more define them on command line.
- */
-static bool
-qemuFeatureNoEffect(virCPUFeatureDefPtr feature)
-{
- if (!feature->name)
- return false;
-
- if (STREQ(feature->name, "osxsave"))
- return true;
- if (STREQ(feature->name, "ospke"))
- return true;
-
- return false;
-}
static int
qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
@@ -6933,7 +6912,8 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
virBufferAsprintf(buf, ",vendor=%s", cpu->vendor_id);
for (i = 0; i < cpu->nfeatures; i++) {
- if (qemuFeatureNoEffect(&(cpu->features[i])))
+ if (!virQEMUCapsCPUFilterFeatures(cpu->features[i].name,
+ (virArch *)&def->os.arch))
continue;
switch ((virCPUFeaturePolicy) cpu->features[i].policy) {
case VIR_CPU_FEATURE_FORCE:
debian/patches/qemu-do-not-define-known-no-op-features.patch 0 → 100644
View file @ 54755e02
From: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Date: Thu, 25 Apr 2019 11:04:29 +0200
Subject: qemu: do not define known no-op features
Qemu dropped cpu features for osxsave and ospke [1][2].
The reason for the instant removal is that those features were never
configurable as discussed in [3].
Fortunately the use cases adding those flags in the past are rare, but
they exist. One that I identified are e.g. older virt-install when used
with --cpu=host-model and there always could be the case of a user
adding it to the guest xml.
This triggers an issue like:
qemu-system-x86_64: can't apply global Broadwell-noTSX-x86_64-
cpu.osxsave=on: Property '.osxsave' not found
Ensure that this does no more break spawning newer qemu versions by
not rendering those features into the qemu command line.
Fixes: https://bugs.launchpad.net/fedora/+source/qemu/+bug/1825195
Resolves: https://bugzilla.redhat.com/1644848
[1]: https://git.qemu.org/?p=qemu.git;a=commit;h=f1a2352
[2]: https://git.qemu.org/?p=qemu.git;a=commit;h=9ccb978
[3]: https://www.mail-archive.com/qemu-devel@nongnu.org/msg561877.html
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Tested-by: Daniel Henrique Barboza <danielhb413@gmail.com>
---
src/qemu/qemu_command.c | 23 +++++++++++++++++++++++
tests/qemuxml2argvdata/cpu-host-model-cmt.args | 2 +-
tests/qemuxml2argvdata/cpu-tsc-frequency.args | 4 ++--
3 files changed, 26 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 822d5f8..dbb3d74 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -6844,6 +6844,27 @@ qemuBuildGlobalControllerCommandLine(virCommandPtr cmd,
return 0;
}
+/**
+ * qemuFeatureNoEffect:
+ * @feature: CPU Feature
+ *
+ * Returns true, if the feature is known to have (never had) an effect on QEMU.
+ * Those features might be dropped in qemu without a longer deprecation cycle
+ * and must therefore be known e.g. to no more define them on command line.
+ */
+static bool
+qemuFeatureNoEffect(virCPUFeatureDefPtr feature)
+{
+ if (!feature->name)
+ return false;
+
+ if (STREQ(feature->name, "osxsave"))
+ return true;
+ if (STREQ(feature->name, "ospke"))
+ return true;
+
+ return false;
+}
static int
qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
@@ -6912,6 +6933,8 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr driver,
virBufferAsprintf(buf, ",vendor=%s", cpu->vendor_id);
for (i = 0; i < cpu->nfeatures; i++) {
+ if (qemuFeatureNoEffect(&(cpu->features[i])))
+ continue;
switch ((virCPUFeaturePolicy) cpu->features[i].policy) {
case VIR_CPU_FEATURE_FORCE:
case VIR_CPU_FEATURE_REQUIRE:
diff --git a/tests/qemuxml2argvdata/cpu-host-model-cmt.args b/tests/qemuxml2argvdata/cpu-host-model-cmt.args
index 8930765..d294e7e 100644
--- a/tests/qemuxml2argvdata/cpu-host-model-cmt.args
+++ b/tests/qemuxml2argvdata/cpu-host-model-cmt.args
@@ -9,7 +9,7 @@ QEMU_AUDIO_DRV=none \
-S \
-machine pc,accel=tcg,usb=off,dump-guest-core=off \
-cpu Haswell,+vme,+ds,+acpi,+ss,+ht,+tm,+pbe,+dtes64,+monitor,+ds_cpl,+vmx,\
-+smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm \
++smx,+est,+tm2,+xtpr,+pdcm,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm \
-m 214 \
-smp 6,sockets=6,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
diff --git a/tests/qemuxml2argvdata/cpu-tsc-frequency.args b/tests/qemuxml2argvdata/cpu-tsc-frequency.args
index b51c200..fbfe239 100644
--- a/tests/qemuxml2argvdata/cpu-tsc-frequency.args
+++ b/tests/qemuxml2argvdata/cpu-tsc-frequency.args
@@ -9,8 +9,8 @@ QEMU_AUDIO_DRV=none \
-S \
-machine pc,accel=kvm,usb=off,dump-guest-core=off \
-cpu Haswell,+vme,+ds,+acpi,+ss,+ht,+tm,+pbe,+dtes64,+monitor,+ds_cpl,+vmx,\
-+smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,\
-+invtsc,tsc-frequency=3504000000 \
++smx,+est,+tm2,+xtpr,+pdcm,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,+invtsc,\
+tsc-frequency=3504000000 \
-m 214 \
-smp 1,sockets=1,cores=1,threads=1 \
-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \
debian/patches/series
View file @ 54755e02
......@@ -35,3 +35,5 @@ security/api-disallow-virConnectGetDomainCapabilities-on-read-only.patch
security/api-disallow-virConnect-HypervisorCPU-on-read-only-connec.patch
Include-etc-pki-qemu-in-apparmor.patch
apparmor-Allow-run-pygrup.patch
qemu-do-not-define-known-no-op-features.patch
qemu-Drop-qemuFeatureNoEffect.patch