Hi, On Wed, Nov 06, 2019 at 05:39:49PM +0100, Michal Arbet wrote: > Package: libvirt-daemon > Version: 5.0.0-4 > > Hello, > > I am facing the same issue in debian as it is reported in ubuntu launchpad > bug > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1825195 > > Could you please fix and release security update ? > Patches from ubuntu package attached. > > I've tried to apply these patches to source in > [email protected]:libvirt-team/libvirt.git > in debian/buster branch and they applied successfully.
> > Thanks, > Michal Arbet > From b51bfa70554f4bc43cbd6841b78d67b391909184 Mon Sep 17 00:00:00 2001 > From: Christian Ehrhardt <[email protected]> > Date: Thu, 25 Apr 2019 11:51:55 +0200 > Subject: [PATCH 2/2] qemuxml2argvtest: add test for remove cpu features > > CPU features that always were a no-op in qemu got removed there. > We no more specify them as that would trigger errors and fail to start > qemu. This test ensures that those features really are not rendered into > qemu command line. > > Without the related fix this test will trigger and fail like: > In 'tests/qemuxml2argvdata/cpu-no-removed-features.args': > Offset 371 > Expect [ ] > Actual [,-osxsave,-ospke ] > > Signed-off-by: Christian Ehrhardt <[email protected]> > Reviewed-by: Daniel Henrique Barboza <[email protected]> > Tested-by: Daniel Henrique Barboza <[email protected]> > > Origin: backport, > https://libvirt.org/git/?p=libvirt.git;a=commit;h=b51bfa70554f4bc43cbd6841b78d67b391909184 > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1825195 > Last-Update: 2019-05-15 > > --- > .../cpu-no-removed-features.args | 29 +++++++++++++++++++ > .../cpu-no-removed-features.xml | 23 +++++++++++++++ > tests/qemuxml2argvtest.c | 1 + > 3 files changed, 53 insertions(+) > create mode 100644 tests/qemuxml2argvdata/cpu-no-removed-features.args > create mode 100644 tests/qemuxml2argvdata/cpu-no-removed-features.xml > > --- /dev/null > +++ b/tests/qemuxml2argvdata/cpu-no-removed-features.args > @@ -0,0 +1,25 @@ > +LC_ALL=C \ > +PATH=/bin \ > +HOME=/home/test \ > +USER=test \ > +LOGNAME=test \ > +QEMU_AUDIO_DRV=none \ > +/usr/bin/qemu-system-x86_64 \ > +-name QEMUGuest1 \ > +-S \ > +-machine pc,accel=kvm,usb=off,dump-guest-core=off \ > +-cpu core2duo \ > +-m 214 \ > +-smp 6,sockets=6,cores=1,threads=1 \ > +-uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ > +-display none \ > +-no-user-config \ > +-nodefaults \ > +-chardev > socket,id=charmonitor,path=/tmp/lib/domain--1-QEMUGuest1/monitor.sock,\ > +server,nowait \ > +-mon chardev=charmonitor,id=monitor,mode=control \ > +-rtc base=utc \ > +-no-shutdown \ > +-no-acpi \ > +-usb \ > +-device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x3 > --- /dev/null > +++ b/tests/qemuxml2argvdata/cpu-no-removed-features.xml > @@ -0,0 +1,23 @@ > +<domain type='kvm'> > + <name>QEMUGuest1</name> > + <uuid>c7a5fdbd-edaf-9455-926a-d65c16db1809</uuid> > + <memory unit='KiB'>219100</memory> > + <currentMemory unit='KiB'>219100</currentMemory> > + <vcpu placement='static'>6</vcpu> > + <os> > + <type arch='x86_64' machine='pc'>hvm</type> > + <boot dev='network'/> > + </os> > + <cpu match='exact'> > + <model>core2duo</model> > + <feature name='osxsave' policy='optional'/> > + <feature name='ospke' policy='optional'/> > + </cpu> > + <clock offset='utc'/> > + <on_poweroff>destroy</on_poweroff> > + <on_reboot>restart</on_reboot> > + <on_crash>destroy</on_crash> > + <devices> > + <emulator>/usr/bin/qemu-system-x86_64</emulator> > + </devices> > +</domain> > --- a/tests/qemuxml2argvtest.c > +++ b/tests/qemuxml2argvtest.c > @@ -1771,6 +1771,7 @@ mymain(void) > DO_TEST("cpu-fallback", QEMU_CAPS_KVM); > DO_TEST_FAILURE("cpu-nofallback", QEMU_CAPS_KVM); > DO_TEST("cpu-strict1", QEMU_CAPS_KVM); > + DO_TEST("cpu-no-removed-features", QEMU_CAPS_KVM); > DO_TEST("cpu-numa1", NONE); > DO_TEST("cpu-numa2", NONE); > DO_TEST("cpu-numa-no-memory-element", NONE); > From 2900575db892700fab8a4b8541474d9bd3444a4a Mon Sep 17 00:00:00 2001 > From: Christian Ehrhardt <[email protected]> > Date: Thu, 25 Apr 2019 11:04:29 +0200 > Subject: [PATCH 1/2] qemu: do not define known no-op features > > Qemu dropped cpu features for osxsave and ospke [1][2]. > The reason for the instant removal is that those features were never > configurable as discussed in [3]. > > Fortunately the use cases adding those flags in the past are rare, but > they exist. One that I identified are e.g. older virt-install when used > with --cpu=host-model and there always could be the case of a user > adding it to the guest xml. > > This triggers an issue like: > qemu-system-x86_64: can't apply global Broadwell-noTSX-x86_64- > cpu.osxsave=on: Property '.osxsave' not found > > Ensure that this does no more break spawning newer qemu versions by > not rendering those features into the qemu command line. > > Fixes: https://bugs.launchpad.net/fedora/+source/qemu/+bug/1825195 > Resolves: https://bugzilla.redhat.com/1644848 > > [1]: https://git.qemu.org/?p=qemu.git;a=commit;h=f1a2352 > [2]: https://git.qemu.org/?p=qemu.git;a=commit;h=9ccb978 > [3]: https://www.mail-archive.com/[email protected]/msg561877.html > > Signed-off-by: Christian Ehrhardt <[email protected]> > Reviewed-by: Daniel Henrique Barboza <[email protected]> > Tested-by: Daniel Henrique Barboza <[email protected]> > > Origin: backport, > https://libvirt.org/git/?p=libvirt.git;a=commit;h=2900575db892700fab8a4b8541474d9bd3444a4a > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1825195 > Last-Update: 2019-05-15 > > --- > src/qemu/qemu_command.c | 23 +++++++++++++++++++ > .../qemuxml2argvdata/cpu-host-model-cmt.args | 2 +- > tests/qemuxml2argvdata/cpu-tsc-frequency.args | 4 ++-- > 3 files changed, 26 insertions(+), 3 deletions(-) > > --- a/src/qemu/qemu_command.c > +++ b/src/qemu/qemu_command.c > @@ -6844,6 +6844,27 @@ qemuBuildGlobalControllerCommandLine(vir > return 0; > } > > +/** > + * qemuFeatureNoEffect: > + * @feature: CPU Feature > + * > + * Returns true, if the feature is known to have (never had) an effect on > QEMU. > + * Those features might be dropped in qemu without a longer deprecation cycle > + * and must therefore be known e.g. to no more define them on command line. > + */ > +static bool > +qemuFeatureNoEffect(virCPUFeatureDefPtr feature) > +{ > + if (!feature->name) > + return false; > + > + if (STREQ(feature->name, "osxsave")) > + return true; > + if (STREQ(feature->name, "ospke")) > + return true; > + > + return false; > +} > > static int > qemuBuildCpuModelArgStr(virQEMUDriverPtr driver, > @@ -6912,6 +6933,8 @@ qemuBuildCpuModelArgStr(virQEMUDriverPtr > virBufferAsprintf(buf, ",vendor=%s", cpu->vendor_id); > > for (i = 0; i < cpu->nfeatures; i++) { > + if (qemuFeatureNoEffect(&(cpu->features[i]))) > + continue; > switch ((virCPUFeaturePolicy) cpu->features[i].policy) { > case VIR_CPU_FEATURE_FORCE: > case VIR_CPU_FEATURE_REQUIRE: > --- a/tests/qemuxml2argvdata/cpu-host-model-cmt.args > +++ b/tests/qemuxml2argvdata/cpu-host-model-cmt.args > @@ -9,7 +9,7 @@ QEMU_AUDIO_DRV=none \ > -S \ > -machine pc,accel=tcg,usb=off,dump-guest-core=off \ > -cpu Haswell,+vme,+ds,+acpi,+ss,+ht,+tm,+pbe,+dtes64,+monitor,+ds_cpl,+vmx,\ > -+smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm \ > ++smx,+est,+tm2,+xtpr,+pdcm,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm \ > -m 214 \ > -smp 6,sockets=6,cores=1,threads=1 \ > -uuid c7a5fdbd-edaf-9455-926a-d65c16db1809 \ > --- a/tests/qemuxml2argvdata/cpu-tsc-frequency.args > +++ b/tests/qemuxml2argvdata/cpu-tsc-frequency.args > @@ -9,7 +9,7 @@ QEMU_AUDIO_DRV=none \ > -S \ > -machine pc,accel=kvm,usb=off,dump-guest-core=off \ > -cpu Haswell,+vme,+ds,+acpi,+ss,+ht,+tm,+pbe,+dtes64,+monitor,+ds_cpl,+vmx,\ > -+smx,+est,+tm2,+xtpr,+pdcm,+osxsave,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,\ > ++smx,+est,+tm2,+xtpr,+pdcm,+f16c,+rdrand,+pdpe1gb,+abm,+lahf_lm,\ > +invtsc,tsc-frequency=3504000000 \ > -m 214 \ > -smp 1,sockets=1,cores=1,threads=1 \ which qemu version did you hit this with? -- Guido
