Compare commits

..

6 Commits

26 changed files with 1767 additions and 21 deletions

View File

@ -0,0 +1,135 @@
From 7a412cc71a4764f7e80bf475c39d999a584f41aa Mon Sep 17 00:00:00 2001
Message-ID: <7a412cc71a4764f7e80bf475c39d999a584f41aa.1749113304.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:58 -0500
Subject: [PATCH] conf: add deprecated_features attribute
Add a new a attribute, deprecated_features='on|off' to the <cpu>
element. This is used to toggle features flagged as deprecated on the
CPU model on or off. When this attribute is paired with 'on',
deprecated features will not be filtered. When paired with 'off', any
CPU features that are flagged as deprecated will be listed under the
CPU model with the 'disable' policy.
Example:
<cpu mode='host-model' check='partial' deprecated_features='off'/>
The absence of this attribute is equivalent to the 'on' option.
The deprecated features that will populate the domain XML are the same
features that result in the virsh domcapabilities command with the
--disable-deprecated-features argument present.
It is recommended to define a domain XML with this attribute set to
'off' to ensure migration to machines that may outright drop these
features in the future.
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 62658bbf060784c757f96c9de3935f27885834aa)
JIRA: https://issues.redhat.com/browse/RHEL-88716
Conflicts:
src/qemu/qemu_process.c
(contextual conflict)
tests/*
(dropped the changes to these files since they are of no use in
downstream - upstream testing code changed too much, so it's
not possible to get the related tests to work in downstream)
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
docs/schemas/cputypes.rng | 5 +++++
src/conf/cpu_conf.c | 11 +++++++++++
src/conf/cpu_conf.h | 1 +
src/qemu/qemu_process.c | 11 +++++++++++
4 files changed, 28 insertions(+)
diff --git a/docs/schemas/cputypes.rng b/docs/schemas/cputypes.rng
index 056e66e1b4..2d831b423c 100644
--- a/docs/schemas/cputypes.rng
+++ b/docs/schemas/cputypes.rng
@@ -395,6 +395,11 @@
<optional>
<ref name="cpuCheck"/>
</optional>
+ <optional>
+ <attribute name="deprecated_features">
+ <ref name="virOnOff"/>
+ </attribute>
+ </optional>
<optional>
<attribute name="migratable">
<ref name="virOnOff"/>
diff --git a/src/conf/cpu_conf.c b/src/conf/cpu_conf.c
index fbceac1657..1db0c978e2 100644
--- a/src/conf/cpu_conf.c
+++ b/src/conf/cpu_conf.c
@@ -238,6 +238,7 @@ virCPUDefCopyWithoutModel(const virCPUDef *cpu)
copy->mode = cpu->mode;
copy->match = cpu->match;
copy->check = cpu->check;
+ copy->deprecated_feats = cpu->deprecated_feats;
copy->fallback = cpu->fallback;
copy->sockets = cpu->sockets;
copy->dies = cpu->dies;
@@ -431,6 +432,11 @@ virCPUDefParseXML(xmlXPathContextPtr ctxt,
if (virXMLPropEnum(ctxt->node, "check", virCPUCheckTypeFromString,
VIR_XML_PROP_NONE, &def->check) < 0)
return -1;
+
+ if (virXMLPropTristateSwitch(ctxt->node, "deprecated_features",
+ VIR_XML_PROP_NONE,
+ &def->deprecated_feats) < 0)
+ return -1;
}
if (def->type == VIR_CPU_TYPE_HOST) {
@@ -707,6 +713,11 @@ virCPUDefFormatBufFull(virBuffer *buf,
virBufferAsprintf(&attributeBuf, " migratable='%s'",
virTristateSwitchTypeToString(def->migratable));
}
+
+ if (def->deprecated_feats) {
+ virBufferAsprintf(&attributeBuf, " deprecated_features='%s'",
+ virTristateSwitchTypeToString(def->deprecated_feats));
+ }
}
/* Format children */
diff --git a/src/conf/cpu_conf.h b/src/conf/cpu_conf.h
index b0a81895be..a69ff724ca 100644
--- a/src/conf/cpu_conf.h
+++ b/src/conf/cpu_conf.h
@@ -140,6 +140,7 @@ struct _virCPUDef {
virCPUCacheDef *cache;
virHostCPUTscInfo *tsc;
virTristateSwitch migratable; /* for host-passthrough mode */
+ virTristateSwitch deprecated_feats;
};
virCPUDef *virCPUDefNew(void);
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 73d54f01cd..54afcbe53e 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -6143,6 +6143,17 @@ qemuProcessUpdateGuestCPU(virDomainDef *def,
return -1;
}
+ if (def->cpu->deprecated_feats &&
+ !virQEMUCapsGet(qemuCaps, QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION_DEPRECATED_PROPS)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("toggling deprecated features for CPU model is unsupported"));
+ return -1;
+ }
+
+ if (def->cpu->deprecated_feats == VIR_TRISTATE_SWITCH_OFF) {
+ virQEMUCapsUpdateCPUDeprecatedFeatures(qemuCaps, def->virtType, def->cpu);
+ }
+
return 0;
}
--
2.49.0

View File

@ -0,0 +1,77 @@
From 08ddc711a2e6d94a0fce55fec8e012a434655d2c Mon Sep 17 00:00:00 2001
Message-ID: <08ddc711a2e6d94a0fce55fec8e012a434655d2c.1690812875.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 1 Apr 2022 14:30:05 +0200
Subject: [PATCH] lib: Set up cpuset controller for restrictive numatune
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The aim of 'restrictive' numatune mode is to rely solely on
CGroups to have QEMU running on configured NUMA nodes. However,
we were never setting the cpuset controller when a domain was
starting up. We are doing so only when
virDomainSetNumaParameters() is called (aka live pinning).
This is obviously wrong. Fortunately, fix is simple as
'restrictive' is similar to 'strict' - every location where
VIR_DOMAIN_NUMATUNE_MEM_STRICT occurs can be audited and
VIR_DOMAIN_NUMATUNE_MEM_RESTRICTIVE case can be added.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2070380
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 629282d8845407c1aff9a26f5dc026e15121f8cd)
Conflicts:
- src/ch/ch_process.c: The CH driver diverged because it's
unsupported downstream. Just drop the conflicting hunk from
there.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2223464
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/lxc/lxc_controller.c | 3 ++-
src/qemu/qemu_process.c | 6 ++++--
2 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 3c930eaacd..6fd8373256 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -812,7 +812,8 @@ static int virLXCControllerSetupResourceLimits(virLXCController *ctrl)
virDomainNumatuneMemMode mode;
if (virDomainNumatuneGetMode(ctrl->def->numa, -1, &mode) == 0) {
- if (mode == VIR_DOMAIN_NUMATUNE_MEM_STRICT &&
+ if ((mode == VIR_DOMAIN_NUMATUNE_MEM_STRICT ||
+ mode == VIR_DOMAIN_NUMATUNE_MEM_RESTRICTIVE) &&
virCgroupControllerAvailable(VIR_CGROUP_CONTROLLER_CPUSET)) {
/* Use virNuma* API iff necessary. Once set and child is exec()-ed,
* there's no way for us to change it. Rely on cgroups (if available
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 0fb665bc82..73d54f01cd 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2645,7 +2645,8 @@ qemuProcessSetupPid(virDomainObj *vm,
virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_CPUSET)) {
if (virDomainNumatuneGetMode(vm->def->numa, -1, &mem_mode) == 0 &&
- mem_mode == VIR_DOMAIN_NUMATUNE_MEM_STRICT &&
+ (mem_mode == VIR_DOMAIN_NUMATUNE_MEM_STRICT ||
+ mem_mode == VIR_DOMAIN_NUMATUNE_MEM_RESTRICTIVE) &&
virDomainNumatuneMaybeFormatNodeset(vm->def->numa,
priv->autoNodeset,
&mem_mask, -1) < 0)
@@ -3162,7 +3163,8 @@ static int qemuProcessHook(void *data)
goto cleanup;
if (virDomainNumatuneGetMode(h->vm->def->numa, -1, &mode) == 0) {
- if (mode == VIR_DOMAIN_NUMATUNE_MEM_STRICT &&
+ if ((mode == VIR_DOMAIN_NUMATUNE_MEM_STRICT ||
+ mode == VIR_DOMAIN_NUMATUNE_MEM_RESTRICTIVE) &&
h->cfg->cgroupControllers & (1 << VIR_CGROUP_CONTROLLER_CPUSET) &&
virCgroupControllerAvailable(VIR_CGROUP_CONTROLLER_CPUSET)) {
/* Use virNuma* API iff necessary. Once set and child is exec()-ed,
--
2.41.0

View File

@ -0,0 +1,58 @@
From a47232facc446039ed509100f80ebb7de621fffa Mon Sep 17 00:00:00 2001
Message-ID: <a47232facc446039ed509100f80ebb7de621fffa.1749113303.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:55 -0500
Subject: [PATCH] libvirt-domain: introduce
VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES
Introduce domain flag used to filter deprecated features from the
domain's CPU model.
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 4e2c8de2047e21d98443944a2bfe94529b269efa)
JIRA: https://issues.redhat.com/browse/RHEL-88716
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
include/libvirt/libvirt-domain.h | 12 ++++++++++++
src/libvirt-domain.c | 2 +-
2 files changed, 13 insertions(+), 1 deletion(-)
diff --git a/include/libvirt/libvirt-domain.h b/include/libvirt/libvirt-domain.h
index 792973ce2d..d3101b112b 100644
--- a/include/libvirt/libvirt-domain.h
+++ b/include/libvirt/libvirt-domain.h
@@ -1160,6 +1160,18 @@ int virDomainMigrateGetMaxSpeed(virDomainPtr domain,
int virDomainMigrateStartPostCopy(virDomainPtr domain,
unsigned int flags);
+/**
+ * virConnectGetDomainCapabilitiesFlags:
+ *
+ * Domain capabilities flags.
+ *
+ * Since: 11.0.0
+ */
+typedef enum {
+ /* Report host model with deprecated features disabled. (Since: 11.0.0) */
+ VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES = (1 << 0),
+} virConnectGetDomainCapabilitiesFlags;
+
char * virConnectGetDomainCapabilities(virConnectPtr conn,
const char *emulatorbin,
const char *arch,
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index 5912551a49..7083f10f04 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -11573,7 +11573,7 @@ virDomainSetUserPassword(virDomainPtr dom,
* @arch: domain architecture
* @machine: machine type
* @virttype: virtualization type
- * @flags: extra flags; not used yet, so callers should always pass 0
+ * @flags: extra flags; bitwise-OR of virConnectGetDomainCapabilitiesFlags
*
* Prior creating a domain (for instance via virDomainCreateXML
* or virDomainDefineXML) it may be suitable to know what the
--
2.49.0

View File

@ -21,7 +21,6 @@ Reviewed-by: Peter Krempa <pkrempa@redhat.com>
(cherry picked from commit 64d32118540aca3d42bc5ee21c8b780cafe04bfa)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-2700
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: David Sloboda <david.x.sloboda@oracle.com>
---
src/conf/node_device_conf.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)

View File

@ -0,0 +1,79 @@
From aebcc09c7060f6eace93821c6a782031cf107d85 Mon Sep 17 00:00:00 2001
Message-ID: <aebcc09c7060f6eace93821c6a782031cf107d85.1687452713.git.jdenemar@redhat.com>
From: Boris Fiuczynski <fiuczy@linux.ibm.com>
Date: Mon, 8 May 2023 19:10:46 +0200
Subject: [PATCH] nodedev: update transient mdevs
Instead of updating defined mdevs only add another update for active
devices as well to cover transient mdev devices as well.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2143158
Signed-off-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Jonathon Jongsma <jjongsma@redhat.com>
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2143160
(cherry picked from commit 44a0f2f0c8ff5e78c238013ed297b8fce223ac5a)
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
---
src/node_device/node_device_driver.c | 31 ++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c
index e6ab4bb94c..943f6121a0 100644
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -1651,6 +1651,24 @@ virMdevctlListDefined(virNodeDeviceDef ***devs, char **errmsg)
}
+static int
+virMdevctlListActive(virNodeDeviceDef ***devs, char **errmsg)
+{
+ int status;
+ g_autofree char *output = NULL;
+ g_autoptr(virCommand) cmd = nodeDeviceGetMdevctlListCommand(false, &output, errmsg);
+
+ if (virCommandRun(cmd, &status) < 0 || status != 0) {
+ return -1;
+ }
+
+ if (!output)
+ return -1;
+
+ return nodeDeviceParseMdevctlJSON(output, devs);
+}
+
+
typedef struct _virMdevctlForEachData virMdevctlForEachData;
struct _virMdevctlForEachData {
int ndefs;
@@ -1712,6 +1730,8 @@ int
nodeDeviceUpdateMediatedDevices(void)
{
g_autofree virNodeDeviceDef **defs = NULL;
+ g_autofree virNodeDeviceDef **act_defs = NULL;
+ int act_ndefs = 0;
g_autofree char *errmsg = NULL;
g_autofree char *mdevctl = NULL;
virMdevctlForEachData data = { 0, };
@@ -1738,6 +1758,17 @@ nodeDeviceUpdateMediatedDevices(void)
if (nodeDeviceUpdateMediatedDevice(defs[i]) < 0)
return -1;
+ /* Update active/transient mdev devices */
+ if ((act_ndefs = virMdevctlListActive(&act_defs, &errmsg)) < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("failed to query mdevs from mdevctl: %1$s"), errmsg);
+ return -1;
+ }
+
+ for (i = 0; i < act_ndefs; i++)
+ if (nodeDeviceUpdateMediatedDevice(act_defs[i]) < 0)
+ return -1;
+
return 0;
}
--
2.41.0

View File

@ -14,7 +14,6 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit f9ae469a6ebb17e0990096e826f049c1c46cd760)
https://bugzilla.redhat.com/show_bug.cgi?id=2170472
Signed-off-by: David Sloboda <david.x.sloboda@oracle.com>
---
src/qemu/qemu_monitor.h | 14 --------------
src/qemu/qemu_monitor_json.c | 3 +++

View File

@ -15,7 +15,6 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit c5eb99a9d9af8683789e99cc904671e343580058)
https://bugzilla.redhat.com/show_bug.cgi?id=2170472
Signed-off-by: David Sloboda <david.x.sloboda@oracle.com>
---
src/qemu/qemu_monitor.h | 7 +------
1 file changed, 1 insertion(+), 6 deletions(-)

View File

@ -16,7 +16,6 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 7c35c483eaa78eb847e0865cbb210d5355f75d7a)
https://bugzilla.redhat.com/show_bug.cgi?id=2170472
Signed-off-by: David Sloboda <david.x.sloboda@oracle.com>
---
src/qemu/qemu_monitor.c | 50 ---------------------------------
src/qemu/qemu_monitor_priv.h | 54 ++++++++++++++++++++++++++++++++++++

View File

@ -19,7 +19,6 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit b0e4ad5263c73a926b8246028c76c552b07fca74)
https://bugzilla.redhat.com/show_bug.cgi?id=2170472
Signed-off-by: David Sloboda <david.x.sloboda@oracle.com>
---
src/qemu/qemu_monitor.c | 4 +++-
src/qemu/qemu_monitor_priv.h | 2 ++

View File

@ -0,0 +1,214 @@
From 5289208127468cd34b5cb6ea7bb45bbeff45d537 Mon Sep 17 00:00:00 2001
Message-ID: <5289208127468cd34b5cb6ea7bb45bbeff45d537.1749113303.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:53 -0500
Subject: [PATCH] qemu: parse deprecated-props from query-cpu-model-expansion
response
query-cpu-model-expansion may report an array of deprecated properties.
This array is optional, and may not be supported for a particular
architecture or reported for a particular CPU model. If the output is
present, then capture it and store in a qemuMonitorCPUModelInfo struct
for later use.
The deprecated features will be retained in qemuCaps->kvm->hostCPU.info
and will be stored in the capabilities cache file under the <hostCPU>
element using the following format:
<deprecatedFeatures>
<property name='bpb'/>
<property name='csske'/>
<property name='cte'/>
<property name='te'/>
</deprecatedFeatures>
At this time the data is only queried, parsed, and cached. The data
will be utilized in a subsequent patch.
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 45140d293007c1b29f7563bf6ee9640e27769b96)
JIRA: https://issues.redhat.com/browse/RHEL-88716
Conflicts:
tests/qemucapabilitiesdata/caps_9.1.0.s390x.xml
tests/qemucapabilitiesdata/caps_9.2.0.s390x.xml
(dropped the changes to these files since they are of no use in
downstream - upstream testing code changed too much, so it's
not possible to get the related tests to work in downstream)
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/qemu/qemu_capabilities.c | 31 +++++++++++++++++++++++++++++++
src/qemu/qemu_monitor.c | 3 +++
src/qemu/qemu_monitor.h | 1 +
src/qemu/qemu_monitor_json.c | 18 ++++++++++++++++++
4 files changed, 53 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index c4f7db55c8..d616273406 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -3766,6 +3766,7 @@ virQEMUCapsLoadHostCPUModelInfo(virQEMUCapsAccel *caps,
{
g_autofree char *migratability = NULL;
xmlNodePtr hostCPUNode;
+ xmlNodePtr deprecated_props;
g_autofree xmlNodePtr *nodes = NULL;
VIR_XPATH_NODE_AUTORESTORE(ctxt)
g_autoptr(qemuMonitorCPUModelInfo) hostCPU = NULL;
@@ -3870,6 +3871,24 @@ virQEMUCapsLoadHostCPUModelInfo(virQEMUCapsAccel *caps,
}
}
+ ctxt->node = hostCPUNode;
+
+ if ((deprecated_props = virXPathNode("./deprecatedFeatures", ctxt))) {
+ g_autoptr(GPtrArray) props = virXMLNodeGetSubelementList(deprecated_props, NULL);
+
+ hostCPU->deprecated_props = g_new0(char *, props->len + 1);
+
+ for (i = 0; i < props->len; i++) {
+ xmlNodePtr prop = g_ptr_array_index(props, i);
+
+ if (!(hostCPU->deprecated_props[i] = virXMLPropString(prop, "name"))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("missing 'name' attribute for a host CPU model deprecated property in QEMU capabilities cache"));
+ return -1;
+ }
+ }
+ }
+
caps->hostCPU.info = g_steal_pointer(&hostCPU);
return 0;
}
@@ -4500,6 +4519,18 @@ virQEMUCapsFormatHostCPUModelInfo(virQEMUCapsAccel *caps,
virBufferAddLit(buf, "/>\n");
}
+ if (model->deprecated_props) {
+ virBufferAddLit(buf, "<deprecatedFeatures>\n");
+ virBufferAdjustIndent(buf, 2);
+
+ for (i = 0; i < g_strv_length(model->deprecated_props); i++)
+ virBufferAsprintf(buf, "<property name='%s'/>\n",
+ model->deprecated_props[i]);
+
+ virBufferAdjustIndent(buf, -2);
+ virBufferAddLit(buf, "</deprecatedFeatures>\n");
+ }
+
virBufferAdjustIndent(buf, -2);
virBufferAddLit(buf, "</hostCPU>\n");
}
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 99667fdf2f..8f72fc5bd9 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -3487,6 +3487,7 @@ qemuMonitorCPUModelInfoFree(qemuMonitorCPUModelInfo *model_info)
g_free(model_info->props[i].value.string);
}
+ g_strfreev(model_info->deprecated_props);
g_free(model_info->props);
g_free(model_info->name);
g_free(model_info);
@@ -3531,6 +3532,8 @@ qemuMonitorCPUModelInfoCopy(const qemuMonitorCPUModelInfo *orig)
}
}
+ copy->deprecated_props = g_strdupv(orig->deprecated_props);
+
return copy;
}
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index d00967d84f..5b9ea336ec 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1238,6 +1238,7 @@ struct _qemuMonitorCPUModelInfo {
char *name;
size_t nprops;
qemuMonitorCPUProperty *props;
+ GStrv deprecated_props;
bool migratability;
};
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 487f8028d9..9a3ca3d186 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -5500,6 +5500,7 @@ qemuMonitorJSONParseCPUModelExpansionData(virJSONValue *data,
bool fail_no_props,
virJSONValue **cpu_model,
virJSONValue **cpu_props,
+ virJSONValue **cpu_deprecated_props,
const char **cpu_name)
{
if (qemuMonitorJSONParseCPUModelData(data, "query-cpu-model-expansion",
@@ -5507,6 +5508,12 @@ qemuMonitorJSONParseCPUModelExpansionData(virJSONValue *data,
cpu_name) < 0)
return -1;
+ /*
+ * Unconditionally check for the deprecated-props array, as
+ * it is not a guarantee response even if QEMU supports it.
+ */
+ *cpu_deprecated_props = virJSONValueObjectGetArray(data, "deprecated-props");
+
return 0;
}
@@ -5514,6 +5521,7 @@ qemuMonitorJSONParseCPUModelExpansionData(virJSONValue *data,
static int
qemuMonitorJSONParseCPUModelExpansion(const char *cpu_name,
virJSONValue *cpu_props,
+ virJSONValue *cpu_deprecated_props,
qemuMonitorCPUModelInfo **model_info)
{
g_autoptr(qemuMonitorCPUModelInfo) expanded_model = NULL;
@@ -5521,6 +5529,12 @@ qemuMonitorJSONParseCPUModelExpansion(const char *cpu_name,
if (qemuMonitorJSONParseCPUModel(cpu_name, cpu_props, &expanded_model) < 0)
return -1;
+ if (cpu_deprecated_props &&
+ virJSONValueArraySize(cpu_deprecated_props) &&
+ (!(expanded_model->deprecated_props = virJSONValueArrayToStringList(cpu_deprecated_props)))) {
+ return -1;
+ }
+
*model_info = g_steal_pointer(&expanded_model);
return 0;
}
@@ -5584,6 +5598,7 @@ qemuMonitorJSONGetCPUModelExpansion(qemuMonitor *mon,
g_autoptr(virJSONValue) fullData = NULL;
virJSONValue *cpu_model;
virJSONValue *cpu_props = NULL;
+ virJSONValue *cpu_deprecated_props = NULL;
const char *cpu_name = "";
int rc;
@@ -5597,6 +5612,7 @@ qemuMonitorJSONGetCPUModelExpansion(qemuMonitor *mon,
if (qemuMonitorJSONParseCPUModelExpansionData(data, fail_no_props,
&cpu_model, &cpu_props,
+ &cpu_deprecated_props,
&cpu_name) < 0)
return -1;
@@ -5615,11 +5631,13 @@ qemuMonitorJSONGetCPUModelExpansion(qemuMonitor *mon,
if (qemuMonitorJSONParseCPUModelExpansionData(fullData, fail_no_props,
&cpu_model, &cpu_props,
+ &cpu_deprecated_props,
&cpu_name) < 0)
return -1;
}
return qemuMonitorJSONParseCPUModelExpansion(cpu_name, cpu_props,
+ cpu_deprecated_props,
model_info);
}
--
2.49.0

View File

@ -20,7 +20,6 @@ Reviewed-by: Ján Tomko <jtomko@redhat.com>
- qemuDomainObjEnter/ExitMonitor still needs 'driver'
https://bugzilla.redhat.com/show_bug.cgi?id=2170472
Signed-off-by: David Sloboda <david.x.sloboda@oracle.com>
---
src/qemu/qemu_block.c | 7 ++-----
1 file changed, 2 insertions(+), 5 deletions(-)

View File

@ -0,0 +1,65 @@
From e9418cec1ba24b6cf78f85bbbef8586ed612692a Mon Sep 17 00:00:00 2001
Message-Id: <e9418cec1ba24b6cf78f85bbbef8586ed612692a@dist-git>
From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
Date: Mon, 13 Mar 2023 13:56:47 +0100
Subject: [PATCH] qemu: relax shared memory check for vhostuser daemons
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
For some vhostuser daemons, we validate that the guest memory is shared
with the host.
With earlier versions of QEMU, it was only possible to mark memory
as shared by defining an explicit NUMA topology. Later, QEMU exposed
the name of the default memory backend (defaultRAMid) so we can mark
that memory as shared.
Since libvirt commit:
commit bff2ad5d6b1f25da02802273934d2a519159fec7
qemu: Relax validation for mem->access if guest has no NUMA
we already check for the case when user requests shared memory,
but QEMU did not expose defaultRAMid.
Drop the duplicit check from vhostuser device validation, to make
it pass on hotplug even after libvirtd restart.
This avoids the need to store the defaultRAMid, since we don't really
need it for anything after the VM has been already started.
https://bugzilla.redhat.com/show_bug.cgi?id=2078693
https://bugzilla.redhat.com/show_bug.cgi?id=2177701
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
(cherry picked from commit d5c7b7870e45575f81fffcb611c2546d0e02e778)
Signed-off-by: Ján Tomko <jtomko@redhat.com>
---
src/qemu/qemu_validate.c | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 7bc14293d6..4069f47c12 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1588,16 +1588,12 @@ qemuValidateDomainVirtioOptions(const virDomainVirtioOptions *virtio,
static int
qemuValidateDomainDefVhostUserRequireSharedMemory(const virDomainDef *def,
const char *name,
- virQEMUCaps *qemuCaps)
+ virQEMUCaps *qemuCaps G_GNUC_UNUSED)
{
- const char *defaultRAMId = virQEMUCapsGetMachineDefaultRAMid(qemuCaps,
- def->virtType,
- def->os.machine);
size_t numa_nodes = virDomainNumaGetNodeCount(def->numa);
size_t i;
- if (numa_nodes == 0 &&
- !(defaultRAMId && def->mem.access == VIR_DOMAIN_MEMORY_ACCESS_SHARED)) {
+ if (numa_nodes == 0 && def->mem.access != VIR_DOMAIN_MEMORY_ACCESS_SHARED) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
_("'%s' requires shared memory"), name);
return -1;
--
2.40.1

View File

@ -20,7 +20,6 @@ Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit bbd4d4899391b3bd1906cce61a3634f42f4b1bdf)
https://bugzilla.redhat.com/show_bug.cgi?id=2170472
Signed-off-by: David Sloboda <david.x.sloboda@oracle.com>
---
src/qemu/qemu_monitor_json.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

View File

@ -0,0 +1,100 @@
From ed03cdb563ee30bff2f4f8a66f7778b5e55a4683 Mon Sep 17 00:00:00 2001
Message-ID: <ed03cdb563ee30bff2f4f8a66f7778b5e55a4683.1749113303.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:52 -0500
Subject: [PATCH] qemuMonitorJSONGetCPUModelExpansion: refactor parsing
functions
Refactor the CPU Model parsing functions within
qemuMonitorJSONGetCPUModelExpansion. The new functions,
qemuMonitorJSONParseCPUModelExpansionData and
qemuMonitorJSONParseCPUModelExpansion invoke the functions they
replace and leave room for a subsequent patch to handle parsing the
(optional) deprecated_props field resulting from the command.
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 60e407deb5cd88e5f1564d1c9145e374001cf34f)
JIRA: https://issues.redhat.com/browse/RHEL-88716
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/qemu/qemu_monitor_json.c | 46 ++++++++++++++++++++++++++++++------
1 file changed, 39 insertions(+), 7 deletions(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 789554e225..487f8028d9 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -5495,6 +5495,37 @@ qemuMonitorJSONParseCPUModel(const char *cpu_name,
}
+static int
+qemuMonitorJSONParseCPUModelExpansionData(virJSONValue *data,
+ bool fail_no_props,
+ virJSONValue **cpu_model,
+ virJSONValue **cpu_props,
+ const char **cpu_name)
+{
+ if (qemuMonitorJSONParseCPUModelData(data, "query-cpu-model-expansion",
+ fail_no_props, cpu_model, cpu_props,
+ cpu_name) < 0)
+ return -1;
+
+ return 0;
+}
+
+
+static int
+qemuMonitorJSONParseCPUModelExpansion(const char *cpu_name,
+ virJSONValue *cpu_props,
+ qemuMonitorCPUModelInfo **model_info)
+{
+ g_autoptr(qemuMonitorCPUModelInfo) expanded_model = NULL;
+
+ if (qemuMonitorJSONParseCPUModel(cpu_name, cpu_props, &expanded_model) < 0)
+ return -1;
+
+ *model_info = g_steal_pointer(&expanded_model);
+ return 0;
+}
+
+
static int
qemuMonitorJSONQueryCPUModelExpansionOne(qemuMonitor *mon,
qemuMonitorCPUModelExpansionType type,
@@ -5564,9 +5595,9 @@ qemuMonitorJSONGetCPUModelExpansion(qemuMonitor *mon,
if ((rc = qemuMonitorJSONQueryCPUModelExpansionOne(mon, type, &model, &data)) <= 0)
return rc;
- if (qemuMonitorJSONParseCPUModelData(data, "query-cpu-model-expansion",
- fail_no_props, &cpu_model, &cpu_props,
- &cpu_name) < 0)
+ if (qemuMonitorJSONParseCPUModelExpansionData(data, fail_no_props,
+ &cpu_model, &cpu_props,
+ &cpu_name) < 0)
return -1;
/* QEMU_MONITOR_CPU_MODEL_EXPANSION_STATIC_FULL requests "full" expansion
@@ -5582,13 +5613,14 @@ qemuMonitorJSONGetCPUModelExpansion(qemuMonitor *mon,
if ((rc = qemuMonitorJSONQueryCPUModelExpansionOne(mon, type, &fullModel, &fullData)) <= 0)
return rc;
- if (qemuMonitorJSONParseCPUModelData(fullData, "query-cpu-model-expansion",
- fail_no_props, &cpu_model, &cpu_props,
- &cpu_name) < 0)
+ if (qemuMonitorJSONParseCPUModelExpansionData(fullData, fail_no_props,
+ &cpu_model, &cpu_props,
+ &cpu_name) < 0)
return -1;
}
- return qemuMonitorJSONParseCPUModel(cpu_name, cpu_props, model_info);
+ return qemuMonitorJSONParseCPUModelExpansion(cpu_name, cpu_props,
+ model_info);
}
--
2.49.0

View File

@ -0,0 +1,95 @@
From 59ec9c201e8849f7231557c6019e1fabd0893240 Mon Sep 17 00:00:00 2001
Message-ID: <59ec9c201e8849f7231557c6019e1fabd0893240.1749113303.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:56 -0500
Subject: [PATCH] qemu_capabilities: filter deprecated features if requested
If flag VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES
is passed to qemuConnectGetDomainCapabilities, then the domain's CPU
model features will be updated to set any deprecated features to the
'disabled' policy.
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit cd1e837c22182dcadfe17b469c931f9fc9745a46)
JIRA: https://issues.redhat.com/browse/RHEL-88716
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/qemu/qemu_capabilities.c | 20 ++++++++++++++++++++
src/qemu/qemu_capabilities.h | 3 +++
src/qemu/qemu_driver.c | 8 +++++++-
3 files changed, 30 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 98773d2a0a..389b43ab3d 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -3152,6 +3152,26 @@ virQEMUCapsGetCPUFeatures(virQEMUCaps *qemuCaps,
}
+void
+virQEMUCapsUpdateCPUDeprecatedFeatures(virQEMUCaps *qemuCaps,
+ virDomainVirtType virtType,
+ virCPUDef *cpu)
+{
+ qemuMonitorCPUModelInfo *modelInfo;
+ size_t i;
+
+ modelInfo = virQEMUCapsGetCPUModelInfo(qemuCaps, virtType);
+
+ if (!modelInfo || !modelInfo->deprecated_props)
+ return;
+
+ for (i = 0; i < g_strv_length(modelInfo->deprecated_props); i++) {
+ virCPUDefUpdateFeature(cpu, modelInfo->deprecated_props[i],
+ VIR_CPU_FEATURE_DISABLE);
+ }
+}
+
+
struct tpmTypeToCaps {
int type;
virQEMUCapsFlags caps;
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 4a7fb2c726..249adf66fa 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -702,6 +702,9 @@ int virQEMUCapsGetCPUFeatures(virQEMUCaps *qemuCaps,
virDomainVirtType virtType,
bool migratable,
char ***features);
+void virQEMUCapsUpdateCPUDeprecatedFeatures(virQEMUCaps *qemuCaps,
+ virDomainVirtType virtType,
+ virCPUDef *cpu);
virDomainVirtType virQEMUCapsGetVirtType(virQEMUCaps *qemuCaps);
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index d3d76c003f..315abe57b0 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -17383,7 +17383,8 @@ qemuConnectGetDomainCapabilities(virConnectPtr conn,
virDomainVirtType virttype;
g_autoptr(virDomainCaps) domCaps = NULL;
- virCheckFlags(0, NULL);
+ virCheckFlags(VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES,
+ NULL);
if (virConnectGetDomainCapabilitiesEnsureACL(conn) < 0)
return NULL;
@@ -17402,6 +17403,11 @@ qemuConnectGetDomainCapabilities(virConnectPtr conn,
arch, virttype)))
return NULL;
+ if (flags & VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES) {
+ virQEMUCapsUpdateCPUDeprecatedFeatures(qemuCaps, virttype,
+ domCaps->cpu.hostModel);
+ }
+
return virDomainCapsFormat(domCaps);
}
--
2.49.0

View File

@ -0,0 +1,128 @@
From 4ad452d843406b9bb8423a47987f4180d565f11a Mon Sep 17 00:00:00 2001
Message-ID: <4ad452d843406b9bb8423a47987f4180d565f11a.1749113303.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:54 -0500
Subject: [PATCH] qemu_capabilities: query deprecated features for host-model
Add QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION_DEPRECATED_PROPS for detecting
if query-cpu-model-expansion can report deprecated CPU model properties.
QEMU introduced this capability in 9.1 release. Add flag and deprecated
features to the capabilities test data for QEMU 9.1 and 9.2 replies/XML
since it can now be accounted for.
When probing for the host CPU, perform a full CPU model expansion to
retrieve the list of features deprecated across the entire architecture.
The list and count are stored in the host's CPU model info within the
QEMU capabilities. Other info resulting from this query (e.g. model
name, etc) is ignored.
The new capabilities flag is used to fence off the extra query for
architectures/QEMU binaries that do not report deprecated CPU model
features.
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Boris Fiuczynski <fiuczy@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 51c098347d7f2af9b4386ac0adc4431997d06f3d)
JIRA: https://issues.redhat.com/browse/RHEL-88716
Conflicts:
src/qemu/qemu_capabilities.c
src/qemu/qemu_capabilities.h
(Contextual conflicts due to missing other patches in downstream
and qemuMonitorGetCPUModelExpansion() having one parameter less
in downstream)
tests/qemucapabilitiesdata/caps_9.*
(dropped the changes to these files since they are of no use in
downstream - upstream testing code changed too much, so it's
not possible to get the related tests to work in downstream)
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/qemu/qemu_capabilities.c | 38 ++++++++++++++++++++++++++++++++++++
src/qemu/qemu_capabilities.h | 1 +
2 files changed, 39 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index d616273406..98773d2a0a 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -658,6 +658,7 @@ VIR_ENUM_IMPL(virQEMUCaps,
/* 420 */
"blockdev-reopen.__com.redhat_rhel-av-8_2_0-api", /* QEMU_CAPS_BLOCKDEV_REOPEN_COM_REDHAT_AV_8_2_0_API */
"memory-backend-file.prealloc-threads", /* QEMU_CAPS_MEMORY_BACKEND_PREALLOC_THREADS */
+ "query-cpu-model-expansion.deprecated-props", /* QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION_DEPRECATED_PROPS */
);
@@ -1579,6 +1580,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] = {
{ "screendump/arg-type/device", QEMU_CAPS_SCREENDUMP_DEVICE },
{ "set-numa-node/arg-type/+hmat-lb", QEMU_CAPS_NUMA_HMAT },
{ "object-add/arg-type/+sev-guest/kernel-hashes", QEMU_CAPS_SEV_GUEST_KERNEL_HASHES },
+ { "query-cpu-model-expansion/ret-type/deprecated-props", QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION_DEPRECATED_PROPS },
};
typedef struct _virQEMUCapsObjectTypeProps virQEMUCapsObjectTypeProps;
@@ -2982,6 +2984,38 @@ virQEMUCapsProbeCPUDefinitionsTest(virQEMUCaps *qemuCaps,
}
+/**
+ * virQEMUCapsProbeFullDeprecatedProperties
+ * @mon: QEMU monitor
+ * @cpu: CPU definition to be expanded
+ * @props: the array to be filled with deprecated features
+ *
+ * Performs a full CPU model expansion to retrieve an array of deprecated
+ * properties. If the expansion succeeds, then data previously stored in
+ * @props is freed.
+ *
+ * Returns: -1 if the expansion failed; otherwise 0.
+ */
+static int
+virQEMUCapsProbeFullDeprecatedProperties(qemuMonitor *mon,
+ virCPUDef *cpu,
+ GStrv *props)
+{
+ g_autoptr(qemuMonitorCPUModelInfo) propsInfo = NULL;
+
+ if (qemuMonitorGetCPUModelExpansion(mon, QEMU_MONITOR_CPU_MODEL_EXPANSION_FULL,
+ cpu, true, false, &propsInfo) < 0)
+ return -1;
+
+ if (propsInfo && propsInfo->deprecated_props) {
+ g_free(*props);
+ *props = g_steal_pointer(&propsInfo->deprecated_props);
+ }
+
+ return 0;
+}
+
+
static int
virQEMUCapsProbeQMPHostCPU(virQEMUCaps *qemuCaps,
virQEMUCapsAccel *accel,
@@ -3065,6 +3099,10 @@ virQEMUCapsProbeQMPHostCPU(virQEMUCaps *qemuCaps,
modelInfo->migratability = true;
}
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION_DEPRECATED_PROPS) &&
+ virQEMUCapsProbeFullDeprecatedProperties(mon, cpu, &modelInfo->deprecated_props) < 0)
+ return -1;
+
accel->hostCPU.info = g_steal_pointer(&modelInfo);
return 0;
}
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 8e65635e0d..4a7fb2c726 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -637,6 +637,7 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
/* 420 */
QEMU_CAPS_BLOCKDEV_REOPEN_COM_REDHAT_AV_8_2_0_API, /* downstream support for blockdev reopen in rhel-av-8.2.0 */
QEMU_CAPS_MEMORY_BACKEND_PREALLOC_THREADS, /* -object memory-backend-*.prealloc-threads */
+ QEMU_CAPS_QUERY_CPU_MODEL_EXPANSION_DEPRECATED_PROPS, /* query-cpu-model-expansion may report deprecated CPU properties */
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
--
2.49.0

View File

@ -0,0 +1,218 @@
From cb42cd98d347deeee7c225d8d1e9f71f232cad29 Mon Sep 17 00:00:00 2001
Message-ID: <cb42cd98d347deeee7c225d8d1e9f71f232cad29.1712647819.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Fri, 15 Mar 2024 10:47:50 +0000
Subject: [PATCH] remote: check for negative array lengths before allocation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
While the C API entry points will validate non-negative lengths
for various parameters, the RPC server de-serialization code
will need to allocate memory for arrays before entering the C
API. These allocations will thus happen before the non-negative
length check is performed.
Passing a negative length to the g_new0 function will usually
result in a crash due to the negative length being treated as
a huge positive number.
This was found and diagnosed by ALT Linux Team with AFLplusplus.
CVE-2024-2494
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Found-by: Alexandr Shashkin <dutyrok@altlinux.org>
Co-developed-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8a3f8d957507c1f8223fdcf25a3ff885b15557f2)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/remote/remote_daemon_dispatch.c | 65 +++++++++++++++++++++++++++++
src/rpc/gendispatch.pl | 5 +++
2 files changed, 70 insertions(+)
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
index 689001889e..c193227926 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -2306,6 +2306,10 @@ remoteDispatchDomainGetSchedulerParameters(virNetServer *server G_GNUC_UNUSED,
if (!conn)
goto cleanup;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -2354,6 +2358,10 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServer *server G_GNUC_UNUS
if (!conn)
goto cleanup;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -2512,6 +2520,10 @@ remoteDispatchDomainBlockStatsFlags(virNetServer *server G_GNUC_UNUSED,
goto cleanup;
flags = args->flags;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_DOMAIN_BLOCK_STATS_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -2737,6 +2749,14 @@ remoteDispatchDomainGetVcpuPinInfo(virNetServer *server G_GNUC_UNUSED,
if (!(dom = get_nonnull_domain(conn, args->dom)))
goto cleanup;
+ if (args->ncpumaps < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("ncpumaps must be non-negative"));
+ goto cleanup;
+ }
+ if (args->maplen < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maplen must be non-negative"));
+ goto cleanup;
+ }
if (args->ncpumaps > REMOTE_VCPUINFO_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("ncpumaps > REMOTE_VCPUINFO_MAX"));
goto cleanup;
@@ -2831,6 +2851,11 @@ remoteDispatchDomainGetEmulatorPinInfo(virNetServer *server G_GNUC_UNUSED,
if (!(dom = get_nonnull_domain(conn, args->dom)))
goto cleanup;
+ if (args->maplen < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maplen must be non-negative"));
+ goto cleanup;
+ }
+
/* Allocate buffers to take the results */
if (args->maplen > 0)
cpumaps = g_new0(unsigned char, args->maplen);
@@ -2878,6 +2903,14 @@ remoteDispatchDomainGetVcpus(virNetServer *server G_GNUC_UNUSED,
if (!(dom = get_nonnull_domain(conn, args->dom)))
goto cleanup;
+ if (args->maxinfo < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo must be non-negative"));
+ goto cleanup;
+ }
+ if (args->maplen < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo must be non-negative"));
+ goto cleanup;
+ }
if (args->maxinfo > REMOTE_VCPUINFO_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo > REMOTE_VCPUINFO_MAX"));
goto cleanup;
@@ -3117,6 +3150,10 @@ remoteDispatchDomainGetMemoryParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_DOMAIN_MEMORY_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3177,6 +3214,10 @@ remoteDispatchDomainGetNumaParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_DOMAIN_NUMA_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3237,6 +3278,10 @@ remoteDispatchDomainGetBlkioParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_DOMAIN_BLKIO_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3298,6 +3343,10 @@ remoteDispatchNodeGetCPUStats(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_NODE_CPU_STATS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3365,6 +3414,10 @@ remoteDispatchNodeGetMemoryStats(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_NODE_MEMORY_STATS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3545,6 +3598,10 @@ remoteDispatchDomainGetBlockIoTune(virNetServer *server G_GNUC_UNUSED,
if (!conn)
goto cleanup;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_DOMAIN_BLOCK_IO_TUNE_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -5087,6 +5144,10 @@ remoteDispatchDomainGetInterfaceParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_DOMAIN_INTERFACE_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -5307,6 +5368,10 @@ remoteDispatchNodeGetMemoryParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
+ if (args->nparams < 0) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams must be non-negative"));
+ goto cleanup;
+ }
if (args->nparams > REMOTE_NODE_MEMORY_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl
index 9f5bf0e316..aacab88808 100755
--- a/src/rpc/gendispatch.pl
+++ b/src/rpc/gendispatch.pl
@@ -1074,6 +1074,11 @@ elsif ($mode eq "server") {
print "\n";
if ($single_ret_as_list) {
+ print " if (args->$single_ret_list_max_var < 0) {\n";
+ print " virReportError(VIR_ERR_RPC,\n";
+ print " \"%s\", _(\"max$single_ret_list_name must be non-negative\"));\n";
+ print " goto cleanup;\n";
+ print " }\n";
print " if (args->$single_ret_list_max_var > $single_ret_list_max_define) {\n";
print " virReportError(VIR_ERR_RPC,\n";
print " \"%s\", _(\"max$single_ret_list_name > $single_ret_list_max_define\"));\n";
--
2.44.0

View File

@ -0,0 +1,101 @@
From b84d0a699f3976644d3090562ce62ede55335fbc Mon Sep 17 00:00:00 2001
Message-ID: <b84d0a699f3976644d3090562ce62ede55335fbc.1717684031.git.jdenemar@redhat.com>
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Date: Tue, 30 Apr 2024 11:51:15 +0100
Subject: [PATCH] rpc: ensure temporary GSource is removed from client event
loop
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Users are seeing periodic segfaults from libvirt client apps,
especially thread heavy ones like virt-manager. A typical
stack trace would end up in the virNetClientIOEventFD method,
with illegal access to stale stack data. eg
==238721==ERROR: AddressSanitizer: stack-use-after-return on address 0x75cd18709788 at pc 0x75cd3111f907 bp 0x75cd181ff550 sp 0x75cd181ff548
WRITE of size 4 at 0x75cd18709788 thread T11
#0 0x75cd3111f906 in virNetClientIOEventFD /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1634:15
#1 0x75cd3210d198 (/usr/lib/libglib-2.0.so.0+0x5a198) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
#2 0x75cd3216c3be (/usr/lib/libglib-2.0.so.0+0xb93be) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
#3 0x75cd3210ddc6 in g_main_loop_run (/usr/lib/libglib-2.0.so.0+0x5adc6) (BuildId: 0a2311dfbbc6c215dc36f4b6bdd2b4b6fbae55a2)
#4 0x75cd3111a47c in virNetClientIOEventLoop /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:1722:9
#5 0x75cd3111a47c in virNetClientIO /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2002:10
#6 0x75cd3111a47c in virNetClientSendInternal /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2170:11
#7 0x75cd311198a8 in virNetClientSendWithReply /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclient.c:2198:11
#8 0x75cd31111653 in virNetClientProgramCall /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/rpc/virnetclientprogram.c:318:9
#9 0x75cd31241c8f in callFull /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6054:10
#10 0x75cd31241c8f in call /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/remote/remote_driver.c:6076:12
#11 0x75cd31241c8f in remoteNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/src/remote/remote_client_bodies.h:5959:9
#12 0x75cd31410ff7 in virNetworkGetXMLDesc /usr/src/debug/libvirt/libvirt-10.2.0/build/../src/libvirt-network.c:952:15
The root cause is a bad assumption in the virNetClientIOEventLoop
method. This method is run by whichever thread currently owns the
buck, and is responsible for handling I/O. Inside a for(;;) loop,
this method creates a temporary GSource, adds it to the event loop
and runs g_main_loop_run(). When I/O is ready, the GSource callback
(virNetClientIOEventFD) will fire and call g_main_loop_quit(), and
return G_SOURCE_REMOVE which results in the temporary GSource being
destroyed. A g_autoptr() will then remove the last reference.
What was overlooked, is that a second thread can come along and
while it can't enter virNetClientIOEventLoop, it will register an
idle source that uses virNetClientIOWakeup to interrupt the
original thread's 'g_main_loop_run' call. When this happens the
virNetClientIOEventFD callback never runs, and so the temporary
GSource is not destroyed. The g_autoptr() will remove a reference,
but by virtue of still being attached to the event context, there
is an extra reference held causing GSource to be leaked. The
next time 'g_main_loop_run' is called, the original GSource will
trigger its callback, and access data that was allocated on the
stack by the previous thread, and likely SEGV.
To solve this, the thread calling 'g_main_loop_run' must call
g_source_destroy, immediately upon return, to guarantee that
the temporary GSource is removed.
CVE-2024-4418
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Reported-by: Martin Shirokov <shirokovmartin@gmail.com>
Tested-by: Martin Shirokov <shirokovmartin@gmail.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8074d64dc2eca846d6a61efe1a9b7428a0ce1dd1)
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
---
src/rpc/virnetclient.c | 14 +++++++++++++-
1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index f526ad89ec..b9490072c3 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -1664,7 +1664,7 @@ static int virNetClientIOEventLoop(virNetClient *client,
#endif /* !WIN32 */
int timeout = -1;
virNetMessage *msg = NULL;
- g_autoptr(GSource) G_GNUC_UNUSED source = NULL;
+ g_autoptr(GSource) source = NULL;
GIOCondition ev = 0;
struct virNetClientIOEventData data = {
.client = client,
@@ -1728,6 +1728,18 @@ static int virNetClientIOEventLoop(virNetClient *client,
g_main_loop_run(client->eventLoop);
+ /*
+ * If virNetClientIOEventFD ran, this GSource will already be
+ * destroyed due to G_SOURCE_REMOVE. It is harmless to re-destroy
+ * it, since we still own a reference.
+ *
+ * If virNetClientIOWakeup ran, it will have interrupted the
+ * g_main_loop_run call, before virNetClientIOEventFD could
+ * run, and thus the GSource is still registered, and we need
+ * to destroy it since it is referencing stack memory for 'data'
+ */
+ g_source_destroy(source);
+
#ifndef WIN32
ignore_value(pthread_sigmask(SIG_SETMASK, &oldmask, NULL));
#endif /* !WIN32 */
--
2.45.1

View File

@ -0,0 +1,39 @@
From ffbae27bd15ae9475fd4f0e79b492a7e03bca93e Mon Sep 17 00:00:00 2001
Message-ID: <ffbae27bd15ae9475fd4f0e79b492a7e03bca93e.1717684031.git.jdenemar@redhat.com>
From: Jonathon Jongsma <jjongsma@redhat.com>
Date: Fri, 22 Sep 2023 14:23:10 -0500
Subject: [PATCH] util: Fix error return for virProcessKillPainfullyDelay()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Commit 93af79fb removed a cleanup label in favor of returning error
values directly in certain cases. But the final return value was changed
from -1 to 0. If we get to the end of the function, that means that
we've waited for the process to exit but it still exists. So we should
return -1. The error message was still being set correctly, but we were
returning a success status (0).
Signed-off-by: Jonathon Jongsma <jjongsma@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 51a074e74c6ef2fb95e6f53d41315e3f1e00be77)
https://issues.redhat.com/browse/RHEL-36064
---
src/util/virprocess.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index b559a4257e..f3933a2d16 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -471,7 +471,7 @@ virProcessKillPainfullyDelay(pid_t pid, bool force, unsigned int extradelay, boo
_("Failed to terminate process %lld with SIG%s"),
(long long)pid, signame);
- return 0;
+ return -1;
}
--
2.45.1

View File

@ -0,0 +1,104 @@
From 534bb6a049e7ad227d143457ddcfe828238cea18 Mon Sep 17 00:00:00 2001
Message-ID: <534bb6a049e7ad227d143457ddcfe828238cea18.1749113303.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 13 Feb 2023 15:53:23 +0100
Subject: [PATCH] util: xml: Introduce virXMLNodeGetSubelementList
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The new helper is similar to virXPathNodeSet list but for cases where we
want to get subelements directly rather than using XPath.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit dcd49d2cd65c9fe58d3df536fa258fc70c633d7e)
JIRA: https://issues.redhat.com/browse/RHEL-88716
Conflicts:
Trivial contextual conflicts in all files
(due to missing other patches in downstream)
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/libvirt_private.syms | 1 +
src/util/virxml.c | 35 +++++++++++++++++++++++++++++++++++
src/util/virxml.h | 6 ++++++
3 files changed, 42 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 7c558ad364..3af1b33a6c 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -3619,6 +3619,7 @@ virXMLFormatElementEmpty;
virXMLFormatMetadata;
virXMLNewNode;
virXMLNodeContentString;
+virXMLNodeGetSubelementList;
virXMLNodeNameEqual;
virXMLNodeSanitizeNamespaces;
virXMLNodeToString;
diff --git a/src/util/virxml.c b/src/util/virxml.c
index 4b09374107..b57462e2d0 100644
--- a/src/util/virxml.c
+++ b/src/util/virxml.c
@@ -838,6 +838,41 @@ virXPathBoolean(const char *xpath,
return obj->boolval;
}
+
+/**
+ * virXMLNodeGetSubelementList:
+ * @node: node to get subelement of
+ * @name: name of subelement to fetch (NULL to fetch all sub-elements)
+ * @list: If non-NULL, filled with a list of pointers to the nodes. Caller is
+ * responsible for freeing the list but not the members.
+ *
+ * Find and return a sub-elements node of @node named @name in a list.
+ * Returns the number of subelements with @name
+ */
+size_t
+virXMLNodeGetSubelementList(xmlNodePtr node,
+ const char *name,
+ xmlNodePtr **list)
+{
+ xmlNodePtr n;
+ size_t nelems = 0;
+
+ for (n = node->children; n; n = n->next) {
+ if (n->type == XML_ELEMENT_NODE) {
+ if (name && !virXMLNodeNameEqual(n, name))
+ continue;
+
+ if (list)
+ VIR_APPEND_ELEMENT_COPY(*list, nelems, n);
+ else
+ nelems++;
+ }
+ }
+
+ return nelems;
+}
+
+
/**
* virXPathNode:
* @xpath: the XPath string to evaluate
diff --git a/src/util/virxml.h b/src/util/virxml.h
index c39eae6282..7b60551898 100644
--- a/src/util/virxml.h
+++ b/src/util/virxml.h
@@ -83,6 +83,12 @@ int
virXPathULongHex(const char *xpath,
xmlXPathContextPtr ctxt,
unsigned long *value);
+
+size_t
+virXMLNodeGetSubelementList(xmlNodePtr node,
+ const char *name,
+ xmlNodePtr **list);
+
xmlNodePtr
virXPathNode(const char *xpath,
xmlXPathContextPtr ctxt);
--
2.49.0

View File

@ -0,0 +1,92 @@
From f3c75e44ad85fb01473c78adfc2a6d2c53f4f358 Mon Sep 17 00:00:00 2001
Message-ID: <f3c75e44ad85fb01473c78adfc2a6d2c53f4f358.1749113303.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Mon, 13 Feb 2023 15:53:23 +0100
Subject: [PATCH] util: xml: Return GPtrArray from virXMLNodeGetSubelement
[partial]
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Rework the helper to use a GPtrArray structure to simplify callers.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 08a7fc834c7c505e73bfcfa11c4a841a972d4f5d)
JIRA: https://issues.redhat.com/browse/RHEL-88716
Conflicts:
src/conf/*.c
Dropped the hunks that modify the callers
(since these are not available in downstream yet)
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
src/util/virxml.c | 21 ++++++++-------------
src/util/virxml.h | 5 ++---
2 files changed, 10 insertions(+), 16 deletions(-)
diff --git a/src/util/virxml.c b/src/util/virxml.c
index b57462e2d0..46afcf2146 100644
--- a/src/util/virxml.c
+++ b/src/util/virxml.c
@@ -843,33 +843,28 @@ virXPathBoolean(const char *xpath,
* virXMLNodeGetSubelementList:
* @node: node to get subelement of
* @name: name of subelement to fetch (NULL to fetch all sub-elements)
- * @list: If non-NULL, filled with a list of pointers to the nodes. Caller is
- * responsible for freeing the list but not the members.
*
- * Find and return a sub-elements node of @node named @name in a list.
- * Returns the number of subelements with @name
+ * Find and return a sub-elements node of @node named @name in a GPtrArray
+ * populated with the xmlNodePtr objects. Caller is responsible for freeing the
+ * array but not the contained xmlNode objects.
*/
-size_t
+GPtrArray *
virXMLNodeGetSubelementList(xmlNodePtr node,
- const char *name,
- xmlNodePtr **list)
+ const char *name)
{
+ GPtrArray *ret = g_ptr_array_new();
xmlNodePtr n;
- size_t nelems = 0;
for (n = node->children; n; n = n->next) {
if (n->type == XML_ELEMENT_NODE) {
if (name && !virXMLNodeNameEqual(n, name))
continue;
- if (list)
- VIR_APPEND_ELEMENT_COPY(*list, nelems, n);
- else
- nelems++;
+ g_ptr_array_add(ret, n);
}
}
- return nelems;
+ return ret;
}
diff --git a/src/util/virxml.h b/src/util/virxml.h
index 7b60551898..03677afc33 100644
--- a/src/util/virxml.h
+++ b/src/util/virxml.h
@@ -84,10 +84,9 @@ virXPathULongHex(const char *xpath,
xmlXPathContextPtr ctxt,
unsigned long *value);
-size_t
+GPtrArray *
virXMLNodeGetSubelementList(xmlNodePtr node,
- const char *name,
- xmlNodePtr **list);
+ const char *name);
xmlNodePtr
virXPathNode(const char *xpath,
--
2.49.0

View File

@ -0,0 +1,51 @@
From afbf59c823a04b417b4ae66edb99e15e6e8ba877 Mon Sep 17 00:00:00 2001
Message-ID: <afbf59c823a04b417b4ae66edb99e15e6e8ba877.1730898528.git.jdenemar@redhat.com>
From: Peter Krempa <pkrempa@redhat.com>
Date: Tue, 8 Aug 2023 15:53:53 +0200
Subject: [PATCH] virStorageBackendLogicalCheckPool: Properly mark empty
logical pools as active
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The '/dev' filesystem convenience directory for a LVM volume group is
not created when the volume group is empty.
The logic in 'virStorageBackendLogicalCheckPool' which is used to see
whether a pool is active was first checking presence of the directory,
which failed for an empty VG.
Since the second step is virStorageBackendLogicalMatchPoolSource which
is checking mapping between configured PVs and the VG, we can simply
rely on the function to also check presence of the pool.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2228223
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit fa1a54baa59d244289ce666f9dc52d9eabca47f1)
https://issues.redhat.com/browse/RHEL-65771
---
src/storage/storage_backend_logical.c | 8 +-------
1 file changed, 1 insertion(+), 7 deletions(-)
diff --git a/src/storage/storage_backend_logical.c b/src/storage/storage_backend_logical.c
index 3f27e63aeb..b7e3ba2498 100644
--- a/src/storage/storage_backend_logical.c
+++ b/src/storage/storage_backend_logical.c
@@ -628,13 +628,7 @@ static int
virStorageBackendLogicalCheckPool(virStoragePoolObj *pool,
bool *isActive)
{
- virStoragePoolDef *def = virStoragePoolObjGetDef(pool);
-
- /* If we can find the target.path as well as ensure that the
- * pool's def source
- */
- *isActive = virFileExists(def->target.path) &&
- virStorageBackendLogicalMatchPoolSource(pool);
+ *isActive = virStorageBackendLogicalMatchPoolSource(pool);
return 0;
}
--
2.47.0

View File

@ -0,0 +1,68 @@
From f3ae3ac1807549c1eb4cc5a0286047ff019e14a0 Mon Sep 17 00:00:00 2001
Message-ID: <f3ae3ac1807549c1eb4cc5a0286047ff019e14a0.1702401900.git.jdenemar@redhat.com>
From: Michal Privoznik <mprivozn@redhat.com>
Date: Fri, 24 Nov 2023 11:59:32 +0100
Subject: [PATCH] virnuma: Avoid integer overflow in virNumaGetPages()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
On systems with humongous pages (16GiB) and 32bit int it's easy
to hit integer overflow in virNumaGetPages(). What happens is,
inside of virNumaGetPages() as we process hugepages for given
NUMA node (e.g. in order to produce capabilities XML), we keep a
sum of sizes of pools in an ULL variable (huge_page_sum). In each
iteration, the variable is incremented by 1024 * page_size *
page_avail. Now, page_size is just an uint, so we have:
ULL += U * U * ULL;
and because of associativity, U * U is computed first and since
we have two operands of the same type, no type expansion happens.
But this means, for humongous pages (like 16GiB) the
multiplication overflows.
Therefore, move the multiplication out of the loop. This helps in
two ways:
1) now we have ULL += U * ULL; which expands the uint in
multiplication,
2) it saves couple of CPU cycles.
Resolves: https://issues.redhat.com/browse/RHEL-16749
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
(cherry picked from commit 9694d1ca6a4ef7a37ac20249eb8b85c1bb48ef6b)
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/util/virnuma.c | 7 ++++---
1 file changed, 4 insertions(+), 3 deletions(-)
diff --git a/src/util/virnuma.c b/src/util/virnuma.c
index 7c892d6267..e0938867f9 100644
--- a/src/util/virnuma.c
+++ b/src/util/virnuma.c
@@ -806,9 +806,7 @@ virNumaGetPages(int node,
tmp_free[ntmp] = page_free;
ntmp++;
- /* page_size is in kibibytes while we want huge_page_sum
- * in just bytes. */
- huge_page_sum += 1024 * page_size * page_avail;
+ huge_page_sum += page_size * page_avail;
}
if (direrr < 0)
@@ -819,6 +817,9 @@ virNumaGetPages(int node,
VIR_REALLOC_N(tmp_avail, ntmp + 1);
VIR_REALLOC_N(tmp_free, ntmp + 1);
+ /* page_size is in kibibytes while we want huge_page_sum in just bytes. */
+ huge_page_sum *= 1024;
+
if (virNumaGetPageInfo(node, system_page_size, huge_page_sum,
&tmp_avail[ntmp], &tmp_free[ntmp]) < 0)
return -1;
--
2.43.0

View File

@ -36,7 +36,6 @@ https://bugzilla.redhat.com/show_bug.cgi?id=2196351
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-2700
Signed-off-by: Ján Tomko <jtomko@redhat.com>
Signed-off-by: David Sloboda <david.x.sloboda@oracle.com>
---
src/util/virpci.c | 1 +
1 file changed, 1 insertion(+)

View File

@ -0,0 +1,83 @@
From 16a50b3a73f496be8cd2bb9b9c0b88ca9a84ed0e Mon Sep 17 00:00:00 2001
Message-ID: <16a50b3a73f496be8cd2bb9b9c0b88ca9a84ed0e.1749113304.git.jdenemar@redhat.com>
From: Collin Walling <walling@linux.ibm.com>
Date: Mon, 16 Dec 2024 18:03:57 -0500
Subject: [PATCH] virsh: add --disable-deprecated-features flag to
domcapabilities
Add a new flag, --disable-deprecated-features, to the domcapabilities
command. This will modify the output to show the 'host-model' CPU
with features flagged as deprecated paired with the 'disable' policy.
virsh domcapabilities --disable-deprecated-features
Signed-off-by: Collin Walling <walling@linux.ibm.com>
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
(cherry picked from commit 15d45964e453e04f1761e527266af45554f58fcc)
JIRA: https://issues.redhat.com/browse/RHEL-88716
Conflicts:
docs/manpages/virsh.rst
tools/virsh-host.c
(Simple contextual conflicts due to other missing patches in downstream)
Signed-off-by: Thomas Huth <thuth@redhat.com>
---
docs/manpages/virsh.rst | 6 ++++++
tools/virsh-host.c | 9 ++++++++-
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/docs/manpages/virsh.rst b/docs/manpages/virsh.rst
index d24e7774a6..3adbf42280 100644
--- a/docs/manpages/virsh.rst
+++ b/docs/manpages/virsh.rst
@@ -562,6 +562,7 @@ domcapabilities
::
domcapabilities [virttype] [emulatorbin] [arch] [machine]
+ [--disable-deprecated-features]
Print an XML document describing the domain capabilities for the
@@ -596,6 +597,11 @@ supplied along with either the *emulatorbin* or *arch* in order to
generate output for the default *machine*. Supplying a *machine*
value will generate output for the specific machine.
+The **--disable-deprecated-features** argument will modify the contents
+of host-model CPU XML, updating the features list with any features
+flagged as deprecated for the CPU model by the hypervisor. These
+features will be paired with the "disable" policy.
+
pool-capabilities
-----------------
diff --git a/tools/virsh-host.c b/tools/virsh-host.c
index 5ee3834de2..874875b378 100644
--- a/tools/virsh-host.c
+++ b/tools/virsh-host.c
@@ -91,6 +91,10 @@ static const vshCmdOptDef opts_domcapabilities[] = {
.type = VSH_OT_STRING,
.help = N_("machine type (/domain/os/type/@machine)"),
},
+ {.name = "disable-deprecated-features",
+ .type = VSH_OT_BOOL,
+ .help = N_("report host CPU model with deprecated features disabled"),
+ },
{.name = NULL}
};
@@ -102,9 +106,12 @@ cmdDomCapabilities(vshControl *ctl, const vshCmd *cmd)
const char *emulatorbin = NULL;
const char *arch = NULL;
const char *machine = NULL;
- const unsigned int flags = 0; /* No flags so far */
+ unsigned int flags = 0;
virshControl *priv = ctl->privData;
+ if (vshCommandOptBool(cmd, "disable-deprecated-features"))
+ flags |= VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES;
+
if (vshCommandOptStringReq(ctl, cmd, "virttype", &virttype) < 0 ||
vshCommandOptStringReq(ctl, cmd, "emulatorbin", &emulatorbin) < 0 ||
vshCommandOptStringReq(ctl, cmd, "arch", &arch) < 0 ||
--
2.49.0

View File

@ -210,7 +210,7 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 8.0.0
Release: 19.2%{?dist}%{?extra_release}.alma
Release: 23.4%{?dist}%{?extra_release}
License: LGPLv2+
URL: https://libvirt.org/
@ -306,15 +306,31 @@ Patch83: libvirt-vircpi-Add-PCIe-5.0-and-6.0-link-speeds.patch
Patch84: libvirt-conf-Make-VIR_DOMAIN_NET_TYPE_ETHERNET-not-share-host-view.patch
Patch85: libvirt-qemu-domain-Fix-logic-when-tainting-domain.patch
Patch86: libvirt-qemu-agent-Make-fetching-of-can-offline-member-from-guest-query-vcpus-optional.patch
# Patches taken from Oracle Linux libvirt-8.0.0-19.0.2.module+el8.8.0+21112+1cc1a24b.src.rpm
Patch87: libvirt-qemu-monitor-Drop-old-monitor-fields-from-struct-_qemuMonitorMessage.patch
Patch88: libvirt-qemu-Make-struct-_qemuMonitorMessage-private.patch
Patch89: libvirt-qemu-monitor-Move-declaration-of-struct-_qemuMonitor-to-qemu_monitor_priv.h.patch
Patch90: libvirt-qemu-qemuBlockGetNamedNodeData-Remove-pointless-error-path.patch
Patch91: libvirt-qemu-monitor-Store-whether-query-named-block-nodes-supports-flat-parameter.patch
Patch92: libvirt-qemuMonitorJSONBlockStatsUpdateCapacityBlockdev-Use-flat-mode-of-query-named-block-nodes.patch
Patch93: libvirt-virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch
Patch94: libvirt-node_device_conf-Avoid-memleak-in-virNodeDeviceGetPCIVPDDynamicCap.patch
Patch93: libvirt-qemu-relax-shared-memory-check-for-vhostuser-daemons.patch
Patch94: libvirt-virpci-Resolve-leak-in-virPCIVirtualFunctionList-cleanup.patch
Patch95: libvirt-node_device_conf-Avoid-memleak-in-virNodeDeviceGetPCIVPDDynamicCap.patch
Patch96: libvirt-nodedev-update-transient-mdevs.patch
Patch97: libvirt-lib-Set-up-cpuset-controller-for-restrictive-numatune.patch
Patch98: libvirt-virnuma-Avoid-integer-overflow-in-virNumaGetPages.patch
Patch99: libvirt-remote-check-for-negative-array-lengths-before-allocation.patch
Patch100: libvirt-util-Fix-error-return-for-virProcessKillPainfullyDelay.patch
Patch101: libvirt-rpc-ensure-temporary-GSource-is-removed-from-client-event-loop.patch
Patch102: libvirt-virStorageBackendLogicalCheckPool-Properly-mark-empty-logical-pools-as-active.patch
Patch103: libvirt-util-xml-Introduce-virXMLNodeGetSubelementList.patch
Patch104: libvirt-util-xml-Return-GPtrArray-from-virXMLNodeGetSubelement-partial.patch
Patch105: libvirt-qemuMonitorJSONGetCPUModelExpansion-refactor-parsing-functions.patch
Patch106: libvirt-qemu-parse-deprecated-props-from-query-cpu-model-expansion-response.patch
Patch107: libvirt-qemu_capabilities-query-deprecated-features-for-host-model.patch
Patch108: libvirt-libvirt-domain-introduce-VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES.patch
Patch109: libvirt-qemu_capabilities-filter-deprecated-features-if-requested.patch
Patch110: libvirt-virsh-add-disable-deprecated-features-flag-to-domcapabilities.patch
Patch111: libvirt-conf-add-deprecated_features-attribute.patch
Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release}
@ -2194,15 +2210,46 @@ exit 0
%changelog
* Wed Jul 12 2023 Andrew Lukoshko <alukoshko@almalinux.org> - 8.0.0-19.2.alma
- qemu: monitor: Drop old monitor fields from 'struct _qemuMonitorMessage'
- qemu: Make 'struct _qemuMonitorMessage' private
- qemu: monitor: Move declaration of struct _qemuMonitor to qemu_monitor_priv.h
- qemu: qemuBlockGetNamedNodeData: Remove pointless error path
- qemu: monitor: Store whether 'query-named-block-nodes' supports 'flat' parameter
- qemuMonitorJSONBlockStatsUpdateCapacityBlockdev: Use 'flat' mode of query-named-block-nodes
- virpci: Resolve leak in virPCIVirtualFunctionList cleanup [CVE-2023-2700]
- node_device_conf: Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap() [CVE-2023-2700]
* Thu Jun 5 2025 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-23.4.el8
- util: xml: Introduce virXMLNodeGetSubelementList (RHEL-88716)
- util: xml: Return GPtrArray from virXMLNodeGetSubelement [partial] (RHEL-88716)
- qemuMonitorJSONGetCPUModelExpansion: refactor parsing functions (RHEL-88716)
- qemu: parse deprecated-props from query-cpu-model-expansion response (RHEL-88716)
- qemu_capabilities: query deprecated features for host-model (RHEL-88716)
- libvirt-domain: introduce VIR_CONNECT_GET_DOMAIN_CAPABILITIES_DISABLE_DEPRECATED_FEATURES (RHEL-88716)
- qemu_capabilities: filter deprecated features if requested (RHEL-88716)
- virsh: add --disable-deprecated-features flag to domcapabilities (RHEL-88716)
- conf: add deprecated_features attribute (RHEL-88716)
* Wed Nov 6 2024 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-23.3.el8
- virStorageBackendLogicalCheckPool: Properly mark empty logical pools as active (RHEL-65771)
* Thu Jun 6 2024 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-23.2.el8
- util: Fix error return for virProcessKillPainfullyDelay() (RHEL-36064)
- rpc: ensure temporary GSource is removed from client event loop (CVE-2024-4418)
* Tue Apr 9 2024 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-23.1.el8
- remote: check for negative array lengths before allocation (CVE-2024-2494)
* Tue Dec 12 2023 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-23
- virnuma: Avoid integer overflow in virNumaGetPages() (rhbz#RHEL-16749)
* Mon Jul 31 2023 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-22
- lib: Set up cpuset controller for restrictive numatune (rhbz#2223464)
* Thu Jun 22 2023 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-21
- nodedev: update transient mdevs (rhbz#2143160)
* Fri May 19 2023 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-20
- qemu: monitor: Drop old monitor fields from 'struct _qemuMonitorMessage' (rhbz#2170472)
- qemu: Make 'struct _qemuMonitorMessage' private (rhbz#2170472)
- qemu: monitor: Move declaration of struct _qemuMonitor to qemu_monitor_priv.h (rhbz#2170472)
- qemu: qemuBlockGetNamedNodeData: Remove pointless error path (rhbz#2170472)
- qemu: monitor: Store whether 'query-named-block-nodes' supports 'flat' parameter (rhbz#2170472)
- qemuMonitorJSONBlockStatsUpdateCapacityBlockdev: Use 'flat' mode of query-named-block-nodes (rhbz#2170472)
- qemu: relax shared memory check for vhostuser daemons (rhbz#2177701)
- virpci: Resolve leak in virPCIVirtualFunctionList cleanup (CVE-2023-2700)
- node_device_conf: Avoid memleak in virNodeDeviceGetPCIVPDDynamicCap() (CVE-2023-2700)
* Tue Mar 14 2023 Jiri Denemark <jdenemar@redhat.com> - 8.0.0-19
- qemu: domain: Fix logic when tainting domain (rhbz#2174447)