From 3859a70eebc8eb5d8d6a3cc8806f77c1a970f0dd Mon Sep 17 00:00:00 2001 From: eabdullin Date: Fri, 4 Oct 2024 15:37:34 +0300 Subject: [PATCH] - qemu: Use pvpanic by default on aarch64 - qemu: Refactor default panic model - qemu: Sometimes the default panic model doesn't exist - udevListInterfaces: Honour array length for zero-length NULL arrays (CVE-2024-8235) --- ...rt-qemu-Refactor-default-panic-model.patch | 78 ++++++++++ ...he-default-panic-model-doesn-t-exist.patch | 67 +++++++++ ...mu-Use-pvpanic-by-default-on-aarch64.patch | 141 ++++++++++++++++++ ...ero-length-NULL-arrays-CVE-2024-8235.patch | 89 +++++++++++ SPECS/libvirt.spec | 19 ++- 5 files changed, 393 insertions(+), 1 deletion(-) create mode 100644 SOURCES/libvirt-qemu-Refactor-default-panic-model.patch create mode 100644 SOURCES/libvirt-qemu-Sometimes-the-default-panic-model-doesn-t-exist.patch create mode 100644 SOURCES/libvirt-qemu-Use-pvpanic-by-default-on-aarch64.patch create mode 100644 SOURCES/libvirt-udevListInterfaces-Honour-array-length-for-zero-length-NULL-arrays-CVE-2024-8235.patch diff --git a/SOURCES/libvirt-qemu-Refactor-default-panic-model.patch b/SOURCES/libvirt-qemu-Refactor-default-panic-model.patch new file mode 100644 index 0000000..bbb4ad5 --- /dev/null +++ b/SOURCES/libvirt-qemu-Refactor-default-panic-model.patch @@ -0,0 +1,78 @@ +From 9e1970efa5ac281febffabd57ac5b849117cccb4 Mon Sep 17 00:00:00 2001 +From: Andrea Bolognani +Date: Tue, 27 Aug 2024 15:03:31 +0200 +Subject: [PATCH] qemu: Refactor default panic model + +Perform decisions based on the architecture and machine type +in a single place instead of duplicating them. + +This technically adds new behavior for MODEL_ISA in +qemuDomainDefAddDefaultDevices(), but it doesn't make any +difference functionally since we don't set addPanicDevice +outside of ppc64(le) and s390(x). If we did, the lack of +handling for that value would be a latent bug. + +Signed-off-by: Andrea Bolognani +Reviewed-by: Michal Privoznik +--- + src/qemu/qemu_domain.c | 30 ++++++++++++++++++------------ + 1 file changed, 18 insertions(+), 12 deletions(-) + +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index 93dbbcbc0bc..69a2db686e6 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -4139,6 +4139,19 @@ qemuDomainGetSCSIControllerModel(const virDomainDef *def, + } + + ++static virDomainPanicModel ++qemuDomainDefaultPanicModel(const virDomainDef *def) ++{ ++ if (qemuDomainIsPSeries(def)) ++ return VIR_DOMAIN_PANIC_MODEL_PSERIES; ++ ++ if (ARCH_IS_S390(def->os.arch)) ++ return VIR_DOMAIN_PANIC_MODEL_S390; ++ ++ return VIR_DOMAIN_PANIC_MODEL_ISA; ++} ++ ++ + static int + qemuDomainDefAddDefaultDevices(virQEMUDriver *driver, + virDomainDef *def, +@@ -4386,13 +4399,12 @@ qemuDomainDefAddDefaultDevices(virQEMUDriver *driver, + return -1; + + if (addPanicDevice) { ++ virDomainPanicModel defaultModel = qemuDomainDefaultPanicModel(def); + size_t j; ++ + for (j = 0; j < def->npanics; j++) { + if (def->panics[j]->model == VIR_DOMAIN_PANIC_MODEL_DEFAULT || +- (ARCH_IS_PPC64(def->os.arch) && +- def->panics[j]->model == VIR_DOMAIN_PANIC_MODEL_PSERIES) || +- (ARCH_IS_S390(def->os.arch) && +- def->panics[j]->model == VIR_DOMAIN_PANIC_MODEL_S390)) ++ def->panics[j]->model == defaultModel) + break; + } + +@@ -6076,14 +6088,8 @@ static int + qemuDomainDevicePanicDefPostParse(virDomainPanicDef *panic, + const virDomainDef *def) + { +- if (panic->model == VIR_DOMAIN_PANIC_MODEL_DEFAULT) { +- if (qemuDomainIsPSeries(def)) +- panic->model = VIR_DOMAIN_PANIC_MODEL_PSERIES; +- else if (ARCH_IS_S390(def->os.arch)) +- panic->model = VIR_DOMAIN_PANIC_MODEL_S390; +- else +- panic->model = VIR_DOMAIN_PANIC_MODEL_ISA; +- } ++ if (panic->model == VIR_DOMAIN_PANIC_MODEL_DEFAULT) ++ panic->model = qemuDomainDefaultPanicModel(def); + + return 0; + } diff --git a/SOURCES/libvirt-qemu-Sometimes-the-default-panic-model-doesn-t-exist.patch b/SOURCES/libvirt-qemu-Sometimes-the-default-panic-model-doesn-t-exist.patch new file mode 100644 index 0000000..500cd3a --- /dev/null +++ b/SOURCES/libvirt-qemu-Sometimes-the-default-panic-model-doesn-t-exist.patch @@ -0,0 +1,67 @@ +From 6d92185a49f5c4107964d2d46a4aecc788646dd9 Mon Sep 17 00:00:00 2001 +From: Andrea Bolognani +Date: Tue, 27 Aug 2024 16:44:31 +0200 +Subject: [PATCH] qemu: Sometimes the default panic model doesn't exist + +Right now the fallback behavior is to use MODEL_ISA if we +haven't been able to find a better match, but that's not very +useful as we're still going to hit an error later, when +QEMU_CAPS_DEVICE_PANIC is not found at Validate time. + +Instead of doing that, allow MODEL_DEFAULT to get all the +way to Validate and report an error upon encountering it. + +The reported error changes slightly, but other than that the +set of configurations that are allowed and blocked remains +the same. + +Signed-off-by: Andrea Bolognani +Reviewed-by: Michal Privoznik +--- + src/qemu/qemu_domain.c | 5 ++++- + src/qemu/qemu_validate.c | 6 +++++- + .../aarch64-panic-no-model.aarch64-latest.err | 2 +- + .../riscv64-panic-no-model.riscv64-latest.err | 2 +- + 4 files changed, 11 insertions(+), 4 deletions(-) + +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index 69a2db686e6..9d44500db01 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -4148,7 +4148,10 @@ qemuDomainDefaultPanicModel(const virDomainDef *def) + if (ARCH_IS_S390(def->os.arch)) + return VIR_DOMAIN_PANIC_MODEL_S390; + +- return VIR_DOMAIN_PANIC_MODEL_ISA; ++ if (ARCH_IS_X86(def->os.arch)) ++ return VIR_DOMAIN_PANIC_MODEL_ISA; ++ ++ return VIR_DOMAIN_PANIC_MODEL_DEFAULT; + } + + +diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c +index 3c40f76c126..1954daea525 100644 +--- a/src/qemu/qemu_validate.c ++++ b/src/qemu/qemu_validate.c +@@ -1025,8 +1025,12 @@ qemuValidateDomainDefPanic(const virDomainDef *def, + } + break; + +- /* default model value was changed before in post parse */ + case VIR_DOMAIN_PANIC_MODEL_DEFAULT: ++ /* PostParse couldn't figure out a sensible default model */ ++ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", ++ _("no panic model provided, and no default for the architecture and machine type")); ++ return -1; ++ + case VIR_DOMAIN_PANIC_MODEL_LAST: + break; + } +diff --git a/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err b/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err +index 8e3f2c194d2..139249bbc54 100644 +--- a/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err ++++ b/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err +@@ -1 +1 @@ +-unsupported configuration: the QEMU binary does not support the ISA panic device ++unsupported configuration: no panic model provided, and no default for the architecture and machine type diff --git a/SOURCES/libvirt-qemu-Use-pvpanic-by-default-on-aarch64.patch b/SOURCES/libvirt-qemu-Use-pvpanic-by-default-on-aarch64.patch new file mode 100644 index 0000000..fdc847f --- /dev/null +++ b/SOURCES/libvirt-qemu-Use-pvpanic-by-default-on-aarch64.patch @@ -0,0 +1,141 @@ +From ad924689240af3e7964e88c32799df146b640292 Mon Sep 17 00:00:00 2001 +From: Andrea Bolognani +Date: Tue, 27 Aug 2024 16:19:53 +0200 +Subject: [PATCH] qemu: Use pvpanic by default on aarch64 + +pvpanic-pci is the only reasonable implementation of a panic +device for aarch64/virt guests. Right now we're asking users to +provide the model name manually, but we can be more helpful and +fill it in automatically instead. + +With this change, the aarch64-panic-no-model test no longer +fails and so it's no longer useful to us. Instead, we can amend +the aarch64-virt-default-models test case to include panic +coverage, something that until now wasn't possible. + +Signed-off-by: Andrea Bolognani +Reviewed-by: Michal Privoznik +--- + src/qemu/qemu_domain.c | 3 +++ + .../aarch64-panic-no-model.aarch64-latest.err | 1 - + tests/qemuxmlconfdata/aarch64-panic-no-model.xml | 13 ------------- + ...rt-default-models.aarch64-latest.abi-update.args | 1 + + ...irt-default-models.aarch64-latest.abi-update.xml | 3 +++ + .../aarch64-virt-default-models.aarch64-latest.args | 1 + + .../aarch64-virt-default-models.aarch64-latest.xml | 3 +++ + .../qemuxmlconfdata/aarch64-virt-default-models.xml | 2 +- + tests/qemuxmlconftest.c | 1 - + 9 files changed, 12 insertions(+), 16 deletions(-) + delete mode 100644 tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err + delete mode 100644 tests/qemuxmlconfdata/aarch64-panic-no-model.xml + +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index 9d44500db01..ed305d9427f 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -4151,6 +4151,9 @@ qemuDomainDefaultPanicModel(const virDomainDef *def) + if (ARCH_IS_X86(def->os.arch)) + return VIR_DOMAIN_PANIC_MODEL_ISA; + ++ if (qemuDomainIsARMVirt(def)) ++ return VIR_DOMAIN_PANIC_MODEL_PVPANIC; ++ + return VIR_DOMAIN_PANIC_MODEL_DEFAULT; + } + +diff --git a/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err b/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err +deleted file mode 100644 +index 139249bbc54..00000000000 +--- a/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err ++++ /dev/null +@@ -1 +0,0 @@ +-unsupported configuration: no panic model provided, and no default for the architecture and machine type +diff --git a/tests/qemuxmlconfdata/aarch64-panic-no-model.xml b/tests/qemuxmlconfdata/aarch64-panic-no-model.xml +deleted file mode 100644 +index 5207e48bbd5..00000000000 +--- a/tests/qemuxmlconfdata/aarch64-panic-no-model.xml ++++ /dev/null +@@ -1,13 +0,0 @@ +- +- guest +- 1ccfd97d-5eb4-478a-bbe6-88d254c16db7 +- 4194304 +- 4 +- +- hvm +- +- +- /usr/bin/qemu-system-aarch64 +- +- +- +diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args +index a503f45d0c2..96fb251d808 100644 +--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args ++++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args +@@ -44,4 +44,5 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ + -audiodev '{"id":"audio1","driver":"none"}' \ + -device '{"driver":"virtio-gpu-pci","id":"video0","max_outputs":1,"bus":"pci.5","addr":"0x0"}' \ + -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ ++-device '{"driver":"pvpanic-pci","bus":"pcie.0","addr":"0x2"}' \ + -msg timestamp=on +diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml +index bbe1dd931dd..f27e7e15229 100644 +--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml ++++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml +@@ -78,5 +78,8 @@ +
+ + ++ ++
++ + + +diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args +index a503f45d0c2..96fb251d808 100644 +--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args ++++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args +@@ -44,4 +44,5 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \ + -audiodev '{"id":"audio1","driver":"none"}' \ + -device '{"driver":"virtio-gpu-pci","id":"video0","max_outputs":1,"bus":"pci.5","addr":"0x0"}' \ + -sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \ ++-device '{"driver":"pvpanic-pci","bus":"pcie.0","addr":"0x2"}' \ + -msg timestamp=on +diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml +index bbe1dd931dd..f27e7e15229 100644 +--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml ++++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml +@@ -78,5 +78,8 @@ +
+ + ++ ++
++ + + +diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.xml b/tests/qemuxmlconfdata/aarch64-virt-default-models.xml +index d9ad495e756..a8029d888df 100644 +--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.xml ++++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.xml +@@ -19,6 +19,6 @@ + +