rpms/libvirt
7
0
Fork 1
Code Issues Pull Requests Releases Activity

- qemu: Use pvpanic by default on aarch64

Browse Source 
- qemu: Refactor default panic model
- qemu: Sometimes the default panic model doesn't exist
- udevListInterfaces: Honour array length for zero-length NULL
 arrays (CVE-2024-8235)
This commit is contained in:
eabdullin 2024-10-04 15:37:34 +03:00
parent 2c6ed0c3c5
commit 3859a70eeb
5 changed files with 393 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
SOURCES/libvirt-qemu-Refactor-default-panic-model.patch Normal file
View File

@ -0,0 +1,78 @@
From 9e1970efa5ac281febffabd57ac5b849117cccb4 Mon Sep 17 00:00:00 2001
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 27 Aug 2024 15:03:31 +0200
Subject: [PATCH] qemu: Refactor default panic model
Perform decisions based on the architecture and machine type
in a single place instead of duplicating them.
This technically adds new behavior for MODEL_ISA in
qemuDomainDefAddDefaultDevices(), but it doesn't make any
difference functionally since we don't set addPanicDevice
outside of ppc64(le) and s390(x). If we did, the lack of
handling for that value would be a latent bug.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_domain.c | 30 ++++++++++++++++++------------
1 file changed, 18 insertions(+), 12 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 93dbbcbc0bc..69a2db686e6 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4139,6 +4139,19 @@ qemuDomainGetSCSIControllerModel(const virDomainDef *def,
}
+static virDomainPanicModel
+qemuDomainDefaultPanicModel(const virDomainDef *def)
+{
+ if (qemuDomainIsPSeries(def))
+ return VIR_DOMAIN_PANIC_MODEL_PSERIES;
+
+ if (ARCH_IS_S390(def->os.arch))
+ return VIR_DOMAIN_PANIC_MODEL_S390;
+
+ return VIR_DOMAIN_PANIC_MODEL_ISA;
+}
+
+
static int
qemuDomainDefAddDefaultDevices(virQEMUDriver *driver,
virDomainDef *def,
@@ -4386,13 +4399,12 @@ qemuDomainDefAddDefaultDevices(virQEMUDriver *driver,
return -1;
if (addPanicDevice) {
+ virDomainPanicModel defaultModel = qemuDomainDefaultPanicModel(def);
size_t j;
+
for (j = 0; j < def->npanics; j++) {
if (def->panics[j]->model == VIR_DOMAIN_PANIC_MODEL_DEFAULT ||
- (ARCH_IS_PPC64(def->os.arch) &&
- def->panics[j]->model == VIR_DOMAIN_PANIC_MODEL_PSERIES) ||
- (ARCH_IS_S390(def->os.arch) &&
- def->panics[j]->model == VIR_DOMAIN_PANIC_MODEL_S390))
+ def->panics[j]->model == defaultModel)
break;
}
@@ -6076,14 +6088,8 @@ static int
qemuDomainDevicePanicDefPostParse(virDomainPanicDef *panic,
const virDomainDef *def)
{
- if (panic->model == VIR_DOMAIN_PANIC_MODEL_DEFAULT) {
- if (qemuDomainIsPSeries(def))
- panic->model = VIR_DOMAIN_PANIC_MODEL_PSERIES;
- else if (ARCH_IS_S390(def->os.arch))
- panic->model = VIR_DOMAIN_PANIC_MODEL_S390;
- else
- panic->model = VIR_DOMAIN_PANIC_MODEL_ISA;
- }
+ if (panic->model == VIR_DOMAIN_PANIC_MODEL_DEFAULT)
+ panic->model = qemuDomainDefaultPanicModel(def);
return 0;
}

67
SOURCES/libvirt-qemu-Sometimes-the-default-panic-model-doesn-t-exist.patch Normal file
View File

@ -0,0 +1,67 @@
From 6d92185a49f5c4107964d2d46a4aecc788646dd9 Mon Sep 17 00:00:00 2001
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 27 Aug 2024 16:44:31 +0200
Subject: [PATCH] qemu: Sometimes the default panic model doesn't exist
Right now the fallback behavior is to use MODEL_ISA if we
haven't been able to find a better match, but that's not very
useful as we're still going to hit an error later, when
QEMU_CAPS_DEVICE_PANIC is not found at Validate time.
Instead of doing that, allow MODEL_DEFAULT to get all the
way to Validate and report an error upon encountering it.
The reported error changes slightly, but other than that the
set of configurations that are allowed and blocked remains
the same.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_domain.c | 5 ++++-
src/qemu/qemu_validate.c | 6 +++++-
.../aarch64-panic-no-model.aarch64-latest.err | 2 +-
.../riscv64-panic-no-model.riscv64-latest.err | 2 +-
4 files changed, 11 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 69a2db686e6..9d44500db01 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4148,7 +4148,10 @@ qemuDomainDefaultPanicModel(const virDomainDef *def)
if (ARCH_IS_S390(def->os.arch))
return VIR_DOMAIN_PANIC_MODEL_S390;
- return VIR_DOMAIN_PANIC_MODEL_ISA;
+ if (ARCH_IS_X86(def->os.arch))
+ return VIR_DOMAIN_PANIC_MODEL_ISA;
+
+ return VIR_DOMAIN_PANIC_MODEL_DEFAULT;
}
diff --git a/src/qemu/qemu_validate.c b/src/qemu/qemu_validate.c
index 3c40f76c126..1954daea525 100644
--- a/src/qemu/qemu_validate.c
+++ b/src/qemu/qemu_validate.c
@@ -1025,8 +1025,12 @@ qemuValidateDomainDefPanic(const virDomainDef *def,
}
break;
- /* default model value was changed before in post parse */
case VIR_DOMAIN_PANIC_MODEL_DEFAULT:
+ /* PostParse couldn't figure out a sensible default model */
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("no panic model provided, and no default for the architecture and machine type"));
+ return -1;
+
case VIR_DOMAIN_PANIC_MODEL_LAST:
break;
}
diff --git a/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err b/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err
index 8e3f2c194d2..139249bbc54 100644
--- a/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err
+++ b/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err
@@ -1 +1 @@
-unsupported configuration: the QEMU binary does not support the ISA panic device
+unsupported configuration: no panic model provided, and no default for the architecture and machine type

141
SOURCES/libvirt-qemu-Use-pvpanic-by-default-on-aarch64.patch Normal file
View File

@ -0,0 +1,141 @@
From ad924689240af3e7964e88c32799df146b640292 Mon Sep 17 00:00:00 2001
From: Andrea Bolognani <abologna@redhat.com>
Date: Tue, 27 Aug 2024 16:19:53 +0200
Subject: [PATCH] qemu: Use pvpanic by default on aarch64
pvpanic-pci is the only reasonable implementation of a panic
device for aarch64/virt guests. Right now we're asking users to
provide the model name manually, but we can be more helpful and
fill it in automatically instead.
With this change, the aarch64-panic-no-model test no longer
fails and so it's no longer useful to us. Instead, we can amend
the aarch64-virt-default-models test case to include panic
coverage, something that until now wasn't possible.
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
src/qemu/qemu_domain.c | 3 +++
.../aarch64-panic-no-model.aarch64-latest.err | 1 -
tests/qemuxmlconfdata/aarch64-panic-no-model.xml | 13 -------------
...rt-default-models.aarch64-latest.abi-update.args | 1 +
...irt-default-models.aarch64-latest.abi-update.xml | 3 +++
.../aarch64-virt-default-models.aarch64-latest.args | 1 +
.../aarch64-virt-default-models.aarch64-latest.xml | 3 +++
.../qemuxmlconfdata/aarch64-virt-default-models.xml | 2 +-
tests/qemuxmlconftest.c | 1 -
9 files changed, 12 insertions(+), 16 deletions(-)
delete mode 100644 tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err
delete mode 100644 tests/qemuxmlconfdata/aarch64-panic-no-model.xml
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 9d44500db01..ed305d9427f 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -4151,6 +4151,9 @@ qemuDomainDefaultPanicModel(const virDomainDef *def)
if (ARCH_IS_X86(def->os.arch))
return VIR_DOMAIN_PANIC_MODEL_ISA;
+ if (qemuDomainIsARMVirt(def))
+ return VIR_DOMAIN_PANIC_MODEL_PVPANIC;
+
return VIR_DOMAIN_PANIC_MODEL_DEFAULT;
}
diff --git a/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err b/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err
deleted file mode 100644
index 139249bbc54..00000000000
--- a/tests/qemuxmlconfdata/aarch64-panic-no-model.aarch64-latest.err
+++ /dev/null
@@ -1 +0,0 @@
-unsupported configuration: no panic model provided, and no default for the architecture and machine type
diff --git a/tests/qemuxmlconfdata/aarch64-panic-no-model.xml b/tests/qemuxmlconfdata/aarch64-panic-no-model.xml
deleted file mode 100644
index 5207e48bbd5..00000000000
--- a/tests/qemuxmlconfdata/aarch64-panic-no-model.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<domain type='qemu'>
- <name>guest</name>
- <uuid>1ccfd97d-5eb4-478a-bbe6-88d254c16db7</uuid>
- <memory>4194304</memory>
- <vcpu>4</vcpu>
- <os>
- <type arch='aarch64' machine='virt'>hvm</type>
- </os>
- <devices>
- <emulator>/usr/bin/qemu-system-aarch64</emulator>
- <panic/>
- </devices>
-</domain>
diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args
index a503f45d0c2..96fb251d808 100644
--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args
+++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.args
@@ -44,4 +44,5 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-gpu-pci","id":"video0","max_outputs":1,"bus":"pci.5","addr":"0x0"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-device '{"driver":"pvpanic-pci","bus":"pcie.0","addr":"0x2"}' \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml
index bbe1dd931dd..f27e7e15229 100644
--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml
+++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.abi-update.xml
@@ -78,5 +78,8 @@
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
</video>
<memballoon model='none'/>
+ <panic model='pvpanic'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </panic>
</devices>
</domain>
diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args
index a503f45d0c2..96fb251d808 100644
--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args
+++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.args
@@ -44,4 +44,5 @@ XDG_CONFIG_HOME=/var/lib/libvirt/qemu/domain--1-guest/.config \
-audiodev '{"id":"audio1","driver":"none"}' \
-device '{"driver":"virtio-gpu-pci","id":"video0","max_outputs":1,"bus":"pci.5","addr":"0x0"}' \
-sandbox on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny \
+-device '{"driver":"pvpanic-pci","bus":"pcie.0","addr":"0x2"}' \
-msg timestamp=on
diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml
index bbe1dd931dd..f27e7e15229 100644
--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml
+++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.aarch64-latest.xml
@@ -78,5 +78,8 @@
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
</video>
<memballoon model='none'/>
+ <panic model='pvpanic'>
+ <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+ </panic>
</devices>
</domain>
diff --git a/tests/qemuxmlconfdata/aarch64-virt-default-models.xml b/tests/qemuxmlconfdata/aarch64-virt-default-models.xml
index d9ad495e756..a8029d888df 100644
--- a/tests/qemuxmlconfdata/aarch64-virt-default-models.xml
+++ b/tests/qemuxmlconfdata/aarch64-virt-default-models.xml
@@ -19,6 +19,6 @@
</tpm>
<video/>
<memballoon model='none'/>
- <!-- No default model for <panic/> on aarch64 -->
+ <panic/>
</devices>
</domain>
diff --git a/tests/qemuxmlconftest.c b/tests/qemuxmlconftest.c
index e97d0e7bdc0..5497fb2ba19 100644
--- a/tests/qemuxmlconftest.c
+++ b/tests/qemuxmlconftest.c
@@ -2672,7 +2672,6 @@ mymain(void)
DO_TEST_CAPS_LATEST("panic");
DO_TEST_CAPS_LATEST("panic-double");
DO_TEST_CAPS_LATEST("panic-no-address");
- DO_TEST_CAPS_ARCH_LATEST_PARSE_ERROR("aarch64-panic-no-model", "aarch64");
DO_TEST_CAPS_LATEST("pvpanic-pci-x86_64");
DO_TEST_CAPS_ARCH_LATEST("pvpanic-pci-aarch64", "aarch64");

89
SOURCES/libvirt-udevListInterfaces-Honour-array-length-for-zero-length-NULL-arrays-CVE-2024-8235.patch Normal file
View File

@ -0,0 +1,89 @@
From 8dfb12cb77996519901b8d52c754ab564ebd10e8 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 21 Aug 2024 15:18:31 +0200
Subject: [PATCH] udevListInterfaces: Honour array length for zero-length NULL
arrays (CVE-2024-8235)
The refactor of 'udevListInterfacesByStatus()' which attempted to make
it usable as backend for 'udevNumOfInterfacesByStatus()' neglected to
consider the corner case of 'g_new0(..., 0)' returning NULL if the user
actually requests 0 elements.
As the code was modified to report the full number of interfaces in the
system when the list of names is NULL, the RPC code would be asked to
serialize a NULL-list of interface names with declared lenth of 1+
causing a crash.
To fix this corner case we make callers pass '-1' as @names_len (it's
conveniently an 'int' due to RPC type usage) if they don't wish to fetch
the actual list and convert all decisions to be done on @names_len being
non-negative instead of @names being non-NULL.
CVE-2024-8235
Fixes: bc596f275129bc11b2c4bcf737d380c9e8aeb72d
Resolves: https://issues.redhat.com/browse/RHEL-55373
Reported-by: Yanqiu Zhang <yanqzhan@redhat.com>
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
---
src/interface/interface_backend_udev.c | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
index e1a50389c96..48eacdcdc2b 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -143,12 +143,13 @@ udevGetDevices(struct udev *udev, virUdevStatus status)
*
* @conn: connection object
* @names: optional pointer to array to be filled with interface names
- * @names_len: size of @names
+ * @names_len: size of @names, -1 if only number of interfaces is required (@names is then ignored)
* @status: status of interfaces to be listed
* @filter: ACL filter function
*
* Lists interfaces with status matching @status filling them into @names (if
- * non-NULL) and returns the number of such interfaces.
+ * @names_len is positive, caller is expected to pass a properly sized array)
+ * and returns the number of such interfaces.
*
* In case of an error -1 is returned and no interfaces are filled into @names.
*/
@@ -189,7 +190,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
g_autoptr(virInterfaceDef) def = NULL;
/* Ensure we won't exceed the size of our array */
- if (names && count >= names_len)
+ if (names_len >= 0 && count >= names_len)
break;
path = udev_list_entry_get_name(dev_entry);
@@ -204,7 +205,8 @@ udevListInterfacesByStatus(virConnectPtr conn,
def = udevGetMinimalDefForDevice(dev);
if (filter(conn, def)) {
- if (names)
+ /* Fill the array only if caller want's it */
+ if (names_len >= 0)
names[count] = g_strdup(name);
count++;
}
@@ -224,7 +226,7 @@ udevConnectNumOfInterfaces(virConnectPtr conn)
if (virConnectNumOfInterfacesEnsureACL(conn) < 0)
return -1;
- return udevListInterfacesByStatus(conn, NULL, 0, VIR_UDEV_IFACE_ACTIVE,
+ return udevListInterfacesByStatus(conn, NULL, -1, VIR_UDEV_IFACE_ACTIVE,
virConnectNumOfInterfacesCheckACL);
}
@@ -247,7 +249,7 @@ udevConnectNumOfDefinedInterfaces(virConnectPtr conn)
if (virConnectNumOfDefinedInterfacesEnsureACL(conn) < 0)
return -1;
- return udevListInterfacesByStatus(conn, NULL, 0, VIR_UDEV_IFACE_INACTIVE,
+ return udevListInterfacesByStatus(conn, NULL, -1, VIR_UDEV_IFACE_INACTIVE,
virConnectNumOfDefinedInterfacesCheckACL);
}

19
SPECS/libvirt.spec
View File

@ -289,7 +289,7 @@
Summary: Library providing a simple virtualization API Summary: Library providing a simple virtualization API
Name: libvirt Name: libvirt
Version: 10.5.0 Version: 10.5.0
Release: 5%{?dist}%{?extra_release} Release: 7%{?dist}%{?extra_release}.alma.1
License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1 License: GPL-2.0-or-later AND LGPL-2.1-only AND LGPL-2.1-or-later AND OFL-1.1
URL: https://libvirt.org/ URL: https://libvirt.org/
@ -312,6 +312,16 @@ Patch12: libvirt-qemu_domain-Strip-acpi-from-s390-x-definitions.patch
Patch13: libvirt-qemuxmlconftest-Add-tests-for-the-ACPI-stripping-hack-on-s390.patch Patch13: libvirt-qemuxmlconftest-Add-tests-for-the-ACPI-stripping-hack-on-s390.patch
Patch14: libvirt-vsh-Allow-vshReadlineInit-to-be-called-multiple-times.patch Patch14: libvirt-vsh-Allow-vshReadlineInit-to-be-called-multiple-times.patch
# Patches were taken from:
# https://github.com/libvirt/libvirt/commit/9e1970efa5ac281febffabd57ac5b849117cccb4
Patch15: libvirt-qemu-Refactor-default-panic-model.patch
# https://github.com/libvirt/libvirt/commit/6d92185a49f5c4107964d2d46a4aecc788646dd9
Patch16: libvirt-qemu-Sometimes-the-default-panic-model-doesn-t-exist.patch
# https://github.com/libvirt/libvirt/commit/ad924689240af3e7964e88c32799df146b640292
Patch17: libvirt-qemu-Use-pvpanic-by-default-on-aarch64.patch
# https://github.com/libvirt/libvirt/commit/8dfb12cb77996519901b8d52c754ab564ebd10e8
Patch18: libvirt-udevListInterfaces-Honour-array-length-for-zero-length-NULL-arrays-CVE-2024-8235.patch
Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon = %{version}-%{release}
Requires: libvirt-daemon-config-network = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release}
@ -2639,6 +2649,13 @@ exit 0
%endif %endif
%changelog %changelog
* Fri Oct 04 2024 Eduard Abdullin <eabdullin@almalinux.org> - 10.5.0-7.alma.1
- qemu: Use pvpanic by default on aarch64
- qemu: Refactor default panic model
- qemu: Sometimes the default panic model doesn't exist
- udevListInterfaces: Honour array length for zero-length NULL
arrays (CVE-2024-8235)
* Fri Aug 9 2024 Jiri Denemark <jdenemar@redhat.com> - 10.5.0-5 * Fri Aug 9 2024 Jiri Denemark <jdenemar@redhat.com> - 10.5.0-5
- qemu: virtiofs: cache: use 'never' instead of 'none' (RHEL-50329) - qemu: virtiofs: cache: use 'never' instead of 'none' (RHEL-50329)
- qemu_domain: Strip <acpi/> from s390(x) definitions (RHEL-49516) - qemu_domain: Strip <acpi/> from s390(x) definitions (RHEL-49516)