import virt-manager-2.0.0-5.1.el8_0

This commit is contained in:
CentOS Sources 2019-06-18 12:42:52 -04:00 committed by Andrew Lukoshko
parent b005b2e064
commit 42d2793fa4
15 changed files with 1441 additions and 1 deletions

View File

@ -0,0 +1,61 @@
From 6ba190915ed0be80b67423003dfdf183c47a2fb8 Mon Sep 17 00:00:00 2001
Message-Id: <6ba190915ed0be80b67423003dfdf183c47a2fb8@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:55 +0200
Subject: [PATCH] DomainCpu: check CPU model name only if model exists
For CPU modes other then "custom" there is no model so we should not
check the suffix of model name.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit c1ebd6730cb25b57124fad6c4030345356703320)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
tests/xmlparse.py | 4 ++++
virtinst/domain/cpu.py | 9 +++++----
2 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/tests/xmlparse.py b/tests/xmlparse.py
index c9828fc8..58d3c1a6 100644
--- a/tests/xmlparse.py
+++ b/tests/xmlparse.py
@@ -335,8 +335,12 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("mode", "host-passthrough", "custom")
check("mode", "custom", "host-model")
+ guest.cpu.check_security_features(guest)
+ check("secure", False)
guest.cpu.set_model(guest, "qemu64")
check("model", "qemu64")
+ guest.cpu.check_security_features(guest)
+ check("secure", False)
self._alter_compare(guest.get_xml(), outfile)
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index 1d468468..66fa649b 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -136,10 +136,11 @@ class DomainCpu(XMLBuilder):
return
guestFeatures = [f.name for f in self.features if f.policy == "require"]
- if self.model.endswith("IBRS"):
- guestFeatures.append("spec-ctrl")
- if self.model.endswith("IBPB"):
- guestFeatures.append("ibpb")
+ if self.model:
+ if self.model.endswith("IBRS"):
+ guestFeatures.append("spec-ctrl")
+ if self.model.endswith("IBPB"):
+ guestFeatures.append("ibpb")
self.secure = set(features) <= set(guestFeatures)
--
2.21.0

View File

@ -0,0 +1,56 @@
From 703abe06db1ecfadb7e5a5f877f86d41f367300d Mon Sep 17 00:00:00 2001
Message-Id: <703abe06db1ecfadb7e5a5f877f86d41f367300d@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:54 +0200
Subject: [PATCH] DomainCpu: fix detection of CPU security features
VM configured with mode="host-model" will have the CPU definition
expanded once the VM is started. Libvirt will try to use the closest
CPU model with some features enabled/disabled.
The issue is that there are some models that include spec-ctrl or ibpb
features and they will not appear in the explicit list of features and
virt-manager will not correctly detect if all security features are
enabled or not. As a workaround we can check the suffix of CPU model to
figure out which security features are enabled by the model itself.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 291f2ef21486cb54aadd40f07052aedfebef3792)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/domain/cpu.py | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index c6a411bb..1d468468 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -135,15 +135,13 @@ class DomainCpu(XMLBuilder):
self.secure = False
return
- for feature in features:
- exists = False
- for f in self.features:
- if f.name == feature and f.policy == "require":
- exists = True
- break
- if not exists:
- self.secure = False
- return
+ guestFeatures = [f.name for f in self.features if f.policy == "require"]
+ if self.model.endswith("IBRS"):
+ guestFeatures.append("spec-ctrl")
+ if self.model.endswith("IBPB"):
+ guestFeatures.append("ibpb")
+
+ self.secure = set(features) <= set(guestFeatures)
def _remove_security_features(self, guest):
domcaps = guest.lookup_domcaps()
--
2.21.0

View File

@ -0,0 +1,45 @@
From 8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff Mon Sep 17 00:00:00 2001
Message-Id: <8f09b85515f78b8e73e71abcd8f0a61cbab7d7ff@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 08:06:09 -0400
Subject: [PATCH] cli: Fix pool=default when path belongs to another pool (bz
1692489)
From: Cole Robinson <crobinso@redhat.com>
Using 'virt-install --disk size=X' implicitly uses pool=default. If
a pool named 'default' exists we use that; if not, and a pool using
the default path exists under a different name, we attempt to use
that as well, and if that doesn't exist, we create pool=default
The second case is broken, so if there's no pool=default and eg.
pool=FOO points to /var/lib/libvirt/images, we still attempt to
look up pool=default which understandably fails
https://bugzilla.redhat.com/show_bug.cgi?id=1692489
(cherry picked from commit a0ca387aad0fde19683aa8b5b5636add6455b8b4)
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752
---
virtinst/cli.py | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/virtinst/cli.py b/virtinst/cli.py
index 21467a4d..63acb642 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -2029,7 +2029,9 @@ class ParserDisk(VirtCLIParser):
poolobj = None
if poolname:
if poolname == "default":
- StoragePool.build_default_pool(self.guest.conn)
+ poolxml = StoragePool.build_default_pool(self.guest.conn)
+ if poolxml:
+ poolname = poolxml.name
poolobj = self.guest.conn.storagePoolLookupByName(poolname)
if volname:
--
2.21.0

View File

@ -0,0 +1,40 @@
From dc5ec3458d325c3824c62517d72d802b2c3caee2 Mon Sep 17 00:00:00 2001
Message-Id: <dc5ec3458d325c3824c62517d72d802b2c3caee2@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 22 May 2019 18:08:31 +0200
Subject: [PATCH] cli: fix cpu secure option to actually work
The 'secure' option is processed after the model is already set.
CPU security options are resolved while setting CPU model so we need
to know the 'secure' option value before we set the CPU model.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 06c2f873972fd4c60a57c8b8f07fe3cec4ddfcf4)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/cli.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/virtinst/cli.py b/virtinst/cli.py
index 0bfa3b94..139be8f9 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1493,11 +1493,11 @@ class ParserCPU(VirtCLIParser):
_register_virt_parser(ParserCPU)
+ParserCPU.add_arg("secure", "secure", is_onoff=True)
ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb)
ParserCPU.add_arg("mode", "mode")
ParserCPU.add_arg("match", "match")
ParserCPU.add_arg("vendor", "vendor")
-ParserCPU.add_arg("secure", "secure", is_onoff=True)
ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb)
ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb)
--
2.21.0

View File

@ -0,0 +1,202 @@
From 55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e Mon Sep 17 00:00:00 2001
Message-Id: <55e2f03d72ecab6bd0e42a31a07b4d3f2471fd7e@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:51 +0200
Subject: [PATCH] cli: introduce CPU secure parameter
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This will allow users to override the default behavior of virt-install
which copies CPU security features available on the host to the guest
XML if specific CPU model is configured.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 22342ef7ee526f8a5b5a65266363c33c70c8be43)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
man/virt-install.pod | 11 ++-
.../compare/virt-install-cpu-disable-sec.xml | 93 +++++++++++++++++++
tests/clitest.py | 1 +
virtinst/cli.py | 1 +
virtinst/domain/cpu.py | 7 +-
5 files changed, 111 insertions(+), 2 deletions(-)
create mode 100644 tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml
diff --git a/man/virt-install.pod b/man/virt-install.pod
index 5b7a784c..1cd31fa2 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -216,7 +216,16 @@ required value is MODEL, which is a valid CPU model as known to libvirt.
Libvirt's feature policy values force, require, optional, disable, or forbid,
or with the shorthand '+feature' and '-feature', which equal 'force=feature'
-and 'disable=feature' respectively
+and 'disable=feature' respectively.
+
+If exact CPU model is specified virt-install will automatically copy CPU
+features available on the host to mitigate recent CPU speculative execution
+side channel security vulnerabilities. This however will have some impact
+on performance and will break migration to hosts without security patches.
+In order to control this behavior there is a B<secure> parameter. Possible
+values are I<on> and I<off>, with I<on> as the default. It is highly
+recommended to leave this enabled and ensure all virtualization hosts have
+fully up to date microcode, kernel & virtualization software installed.
Some examples:
diff --git a/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml
new file mode 100644
index 00000000..a86d6926
--- /dev/null
+++ b/tests/cli-test-xml/compare/virt-install-cpu-disable-sec.xml
@@ -0,0 +1,93 @@
+<domain type="kvm">
+ <name>foobar</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch="x86_64" machine="pc">hvm</type>
+ <boot dev="network"/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ </features>
+ <cpu mode="custom" match="exact">
+ <model>qemu64</model>
+ </cpu>
+ <clock offset="utc">
+ <timer name="rtc" tickpolicy="catchup"/>
+ <timer name="pit" tickpolicy="delay"/>
+ <timer name="hpet" present="no"/>
+ </clock>
+ <on_reboot>destroy</on_reboot>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/qemu-kvm</emulator>
+ <controller type="usb" index="0" model="ich9-ehci1"/>
+ <controller type="usb" index="0" model="ich9-uhci1">
+ <master startport="0"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci2">
+ <master startport="2"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci3">
+ <master startport="4"/>
+ </controller>
+ <interface type="bridge">
+ <source bridge="eth0"/>
+ <mac address="00:11:22:33:44:55"/>
+ <model type="e1000"/>
+ </interface>
+ <console type="pty"/>
+ </devices>
+</domain>
+<domain type="kvm">
+ <name>foobar</name>
+ <uuid>00000000-1111-2222-3333-444444444444</uuid>
+ <memory>65536</memory>
+ <currentMemory>65536</currentMemory>
+ <vcpu>1</vcpu>
+ <os>
+ <type arch="x86_64" machine="pc">hvm</type>
+ <boot dev="network"/>
+ </os>
+ <features>
+ <acpi/>
+ <apic/>
+ </features>
+ <cpu mode="custom" match="exact">
+ <model>qemu64</model>
+ </cpu>
+ <clock offset="utc">
+ <timer name="rtc" tickpolicy="catchup"/>
+ <timer name="pit" tickpolicy="delay"/>
+ <timer name="hpet" present="no"/>
+ </clock>
+ <pm>
+ <suspend-to-mem enabled="no"/>
+ <suspend-to-disk enabled="no"/>
+ </pm>
+ <devices>
+ <emulator>/usr/bin/qemu-kvm</emulator>
+ <controller type="usb" index="0" model="ich9-ehci1"/>
+ <controller type="usb" index="0" model="ich9-uhci1">
+ <master startport="0"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci2">
+ <master startport="2"/>
+ </controller>
+ <controller type="usb" index="0" model="ich9-uhci3">
+ <master startport="4"/>
+ </controller>
+ <interface type="bridge">
+ <source bridge="eth0"/>
+ <mac address="00:11:22:33:44:55"/>
+ <model type="e1000"/>
+ </interface>
+ <console type="pty"/>
+ </devices>
+</domain>
diff --git a/tests/clitest.py b/tests/clitest.py
index ecdf3731..32ce66e6 100644
--- a/tests/clitest.py
+++ b/tests/clitest.py
@@ -568,6 +568,7 @@ c.add_invalid("--clock foo_tickpolicy=merge") # Unknown timer
c.add_invalid("--security foobar") # Busted --security
c.add_compare("--cpuset auto --vcpus 2", "cpuset-auto") # --cpuset=auto actually works
c.add_compare("--memory 1024,hotplugmemorymax=2048,hotplugmemoryslots=2 --cpu cell0.cpus=0,cell0.memory=1048576 --memdev dimm,access=private,target_size=512,target_node=0,source_pagesize=4,source_nodemask=1-2 --memdev nvdimm,source_path=/path/to/nvdimm,target_size=512,target_node=0,target_label_size=128", "memory-hotplug")
+c.add_compare("--connect " + utils.URIs.kvm_q35 + " --cpu qemu64,secure=off", "cpu-disable-sec") # disable security features that are added by default
diff --git a/virtinst/cli.py b/virtinst/cli.py
index b10c22aa..0bfa3b94 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1497,6 +1497,7 @@ ParserCPU.add_arg(None, "model", cb=ParserCPU.set_model_cb)
ParserCPU.add_arg("mode", "mode")
ParserCPU.add_arg("match", "match")
ParserCPU.add_arg("vendor", "vendor")
+ParserCPU.add_arg("secure", "secure", is_onoff=True)
ParserCPU.add_arg(None, "force", is_list=True, cb=ParserCPU.set_feature_cb)
ParserCPU.add_arg(None, "require", is_list=True, cb=ParserCPU.set_feature_cb)
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index e3992cf4..ab40f788 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -65,6 +65,8 @@ class DomainCpu(XMLBuilder):
_XML_PROP_ORDER = ["mode", "match", "model", "vendor",
"sockets", "cores", "threads", "features"]
+ secure = True
+
special_mode_was_set = False
# These values are exposed on the command line, so are stable API
SPECIAL_MODE_HOST_MODEL_ONLY = "host-model-only"
@@ -127,7 +129,10 @@ class DomainCpu(XMLBuilder):
self.mode = "custom"
if not self.match:
self.match = "exact"
- self._add_security_features(guest)
+ if self.secure:
+ self._add_security_features(guest)
+ else:
+ self._remove_security_features(guest)
self.model = val
def add_feature(self, name, policy="require"):
--
2.21.0

View File

@ -0,0 +1,180 @@
From 9080810abab3d5679d20b3b8874d2fce2c28d522 Mon Sep 17 00:00:00 2001
Message-Id: <9080810abab3d5679d20b3b8874d2fce2c28d522@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:48 +0200
Subject: [PATCH] domain: cpu: automatically add CPU security features for
"custom" mode
If user selects specific CPU model to be configured for guest we will
automatically add CPU security features to make sure that the guest is
not vulnerable to these CPU HW bugs.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1582667
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit fb5136a6a9457894ff1e24a1f9d5f0af0a8e8bd1)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
.../compare/virt-install-qemu-plain.xml | 2 ++
.../virt-install-singleton-config-2.xml | 4 ++++
tests/xmlparse.py | 6 +++---
virtManager/domain.py | 2 +-
virtinst/cli.py | 2 +-
virtinst/domain/cpu.py | 20 +++++++++++++++----
6 files changed, 27 insertions(+), 9 deletions(-)
diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
index d00e0cf4..eb1542c3 100644
--- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
+++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
@@ -20,6 +20,8 @@
</features>
<cpu mode="custom" match="exact">
<model>Penryn</model>
+ <feature policy="require" name="pcid"/>
+ <feature policy="require" name="pdpe1gb"/>
</cpu>
<clock offset="utc">
<timer name="rtc" tickpolicy="catchup"/>
diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
index 621639e1..0861f62a 100644
--- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
+++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
@@ -93,6 +93,8 @@
<model>foobar</model>
<vendor>meee</vendor>
<topology sockets="2" cores="2" threads="2"/>
+ <feature policy="require" name="pcid"/>
+ <feature policy="require" name="pdpe1gb"/>
<feature policy="force" name="x2apic"/>
<feature policy="force" name="x2apicagain"/>
<feature policy="require" name="reqtest"/>
@@ -282,6 +284,8 @@
<model>foobar</model>
<vendor>meee</vendor>
<topology sockets="2" cores="2" threads="2"/>
+ <feature policy="require" name="pcid"/>
+ <feature policy="require" name="pdpe1gb"/>
<feature policy="force" name="x2apic"/>
<feature policy="force" name="x2apicagain"/>
<feature policy="require" name="reqtest"/>
diff --git a/tests/xmlparse.py b/tests/xmlparse.py
index 61552720..c9828fc8 100644
--- a/tests/xmlparse.py
+++ b/tests/xmlparse.py
@@ -176,7 +176,7 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("match", "exact", "strict")
- guest.cpu.set_model("qemu64")
+ guest.cpu.set_model(guest, "qemu64")
check("model", "qemu64")
check("vendor", "Intel", "qemuvendor")
check("threads", 2, 1)
@@ -269,7 +269,7 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("model", None)
- guest.cpu.set_model("foobar")
+ guest.cpu.set_model(guest, "foobar")
check("model", "foobar")
check("model_fallback", None, "allow")
check("cores", None, 4)
@@ -335,7 +335,7 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("mode", "host-passthrough", "custom")
check("mode", "custom", "host-model")
- guest.cpu.set_model("qemu64")
+ guest.cpu.set_model(guest, "qemu64")
check("model", "qemu64")
self._alter_compare(guest.get_xml(), outfile)
diff --git a/virtManager/domain.py b/virtManager/domain.py
index 96469969..5b3f1e44 100644
--- a/virtManager/domain.py
+++ b/virtManager/domain.py
@@ -513,7 +513,7 @@ class vmmDomain(vmmLibvirtObject):
if model in guest.cpu.SPECIAL_MODES:
guest.cpu.set_special_mode(guest, model)
else:
- guest.cpu.set_model(model)
+ guest.cpu.set_model(guest, model)
self._redefine_xmlobj(guest)
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL):
diff --git a/virtinst/cli.py b/virtinst/cli.py
index e384b03a..b10c22aa 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1442,7 +1442,7 @@ class ParserCPU(VirtCLIParser):
if val in inst.SPECIAL_MODES:
inst.set_special_mode(self.guest, val)
else:
- inst.set_model(val)
+ inst.set_model(self.guest, val)
def set_feature_cb(self, inst, val, virtarg):
policy = virtarg.cliname
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index 0673324c..e3992cf4 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -103,19 +103,31 @@ class DomainCpu(XMLBuilder):
elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY:
if self.conn.caps.host.cpu.model:
self.clear()
- self.set_model(self.conn.caps.host.cpu.model)
+ self.set_model(guest, self.conn.caps.host.cpu.model)
else:
raise RuntimeError("programming error: unknown "
"special cpu mode '%s'" % val)
self.special_mode_was_set = True
- def set_model(self, val):
+ def _add_security_features(self, guest):
+ domcaps = guest.lookup_domcaps()
+ for feature in domcaps.get_cpu_security_features():
+ exists = False
+ for f in self.features:
+ if f.name == feature:
+ exists = True
+ break
+ if not exists:
+ self.add_feature(feature)
+
+ def set_model(self, guest, val):
logging.debug("setting cpu model %s", val)
if val:
self.mode = "custom"
if not self.match:
self.match = "exact"
+ self._add_security_features(guest)
self.model = val
def add_feature(self, name, policy="require"):
@@ -147,7 +159,7 @@ class DomainCpu(XMLBuilder):
self.mode = "custom"
self.match = "exact"
- self.set_model(model)
+ self.set_model(guest, model)
if fallback:
self.model_fallback = fallback
self.vendor = cpu.vendor
@@ -271,7 +283,7 @@ class DomainCpu(XMLBuilder):
elif guest.os.is_arm64() and guest.os.is_arm_machvirt():
# -M virt defaults to a 32bit CPU, even if using aarch64
- self.set_model("cortex-a57")
+ self.set_model(guest, "cortex-a57")
elif guest.os.is_x86() and guest.type == "kvm":
self._set_cpu_x86_kvm_default(guest)
--
2.21.0

View File

@ -0,0 +1,161 @@
From 220390ebd48b33d1d1fae747dc41f1aedd7646e0 Mon Sep 17 00:00:00 2001
Message-Id: <220390ebd48b33d1d1fae747dc41f1aedd7646e0@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:47 +0200
Subject: [PATCH] domain: cpu: introduce set_model function
We will need to pass another variable into the setter so we cannot use
the property setter.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit 6423f653fd2d895d5addf37a6d504dbc9a4a0d6f)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
tests/xmlparse.py | 11 +++++++----
virtManager/domain.py | 2 +-
virtinst/cli.py | 2 +-
virtinst/domain/cpu.py | 28 +++++++++++++---------------
4 files changed, 22 insertions(+), 21 deletions(-)
diff --git a/tests/xmlparse.py b/tests/xmlparse.py
index 709bc48f..61552720 100644
--- a/tests/xmlparse.py
+++ b/tests/xmlparse.py
@@ -176,7 +176,8 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("match", "exact", "strict")
- check("model", "footest", "qemu64")
+ guest.cpu.set_model("qemu64")
+ check("model", "qemu64")
check("vendor", "Intel", "qemuvendor")
check("threads", 2, 1)
check("cores", 5, 3)
@@ -267,7 +268,9 @@ class XMLParseTest(unittest.TestCase):
guest.seclabels[0].get_xml().startswith("<seclabel"))
check = self._make_checker(guest.cpu)
- check("model", None, "foobar")
+ check("model", None)
+ guest.cpu.set_model("foobar")
+ check("model", "foobar")
check("model_fallback", None, "allow")
check("cores", None, 4)
guest.cpu.add_feature("x2apic", "forbid")
@@ -332,8 +335,8 @@ class XMLParseTest(unittest.TestCase):
check = self._make_checker(guest.cpu)
check("mode", "host-passthrough", "custom")
check("mode", "custom", "host-model")
- # mode will be "custom"
- check("model", None, "qemu64")
+ guest.cpu.set_model("qemu64")
+ check("model", "qemu64")
self._alter_compare(guest.get_xml(), outfile)
diff --git a/virtManager/domain.py b/virtManager/domain.py
index 4fcc716e..96469969 100644
--- a/virtManager/domain.py
+++ b/virtManager/domain.py
@@ -513,7 +513,7 @@ class vmmDomain(vmmLibvirtObject):
if model in guest.cpu.SPECIAL_MODES:
guest.cpu.set_special_mode(guest, model)
else:
- guest.cpu.model = model
+ guest.cpu.set_model(model)
self._redefine_xmlobj(guest)
def define_memory(self, memory=_SENTINEL, maxmem=_SENTINEL):
diff --git a/virtinst/cli.py b/virtinst/cli.py
index 63acb642..e384b03a 100644
--- a/virtinst/cli.py
+++ b/virtinst/cli.py
@@ -1442,7 +1442,7 @@ class ParserCPU(VirtCLIParser):
if val in inst.SPECIAL_MODES:
inst.set_special_mode(self.guest, val)
else:
- inst.model = val
+ inst.set_model(val)
def set_feature_cb(self, inst, val, virtarg):
policy = virtarg.cliname
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index d66704c1..0673324c 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -62,7 +62,7 @@ class DomainCpu(XMLBuilder):
Class for generating <cpu> XML
"""
XML_NAME = "cpu"
- _XML_PROP_ORDER = ["mode", "match", "_model", "vendor",
+ _XML_PROP_ORDER = ["mode", "match", "model", "vendor",
"sockets", "cores", "threads", "features"]
special_mode_was_set = False
@@ -103,13 +103,21 @@ class DomainCpu(XMLBuilder):
elif val == self.SPECIAL_MODE_HOST_MODEL_ONLY:
if self.conn.caps.host.cpu.model:
self.clear()
- self.model = self.conn.caps.host.cpu.model
+ self.set_model(self.conn.caps.host.cpu.model)
else:
raise RuntimeError("programming error: unknown "
"special cpu mode '%s'" % val)
self.special_mode_was_set = True
+ def set_model(self, val):
+ logging.debug("setting cpu model %s", val)
+ if val:
+ self.mode = "custom"
+ if not self.match:
+ self.match = "exact"
+ self.model = val
+
def add_feature(self, name, policy="require"):
feature = self.features.add_new()
feature.name = name
@@ -139,7 +147,7 @@ class DomainCpu(XMLBuilder):
self.mode = "custom"
self.match = "exact"
- self.model = model
+ self.set_model(model)
if fallback:
self.model_fallback = fallback
self.vendor = cpu.vendor
@@ -201,17 +209,7 @@ class DomainCpu(XMLBuilder):
# XML properties #
##################
- def _set_model(self, val):
- if val:
- self.mode = "custom"
- if not self.match:
- self.match = "exact"
- self._model = val
- def _get_model(self):
- return self._model
- _model = XMLProperty("./model")
- model = property(_get_model, _set_model)
-
+ model = XMLProperty("./model")
model_fallback = XMLProperty("./model/@fallback")
match = XMLProperty("./@match")
@@ -273,7 +271,7 @@ class DomainCpu(XMLBuilder):
elif guest.os.is_arm64() and guest.os.is_arm_machvirt():
# -M virt defaults to a 32bit CPU, even if using aarch64
- self.model = "cortex-a57"
+ self.set_model("cortex-a57")
elif guest.os.is_x86() and guest.type == "kvm":
self._set_cpu_x86_kvm_default(guest)
--
2.21.0

View File

@ -0,0 +1,64 @@
From 0424ece6003d2a06f41f4277bb258d6f753c70c6 Mon Sep 17 00:00:00 2001
Message-Id: <0424ece6003d2a06f41f4277bb258d6f753c70c6@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:52 +0200
Subject: [PATCH] domcapabilities: add caching of CPU security features
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We will call this function multiple times so it makes sense to cache the
result so we don't have to call libvirt APIs every time we will check
what security features are available on the host.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 00f8dea370ae0874dc655d3718978a6a8e397a34)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/domcapabilities.py | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 2905aa9e..6636addf 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -260,6 +260,8 @@ class DomainCapabilities(XMLBuilder):
return DomainCpu(self.conn, expandedXML)
+ _features = None
+
def get_cpu_security_features(self):
sec_features = [
'spec-ctrl',
@@ -267,7 +269,10 @@ class DomainCapabilities(XMLBuilder):
'ibpb',
'virt-ssbd']
- features = []
+ if self._features:
+ return self._features
+
+ self._features = []
for m in self.cpu.modes:
if m.name != "host-model" or not m.supported:
@@ -281,9 +286,9 @@ class DomainCapabilities(XMLBuilder):
for feature in cpu.features:
if feature.name in sec_features:
- features.append(feature.name)
+ self._features.append(feature.name)
- return features
+ return self._features
XML_NAME = "domainCapabilities"
--
2.21.0

View File

@ -0,0 +1,61 @@
From 961ffb1709e7af8c394093aca94f64b4c5ffda36 Mon Sep 17 00:00:00 2001
Message-Id: <961ffb1709e7af8c394093aca94f64b4c5ffda36@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:56 +0200
Subject: [PATCH] domcapabilities: detect MDS new vulnerability
There is a new security feature 'md-clear' that mitigates recent CPU
Microarchitectural Store Buffer Data vulnerability.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit c11d6ba4d7024eaac83b6e2d6ae88172f4c01e98)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
man/virt-install.pod | 13 +++++++------
virtinst/domcapabilities.py | 3 ++-
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/man/virt-install.pod b/man/virt-install.pod
index 1cd31fa2..f845ccb3 100644
--- a/man/virt-install.pod
+++ b/man/virt-install.pod
@@ -220,12 +220,13 @@ and 'disable=feature' respectively.
If exact CPU model is specified virt-install will automatically copy CPU
features available on the host to mitigate recent CPU speculative execution
-side channel security vulnerabilities. This however will have some impact
-on performance and will break migration to hosts without security patches.
-In order to control this behavior there is a B<secure> parameter. Possible
-values are I<on> and I<off>, with I<on> as the default. It is highly
-recommended to leave this enabled and ensure all virtualization hosts have
-fully up to date microcode, kernel & virtualization software installed.
+side channel and Microarchitectural Store Buffer Data security vulnerabilities.
+This however will have some impact on performance and will break migration
+to hosts without security patches. In order to control this behavior there
+is a B<secure> parameter. Possible values are I<on> and I<off>, with I<on>
+as the default. It is highly recommended to leave this enabled and ensure all
+virtualization hosts have fully up to date microcode, kernel & virtualization
+software installed.
Some examples:
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 6636addf..74e5c842 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -267,7 +267,8 @@ class DomainCapabilities(XMLBuilder):
'spec-ctrl',
'ssbd',
'ibpb',
- 'virt-ssbd']
+ 'virt-ssbd',
+ 'md-clear']
if self._features:
return self._features
--
2.21.0

View File

@ -0,0 +1,45 @@
From 7c3db309efe09e0bdf8834842525c5aa91a80387 Mon Sep 17 00:00:00 2001
Message-Id: <7c3db309efe09e0bdf8834842525c5aa91a80387@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:50 +0200
Subject: [PATCH] domcapabilities: fix typo in function name
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit b711b28b1af6998f57d5610139439518545663f0)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/domcapabilities.py | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 42a18f1e..2905aa9e 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -244,7 +244,7 @@ class DomainCapabilities(XMLBuilder):
arch.text = self.arch
return ET.tostring(root, encoding="unicode")
- def _get_expandned_cpu(self, mode):
+ def _get_expanded_cpu(self, mode):
cpuXML = self._convert_mode_to_cpu(mode.get_xml())
logging.debug("CPU XML for security flag baseline: %s", cpuXML)
@@ -274,7 +274,7 @@ class DomainCapabilities(XMLBuilder):
continue
try:
- cpu = self._get_expandned_cpu(m)
+ cpu = self._get_expanded_cpu(m)
except libvirt.libvirtError as e:
logging.warning(_("Failed to get expanded CPU XML: %s"), e)
break
--
2.21.0

View File

@ -0,0 +1,108 @@
From 6088fe594a3a5d383e345029473e2dd933dc8220 Mon Sep 17 00:00:00 2001
Message-Id: <6088fe594a3a5d383e345029473e2dd933dc8220@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:46 +0200
Subject: [PATCH] domcapabilities: introduce get_cpu_security_features
Get all CPU security features that we should enable for guests.
In order to do that we need to get CPU definition from domain
capabilities and modify the XML so it is in required format for
libvirt CPU baseline APIs. We will prefer the baselineHypervisorCPU
API because that considers what QEMU actually supports and we will
fallback to baselineCPU API if the better one is not supported by
libvirt.
This way we can figure out which of the security features are actually
available on that specific host for that specific QEMU binary.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Cole Robinson <crobinso@redhat.com>
(cherry picked from commit 4a8b6363c0891e37d9532213a046c5c57aedfd8b)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/domcapabilities.py | 57 +++++++++++++++++++++++++++++++++++++
1 file changed, 57 insertions(+)
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 4cbb7f20..28ed8630 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -8,7 +8,11 @@
import logging
import re
+import xml.etree.ElementTree as ET
+import libvirt
+
+from .domain import DomainCpu
from .xmlbuilder import XMLBuilder, XMLChildProperty, XMLProperty
@@ -232,6 +236,59 @@ class DomainCapabilities(XMLBuilder):
return [(m.name == "host-model" and m.supported)
for m in self.cpu.modes]
+ def _convert_mode_to_cpu(self, xml):
+ root = ET.fromstring(xml)
+ root.tag = "cpu"
+ root.attrib = None
+ arch = ET.SubElement(root, "arch")
+ arch.text = self.arch
+ return ET.tostring(root, encoding="unicode")
+
+ def _get_expandned_cpu(self, mode):
+ cpuXML = self._convert_mode_to_cpu(mode.get_xml())
+ logging.debug("CPU XML for security flag baseline: %s", cpuXML)
+
+ try:
+ expandedXML = self.conn.baselineHypervisorCPU(
+ self.path, self.arch, self.machine, self.domain, [cpuXML],
+ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES)
+ except libvirt.libvirtError:
+ expandedXML = self.conn.baselineCPU([cpuXML],
+ libvirt.VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES)
+
+ logging.debug("Expanded CPU XML: %s", expandedXML)
+
+ return DomainCpu(self.conn, expandedXML)
+
+ def get_cpu_security_features(self):
+ sec_features = [
+ 'pcid',
+ 'spec-ctrl',
+ 'ssbd',
+ 'pdpe1gb',
+ 'ibpb',
+ 'virt-ssbd',
+ 'amd-ssbd',
+ 'amd-no-ssb']
+
+ features = []
+
+ for m in self.cpu.modes:
+ if m.name != "host-model" or not m.supported:
+ continue
+
+ try:
+ cpu = self._get_expandned_cpu(m)
+ except libvirt.libvirtError as e:
+ logging.warning(_("Failed to get expanded CPU XML: %s"), e)
+ break
+
+ for feature in cpu.features:
+ if feature.name in sec_features:
+ features.append(feature.name)
+
+ return features
+
XML_NAME = "domainCapabilities"
os = XMLChildProperty(_OS, is_single=True)
--
2.21.0

View File

@ -0,0 +1,99 @@
From 1e605c106819be56f16e6e057015d7a42600c0ba Mon Sep 17 00:00:00 2001
Message-Id: <1e605c106819be56f16e6e057015d7a42600c0ba@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:49 +0200
Subject: [PATCH] domcapabilities: remove recommended CPU features from
security features
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
These features are only recommended to be enabled since they improve
performance of the VMs if security features are enabled.
pcid is a very useful perf feature, but missing in some silicon
so not portable.
pdpe1gb lets the guest use 1 GB pages which is good for perf
but again not all silicon can do it.
amd-ssbd is a security feature which fixes the same SSBD flaws as the
virt-ssbd feature does. virt-ssbd is usable across all CPU models
affected by SSBD, while amd-ssbd is only available in very new silicon.
So virt-ssbd is the bette rchoice.
amd-no-ssb just indicates that the CPU is not affected by SSBD, so not
critical to expose. I expect a future named CPU model will include that
where appropriate.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 29f815fbd23082dff79d2d716e32a644b5a15d4a)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
tests/cli-test-xml/compare/virt-install-qemu-plain.xml | 2 --
.../compare/virt-install-singleton-config-2.xml | 4 ----
virtinst/domcapabilities.py | 6 +-----
3 files changed, 1 insertion(+), 11 deletions(-)
diff --git a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
index eb1542c3..d00e0cf4 100644
--- a/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
+++ b/tests/cli-test-xml/compare/virt-install-qemu-plain.xml
@@ -20,8 +20,6 @@
</features>
<cpu mode="custom" match="exact">
<model>Penryn</model>
- <feature policy="require" name="pcid"/>
- <feature policy="require" name="pdpe1gb"/>
</cpu>
<clock offset="utc">
<timer name="rtc" tickpolicy="catchup"/>
diff --git a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
index 0861f62a..621639e1 100644
--- a/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
+++ b/tests/cli-test-xml/compare/virt-install-singleton-config-2.xml
@@ -93,8 +93,6 @@
<model>foobar</model>
<vendor>meee</vendor>
<topology sockets="2" cores="2" threads="2"/>
- <feature policy="require" name="pcid"/>
- <feature policy="require" name="pdpe1gb"/>
<feature policy="force" name="x2apic"/>
<feature policy="force" name="x2apicagain"/>
<feature policy="require" name="reqtest"/>
@@ -284,8 +282,6 @@
<model>foobar</model>
<vendor>meee</vendor>
<topology sockets="2" cores="2" threads="2"/>
- <feature policy="require" name="pcid"/>
- <feature policy="require" name="pdpe1gb"/>
<feature policy="force" name="x2apic"/>
<feature policy="force" name="x2apicagain"/>
<feature policy="require" name="reqtest"/>
diff --git a/virtinst/domcapabilities.py b/virtinst/domcapabilities.py
index 28ed8630..42a18f1e 100644
--- a/virtinst/domcapabilities.py
+++ b/virtinst/domcapabilities.py
@@ -262,14 +262,10 @@ class DomainCapabilities(XMLBuilder):
def get_cpu_security_features(self):
sec_features = [
- 'pcid',
'spec-ctrl',
'ssbd',
- 'pdpe1gb',
'ibpb',
- 'virt-ssbd',
- 'amd-ssbd',
- 'amd-no-ssb']
+ 'virt-ssbd']
features = []
--
2.21.0

View File

@ -0,0 +1,102 @@
From c4ce5e02fededc9121c181a7b20ea0e6ebd1c1de Mon Sep 17 00:00:00 2001
Message-Id: <c4ce5e02fededc9121c181a7b20ea0e6ebd1c1de@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 08:06:10 -0400
Subject: [PATCH] tests: clitest: Add a test case for the last commit
From: Cole Robinson <crobinso@redhat.com>
We need a custom test driver input to reproduce the pool collision
(cherry picked from commit fcabcb7a95c9dd81fb7c1335c3c181bb08a31ad0)
Signed-off-by: Cole Robinson <crobinso@redhat.com>
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1714752
---
.../testdriver-defaultpool-collision.xml | 47 +++++++++++++++++++
tests/clitest.py | 1 +
tests/utils.py | 2 +
3 files changed, 50 insertions(+)
create mode 100644 tests/cli-test-xml/testdriver-defaultpool-collision.xml
diff --git a/tests/cli-test-xml/testdriver-defaultpool-collision.xml b/tests/cli-test-xml/testdriver-defaultpool-collision.xml
new file mode 100644
index 00000000..1343f812
--- /dev/null
+++ b/tests/cli-test-xml/testdriver-defaultpool-collision.xml
@@ -0,0 +1,47 @@
+<node>
+
+ <cpu>
+ <nodes>1</nodes>
+ <sockets>4</sockets>
+ <cores>4</cores>
+ <threads>1</threads>
+ <active>4</active>
+ <mhz>4000</mhz>
+ <model>i686</model>
+ </cpu>
+ <memory>10000000</memory>
+
+
+<network>
+ <name>default</name>
+ <uuid>715666b7-dbd4-6c78-fa55-94863da09f2d</uuid>
+ <forward mode='nat'/>
+ <bridge name='virbr0' stp='on' forwardDelay='0' />
+ <ip address='192.168.122.1' netmask='255.255.255.0'>
+ <dhcp>
+ <range start='192.168.122.2' end='192.168.122.254' />
+ </dhcp>
+ </ip>
+</network>
+
+
+
+<pool type='dir'>
+ <name>default-pool-path-collision</name>
+ <uuid>35bb2ad9-388a-cdfe-461a-b8907f6e53fe</uuid>
+ <capacity>107374182400</capacity>
+ <allocation>0</allocation>
+ <available>107374182400</available>
+ <source>
+ </source>
+ <target>
+ <path>/var/lib/libvirt/images</path>
+ <permissions>
+ <mode>0700</mode>
+ <owner>10736</owner>
+ <group>10736</group>
+ </permissions>
+ </target>
+</pool>
+
+</node>
diff --git a/tests/clitest.py b/tests/clitest.py
index 824293e4..ecdf3731 100644
--- a/tests/clitest.py
+++ b/tests/clitest.py
@@ -684,6 +684,7 @@ c.add_valid("--nodisks --pxe", grep="VM performance may suffer") # os variant w
c.add_invalid("--hvm --nodisks --pxe foobar") # Positional arguments error
c.add_invalid("--nodisks --pxe --name test") # Colliding name
c.add_compare("--cdrom %(EXISTIMG1)s --disk size=1 --disk %(EXISTIMG2)s,device=cdrom", "cdrom-double") # ensure --disk device=cdrom is ordered after --cdrom, this is important for virtio-win installs with a driver ISO
+c.add_valid("--connect %s --pxe --disk size=1" % utils.URIs.test_defaultpool_collision) # testdriver already has a pool using the 'default' path, make sure we don't error
diff --git a/tests/utils.py b/tests/utils.py
index d22933d3..ef7c613a 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -56,6 +56,8 @@ class _URIs(object):
self.test_full = _testtmpl % (os.getcwd() + "/tests/testdriver.xml")
self.test_suite = _testtmpl % (os.getcwd() + "/tests/testsuite.xml")
self.test_remote = self.test_full + ",remote"
+ self.test_defaultpool_collision = (_testtmpl % (os.getcwd() +
+ "/tests/cli-test-xml/testdriver-defaultpool-collision.xml"))
self.xen = self.test_full + _caps("xen-rhel5.4.xml") + ",xen"
self.lxc = self.test_full + _caps("lxc.xml") + ",lxc"
--
2.21.0

View File

@ -0,0 +1,186 @@
From c05e60de1acb174bb40257d3481267e35dc62960 Mon Sep 17 00:00:00 2001
Message-Id: <c05e60de1acb174bb40257d3481267e35dc62960@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:53 +0200
Subject: [PATCH] virt-manager: add new checkbox to control CPU security
features
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
By default we copy CPU security features to the guest if specific CPU
model is selected. However, this may break migration and will affect
performance of the guest. This adds an option to disable this default
behavior.
The checkbox is clickable only on x86 and only on host where we can
detect any CPU security features, otherwise a tooltip is set to notify
users that there is nothing to copy.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 8720637cff7b0766d9e27a60b0f81740176d70c8)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
ui/details.ui | 15 +++++++++++++++
virtManager/details.py | 21 +++++++++++++++++++++
virtManager/domain.py | 5 +++--
virtinst/domain/cpu.py | 30 ++++++++++++++++++++++++++++++
4 files changed, 69 insertions(+), 2 deletions(-)
diff --git a/ui/details.ui b/ui/details.ui
index c18070c8..1e1be759 100644
--- a/ui/details.ui
+++ b/ui/details.ui
@@ -2122,6 +2122,21 @@
<property name="top_attach">1</property>
</packing>
</child>
+ <child>
+ <object class="GtkCheckButton" id="cpu-secure">
+ <property name="label" translatable="yes">Enable available CPU security flaw mitigations</property>
+ <property name="visible">True</property>
+ <property name="can_focus">True</property>
+ <property name="receives_default">False</property>
+ <property name="draw_indicator">True</property>
+ <signal name="toggled" handler="on_cpu_secure_toggled" swapped="no"/>
+ </object>
+ <packing>
+ <property name="left_attach">0</property>
+ <property name="top_attach">2</property>
+ <property name="width">2</property>
+ </packing>
+ </child>
</object>
</child>
</object>
diff --git a/virtManager/details.py b/virtManager/details.py
index b7e7fc14..b8899d77 100644
--- a/virtManager/details.py
+++ b/virtManager/details.py
@@ -523,6 +523,7 @@ class vmmDetails(vmmGObjectUI):
"on_cpu_maxvcpus_changed": self.config_maxvcpus_changed,
"on_cpu_model_changed": lambda *x: self.config_cpu_model_changed(x),
"on_cpu_copy_host_clicked": self.on_cpu_copy_host_clicked,
+ "on_cpu_secure_toggled": self.on_cpu_secure_toggled,
"on_cpu_cores_changed": self.config_cpu_topology_changed,
"on_cpu_sockets_changed": self.config_cpu_topology_changed,
"on_cpu_threads_changed": self.config_cpu_topology_changed,
@@ -1716,6 +1717,11 @@ class vmmDetails(vmmGObjectUI):
def on_cpu_copy_host_clicked(self, src):
uiutil.set_grid_row_visible(
self.widget("cpu-model"), not src.get_active())
+ uiutil.set_grid_row_visible(
+ self.widget("cpu-secure"), not src.get_active())
+ self.enable_apply(EDIT_CPU)
+
+ def on_cpu_secure_toggled(self, ignore):
self.enable_apply(EDIT_CPU)
def config_cpu_model_changed(self, ignore):
@@ -2014,6 +2020,7 @@ class vmmDetails(vmmGObjectUI):
if self.edited(EDIT_CPU):
kwargs["model"] = self.get_config_cpu_model()
+ kwargs["secure"] = self.widget("cpu-secure").get_active()
if self.edited(EDIT_TOPOLOGY):
do_top = self.widget("cpu-topology-enable").get_active()
@@ -2574,6 +2581,11 @@ class vmmDetails(vmmGObjectUI):
n1, n2 = self.vm.network_traffic_vectors()
self.network_traffic_graph.set_property("data_array", n1 + n2)
+ def _cpu_secure_is_available(self):
+ domcaps = self.vm.get_domain_capabilities()
+ features = domcaps.get_cpu_security_features()
+ return self.vm.get_xmlobj().os.is_x86() and len(features) > 0
+
def refresh_config_cpu(self):
# Set topology first, because it impacts maxvcpus values
cpu = self.vm.get_cpu_config()
@@ -2627,6 +2639,15 @@ class vmmDetails(vmmGObjectUI):
self.widget("cpu-copy-host").set_active(bool(is_host))
self.on_cpu_copy_host_clicked(self.widget("cpu-copy-host"))
+ if not self._cpu_secure_is_available():
+ self.widget("cpu-secure").set_sensitive(False)
+ self.widget("cpu-secure").set_tooltip_text(
+ "No security features to copy, the host is missing "
+ "security patches or the host CPU is not vulnerable.")
+
+ cpu.check_security_features(self.vm.get_xmlobj())
+ self.widget("cpu-secure").set_active(cpu.secure)
+
def refresh_config_memory(self):
host_mem_widget = self.widget("state-host-memory")
host_mem = self.vm.conn.host_memory_size() // 1024
diff --git a/virtManager/domain.py b/virtManager/domain.py
index 5b3f1e44..c8f4e822 100644
--- a/virtManager/domain.py
+++ b/virtManager/domain.py
@@ -495,7 +495,7 @@ class vmmDomain(vmmLibvirtObject):
self._redefine_xmlobj(xmlobj)
def define_cpu(self, vcpus=_SENTINEL, maxvcpus=_SENTINEL,
- model=_SENTINEL, sockets=_SENTINEL,
+ model=_SENTINEL, secure=_SENTINEL, sockets=_SENTINEL,
cores=_SENTINEL, threads=_SENTINEL):
guest = self._make_xmlobj_to_define()
@@ -509,7 +509,8 @@ class vmmDomain(vmmLibvirtObject):
guest.cpu.cores = cores
guest.cpu.threads = threads
- if model != _SENTINEL:
+ if secure != _SENTINEL or model != _SENTINEL:
+ guest.cpu.secure = secure
if model in guest.cpu.SPECIAL_MODES:
guest.cpu.set_special_mode(guest, model)
else:
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index ab40f788..c6a411bb 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -123,6 +123,36 @@ class DomainCpu(XMLBuilder):
if not exists:
self.add_feature(feature)
+ def check_security_features(self, guest):
+ """
+ Since 'secure' property is not exported into the domain XML
+ we might need to refresh its state.
+ """
+ domcaps = guest.lookup_domcaps()
+ features = domcaps.get_cpu_security_features()
+
+ if len(features) == 0:
+ self.secure = False
+ return
+
+ for feature in features:
+ exists = False
+ for f in self.features:
+ if f.name == feature and f.policy == "require":
+ exists = True
+ break
+ if not exists:
+ self.secure = False
+ return
+
+ def _remove_security_features(self, guest):
+ domcaps = guest.lookup_domcaps()
+ for feature in domcaps.get_cpu_security_features():
+ for f in self.features:
+ if f.name == feature and f.policy == "require":
+ self.remove_child(f)
+ break
+
def set_model(self, guest, val):
logging.debug("setting cpu model %s", val)
if val:
--
2.21.0

View File

@ -13,7 +13,7 @@
Name: virt-manager
Version: 2.0.0
Release: 5%{?dist}%{?extra_release}
Release: 5.1%{?dist}%{?extra_release}
%global verrel %{version}-%{release}
Summary: Desktop tool for managing virtual machines via libvirt
@ -32,6 +32,20 @@ Patch6: virt-manager-cli-s390x-graphics-specified-use-video-virtio-bz-1654994.pa
Patch7: virt-manager-diskbackend-Fix-backtrace-cloning-with-block-storage-bz-1661986.patch
Patch8: virt-manager-inspection-fix-check-of-null-icon.patch
Patch9: virt-manager-urldetect-Check-also-for-treeinfo-bz-1689252.patch
Patch10: virt-manager-cli-Fix-pool-default-when-path-belongs-to-another-pool-bz-1692489.patch
Patch11: virt-manager-tests-clitest-Add-a-test-case-for-the-last-commit.patch
Patch12: virt-manager-domcapabilities-introduce-get_cpu_security_features.patch
Patch13: virt-manager-domain-cpu-introduce-set_model-function.patch
Patch14: virt-manager-domain-cpu-automatically-add-CPU-security-features-for-custom-mode.patch
Patch15: virt-manager-domcapabilities-remove-recommended-CPU-features-from-security-features.patch
Patch16: virt-manager-domcapabilities-fix-typo-in-function-name.patch
Patch17: virt-manager-cli-introduce-CPU-secure-parameter.patch
Patch18: virt-manager-domcapabilities-add-caching-of-CPU-security-features.patch
Patch19: virt-manager-virt-manager-add-new-checkbox-to-control-CPU-security-features.patch
Patch20: virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch
Patch21: virt-manager-DomainCpu-check-CPU-model-name-only-if-model-exists.patch
Patch22: virt-manager-domcapabilities-detect-MDS-new-vulnerability.patch
Patch23: virt-manager-cli-fix-cpu-secure-option-to-actually-work.patch
Requires: virt-manager-common = %{verrel}
@ -217,6 +231,22 @@ done
%changelog
* Mon Jun 3 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-5.1.el8
- cli: Fix pool=default when path belongs to another pool (bz 1692489) (rhbz#1714752)
- tests: clitest: Add a test case for the last commit (rhbz#1714752)
- domcapabilities: introduce get_cpu_security_features (rhbz#1716402)
- domain: cpu: introduce set_model function (rhbz#1716402)
- domain: cpu: automatically add CPU security features for "custom" mode (rhbz#1716402)
- domcapabilities: remove recommended CPU features from security features (rhbz#1716402)
- domcapabilities: fix typo in function name (rhbz#1716402)
- cli: introduce CPU secure parameter (rhbz#1716402)
- domcapabilities: add caching of CPU security features (rhbz#1716402)
- virt-manager: add new checkbox to control CPU security features (rhbz#1716402)
- DomainCpu: fix detection of CPU security features (rhbz#1716402)
- DomainCpu: check CPU model name only if model exists (rhbz#1716402)
- domcapabilities: detect MDS new vulnerability (rhbz#1716402)
- cli: fix cpu secure option to actually work (rhbz#1716402)
* Thu Mar 21 2019 Pavel Hrdina <phrdina@redhat.com> - 2.0.0-5
- urldetect: Check also for 'treeinfo' (bz 1689252) (rhbz#1689252)