rpms/virt-manager
7
0
Fork 0
Code Issues Pull Requests Releases Activity
42d2793fa4
virt-manager/SOURCES/virt-manager-DomainCpu-fix-detection-of-CPU-security-features.patch
CentOS Sources 42d2793fa4 import virt-manager-2.0.0-5.1.el8_0
2021-09-10 05:41:54 +00:00

57 lines
2.1 KiB
Diff
Raw Blame History

From 703abe06db1ecfadb7e5a5f877f86d41f367300d Mon Sep 17 00:00:00 2001
Message-Id: <703abe06db1ecfadb7e5a5f877f86d41f367300d@dist-git>
From: Pavel Hrdina <phrdina@redhat.com>
Date: Wed, 15 May 2019 10:37:54 +0200
Subject: [PATCH] DomainCpu: fix detection of CPU security features
VM configured with mode="host-model" will have the CPU definition
expanded once the VM is started. Libvirt will try to use the closest
CPU model with some features enabled/disabled.
The issue is that there are some models that include spec-ctrl or ibpb
features and they will not appear in the explicit list of features and
virt-manager will not correctly detect if all security features are
enabled or not. As a workaround we can check the suffix of CPU model to
figure out which security features are enabled by the model itself.
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
(cherry picked from commit 291f2ef21486cb54aadd40f07052aedfebef3792)
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1716402
Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
virtinst/domain/cpu.py | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git a/virtinst/domain/cpu.py b/virtinst/domain/cpu.py
index c6a411bb..1d468468 100644
--- a/virtinst/domain/cpu.py
+++ b/virtinst/domain/cpu.py
@@ -135,15 +135,13 @@ class DomainCpu(XMLBuilder):
self.secure = False
return
- for feature in features:
- exists = False
- for f in self.features:
- if f.name == feature and f.policy == "require":
- exists = True
- break
- if not exists:
- self.secure = False
- return
+ guestFeatures = [f.name for f in self.features if f.policy == "require"]
+ if self.model.endswith("IBRS"):
+ guestFeatures.append("spec-ctrl")
+ if self.model.endswith("IBPB"):
+ guestFeatures.append("ibpb")
+
+ self.secure = set(features) <= set(guestFeatures)
def _remove_security_features(self, guest):
domcaps = guest.lookup_domcaps()
--
2.21.0
Reference in New Issue View Git Blame Copy Permalink