From da9af7a383d012678b0bdec676fa2be582f7b2315e87d68af86ea29bd97488b3 Mon Sep 17 00:00:00 2001 From: James Fehlig Date: Mon, 8 Apr 2019 22:27:41 +0000 Subject: [PATCH 1/2] Accepting request 692393 from home:jfehlig:branches:Virtualization - CVE-2019-3886: disallow virDomainGetHostname and virDomainGetTime for read-only connections and users CVE-2019-3886-api.patch, CVE-2019-3886-remote.patch bsc#1131595 - spec: BuildRequires rpcgen since CVE-2019-3886-remote.patch touches remote_protocol.x - Update to libvirt 5.2.0 - Many incremental improvements and bug fixes, see http://libvirt.org/news.html - Dropped patches: 4ec3cf9a-apparmor-rules.patch, f38ef0fa-no-RDMA-check.patch, 411cdaf8-apparmor-check-profile-name.patch, 696239ba-qemu-fix-query-cpus-fast.patch, 09eb1ae0-conf-add-xenbus-controller.patch, fb059757-libxl-add-xenbus-controller.patch, ec5a1191-libxl-support-max-grant-frames.patch, 5a64c202-xenconfig-support-max-grant-frames.patch - Added patches: ff376c62-tests-fix-mocking-stat-lstat.patch, mprivozn-test-fix-proposal.patch OBS-URL: https://build.opensuse.org/request/show/692393 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=745 --- ...stats-functions-from-the-qemu-driver.patch | 62 +- ...ibxl-add-support-for-BlockResize-API.patch | 10 +- ...c-implement-connectGetAllDomainStats.patch | 10 +- 09eb1ae0-conf-add-xenbus-controller.patch | 201 --- 411cdaf8-apparmor-check-profile-name.patch | 45 - 4ec3cf9a-apparmor-rules.patch | 33 - ...2-xenconfig-support-max-grant-frames.patch | 170 -- 696239ba-qemu-fix-query-cpus-fast.patch | 38 - CVE-2019-3886-api.patch | 26 + CVE-2019-3886-remote.patch | 35 + blockcopy-check-dst-identical-device.patch | 8 +- ec5a1191-libxl-support-max-grant-frames.patch | 184 --- f38ef0fa-no-RDMA-check.patch | 38 - fb059757-libxl-add-xenbus-controller.patch | 1468 ----------------- ff376c62-tests-fix-mocking-stat-lstat.patch | 1276 ++++++++++++++ libvirt-5.1.0.tar.xz | 3 - libvirt-5.1.0.tar.xz.asc | 10 - libvirt-5.2.0.tar.xz | 3 + libvirt-5.2.0.tar.xz.asc | 10 + libvirt-power8-models.patch | 6 +- libvirt-suse-netcontrol.patch | 36 +- libvirt.changes | 29 + libvirt.spec | 46 +- libxl-dom-reset.patch | 10 +- libxl-set-cach-mode.patch | 10 +- libxl-set-migration-constraints.patch | 60 +- libxl-support-block-script.patch | 14 +- lxc-wait-after-eth-del.patch | 22 +- mprivozn-test-fix-proposal.patch | 33 + ...e-dhcp-authoritative-on-static-netwo.patch | 14 +- ppc64le-canonical-name.patch | 6 +- qemu-apparmor-screenshot.patch | 8 +- support-managed-pci-xen-driver.patch | 12 +- suse-apparmor-libnl-paths.patch | 12 +- suse-libvirt-guests-service.patch | 58 +- suse-libvirtd-disable-tls.patch | 18 +- suse-libvirtd-service-xen.patch | 6 +- suse-libvirtd-sysconfig-settings.patch | 6 +- suse-libxl-disable-autoballoon.patch | 16 +- suse-ovmf-paths.patch | 18 +- suse-qemu-conf.patch | 6 +- suse-virtlockd-sysconfig-settings.patch | 6 +- suse-virtlogd-sysconfig-settings.patch | 6 +- xen-pv-cdrom.patch | 6 +- xen-sxpr-disk-type.patch | 6 +- 45 files changed, 1643 insertions(+), 2457 deletions(-) delete mode 100644 09eb1ae0-conf-add-xenbus-controller.patch delete mode 100644 411cdaf8-apparmor-check-profile-name.patch delete mode 100644 4ec3cf9a-apparmor-rules.patch delete mode 100644 5a64c202-xenconfig-support-max-grant-frames.patch delete mode 100644 696239ba-qemu-fix-query-cpus-fast.patch create mode 100644 CVE-2019-3886-api.patch create mode 100644 CVE-2019-3886-remote.patch delete mode 100644 ec5a1191-libxl-support-max-grant-frames.patch delete mode 100644 f38ef0fa-no-RDMA-check.patch delete mode 100644 fb059757-libxl-add-xenbus-controller.patch create mode 100644 ff376c62-tests-fix-mocking-stat-lstat.patch delete mode 100644 libvirt-5.1.0.tar.xz delete mode 100644 libvirt-5.1.0.tar.xz.asc create mode 100644 libvirt-5.2.0.tar.xz create mode 100644 libvirt-5.2.0.tar.xz.asc create mode 100644 mprivozn-test-fix-proposal.patch diff --git a/0001-Extract-stats-functions-from-the-qemu-driver.patch b/0001-Extract-stats-functions-from-the-qemu-driver.patch index ff38cd6..05f86f9 100644 --- a/0001-Extract-stats-functions-from-the-qemu-driver.patch +++ b/0001-Extract-stats-functions-from-the-qemu-driver.patch @@ -18,10 +18,10 @@ them. create mode 100644 src/conf/domain_stats.c create mode 100644 src/conf/domain_stats.h -Index: libvirt-5.1.0/src/conf/domain_stats.c +Index: libvirt-5.2.0/src/conf/domain_stats.c =================================================================== --- /dev/null -+++ libvirt-5.1.0/src/conf/domain_stats.c ++++ libvirt-5.2.0/src/conf/domain_stats.c @@ -0,0 +1,139 @@ +/* + * domain_stats.c: domain stats extraction helpers @@ -162,10 +162,10 @@ Index: libvirt-5.1.0/src/conf/domain_stats.c +} + +#undef STATS_ADD_NET_PARAM -Index: libvirt-5.1.0/src/conf/domain_stats.h +Index: libvirt-5.2.0/src/conf/domain_stats.h =================================================================== --- /dev/null -+++ libvirt-5.1.0/src/conf/domain_stats.h ++++ libvirt-5.2.0/src/conf/domain_stats.h @@ -0,0 +1,64 @@ +/* + * domain_stats.h: domain stats extraction helpers @@ -231,11 +231,11 @@ Index: libvirt-5.1.0/src/conf/domain_stats.h + int *maxparams); + +#endif /* __DOMAIN_STATS_H */ -Index: libvirt-5.1.0/src/libvirt_private.syms +Index: libvirt-5.2.0/src/libvirt_private.syms =================================================================== ---- libvirt-5.1.0.orig/src/libvirt_private.syms -+++ libvirt-5.1.0/src/libvirt_private.syms -@@ -662,6 +662,9 @@ virDomainConfNWFilterInstantiate; +--- libvirt-5.2.0.orig/src/libvirt_private.syms ++++ libvirt-5.2.0/src/libvirt_private.syms +@@ -671,6 +671,9 @@ virDomainConfNWFilterInstantiate; virDomainConfNWFilterTeardown; virDomainConfVMNWFilterTeardown; @@ -245,7 +245,7 @@ Index: libvirt-5.1.0/src/libvirt_private.syms # conf/interface_conf.h virInterfaceDefFormat; -@@ -1547,6 +1550,7 @@ virCgroupGetMemoryUsage; +@@ -1583,6 +1586,7 @@ virCgroupGetMemoryUsage; virCgroupGetMemSwapHardLimit; virCgroupGetMemSwapUsage; virCgroupGetPercpuStats; @@ -253,10 +253,10 @@ Index: libvirt-5.1.0/src/libvirt_private.syms virCgroupHasController; virCgroupHasEmptyTasks; virCgroupKillPainfully; -Index: libvirt-5.1.0/src/qemu/qemu_driver.c +Index: libvirt-5.2.0/src/qemu/qemu_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu_driver.c -+++ libvirt-5.1.0/src/qemu/qemu_driver.c +--- libvirt-5.2.0.orig/src/qemu/qemu_driver.c ++++ libvirt-5.2.0/src/qemu/qemu_driver.c @@ -67,6 +67,7 @@ #include "virarptable.h" #include "viruuid.h" @@ -265,7 +265,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c #include "domain_audit.h" #include "node_device_conf.h" #include "virpci.h" -@@ -20042,21 +20043,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr +@@ -19941,21 +19942,7 @@ qemuDomainGetStatsState(virQEMUDriverPtr int *maxparams, unsigned int privflags ATTRIBUTE_UNUSED) { @@ -288,7 +288,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c } -@@ -20246,37 +20233,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj +@@ -20145,37 +20132,7 @@ qemuDomainGetStatsCpuCgroup(virDomainObj int *maxparams) { qemuDomainObjPrivatePtr priv = dom->privateData; @@ -327,7 +327,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c } -@@ -20470,44 +20427,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr +@@ -20369,44 +20326,6 @@ qemuDomainGetStatsVcpu(virQEMUDriverPtr return ret; } @@ -372,7 +372,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c static int qemuDomainGetStatsInterface(virQEMUDriverPtr driver ATTRIBUTE_UNUSED, virDomainObjPtr dom, -@@ -20515,68 +20434,9 @@ qemuDomainGetStatsInterface(virQEMUDrive +@@ -20414,68 +20333,9 @@ qemuDomainGetStatsInterface(virQEMUDrive int *maxparams, unsigned int privflags ATTRIBUTE_UNUSED) { @@ -442,7 +442,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c #define QEMU_ADD_BLOCK_PARAM_UI(record, maxparams, num, name, value) \ do { \ char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \ -@@ -20809,10 +20669,10 @@ qemuDomainGetStatsBlockExportHeader(virD +@@ -20708,10 +20568,10 @@ qemuDomainGetStatsBlockExportHeader(virD { int ret = -1; @@ -455,7 +455,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c if (src->id) QEMU_ADD_BLOCK_PARAM_UI(records, nrecords, recordnr, "backingIndex", src->id); -@@ -20966,7 +20826,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr +@@ -20865,7 +20725,7 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr * after the iteration than it is to iterate twice; but we still * want count listed first. */ count_index = record->nparams; @@ -464,7 +464,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c for (i = 0; i < dom->def->ndisks; i++) { if (qemuDomainGetStatsBlockExportDisk(dom->def->disks[i], stats, nodestats, -@@ -20991,8 +20851,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr +@@ -20890,8 +20750,6 @@ qemuDomainGetStatsBlock(virQEMUDriverPtr #undef QEMU_ADD_BLOCK_PARAM_ULL @@ -473,7 +473,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c #define QEMU_ADD_IOTHREAD_PARAM_UI(record, maxparams, id, name, value) \ do { \ char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; \ -@@ -21044,7 +20902,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver +@@ -20943,7 +20801,7 @@ qemuDomainGetStatsIOThread(virQEMUDriver if (niothreads == 0) return 0; @@ -482,7 +482,7 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c for (i = 0; i < niothreads; i++) { if (iothreads[i]->poll_valid) { -@@ -21077,8 +20935,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver +@@ -20976,8 +20834,6 @@ qemuDomainGetStatsIOThread(virQEMUDriver #undef QEMU_ADD_IOTHREAD_PARAM_ULL @@ -491,10 +491,10 @@ Index: libvirt-5.1.0/src/qemu/qemu_driver.c static int qemuDomainGetStatsPerfOneEvent(virPerfPtr perf, virPerfEventType type, -Index: libvirt-5.1.0/src/util/vircgroup.c +Index: libvirt-5.2.0/src/util/vircgroup.c =================================================================== ---- libvirt-5.1.0.orig/src/util/vircgroup.c -+++ libvirt-5.1.0/src/util/vircgroup.c +--- libvirt-5.2.0.orig/src/util/vircgroup.c ++++ libvirt-5.2.0/src/util/vircgroup.c @@ -2800,6 +2800,44 @@ virCgroupControllerAvailable(int control return ret; } @@ -556,10 +556,10 @@ Index: libvirt-5.1.0/src/util/vircgroup.c int virCgroupNewPartition(const char *path ATTRIBUTE_UNUSED, bool create ATTRIBUTE_UNUSED, -Index: libvirt-5.1.0/src/util/vircgroup.h +Index: libvirt-5.2.0/src/util/vircgroup.h =================================================================== ---- libvirt-5.1.0.orig/src/util/vircgroup.h -+++ libvirt-5.1.0/src/util/vircgroup.h +--- libvirt-5.2.0.orig/src/util/vircgroup.h ++++ libvirt-5.2.0/src/util/vircgroup.h @@ -284,4 +284,9 @@ int virCgroupSetOwner(virCgroupPtr cgrou int virCgroupHasEmptyTasks(virCgroupPtr cgroup, int controller); @@ -570,10 +570,10 @@ Index: libvirt-5.1.0/src/util/vircgroup.h + int *maxparams); + #endif /* LIBVIRT_VIRCGROUP_H */ -Index: libvirt-5.1.0/src/conf/Makefile.inc.am +Index: libvirt-5.2.0/src/conf/Makefile.inc.am =================================================================== ---- libvirt-5.1.0.orig/src/conf/Makefile.inc.am -+++ libvirt-5.1.0/src/conf/Makefile.inc.am +--- libvirt-5.2.0.orig/src/conf/Makefile.inc.am ++++ libvirt-5.2.0/src/conf/Makefile.inc.am @@ -20,6 +20,8 @@ DOMAIN_CONF_SOURCES = \ conf/domain_audit.h \ conf/domain_nwfilter.c \ @@ -582,4 +582,4 @@ Index: libvirt-5.1.0/src/conf/Makefile.inc.am + conf/domain_stats.h \ conf/virsavecookie.c \ conf/virsavecookie.h \ - conf/snapshot_conf.c \ + conf/moment_conf.c \ diff --git a/0001-libxl-add-support-for-BlockResize-API.patch b/0001-libxl-add-support-for-BlockResize-API.patch index bea4773..ed77318 100644 --- a/0001-libxl-add-support-for-BlockResize-API.patch +++ b/0001-libxl-add-support-for-BlockResize-API.patch @@ -19,11 +19,11 @@ reworking this patch and submitting it to upstream libvirt. src/libxl/libxl_driver.c | 91 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 91 insertions(+) -Index: libvirt-5.1.0/src/libxl/libxl_driver.c +Index: libvirt-5.2.0/src/libxl/libxl_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_driver.c -+++ libvirt-5.1.0/src/libxl/libxl_driver.c -@@ -5252,6 +5252,97 @@ libxlDomainMemoryStats(virDomainPtr dom, +--- libvirt-5.2.0.orig/src/libxl/libxl_driver.c ++++ libvirt-5.2.0/src/libxl/libxl_driver.c +@@ -5245,6 +5245,97 @@ libxlDomainMemoryStats(virDomainPtr dom, #undef LIBXL_SET_MEMSTAT @@ -121,7 +121,7 @@ Index: libvirt-5.1.0/src/libxl/libxl_driver.c static int libxlDomainGetJobInfo(virDomainPtr dom, virDomainJobInfoPtr info) -@@ -6636,6 +6727,7 @@ static virHypervisorDriver libxlHypervis +@@ -6629,6 +6720,7 @@ static virHypervisorDriver libxlHypervis #endif .nodeGetFreeMemory = libxlNodeGetFreeMemory, /* 0.9.0 */ .nodeGetCellsFreeMemory = libxlNodeGetCellsFreeMemory, /* 1.1.1 */ diff --git a/0002-lxc-implement-connectGetAllDomainStats.patch b/0002-lxc-implement-connectGetAllDomainStats.patch index 4901b79..9459d49 100644 --- a/0002-lxc-implement-connectGetAllDomainStats.patch +++ b/0002-lxc-implement-connectGetAllDomainStats.patch @@ -9,10 +9,10 @@ them using the existing API. src/lxc/lxc_driver.c | 138 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) -Index: libvirt-5.1.0/src/lxc/lxc_driver.c +Index: libvirt-5.2.0/src/lxc/lxc_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/lxc/lxc_driver.c -+++ libvirt-5.1.0/src/lxc/lxc_driver.c +--- libvirt-5.2.0.orig/src/lxc/lxc_driver.c ++++ libvirt-5.2.0/src/lxc/lxc_driver.c @@ -75,6 +75,7 @@ #include "viraccessapichecklxc.h" #include "virhostdev.h" @@ -21,7 +21,7 @@ Index: libvirt-5.1.0/src/lxc/lxc_driver.c #define VIR_FROM_THIS VIR_FROM_LXC -@@ -5396,6 +5397,142 @@ lxcDomainHasManagedSaveImage(virDomainPt +@@ -5374,6 +5375,142 @@ lxcDomainHasManagedSaveImage(virDomainPt return ret; } @@ -164,7 +164,7 @@ Index: libvirt-5.1.0/src/lxc/lxc_driver.c /* Function Tables */ static virHypervisorDriver lxcHypervisorDriver = { -@@ -5491,6 +5628,7 @@ static virHypervisorDriver lxcHypervisor +@@ -5469,6 +5606,7 @@ static virHypervisorDriver lxcHypervisor .nodeGetFreePages = lxcNodeGetFreePages, /* 1.2.6 */ .nodeAllocPages = lxcNodeAllocPages, /* 1.2.9 */ .domainHasManagedSaveImage = lxcDomainHasManagedSaveImage, /* 1.2.13 */ diff --git a/09eb1ae0-conf-add-xenbus-controller.patch b/09eb1ae0-conf-add-xenbus-controller.patch deleted file mode 100644 index e815345..0000000 --- a/09eb1ae0-conf-add-xenbus-controller.patch +++ /dev/null @@ -1,201 +0,0 @@ -commit 09eb1ae0ec7e592133eb98f4a0fe2f6daa5ba2d9 -Author: Jim Fehlig -Date: Wed Mar 6 15:59:29 2019 -0700 - - conf: Add a new 'xenbus' controller type - - xenbus is virtual controller (akin to virtio controllers) for Xen - paravirtual devices. Although all Xen VMs have a xenbus, it has - never been modeled in libvirt, or in Xen native VM config format - for that matter. - - Recently there have been requests to support Xen's max_grant_frames - setting in libvirt. max_grant_frames is best modeled as an attribute - of xenbus. It describes the maximum IO buffer space (or DMA space) - available in xenbus for use by connected paravirtual devices. This - patch introduces a new xenbus controller type that includes a - maxGrantFrames attribute. - - Signed-off-by: Jim Fehlig - Reviewed-by: Daniel P. Berrangé - -Index: libvirt-5.1.0/docs/formatdomain.html.in -=================================================================== ---- libvirt-5.1.0.orig/docs/formatdomain.html.in -+++ libvirt-5.1.0/docs/formatdomain.html.in -@@ -4108,6 +4108,7 @@ - <driver iothread='4'/> - <address type='pci' domain='0x0000' bus='0x00' slot='0x0b' function='0x0'/> - </controller> -+ <controller type='xenbus' maxGrantFrames='64'/> - ... - </devices> - ... -@@ -4155,6 +4156,11 @@ -
Since 3.10.0 for the vbox driver, the - ide controller has an optional attribute - model, which is one of "piix3", "piix4" or "ich6".
-+
xenbus
-+
Since 5.2.0, the xenbus -+ controller has an optional attribute maxGrantFrames, -+ which specifies the maximum number of grant frames the controller -+ makes available for connected devices.
- - -

-Index: libvirt-5.1.0/docs/schemas/domaincommon.rng -=================================================================== ---- libvirt-5.1.0.orig/docs/schemas/domaincommon.rng -+++ libvirt-5.1.0/docs/schemas/domaincommon.rng -@@ -2315,6 +2315,17 @@ - - - -+ -+ -+ -+ xenbus -+ -+ -+ -+ -+ -+ -+ - - - -Index: libvirt-5.1.0/src/conf/domain_conf.c -=================================================================== ---- libvirt-5.1.0.orig/src/conf/domain_conf.c -+++ libvirt-5.1.0/src/conf/domain_conf.c -@@ -347,6 +347,7 @@ VIR_ENUM_IMPL(virDomainController, VIR_D - "ccid", - "usb", - "pci", -+ "xenbus", - ); - - VIR_ENUM_IMPL(virDomainControllerModelPCI, VIR_DOMAIN_CONTROLLER_MODEL_PCI_LAST, -@@ -2041,6 +2042,9 @@ virDomainControllerDefNew(virDomainContr - def->opts.pciopts.targetIndex = -1; - def->opts.pciopts.numaNode = -1; - break; -+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS: -+ def->opts.xenbusopts.maxGrantFrames = -1; -+ break; - case VIR_DOMAIN_CONTROLLER_TYPE_IDE: - case VIR_DOMAIN_CONTROLLER_TYPE_FDC: - case VIR_DOMAIN_CONTROLLER_TYPE_SCSI: -@@ -10791,6 +10795,20 @@ virDomainControllerDefParseXML(virDomain - def->opts.pciopts.numaNode = numaNode; - } - break; -+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS: { -+ VIR_AUTOFREE(char *) gntframes = virXMLPropString(node, "maxGrantFrames"); -+ -+ if (gntframes) { -+ int r = virStrToLong_i(gntframes, NULL, 10, -+ &def->opts.xenbusopts.maxGrantFrames); -+ if (r != 0 || def->opts.xenbusopts.maxGrantFrames < 0) { -+ virReportError(VIR_ERR_INTERNAL_ERROR, -+ _("Invalid maxGrantFrames: %s"), gntframes); -+ goto error; -+ } -+ } -+ break; -+ } - - default: - break; -@@ -24752,6 +24770,13 @@ virDomainControllerDefFormat(virBufferPt - } - break; - -+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS: -+ if (def->opts.xenbusopts.maxGrantFrames != -1) { -+ virBufferAsprintf(buf, " maxGrantFrames='%d'", -+ def->opts.xenbusopts.maxGrantFrames); -+ } -+ break; -+ - default: - break; - } -Index: libvirt-5.1.0/src/conf/domain_conf.h -=================================================================== ---- libvirt-5.1.0.orig/src/conf/domain_conf.h -+++ libvirt-5.1.0/src/conf/domain_conf.h -@@ -687,6 +687,7 @@ typedef enum { - VIR_DOMAIN_CONTROLLER_TYPE_CCID, - VIR_DOMAIN_CONTROLLER_TYPE_USB, - VIR_DOMAIN_CONTROLLER_TYPE_PCI, -+ VIR_DOMAIN_CONTROLLER_TYPE_XENBUS, - - VIR_DOMAIN_CONTROLLER_TYPE_LAST - } virDomainControllerType; -@@ -819,6 +820,12 @@ struct _virDomainUSBControllerOpts { - int ports; /* -1 == undef */ - }; - -+typedef struct _virDomainXenbusControllerOpts virDomainXenbusControllerOpts; -+typedef virDomainXenbusControllerOpts *virDomainXenbusControllerOptsPtr; -+struct _virDomainXenbusControllerOpts { -+ int maxGrantFrames; /* -1 == undef */ -+}; -+ - /* Stores the virtual disk controller configuration */ - struct _virDomainControllerDef { - int type; -@@ -833,6 +840,7 @@ struct _virDomainControllerDef { - virDomainVirtioSerialOpts vioserial; - virDomainPCIControllerOpts pciopts; - virDomainUSBControllerOpts usbopts; -+ virDomainXenbusControllerOpts xenbusopts; - } opts; - virDomainDeviceInfo info; - virDomainVirtioOptionsPtr virtio; -Index: libvirt-5.1.0/src/qemu/qemu_command.c -=================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu_command.c -+++ libvirt-5.1.0/src/qemu/qemu_command.c -@@ -3024,6 +3024,7 @@ qemuBuildControllerDevStr(const virDomai - - case VIR_DOMAIN_CONTROLLER_TYPE_IDE: - case VIR_DOMAIN_CONTROLLER_TYPE_FDC: -+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS: - case VIR_DOMAIN_CONTROLLER_TYPE_LAST: - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Unsupported controller type: %s"), -Index: libvirt-5.1.0/src/qemu/qemu_domain.c -=================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu_domain.c -+++ libvirt-5.1.0/src/qemu/qemu_domain.c -@@ -5841,6 +5841,7 @@ qemuDomainDeviceDefValidateController(co - case VIR_DOMAIN_CONTROLLER_TYPE_VIRTIO_SERIAL: - case VIR_DOMAIN_CONTROLLER_TYPE_CCID: - case VIR_DOMAIN_CONTROLLER_TYPE_USB: -+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS: - case VIR_DOMAIN_CONTROLLER_TYPE_LAST: - break; - } -@@ -6459,6 +6460,7 @@ qemuDomainControllerDefPostParse(virDoma - case VIR_DOMAIN_CONTROLLER_TYPE_CCID: - case VIR_DOMAIN_CONTROLLER_TYPE_IDE: - case VIR_DOMAIN_CONTROLLER_TYPE_FDC: -+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS: - case VIR_DOMAIN_CONTROLLER_TYPE_LAST: - break; - } -Index: libvirt-5.1.0/src/qemu/qemu_domain_address.c -=================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu_domain_address.c -+++ libvirt-5.1.0/src/qemu/qemu_domain_address.c -@@ -669,6 +669,7 @@ qemuDomainDeviceCalculatePCIConnectFlags - - case VIR_DOMAIN_CONTROLLER_TYPE_FDC: - case VIR_DOMAIN_CONTROLLER_TYPE_CCID: -+ case VIR_DOMAIN_CONTROLLER_TYPE_XENBUS: - case VIR_DOMAIN_CONTROLLER_TYPE_LAST: - /* should be 0 */ - return pciFlags; diff --git a/411cdaf8-apparmor-check-profile-name.patch b/411cdaf8-apparmor-check-profile-name.patch deleted file mode 100644 index 61b7139..0000000 --- a/411cdaf8-apparmor-check-profile-name.patch +++ /dev/null @@ -1,45 +0,0 @@ -commit 411cdaf884f35b8dac2be17fcc24e052e11b7d60 -Author: Jim Fehlig -Date: Fri Mar 1 14:34:17 2019 -0700 - - apparmor: Check libvirtd profile status by name - - Commit a3ab6d42 changed the libvirtd profile to a named profile, - breaking the apparmor driver's ability to detect if the profile is - active. When the apparmor driver loads it checks the status of the - libvirtd profile using the full binary path, which fails since the - profile is now referenced by name. If the apparmor driver is - explicitly requested in /etc/libvirt/qemu.conf, then libvirtd fails - to load too. - - Instead of only checking the profile status by full binary path, - also check by profile name. The full path check is retained in case - users have a customized libvirtd profile with full path. - - Signed-off-by: Jim Fehlig - Acked-by: Jamie Strandboge - -Index: libvirt-5.1.0/src/security/security_apparmor.c -=================================================================== ---- libvirt-5.1.0.orig/src/security/security_apparmor.c -+++ libvirt-5.1.0/src/security/security_apparmor.c -@@ -257,10 +257,16 @@ use_apparmor(void) - if (access(APPARMOR_PROFILES_PATH, R_OK) != 0) - goto cleanup; - -+ /* First check profile status using full binary path. If that fails -+ * check using profile name. -+ */ - rc = profile_status(libvirt_daemon, 1); -- /* Error or unconfined should all result in -1*/ -- if (rc < 0) -- rc = -1; -+ if (rc < 0) { -+ rc = profile_status("libvirtd", 1); -+ /* Error or unconfined should all result in -1*/ -+ if (rc < 0) -+ rc = -1; -+ } - - cleanup: - VIR_FREE(libvirt_daemon); diff --git a/4ec3cf9a-apparmor-rules.patch b/4ec3cf9a-apparmor-rules.patch deleted file mode 100644 index 4454ca1..0000000 --- a/4ec3cf9a-apparmor-rules.patch +++ /dev/null @@ -1,33 +0,0 @@ -commit 4ec3cf9a0fc3d76058ea363a6c35df19e67e6261 -Author: Jim Fehlig -Date: Fri Mar 1 15:05:36 2019 -0700 - - apparmor: Add ptrace and signal rules for named profile - - Commit a3ab6d42 changed the libvirtd profile to a named profile - but neglected to accommodate the change in the qemu profile - ptrace and signal rules. As a result, libvirtd is unable to - signal confined qemu processes and hence unable to shutdown - or destroy VMs. - - Add ptrace and signal rules that reference the libvirtd profile - by name in addition to full binary path. - - Signed-off-by: Jim Fehlig - Acked-by: Jamie Strandboge - -Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu -=================================================================== ---- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu -+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu -@@ -16,8 +16,10 @@ - network inet stream, - network inet6 stream, - -+ ptrace (readby, tracedby) peer=libvirtd, - ptrace (readby, tracedby) peer=/usr/sbin/libvirtd, - -+ signal (receive) peer=libvirtd, - signal (receive) peer=/usr/sbin/libvirtd, - - /dev/net/tun rw, diff --git a/5a64c202-xenconfig-support-max-grant-frames.patch b/5a64c202-xenconfig-support-max-grant-frames.patch deleted file mode 100644 index 465aeea..0000000 --- a/5a64c202-xenconfig-support-max-grant-frames.patch +++ /dev/null @@ -1,170 +0,0 @@ -commit 5a64c202ccdac82f5868e638e5619e2b48c0444b -Author: Jim Fehlig -Date: Fri Mar 8 11:51:57 2019 -0700 - - xenconfig: Add support for max_grant_frames - - Add support in the domXML<->native config converter for - max_grant_frames. Include a test for the conversion. - - Signed-off-by: Jim Fehlig - Reviewed-by: Daniel P. Berrangé - -Index: libvirt-5.1.0/src/xenconfig/xen_xl.c -=================================================================== ---- libvirt-5.1.0.orig/src/xenconfig/xen_xl.c -+++ libvirt-5.1.0/src/xenconfig/xen_xl.c -@@ -607,6 +607,34 @@ xenParseXLVnuma(virConfPtr conf, - } - #endif - -+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS -+static int -+xenParseXLGntLimits(virConfPtr conf, virDomainDefPtr def) -+{ -+ unsigned long max_gntframes; -+ int ctlr_idx; -+ virDomainControllerDefPtr xenbus_ctlr; -+ -+ if (xenConfigGetULong(conf, "max_grant_frames", &max_gntframes, 0) < 0) -+ return -1; -+ -+ if (max_gntframes <= 0) -+ return 0; -+ -+ ctlr_idx = virDomainControllerFindByType(def, VIR_DOMAIN_CONTROLLER_TYPE_XENBUS); -+ if (ctlr_idx == -1) -+ xenbus_ctlr = virDomainDefAddController(def, VIR_DOMAIN_CONTROLLER_TYPE_XENBUS, -1, -1); -+ else -+ xenbus_ctlr = def->controllers[ctlr_idx]; -+ -+ if (xenbus_ctlr == NULL) -+ return -1; -+ -+ xenbus_ctlr->opts.xenbusopts.maxGrantFrames = max_gntframes; -+ return 0; -+} -+#endif -+ - static int - xenParseXLDiskSrc(virDomainDiskDefPtr disk, char *srcstr) - { -@@ -1165,6 +1193,11 @@ xenParseXL(virConfPtr conf, - goto cleanup; - #endif - -+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS -+ if (xenParseXLGntLimits(conf, def) < 0) -+ goto cleanup; -+#endif -+ - if (xenParseXLCPUID(conf, def) < 0) - goto cleanup; - -@@ -1517,6 +1550,24 @@ xenFormatXLDomainVnuma(virConfPtr conf, - } - #endif - -+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS -+static int -+xenFormatXLGntLimits(virConfPtr conf, virDomainDefPtr def) -+{ -+ size_t i; -+ -+ for (i = 0; i < def->ncontrollers; i++) { -+ if (def->controllers[i]->type == VIR_DOMAIN_CONTROLLER_TYPE_XENBUS && -+ def->controllers[i]->opts.xenbusopts.maxGrantFrames > 0) { -+ if (xenConfigSetInt(conf, "max_grant_frames", -+ def->controllers[i]->opts.xenbusopts.maxGrantFrames) < 0) -+ return -1; -+ } -+ } -+ return 0; -+} -+#endif -+ - static char * - xenFormatXLDiskSrcNet(virStorageSourcePtr src) - { -@@ -2166,6 +2217,11 @@ xenFormatXL(virDomainDefPtr def, virConn - goto cleanup; - #endif - -+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS -+ if (xenFormatXLGntLimits(conf, def) < 0) -+ goto cleanup; -+#endif -+ - if (xenFormatXLDomainDisks(conf, def) < 0) - goto cleanup; - -Index: libvirt-5.1.0/tests/xlconfigdata/test-max-gntframes.cfg -=================================================================== ---- /dev/null -+++ libvirt-5.1.0/tests/xlconfigdata/test-max-gntframes.cfg -@@ -0,0 +1,13 @@ -+name = "XenGuest1" -+uuid = "45b60f51-88a9-47a8-a3b3-5e66d71b2283" -+maxmem = 512 -+memory = 512 -+vcpus = 1 -+localtime = 0 -+on_poweroff = "preserve" -+on_reboot = "restart" -+on_crash = "preserve" -+vif = [ "mac=5a:36:0e:be:00:09" ] -+bootloader = "/usr/bin/pygrub" -+max_grant_frames = 64 -+disk = [ "format=qcow2,vdev=xvda,access=rw,backendtype=qdisk,target=/var/lib/xen/images/debian/disk.qcow2" ] -Index: libvirt-5.1.0/tests/xlconfigdata/test-max-gntframes.xml -=================================================================== ---- /dev/null -+++ libvirt-5.1.0/tests/xlconfigdata/test-max-gntframes.xml -@@ -0,0 +1,32 @@ -+ -+ XenGuest1 -+ 45b60f51-88a9-47a8-a3b3-5e66d71b2283 -+ 524288 -+ 524288 -+ 1 -+ /usr/bin/pygrub -+ -+ linux -+ -+ -+ preserve -+ restart -+ preserve -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -+ -Index: libvirt-5.1.0/tests/xlconfigtest.c -=================================================================== ---- libvirt-5.1.0.orig/tests/xlconfigtest.c -+++ libvirt-5.1.0/tests/xlconfigtest.c -@@ -299,6 +299,10 @@ mymain(void) - DO_TEST_FORMAT("fullvirt-direct-kernel-boot-extra", false); - DO_TEST_FORMAT("fullvirt-direct-kernel-boot-bogus-extra", false); - #endif -+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS -+ DO_TEST("max-gntframes"); -+#endif -+ - DO_TEST("vif-typename"); - DO_TEST("vif-multi-ip"); - DO_TEST("usb"); diff --git a/696239ba-qemu-fix-query-cpus-fast.patch b/696239ba-qemu-fix-query-cpus-fast.patch deleted file mode 100644 index a78dcc6..0000000 --- a/696239ba-qemu-fix-query-cpus-fast.patch +++ /dev/null @@ -1,38 +0,0 @@ -commit 696239ba6f83c65ded476e87d3ba77b424e16fd1 -Author: Viktor Mihajlovski -Date: Fri Mar 1 11:29:51 2019 +0100 - - qemu: Fix query-cpus-fast target architecture detection - - Since qemu 2.13 reports the target architecture in a property called - 'target' additionally to the property 'arch', that has been used in - qemu 2.12 in the response data of 'query-cpus-fast'. - Libvirts monitor code prefers the 'target' property over 'arch'. - - At least for s390(x), target is reported as 's390x' while arch is 's390'. - In a later step a comparison is performed against 's390' which fails for - qemu 2.13 and later. - - In consequence the architecture specific data for s390 won't be extracted - from the returned data, leading to incorrect values being reported by - virsh domstats --vcpu. - - Changing to check explicitly for 's390' and 's390x'. - - Signed-off-by: Viktor Mihajlovski - Reviewed-by: Bjoern Walk - Reviewed-by: Boris Fiuczynski - -Index: libvirt-5.1.0/src/qemu/qemu_monitor_json.c -=================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu_monitor_json.c -+++ libvirt-5.1.0/src/qemu/qemu_monitor_json.c -@@ -1772,7 +1772,7 @@ qemuMonitorJSONExtractCPUInfo(virJSONVal - goto cleanup; - - /* process optional architecture-specific data */ -- if (STREQ_NULLABLE(arch, "s390")) -+ if (STREQ_NULLABLE(arch, "s390") || STREQ_NULLABLE(arch, "s390x")) - qemuMonitorJSONExtractCPUS390Info(entry, cpus + i); - } - diff --git a/CVE-2019-3886-api.patch b/CVE-2019-3886-api.patch new file mode 100644 index 0000000..69c71a4 --- /dev/null +++ b/CVE-2019-3886-api.patch @@ -0,0 +1,26 @@ +commit 69f94df6afe2ea8e2034903d6423c783e0c535e8 +Author: Daniel P. Berrangé +Date: Wed Apr 3 15:00:49 2019 +0100 + + api: disallow virDomainGetHostname for read-only connections + + The virDomainGetHostname API is fetching guest information and this may + involve use of an untrusted guest agent. As such its use must be + forbidden on a read-only connection to libvirt. + + Fixes CVE-2019-3886 + Signed-off-by: Daniel P. Berrangé + +Index: libvirt-5.2.0/src/libvirt-domain.c +=================================================================== +--- libvirt-5.2.0.orig/src/libvirt-domain.c ++++ libvirt-5.2.0/src/libvirt-domain.c +@@ -11031,6 +11031,8 @@ virDomainGetHostname(virDomainPtr domain + virCheckDomainReturn(domain, NULL); + conn = domain->conn; + ++ virCheckReadOnlyGoto(domain->conn->flags, error); ++ + if (conn->driver->domainGetHostname) { + char *ret; + ret = conn->driver->domainGetHostname(domain, flags); diff --git a/CVE-2019-3886-remote.patch b/CVE-2019-3886-remote.patch new file mode 100644 index 0000000..9cfba0b --- /dev/null +++ b/CVE-2019-3886-remote.patch @@ -0,0 +1,35 @@ +commit 9737baf530d80eff19d46a5feb130d3064d47d64 +Author: Daniel P. Berrangé +Date: Wed Apr 3 15:00:50 2019 +0100 + + remote: enforce ACL write permission for getting guest time & hostname + + Getting the guest time and hostname both require use of guest agent + commands. These must not be allowed for read-only users, so the + permissions check must validate "write" permission not "read". + + Fixes CVE-2019-3886 + Signed-off-by: Daniel P. Berrangé + +Index: libvirt-5.2.0/src/remote/remote_protocol.x +=================================================================== +--- libvirt-5.2.0.orig/src/remote/remote_protocol.x ++++ libvirt-5.2.0/src/remote/remote_protocol.x +@@ -5513,7 +5513,7 @@ enum remote_procedure { + + /** + * @generate: both +- * @acl: domain:read ++ * @acl: domain:write + */ + REMOTE_PROC_DOMAIN_GET_HOSTNAME = 277, + +@@ -5908,7 +5908,7 @@ enum remote_procedure { + + /** + * @generate: none +- * @acl: domain:read ++ * @acl: domain:write + */ + REMOTE_PROC_DOMAIN_GET_TIME = 337, + diff --git a/blockcopy-check-dst-identical-device.patch b/blockcopy-check-dst-identical-device.patch index 60f7fbc..53a8f85 100644 --- a/blockcopy-check-dst-identical-device.patch +++ b/blockcopy-check-dst-identical-device.patch @@ -11,11 +11,11 @@ Signed-off-by: Chunyan Liu src/qemu/qemu_driver.c | 7 +++++++ 1 file changed, 7 insertions(+) -Index: libvirt-5.1.0/src/qemu/qemu_driver.c +Index: libvirt-5.2.0/src/qemu/qemu_driver.c =================================================================== ---- libvirt-5.1.0.orig/src/qemu/qemu_driver.c -+++ libvirt-5.1.0/src/qemu/qemu_driver.c -@@ -17836,6 +17836,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt +--- libvirt-5.2.0.orig/src/qemu/qemu_driver.c ++++ libvirt-5.2.0/src/qemu/qemu_driver.c +@@ -17735,6 +17735,14 @@ qemuDomainBlockCopyCommon(virDomainObjPt goto endjob; } diff --git a/ec5a1191-libxl-support-max-grant-frames.patch b/ec5a1191-libxl-support-max-grant-frames.patch deleted file mode 100644 index 5170862..0000000 --- a/ec5a1191-libxl-support-max-grant-frames.patch +++ /dev/null @@ -1,184 +0,0 @@ -commit ec5a11910d12f80e26f5d9905840c109e74939db -Author: Jim Fehlig -Date: Thu Mar 7 15:16:09 2019 -0700 - - libxl: Add support for max_grant_frames - - Add support for setting max_grant_frames in libxl domain config - object and include a test to check that it is properly converted - from XML to libxl domain config. - - Signed-off-by: Jim Fehlig - Reviewed-by: Daniel P. Berrangé - -Index: libvirt-5.1.0/src/libxl/libxl_conf.c -=================================================================== ---- libvirt-5.1.0.orig/src/libxl/libxl_conf.c -+++ libvirt-5.1.0/src/libxl/libxl_conf.c -@@ -393,6 +393,15 @@ libxlMakeDomBuildInfo(virDomainDefPtr de - def->mem.cur_balloon = VIR_ROUND_UP(def->mem.cur_balloon, 1024); - b_info->max_memkb = virDomainDefGetMemoryInitial(def); - b_info->target_memkb = def->mem.cur_balloon; -+ -+#ifdef LIBXL_HAVE_BUILDINFO_GRANT_LIMITS -+ for (i = 0; i < def->ncontrollers; i++) { -+ if (def->controllers[i]->type == VIR_DOMAIN_CONTROLLER_TYPE_XENBUS && -+ def->controllers[i]->opts.xenbusopts.maxGrantFrames > 0) -+ b_info->max_grant_frames = def->controllers[i]->opts.xenbusopts.maxGrantFrames; -+ } -+#endif -+ - if (hvm || pvh) { - if (caps && - def->cpu && def->cpu->mode == (VIR_CPU_MODE_HOST_PASSTHROUGH)) { -Index: libvirt-5.1.0/tests/libxlxml2domconfigdata/max-gntframes-hvm.json -=================================================================== ---- /dev/null -+++ libvirt-5.1.0/tests/libxlxml2domconfigdata/max-gntframes-hvm.json -@@ -0,0 +1,90 @@ -+{ -+ "c_info": { -+ "type": "hvm", -+ "name": "test-hvm", -+ "uuid": "2147d599-9cc6-c0dc-92ab-4064b5446e9b" -+ }, -+ "b_info": { -+ "max_vcpus": 4, -+ "avail_vcpus": [ -+ 0, -+ 1, -+ 2, -+ 3 -+ ], -+ "max_memkb": 1048576, -+ "target_memkb": 1048576, -+ "video_memkb": 8192, -+ "shadow_memkb": 12288, -+ "max_grant_frames": 64, -+ "device_model_version": "qemu_xen", -+ "device_model": "/bin/true", -+ "sched_params": { -+ -+ }, -+ "type.hvm": { -+ "pae": "True", -+ "apic": "True", -+ "acpi": "True", -+ "vga": { -+ "kind": "cirrus" -+ }, -+ "vnc": { -+ "enable": "True", -+ "listen": "0.0.0.0", -+ "findunused": "False" -+ }, -+ "sdl": { -+ "enable": "False" -+ }, -+ "spice": { -+ -+ }, -+ "boot": "c", -+ "rdm": { -+ -+ } -+ }, -+ "arch_arm": { -+ -+ } -+ }, -+ "disks": [ -+ { -+ "pdev_path": "/var/lib/xen/images/test-hvm.img", -+ "vdev": "hda", -+ "backend": "qdisk", -+ "format": "raw", -+ "removable": 1, -+ "readwrite": 1 -+ } -+ ], -+ "nics": [ -+ { -+ "devid": 0, -+ "mac": "00:16:3e:66:12:b4", -+ "bridge": "br0", -+ "script": "/etc/xen/scripts/vif-bridge", -+ "nictype": "vif_ioemu" -+ } -+ ], -+ "vfbs": [ -+ { -+ "devid": -1, -+ "vnc": { -+ "enable": "True", -+ "listen": "0.0.0.0", -+ "findunused": "False" -+ }, -+ "sdl": { -+ "enable": "False" -+ } -+ } -+ ], -+ "vkbs": [ -+ { -+ "devid": -1 -+ } -+ ], -+ "on_reboot": "restart" -+} -Index: libvirt-5.1.0/tests/libxlxml2domconfigdata/max-gntframes-hvm.xml -=================================================================== ---- /dev/null -+++ libvirt-5.1.0/tests/libxlxml2domconfigdata/max-gntframes-hvm.xml -@@ -0,0 +1,37 @@ -+ -+ test-hvm -+ None -+ 2147d599-9cc6-c0dc-92ab-4064b5446e9b -+ 1048576 -+ 1048576 -+ 4 -+ destroy -+ restart -+ destroy -+ -+ -+ hvm -+ /usr/lib/xen/boot/hvmloader -+ -+ -+ -+ -+ -+ -+ -+ -+ /bin/true -+ -+ -+ -+ -+ -+ -+ -+ -+ -+