Accepting request 512570 from home:bfrogers:branches:Virtualization

Include latest security fixes. Also fix support statements. Also adjust to recent libvdeplug-devel package name change.

OBS-URL: https://build.opensuse.org/request/show/512570
OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=350

0069-qemu-nbd-Ignore-SIGPIPE.patch

@@ -0,0 +1,47 @@
+From 40c9dcf30be29a4d76aeb85b5510cea071423b81 Mon Sep 17 00:00:00 2001
+From: Max Reitz <mreitz@redhat.com>
+Date: Sun, 11 Jun 2017 14:37:14 +0200
+Subject: [PATCH] qemu-nbd: Ignore SIGPIPE
+
+qemu proper has done so for 13 years
+(8a7ddc38a60648257dc0645ab4a05b33d6040063), qemu-img and qemu-io have
+done so for four years (526eda14a68d5b3596be715505289b541288ef2a).
+Ignoring this signal is especially important in qemu-nbd because
+otherwise a client can easily take down the qemu-nbd server by dropping
+the connection when the server wants to send something, for example:
+
+$ qemu-nbd -x foo -f raw -t null-co:// &
+[1] 12726
+$ qemu-io -c quit nbd://localhost/bar
+can't open device nbd://localhost/bar: No export with name 'bar' available
+[1]  + 12726 broken pipe  qemu-nbd -x foo -f raw -t null-co://
+
+In this case, the client sends an NBD_OPT_ABORT and closes the
+connection (because it is not required to wait for a reply), but the
+server replies with an NBD_REP_ACK (because it is required to reply).
+
+Signed-off-by: Max Reitz <mreitz@redhat.com>
+Message-Id: <20170611123714.31292-1-mreitz@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 041e32b8d9d076980b4e35317c0339e57ab888f1)
+[BR: BSC#1046636 CVE-2017-10664]
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ qemu-nbd.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index b44764eb87..83bf9cb46c 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -581,6 +581,10 @@ int main(int argc, char **argv)
+     sa_sigterm.sa_handler = termsig_handler;
+     sigaction(SIGTERM, &sa_sigterm, NULL);
+ 
++#ifdef CONFIG_POSIX
++    signal(SIGPIPE, SIG_IGN);
++#endif
++
+     module_call_init(MODULE_INIT_TRACE);
+     qcrypto_init(&error_fatal);
+ 

0070-usb-redir-fix-stack-overflow-in-usb.patch

@@ -0,0 +1,50 @@
+From 416a6f3bf137b8e6782dd7c1f9563afe8ee97b19 Mon Sep 17 00:00:00 2001
+From: Gerd Hoffmann <kraxel@redhat.com>
+Date: Tue, 9 May 2017 13:01:28 +0200
+Subject: [PATCH] usb-redir: fix stack overflow in usbredir_log_data
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Don't reinvent a broken wheel, just use the hexdump function we have.
+
+Impact: low, broken code doesn't run unless you have debug logging
+enabled.
+
+Reported-by: 李强 <liqiang6-s@360.cn>
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+Message-id: 20170509110128.27261-1-kraxel@redhat.com
+(cherry picked from commit bd4a683505b27adc1ac809f71e918e58573d851d)
+[BR: BSC#1047674 CVE-2017-10806]
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ hw/usb/redirect.c | 13 +------------
+ 1 file changed, 1 insertion(+), 12 deletions(-)
+
+diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
+index 0efe62f725..eb70dc7218 100644
+--- a/hw/usb/redirect.c
++++ b/hw/usb/redirect.c
+@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
+ static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
+     const uint8_t *data, int len)
+ {
+-    int i, j, n;
+-
+     if (dev->debug < usbredirparser_debug_data) {
+         return;
+     }
+-
+-    for (i = 0; i < len; i += j) {
+-        char buf[128];
+-
+-        n = sprintf(buf, "%s", desc);
+-        for (j = 0; j < 8 && i + j < len; j++) {
+-            n += sprintf(buf + n, " %02X", data[i + j]);
+-        }
+-        error_report("%s", buf);
+-    }
++    qemu_hexdump((char *)data, stderr, desc, len);
+ }
+ 
+ /*

0071-exec-use-qemu_ram_ptr_length-to-acc.patch

@@ -0,0 +1,43 @@
+From f6658a500e003e91225f59bc2c2305c6b7d2f0d1 Mon Sep 17 00:00:00 2001
+From: Prasad J Pandit <pjp@fedoraproject.org>
+Date: Wed, 12 Jul 2017 18:08:40 +0530
+Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram
+
+When accessing guest's ram block during DMA operation, use
+'qemu_ram_ptr_length' to get ram block pointer. It ensures
+that DMA operation of given length is possible; And avoids
+any OOB memory access situations.
+
+Reported-by: Alex <broscutamaker@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+(cherry picked from commit 04bf2526ce87f21b32c9acba1c5518708c243ad0)
+[BR: BSC#1048902 CVE-2017-11334]
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ exec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/exec.c b/exec.c
+index b47b3f9096..1de9107b61 100644
+--- a/exec.c
++++ b/exec.c
+@@ -2767,7 +2767,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(ptr, buf, l);
+             invalidate_and_set_dirty(mr, addr1, l);
+         }
+@@ -2858,7 +2858,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
+             }
+         } else {
+             /* RAM case */
+-            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
++            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
+             memcpy(buf, ptr, l);
+         }
+ 

0072-slirp-check-len-against-dhcp-option.patch

@@ -0,0 +1,33 @@
+From 9ba94af263d7c64137cc748abd9cf3c23e07decc Mon Sep 17 00:00:00 2001
+From: P J P <ppandit@redhat.com>
+Date: Tue, 25 Jul 2017 13:34:29 -0600
+Subject: [PATCH] slirp: check len against dhcp options array end
+
+From: Prasad J Pandit <pjp@fedoraproject.org>
+
+While parsing dhcp options string in 'dhcp_decode', if an options'
+length 'len' appeared towards the end of 'bp_vend' array, ensuing
+read could lead to an OOB memory access issue. Add check to avoid it.
+
+Reported-by: Reno Robert <renorobert@gmail.com>
+Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
+[BR: BSC#1049381 CVE-2017-11434]
+Signed-off-by: Bruce Rogers <brogers@suse.com>
+---
+ slirp/bootp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c182..5dd1a415b5 100644
+--- a/slirp/bootp.c
++++ b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+             if (p >= p_end)
+                 break;
+             len = *p++;
++            if (p + len > p_end) {
++                break;
++            }
+             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+ 
+             switch(tag) {

qemu-linux-user.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Tue Jul 25 19:36:58 UTC 2017 - brogers@suse.com
+
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
+* Patches added:
+  0069-qemu-nbd-Ignore-SIGPIPE.patch
+  0070-usb-redir-fix-stack-overflow-in-usb.patch
+  0071-exec-use-qemu_ram_ptr_length-to-acc.patch
+  0072-slirp-check-len-against-dhcp-option.patch
+
 -------------------------------------------------------------------
 Tue Jul 18 19:51:49 UTC 2017 - brogers@suse.com
 

qemu-linux-user.spec

@@ -94,6 +94,10 @@ Patch0065:      0065-hid-Reset-kbd-modifiers-on-reset.patch
 Patch0066:      0066-input-Decrement-queue-count-on-kbd-.patch
 Patch0067:      0067-xhci-only-update-dequeue-ptr-on-com.patch
 Patch0068:      0068-vnc-Set-default-kbd-delay-to-10ms.patch
+Patch0069:      0069-qemu-nbd-Ignore-SIGPIPE.patch
+Patch0070:      0070-usb-redir-fix-stack-overflow-in-usb.patch
+Patch0071:      0071-exec-use-qemu_ram_ptr_length-to-acc.patch
+Patch0072:      0072-slirp-check-len-against-dhcp-option.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 Source400:      update_git.sh
@@ -215,6 +219,10 @@ run cross-architecture builds.
 %patch0066 -p1
 %patch0067 -p1
 %patch0068 -p1
+%patch0069 -p1
+%patch0070 -p1
+%patch0071 -p1
+%patch0072 -p1
 
 %build
 ./configure \

qemu-testsuite.changes

@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Tue Jul 25 19:36:55 UTC 2017 - brogers@suse.com
+
+- Address various security/stability issues
+* Fix DOS vulnerability in qemu-nbd (bsc#1046636 CVE-2017-10664)
+  0069-qemu-nbd-Ignore-SIGPIPE.patch
+* Fix DOS from stack overflow in debug messages of usb redirection
+  support (bsc#1047674 CVE-2017-10806) 
+  0070-usb-redir-fix-stack-overflow-in-usb.patch
+* Fix OOB access during DMA operation (CVE-2017-11334 bsc#1048902) 
+  0071-exec-use-qemu_ram_ptr_length-to-acc.patch
+* Fix OOB access parsing dhcp slirp options (CVE-2017-11434 bsc#1049381) 
+  0072-slirp-check-len-against-dhcp-option.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
+
+-------------------------------------------------------------------
+Tue Jul 25 16:51:20 UTC 2017 - brogers@suse.com
+
+- Fix support docs to indicate ARM64 is now fully L3 supported in
+  SLES 12 SP3. Apply a few additional clarifications in the support
+  docs. (bsc#1050268)
+- Adjust to libvdeplug-devel package naming changes.
+
 -------------------------------------------------------------------
 Tue Jul 18 19:51:45 UTC 2017 - brogers@suse.com
 

qemu-testsuite.spec

@@ -198,6 +198,10 @@ Patch0065:      0065-hid-Reset-kbd-modifiers-on-reset.patch
 Patch0066:      0066-input-Decrement-queue-count-on-kbd-.patch
 Patch0067:      0067-xhci-only-update-dequeue-ptr-on-com.patch
 Patch0068:      0068-vnc-Set-default-kbd-delay-to-10ms.patch
+Patch0069:      0069-qemu-nbd-Ignore-SIGPIPE.patch
+Patch0070:      0070-usb-redir-fix-stack-overflow-in-usb.patch
+Patch0071:      0071-exec-use-qemu_ram_ptr_length-to-acc.patch
+Patch0072:      0072-slirp-check-len-against-dhcp-option.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -334,7 +338,11 @@ BuildRequires:  libssh2-devel
 %if 0%{?suse_version} > 1310
 BuildRequires:  libusb-1_0-devel
 %endif
+%if 0%{?suse_version} > 1320
+BuildRequires:  libvdeplug-devel
+%else
 BuildRequires:  libvdeplug3-devel
+%endif
 BuildRequires:  lzo-devel
 %if 0%{?suse_version} > 1220
 BuildRequires:  makeinfo
@@ -914,6 +922,10 @@ This package provides a service file for starting and stopping KSM.
 %patch0066 -p1
 %patch0067 -p1
 %patch0068 -p1
+%patch0069 -p1
+%patch0070 -p1
+%patch0071 -p1
+%patch0072 -p1
 
 pushd roms/ipxe
 %patch1100 -p1

qemu.changes

@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Tue Jul 25 19:36:55 UTC 2017 - brogers@suse.com
+
+- Address various security/stability issues
+* Fix DOS vulnerability in qemu-nbd (bsc#1046636 CVE-2017-10664)
+  0069-qemu-nbd-Ignore-SIGPIPE.patch
+* Fix DOS from stack overflow in debug messages of usb redirection
+  support (bsc#1047674 CVE-2017-10806) 
+  0070-usb-redir-fix-stack-overflow-in-usb.patch
+* Fix OOB access during DMA operation (CVE-2017-11334 bsc#1048902) 
+  0071-exec-use-qemu_ram_ptr_length-to-acc.patch
+* Fix OOB access parsing dhcp slirp options (CVE-2017-11434 bsc#1049381) 
+  0072-slirp-check-len-against-dhcp-option.patch
+- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-2.9
+
+-------------------------------------------------------------------
+Tue Jul 25 16:51:20 UTC 2017 - brogers@suse.com
+
+- Fix support docs to indicate ARM64 is now fully L3 supported in
+  SLES 12 SP3. Apply a few additional clarifications in the support
+  docs. (bsc#1050268)
+- Adjust to libvdeplug-devel package naming changes.
+
 -------------------------------------------------------------------
 Tue Jul 18 19:51:45 UTC 2017 - brogers@suse.com
 

qemu.spec

@@ -198,6 +198,10 @@ Patch0065:      0065-hid-Reset-kbd-modifiers-on-reset.patch
 Patch0066:      0066-input-Decrement-queue-count-on-kbd-.patch
 Patch0067:      0067-xhci-only-update-dequeue-ptr-on-com.patch
 Patch0068:      0068-vnc-Set-default-kbd-delay-to-10ms.patch
+Patch0069:      0069-qemu-nbd-Ignore-SIGPIPE.patch
+Patch0070:      0070-usb-redir-fix-stack-overflow-in-usb.patch
+Patch0071:      0071-exec-use-qemu_ram_ptr_length-to-acc.patch
+Patch0072:      0072-slirp-check-len-against-dhcp-option.patch
 # Please do not add QEMU patches manually here.
 # Run update_git.sh to regenerate this queue.
 
@@ -334,7 +338,11 @@ BuildRequires:  libssh2-devel
 %if 0%{?suse_version} > 1310
 BuildRequires:  libusb-1_0-devel
 %endif
+%if 0%{?suse_version} > 1320
+BuildRequires:  libvdeplug-devel
+%else
 BuildRequires:  libvdeplug3-devel
+%endif
 BuildRequires:  lzo-devel
 %if 0%{?suse_version} > 1220
 BuildRequires:  makeinfo
@@ -914,6 +922,10 @@ This package provides a service file for starting and stopping KSM.
 %patch0066 -p1
 %patch0067 -p1
 %patch0068 -p1
+%patch0069 -p1
+%patch0070 -p1
+%patch0071 -p1
+%patch0072 -p1
 
 pushd roms/ipxe
 %patch1100 -p1

qemu.spec.in

@@ -267,7 +267,11 @@ BuildRequires:  libssh2-devel
 %if 0%{?suse_version} > 1310
 BuildRequires:  libusb-1_0-devel
 %endif
+%if 0%{?suse_version} > 1320
+BuildRequires:  libvdeplug-devel
+%else
 BuildRequires:  libvdeplug3-devel
+%endif
 BuildRequires:  lzo-devel
 %if 0%{?suse_version} > 1220
 BuildRequires:  makeinfo
@@ -315,14 +319,14 @@ BuildRequires:  zlib-devel
 %if "%{name}" == "qemu-testsuite"
 BuildRequires:  bc
 BuildRequires:  qemu-arm   = %version
+BuildRequires:  qemu-block-curl = %version
+BuildRequires:  qemu-block-dmg = %version
 BuildRequires:  qemu-extra = %version
 BuildRequires:  qemu-guest-agent = %version
 BuildRequires:  qemu-ppc   = %version
 BuildRequires:  qemu-s390  = %version
 BuildRequires:  qemu-tools = %version
 BuildRequires:  qemu-x86   = %version
-BuildRequires:  qemu-block-curl = %version
-BuildRequires:  qemu-block-dmg = %version
 %if 0%{?suse_version} >= 1310 && 0%{?suse_version} != 1315
 BuildRequires:  qemu-block-gluster = %version
 %endif

supported.arm.txt

@@ -10,13 +10,12 @@ Overview
   quality or value. The linux kernel includes components which contribute KVM
   virtualization features as well. This document was created to assist the user
   in deciding which features can be relied upon to build enterprise class
-  virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64)
-  and for IBM System z (s390x) are offered at the L3 (full support) level,
-  while KVM for the ARM64 architecture (AArch64) is L3 supported for certain
-  partner-specific use cases. The bulk of this document deals with L3 supported
-  features and is primarily ARM64 centric. This document should be considered a
-  companion to the standard virtualization documentation delivered with the
-  product.
+  virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64),
+  for IBM System z (s390x) and for the ARM64 architecture (AArch64) are offered
+  at the L3 (full support) level. The bulk of this document deals with L3
+  supported features and is primarily ARM64 centric. This document should be
+  considered a companion to the standard virtualization documentation delivered
+  with the product.
 
   KVM is implemented in linux kernel modules which enable the linux kernel to
   function as an integral part of the KVM hypervisor. The hypervisor-guest
@@ -57,9 +56,6 @@ Major QEMU/KVM Supported Features
   Since a KVM guest runs in the context of a normal linux process, some types
   of execution controls are managed with linux tools.
 
-- Various standard vCPU types are available, along with the ability to specify
-  individual CPU features visible to the guest.
-
 - QEMU is compatible with EDK based UEFI firmware available with SLES12-SP3,
   which allow boot options common to physical systems along with other features
   tailored to virtualization. Various VGABIOS ROMs, from the SEABIOS project,
@@ -79,8 +75,8 @@ Major QEMU/KVM Supported Features
   take place either from certain prior SLES versioned hosts to a SLES 12 SP3
   or between hosts of the same version. Certain other restrictions also apply.
 
-- Security considerations include seccomp2 based sandboxing, privileged
-  helpers and a security model which allows running guests as a non-root user.
+- Security considerations include privileged helpers and a security model which
+  allows running guests as a non-root user.
 
 - QEMU provides best effort reuse of existing disk images, including those with
   systems installed, through geometry probing. Also disk images produced by

supported.s390.txt

@@ -10,21 +10,20 @@ Overview
   quality or value. The linux kernel includes components which contribute KVM
   virtualization features as well. This document was created to assist the user
   in deciding which features can be relied upon to build enterprise class
-  virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64)
-  and for IBM System z (s390x) are offered at the L3 (full support) level,
-  while KVM for the ARM64 architecture (AArch64) is L3 supported for certain
-  partner-specific use cases. The bulk of this document deals with L3 supported
-  features and is primarily s390x centric. This document should be considered a
-  companion to the standard virtualization documentation delivered with the
-  product.
+  virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64),
+  for IBM System z (s390x) and for the ARM64 architecture (AArch64) are offered
+  at the L3 (full support) level. The bulk of this document deals with L3
+  supported features and is primarily s390x centric. This document should be
+  considered a companion to the standard virtualization documentation delivered
+  with the product.
 
   KVM is implemented in linux kernel modules which enable the linux kernel to
   function as an integral part of the KVM hypervisor. The hypervisor-guest
   interaction is managed by QEMU through the /dev/kvm ioctl interface. The linux
   host assists in the virtualization of storage, networking and display
-  resources as well as allowing direct hardware passthrough of PCI and USB
-  devices. Linux memory and cpu management features are used by QEMU/KVM to
-  enable guests to share those host resources as efficiently as possible.
+  resources as well as allowing direct hardware passthrough of PCI devices.
+  Linux memory and cpu management features are used by QEMU/KVM to enable guests
+  to share those host resources as efficiently as possible.
 
   QEMU is a primary component of KVM based virtualization. The legacy qemu-kvm
   program is provided for continuity with pre SLES 12 usage, including in
@@ -59,9 +58,6 @@ Major QEMU/KVM Supported Features
   Since a KVM guest runs in the context of a normal linux process, some types
   of execution controls are managed with linux tools.
 
-- Various standard vCPU types are available, along with the ability to specify
-  individual CPU features visible to the guest.
-
 - QEMU incorporates virtualized, 390 specific, ccw bus based firmware for
   booting s390 guests. This firmware is automatically incorporated and
   doesn't need to be explicitly referenced.
@@ -80,8 +76,8 @@ Major QEMU/KVM Supported Features
   take place either from certain prior SLES versioned hosts to a SLES 12 SP3
   or between hosts of the same version. Certain other restrictions also apply.
 
-- Security considerations include seccomp2 based sandboxing, privileged
-  helpers and a security model which allows running guests as a non-root user.
+- Security considerations include privileged helpers and a security model which
+  allows running guests as a non-root user.
 
 - QEMU provides best effort reuse of existing disk images, including those with
   systems installed, through geometry probing. Also disk images produced by
@@ -97,8 +93,8 @@ Major QEMU/KVM Supported Features
 - Guest performance is enhanced through the use of virtio devices, various disk
   caching modes, network acceleration via the vhost-net kernel module, multi-
   queue network transmit capabilities, host transparent huge pages (THP) and
-  direct hugetlb usage. Physical PCI and USB devices may also be passed through
-  to the guest, including SR-IOV VF's.
+  direct hugetlb usage. Physical PCI devices may also be passed through to the
+  guest, including SR-IOV VF's.
 
 - The guest UI is accessable via GTK, SDL, VNC, Spice, and serial (including
   curses TUI) interfaces.

supported.x86.txt

@@ -10,13 +10,12 @@ Overview
   quality or value. The linux kernel includes components which contribute KVM
   virtualization features as well. This document was created to assist the user
   in deciding which features can be relied upon to build enterprise class
-  virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64)
-  and for IBM System z (s390x) are offered at the L3 (full support) level,
-  while KVM for the ARM64 architecture (AArch64) is L3 supported for certain
-  partner-specific use cases. The bulk of this document deals with L3 supported
-  features and is primarily x86 centric. This document should be considered a
-  companion to the standard virtualization documentation delivered with the
-  product.
+  virtualization solutions. KVM based virtualization for x86 (Intel 64/AMD64),
+  for IBM System z (s390x) and for the ARM64 architecture (AArch64) are offered
+  at the L3 (full support) level. The bulk of this document deals with L3
+  supported features and is primarily x86 centric. This document should be
+  considered a companion to the standard virtualization documentation delivered
+  with the product.
 
   KVM is implemented in linux kernel modules which enable the linux kernel to
   function as an integral part of the KVM hypervisor. The hypervisor-guest