From 4378d7fd1164f055c0b1df895810487140ebc0a97b329b01a1f07d8a4ce60100 Mon Sep 17 00:00:00 2001
From: James Fehlig <jfehlig@suse.com>
Date: Fri, 5 Aug 2016 22:45:18 +0000
Subject: [PATCH] - cpu_x86: fix libvirtd segfault when host cpu is 'qemu64'  
 cpumodel-vendor-crash-fix.patch   bsc#992425

OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=560
---
 cpumodel-vendor-crash-fix.patch | 56 +++++++++++++++++++++++++++++++++
 libvirt.changes                 |  7 +++++
 libvirt.spec                    |  4 ++-
 3 files changed, 66 insertions(+), 1 deletion(-)
 create mode 100644 cpumodel-vendor-crash-fix.patch

diff --git a/cpumodel-vendor-crash-fix.patch b/cpumodel-vendor-crash-fix.patch
new file mode 100644
index 0000000..51aab51
--- /dev/null
+++ b/cpumodel-vendor-crash-fix.patch
@@ -0,0 +1,56 @@
+From 341445ce85d91a105f8183f22226d9d90853b27b Mon Sep 17 00:00:00 2001
+From: Jim Fehlig <jfehlig@suse.com>
+Date: Fri, 5 Aug 2016 15:23:47 -0600
+Subject: [PATCH] cpu_x86: fix libvirtd crash when host cpu is 'qemu64'
+
+When starting an L2 nested VM with <cpu mode="host-model"> on an
+L1 VM with cpu 'qemu64', libvirtd crashes with
+
+Program received signal SIGSEGV, Segmentation fault.
+0x00007ffff739bf33 in x86DataCpuid (cpuid=0x8, cpuid=0x8,
+    data=data@entry=0x7fffb800ee78) at cpu/cpu_x86.c:287
+287         for (i = 0; i < data->len; i++) {
+(gdb) bt
+f0  0x00007ffff739bf33 in x86DataCpuid (cpuid=0x8, cpuid=0x8,
+    data=data@entry=0x7fffb800ee78) at cpu/cpu_x86.c:287
+f1  virCPUx86DataAddCPUID (data=data@entry=0x7fffb800ee78, cpuid=0x8)
+    at cpu/cpu_x86.c:355
+f2  0x00007ffff739ef47 in x86Compute (host=<optimized out>, cpu=0x7fffb8000cc0,
+    guest=0x7fffecca7348, message=<optimized out>) at cpu/cpu_x86.c:1580
+f3  0x00007fffd2b38e53 in qemuBuildCpuModelArgStr (migrating=false,
+    hasHwVirt=<synthetic pointer>, qemuCaps=0x7fffb8001040, buf=0x7fffecca7360,
+    def=0x7fffc400ce20, driver=0x1c) at qemu/qemu_command.c:6283
+f4  qemuBuildCpuCommandLine (cmd=cmd@entry=0x7fffb8002f60,
+    driver=driver@entry=0x7fffc80882c0, def=def@entry=0x7fffc400ce20,
+    qemuCaps=qemuCaps@entry=0x7fffb8001040, migrating=<optimized out>)
+    at qemu/qemu_command.c:6445
+
+In frame 2, &host_model->vendor->cpuid is passed to virCPUx86DataAddCPUID(),
+but
+
+(gdb) p *host_model
+$23 = {name = 0x7fffb800ec50 "qemu64", vendor = 0x0, signature = 0, data = {
+    len = 2, data = 0x7fffb800e720}}
+
+With vendor = 0x0,  &host_model->vendor->cpuid evaluates to 8, which
+is not a nice value to pass to virCPUx86DataAddCPUID(). Check for a
+non-null host_model->vendor before calling virCPUx86DataAddCPUID().
+
+Signed-off-by: Jim Fehlig <jfehlig@suse.com>
+---
+ src/cpu/cpu_x86.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: libvirt-2.0.0/src/cpu/cpu_x86.c
+===================================================================
+--- libvirt-2.0.0.orig/src/cpu/cpu_x86.c
++++ libvirt-2.0.0/src/cpu/cpu_x86.c
+@@ -1576,7 +1576,7 @@ x86Compute(virCPUDefPtr host,
+         if (!(guest_model = x86ModelCopy(host_model)))
+             goto error;
+ 
+-        if (cpu->vendor &&
++        if (cpu->vendor && host_model->vendor &&
+             virCPUx86DataAddCPUID(&guest_model->data,
+                                   &host_model->vendor->cpuid) < 0)
+             goto error;
diff --git a/libvirt.changes b/libvirt.changes
index dfccb8d..0460a11 100644
--- a/libvirt.changes
+++ b/libvirt.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Fri Aug  5 22:27:44 UTC 2016 - jfehlig@suse.com
+
+- cpu_x86: fix libvirtd segfault when host cpu is 'qemu64'
+  cpumodel-vendor-crash-fix.patch
+  bsc#992425
+
 -------------------------------------------------------------------
 Fri Aug  5 08:05:39 UTC 2016 - cbosdonnat@suse.com
 
diff --git a/libvirt.spec b/libvirt.spec
index 68a84fb..de2575d 100644
--- a/libvirt.spec
+++ b/libvirt.spec
@@ -1,7 +1,7 @@
 #
 # spec file for package libvirt
 #
-# Copyright (c) 2016 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -317,6 +317,7 @@ Patch0:         c8f08e48-systemd-notify-fix.patch
 # Patches pending upstream review
 Patch100:       libxl-dom-reset.patch
 Patch101:       pci-use-driver-override-sysfs.patch
+Patch102:       cpumodel-vendor-crash-fix.patch
 # Need to go upstream
 Patch150:       xen-pv-cdrom.patch
 Patch151:       blockcopy-check-dst-identical-device.patch
@@ -770,6 +771,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
 %patch0 -p1
 %patch100 -p1
 %patch101 -p1
+%patch102 -p1
 %patch150 -p1
 %patch151 -p1
 %patch152 -p1