Accepting request 689893 from home:bfrogers:branches:Virtualization
Upstream changed the fix for a security bug. Adjust accordingly. Sorry for the churn! OBS-URL: https://build.opensuse.org/request/show/689893 OBS-URL: https://build.opensuse.org/package/show/Virtualization/qemu?expand=0&rev=462
This commit is contained in:
parent
0201824b9e
commit
e274119f03
167
0065-spapr-Simplify-handling-of-host-ser.patch
Normal file
167
0065-spapr-Simplify-handling-of-host-ser.patch
Normal file
@ -0,0 +1,167 @@
|
|||||||
|
From: David Gibson <david@gibson.dropbear.id.au>
|
||||||
|
Date: Wed, 27 Mar 2019 13:54:11 +1100
|
||||||
|
Subject: spapr: Simplify handling of host-serial and host-model values
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
27461d69a0f "ppc: add host-serial and host-model machine attributes
|
||||||
|
(CVE-2019-8934)" introduced 'host-serial' and 'host-model' machine
|
||||||
|
properties for spapr to explicitly control the values advertised to the
|
||||||
|
guest in device tree properties with the same names.
|
||||||
|
|
||||||
|
The previous behaviour on KVM was to unconditionally populate the device
|
||||||
|
tree with the real host serial number and model, which leaks possibly
|
||||||
|
sensitive information about the host to the guest.
|
||||||
|
|
||||||
|
To maintain compatibility for old machine types, we allowed those props
|
||||||
|
to be set to "passthrough" to take the value from the host as before. Or
|
||||||
|
they could be set to "none" to explicitly omit the device tree items.
|
||||||
|
|
||||||
|
Special casing specific values on what's otherwise a user supplied string
|
||||||
|
is very ugly. So, this patch simplifies things by implementing the
|
||||||
|
backwards compatibility in a different way: we have a machine class flag
|
||||||
|
set for the older machines, and we only load the host values into the
|
||||||
|
device tree if A) they're not set by the user and B) we have that flag set.
|
||||||
|
|
||||||
|
This does mean that the "passthrough" functionality is no longer available
|
||||||
|
with the current machine type. That's ok though: if a user or management
|
||||||
|
layer really wants the information passed through they can read it
|
||||||
|
themselves (OpenStack Nova already does something similar for x86).
|
||||||
|
|
||||||
|
It also means the user can't explicitly ask for the values to be omitted
|
||||||
|
on the old machine types. I think that's an acceptable trade-off: if you
|
||||||
|
care enough about not leaking the host information you can either move to
|
||||||
|
the new machine type, or use a dummy value for the properties.
|
||||||
|
|
||||||
|
For the new machine type, this also removes an odd inconsistency
|
||||||
|
between running on a POWER and non-POWER (or non-Linux) hosts: if the
|
||||||
|
host information couldn't be read from where we expect (in the host's
|
||||||
|
device tree as exposed by Linux), we'd fallback to omitting the guest
|
||||||
|
device tree items.
|
||||||
|
|
||||||
|
While we're there, improve some poorly worded comments, and the help text
|
||||||
|
for the properties.
|
||||||
|
|
||||||
|
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
|
||||||
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
||||||
|
Reviewed-by: Greg Kurz <groug@kaod.org>
|
||||||
|
Tested-by: Greg Kurz <groug@kaod.org>
|
||||||
|
(cherry picked from commit 0a794529bd1109aeea0c407784b40a2605e808b9)
|
||||||
|
[BR: BSC#1126455 CVE-2019-03812]
|
||||||
|
Signed-off-by: Bruce Rogers <brogers@suse.com>
|
||||||
|
---
|
||||||
|
hw/ppc/spapr.c | 56 +++++++++++++++---------------------------
|
||||||
|
include/hw/ppc/spapr.h | 1 +
|
||||||
|
2 files changed, 21 insertions(+), 36 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c
|
||||||
|
index d3098d520e..b60e1702fc 100644
|
||||||
|
--- a/hw/ppc/spapr.c
|
||||||
|
+++ b/hw/ppc/spapr.c
|
||||||
|
@@ -1240,38 +1240,8 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
|
||||||
|
_FDT(fdt_setprop_string(fdt, 0, "model", "IBM pSeries (emulated by qemu)"));
|
||||||
|
_FDT(fdt_setprop_string(fdt, 0, "compatible", "qemu,pseries"));
|
||||||
|
|
||||||
|
- /*
|
||||||
|
- * Add info to guest to indentify which host is it being run on
|
||||||
|
- * and what is the uuid of the guest
|
||||||
|
- */
|
||||||
|
- if (spapr->host_model && !g_str_equal(spapr->host_model, "none")) {
|
||||||
|
- if (g_str_equal(spapr->host_model, "passthrough")) {
|
||||||
|
- /* -M host-model=passthrough */
|
||||||
|
- if (kvmppc_get_host_model(&buf)) {
|
||||||
|
- _FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
|
||||||
|
- g_free(buf);
|
||||||
|
- }
|
||||||
|
- } else {
|
||||||
|
- /* -M host-model=<user-string> */
|
||||||
|
- _FDT(fdt_setprop_string(fdt, 0, "host-model", spapr->host_model));
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- if (spapr->host_serial && !g_str_equal(spapr->host_serial, "none")) {
|
||||||
|
- if (g_str_equal(spapr->host_serial, "passthrough")) {
|
||||||
|
- /* -M host-serial=passthrough */
|
||||||
|
- if (kvmppc_get_host_serial(&buf)) {
|
||||||
|
- _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
|
||||||
|
- g_free(buf);
|
||||||
|
- }
|
||||||
|
- } else {
|
||||||
|
- /* -M host-serial=<user-string> */
|
||||||
|
- _FDT(fdt_setprop_string(fdt, 0, "host-serial", spapr->host_serial));
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
+ /* Guest UUID & Name*/
|
||||||
|
buf = qemu_uuid_unparse_strdup(&qemu_uuid);
|
||||||
|
-
|
||||||
|
_FDT(fdt_setprop_string(fdt, 0, "vm,uuid", buf));
|
||||||
|
if (qemu_uuid_set) {
|
||||||
|
_FDT(fdt_setprop_string(fdt, 0, "system-id", buf));
|
||||||
|
@@ -1283,6 +1253,21 @@ static void *spapr_build_fdt(sPAPRMachineState *spapr,
|
||||||
|
qemu_get_vm_name()));
|
||||||
|
}
|
||||||
|
|
||||||
|
+ /* Host Model & Serial Number */
|
||||||
|
+ if (spapr->host_model) {
|
||||||
|
+ _FDT(fdt_setprop_string(fdt, 0, "host-model", spapr->host_model));
|
||||||
|
+ } else if (smc->broken_host_serial_model && kvmppc_get_host_model(&buf)) {
|
||||||
|
+ _FDT(fdt_setprop_string(fdt, 0, "host-model", buf));
|
||||||
|
+ g_free(buf);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (spapr->host_serial) {
|
||||||
|
+ _FDT(fdt_setprop_string(fdt, 0, "host-serial", spapr->host_serial));
|
||||||
|
+ } else if (smc->broken_host_serial_model && kvmppc_get_host_serial(&buf)) {
|
||||||
|
+ _FDT(fdt_setprop_string(fdt, 0, "host-serial", buf));
|
||||||
|
+ g_free(buf);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
_FDT(fdt_setprop_cell(fdt, 0, "#address-cells", 2));
|
||||||
|
_FDT(fdt_setprop_cell(fdt, 0, "#size-cells", 2));
|
||||||
|
|
||||||
|
@@ -3119,12 +3104,12 @@ static void spapr_instance_init(Object *obj)
|
||||||
|
spapr_get_host_model, spapr_set_host_model,
|
||||||
|
&error_abort);
|
||||||
|
object_property_set_description(obj, "host-model",
|
||||||
|
- "Set host's model-id to use - none|passthrough|string", &error_abort);
|
||||||
|
+ "Host model to advertise in guest device tree", &error_abort);
|
||||||
|
object_property_add_str(obj, "host-serial",
|
||||||
|
spapr_get_host_serial, spapr_set_host_serial,
|
||||||
|
&error_abort);
|
||||||
|
object_property_set_description(obj, "host-serial",
|
||||||
|
- "Set host's system-id to use - none|passthrough|string", &error_abort);
|
||||||
|
+ "Host serial number to advertise in guest device tree", &error_abort);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void spapr_machine_finalizefn(Object *obj)
|
||||||
|
@@ -4019,14 +4004,13 @@ static const TypeInfo spapr_machine_info = {
|
||||||
|
*/
|
||||||
|
static void spapr_machine_3_1_instance_options(MachineState *machine)
|
||||||
|
{
|
||||||
|
- sPAPRMachineState *spapr = SPAPR_MACHINE(machine);
|
||||||
|
- spapr->host_model = g_strdup("passthrough");
|
||||||
|
- spapr->host_serial = g_strdup("passthrough");
|
||||||
|
}
|
||||||
|
|
||||||
|
static void spapr_machine_3_1_class_options(MachineClass *mc)
|
||||||
|
{
|
||||||
|
/* Defaults for the latest behaviour inherited from the base class */
|
||||||
|
+ sPAPRMachineClass *smc = SPAPR_MACHINE_CLASS(mc);
|
||||||
|
+ smc->broken_host_serial_model = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
DEFINE_SPAPR_MACHINE(3_1, "3.1", true);
|
||||||
|
diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h
|
||||||
|
index 63692a13bd..d3142e0d26 100644
|
||||||
|
--- a/include/hw/ppc/spapr.h
|
||||||
|
+++ b/include/hw/ppc/spapr.h
|
||||||
|
@@ -105,6 +105,7 @@ struct sPAPRMachineClass {
|
||||||
|
bool use_ohci_by_default; /* use USB-OHCI instead of XHCI */
|
||||||
|
bool pre_2_10_has_unused_icps;
|
||||||
|
bool legacy_irq_allocation;
|
||||||
|
+ bool broken_host_serial_model; /* present real host info to the guest */
|
||||||
|
|
||||||
|
void (*phb_placement)(sPAPRMachineState *spapr, uint32_t index,
|
||||||
|
uint64_t *buid, hwaddr *pio,
|
@ -1,3 +1,10 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 29 13:13:59 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||||
|
|
||||||
|
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
|
||||||
|
* Patches added:
|
||||||
|
0065-spapr-Simplify-handling-of-host-ser.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 27 16:59:53 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
Wed Mar 27 16:59:53 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||||
|
|
||||||
|
@ -96,6 +96,7 @@ Patch0061: 0061-slirp-check-sscanf-result-when-emul.patch
|
|||||||
Patch0062: 0062-ppc-add-host-serial-and-host-model-.patch
|
Patch0062: 0062-ppc-add-host-serial-and-host-model-.patch
|
||||||
Patch0063: 0063-i2c-ddc-fix-oob-read.patch
|
Patch0063: 0063-i2c-ddc-fix-oob-read.patch
|
||||||
Patch0064: 0064-device_tree.c-Don-t-use-load_image.patch
|
Patch0064: 0064-device_tree.c-Don-t-use-load_image.patch
|
||||||
|
Patch0065: 0065-spapr-Simplify-handling-of-host-ser.patch
|
||||||
# Please do not add QEMU patches manually here.
|
# Please do not add QEMU patches manually here.
|
||||||
# Run update_git.sh to regenerate this queue.
|
# Run update_git.sh to regenerate this queue.
|
||||||
ExcludeArch: s390
|
ExcludeArch: s390
|
||||||
@ -191,6 +192,7 @@ syscall layer occurs on the native hardware and operating system.
|
|||||||
%patch0062 -p1
|
%patch0062 -p1
|
||||||
%patch0063 -p1
|
%patch0063 -p1
|
||||||
%patch0064 -p1
|
%patch0064 -p1
|
||||||
|
%patch0065 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
./configure \
|
./configure \
|
||||||
|
@ -1,3 +1,13 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 29 13:13:57 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||||
|
|
||||||
|
- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest
|
||||||
|
upstream adjustments for the same. Basically now the security fix
|
||||||
|
is to provide a dummy host-model and host-serial value, which
|
||||||
|
overrides getting that value from the host
|
||||||
|
0065-spapr-Simplify-handling-of-host-ser.patch
|
||||||
|
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 27 16:59:46 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
Wed Mar 27 16:59:46 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||||
|
|
||||||
|
@ -207,6 +207,7 @@ Patch0061: 0061-slirp-check-sscanf-result-when-emul.patch
|
|||||||
Patch0062: 0062-ppc-add-host-serial-and-host-model-.patch
|
Patch0062: 0062-ppc-add-host-serial-and-host-model-.patch
|
||||||
Patch0063: 0063-i2c-ddc-fix-oob-read.patch
|
Patch0063: 0063-i2c-ddc-fix-oob-read.patch
|
||||||
Patch0064: 0064-device_tree.c-Don-t-use-load_image.patch
|
Patch0064: 0064-device_tree.c-Don-t-use-load_image.patch
|
||||||
|
Patch0065: 0065-spapr-Simplify-handling-of-host-ser.patch
|
||||||
# Please do not add QEMU patches manually here.
|
# Please do not add QEMU patches manually here.
|
||||||
# Run update_git.sh to regenerate this queue.
|
# Run update_git.sh to regenerate this queue.
|
||||||
|
|
||||||
@ -1011,6 +1012,7 @@ This package provides a service file for starting and stopping KSM.
|
|||||||
%patch0062 -p1
|
%patch0062 -p1
|
||||||
%patch0063 -p1
|
%patch0063 -p1
|
||||||
%patch0064 -p1
|
%patch0064 -p1
|
||||||
|
%patch0065 -p1
|
||||||
|
|
||||||
pushd roms/seabios
|
pushd roms/seabios
|
||||||
%patch1100 -p1
|
%patch1100 -p1
|
||||||
|
10
qemu.changes
10
qemu.changes
@ -1,3 +1,13 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 29 13:13:57 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||||
|
|
||||||
|
- Adjust fix for CVE-2019-8934 (bsc#1126455) to match the latest
|
||||||
|
upstream adjustments for the same. Basically now the security fix
|
||||||
|
is to provide a dummy host-model and host-serial value, which
|
||||||
|
overrides getting that value from the host
|
||||||
|
0065-spapr-Simplify-handling-of-host-ser.patch
|
||||||
|
- Patch queue updated from git://github.com/openSUSE/qemu.git opensuse-3.1
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 27 16:59:46 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
Wed Mar 27 16:59:46 UTC 2019 - Bruce Rogers <brogers@suse.com>
|
||||||
|
|
||||||
|
@ -207,6 +207,7 @@ Patch0061: 0061-slirp-check-sscanf-result-when-emul.patch
|
|||||||
Patch0062: 0062-ppc-add-host-serial-and-host-model-.patch
|
Patch0062: 0062-ppc-add-host-serial-and-host-model-.patch
|
||||||
Patch0063: 0063-i2c-ddc-fix-oob-read.patch
|
Patch0063: 0063-i2c-ddc-fix-oob-read.patch
|
||||||
Patch0064: 0064-device_tree.c-Don-t-use-load_image.patch
|
Patch0064: 0064-device_tree.c-Don-t-use-load_image.patch
|
||||||
|
Patch0065: 0065-spapr-Simplify-handling-of-host-ser.patch
|
||||||
# Please do not add QEMU patches manually here.
|
# Please do not add QEMU patches manually here.
|
||||||
# Run update_git.sh to regenerate this queue.
|
# Run update_git.sh to regenerate this queue.
|
||||||
|
|
||||||
@ -1011,6 +1012,7 @@ This package provides a service file for starting and stopping KSM.
|
|||||||
%patch0062 -p1
|
%patch0062 -p1
|
||||||
%patch0063 -p1
|
%patch0063 -p1
|
||||||
%patch0064 -p1
|
%patch0064 -p1
|
||||||
|
%patch0065 -p1
|
||||||
|
|
||||||
pushd roms/seabios
|
pushd roms/seabios
|
||||||
%patch1100 -p1
|
%patch1100 -p1
|
||||||
|
Loading…
Reference in New Issue
Block a user