[libvirt] [PATCHv2 23/23] qemu: process: Validate specific CPUID flags of a guest

Daniel P. Berrange berrange at redhat.com
Tue Oct 15 13:57:43 UTC 2013 

On Tue, Oct 15, 2013 at 02:30:52PM +0200, Peter Krempa wrote:
> When starting a VM the qemu process may filter out some requested
> features of a domain as it's not supported either by the host or by
> qemu. Libvirt didn't check if this happened which might end up in
> changing of the guest ABI when migrating.
> 
> The proof of concept implementation adds the check for the recently
> introduced kvm_pv_unhalt cpuid feature bit. This feature depends on both
> qemu and host kernel support and thus increase the possibility of guest
> ABI breakage.
> ---
>  src/qemu/qemu_process.c | 42 ++++++++++++++++++++++++++++++++++++++++++
>  1 file changed, 42 insertions(+)
> 
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 20d8394..b7d7cff 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -44,6 +44,7 @@
>  #include "qemu_bridge_filter.h"
>  #include "qemu_migration.h"
> 
> +#include "cpu/cpu.h"
>  #include "datatypes.h"
>  #include "virlog.h"
>  #include "virerror.h"
> @@ -3473,6 +3474,43 @@ qemuValidateCpuMax(virDomainDefPtr def, virQEMUCapsPtr qemuCaps)
>      return true;
>  }
> 
> +
> +static bool
> +qemuProcessVerifyGuestCPU(virQEMUDriverPtr driver, virDomainObjPtr vm)
> +{
> +    virDomainDefPtr def = vm->def;
> +    virArch arch = def->os.arch;
> +    virCPUDataPtr guestcpu = NULL;
> +    qemuDomainObjPrivatePtr priv = vm->privateData;
> +    bool ret = false;
> +
> +    if (arch == VIR_ARCH_I686 || arch == VIR_ARCH_X86_64) {
> +        qemuDomainObjEnterMonitor(driver, vm);
> +        guestcpu = qemuMonitorGetGuestCPU(priv->mon);
> +        qemuDomainObjExitMonitor(driver, vm);
> +
> +        if (!guestcpu) {
> +            virResetLastError();
> +            return true;
> +        }

I'm not convinced we want to ignore all errors here - only the error
due to the monitor command we run not existing.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list