[libvirt] [PATCH 0/5] Refresh QEMU caps when CPU microcode changes (Related CVE-2017-5715)

Wed Jan 10 11:20:25 UTC 2018

No description so people might not have realized the implications of this
patch series....

This patch series is a pre-requisite for the future patches that address
the Spectre vulnerability. Those QEMU patches will introduce various new
CPU models. When the Intel microcode update is installed, we need to be
sure that libvirt refreshes its cache of QEMU capabilities and so detects
the new CPU feature bits the microcode added and refreshes its understanding
of QEMU CPU models accordingly. See this series for the new CPU models:

https://www.redhat.com/archives/libvir-list/2018-January/msg00282.html

On Thu, Jan 04, 2018 at 03:58:07PM +0100, Jiri Denemark wrote:
> Jiri Denemark (1):
>   cpu_x86: Rename virCPUx86MapInitialize
> 
> Paolo Bonzini (4):
>   util: add virFileReadHeaderQuiet wrapper around virFileReadHeaderFD
>   util: introduce virHostCPUGetMicrocodeVersion
>   conf: include x86 microcode version in virsh capabilities
>   qemu: capabilities: force update if the microcode version does not
>     match
> 
>  src/conf/cpu_conf.c                                | 14 +++++++
>  src/conf/cpu_conf.h                                |  1 +
>  src/cpu/cpu_x86.c                                  | 17 +++++++--
>  src/libvirt_private.syms                           |  2 +
>  src/qemu/qemu_capabilities.c                       | 40 +++++++++++++++++++-
>  src/qemu/qemu_capabilities.h                       |  6 ++-
>  src/qemu/qemu_capspriv.h                           |  5 +++
>  src/qemu/qemu_driver.c                             |  9 ++++-
>  src/util/virfile.c                                 | 19 ++++++++++
>  src/util/virfile.h                                 |  2 +
>  src/util/virhostcpu.c                              | 43 ++++++++++++++++++++++
>  src/util/virhostcpu.h                              |  2 +
>  tests/qemucapabilitiesdata/caps_1.2.2.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_1.3.1.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_1.4.2.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_1.5.3.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_1.6.0.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_1.7.0.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_2.1.1.x86_64.xml   |  1 +
>  .../caps_2.10.0-gicv2.aarch64.xml                  |  1 +
>  .../caps_2.10.0-gicv3.aarch64.xml                  |  1 +
>  tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml  |  1 +
>  tests/qemucapabilitiesdata/caps_2.4.0.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_2.5.0.x86_64.xml   |  1 +
>  .../caps_2.6.0-gicv2.aarch64.xml                   |  1 +
>  .../caps_2.6.0-gicv3.aarch64.xml                   |  1 +
>  tests/qemucapabilitiesdata/caps_2.6.0.ppc64.xml    |  1 +
>  tests/qemucapabilitiesdata/caps_2.6.0.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_2.7.0.s390x.xml    |  1 +
>  tests/qemucapabilitiesdata/caps_2.7.0.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_2.8.0.s390x.xml    |  1 +
>  tests/qemucapabilitiesdata/caps_2.8.0.x86_64.xml   |  1 +
>  tests/qemucapabilitiesdata/caps_2.9.0.ppc64.xml    |  1 +
>  tests/qemucapabilitiesdata/caps_2.9.0.s390x.xml    |  1 +
>  tests/qemucapabilitiesdata/caps_2.9.0.x86_64.xml   |  1 +
>  tests/qemucapabilitiestest.c                       | 14 +++++--
>  tests/qemucapsprobe.c                              |  2 +-
>  tests/testutilsqemu.c                              |  2 +-
>  40 files changed, 189 insertions(+), 14 deletions(-)
> 
> -- 
> 2.15.1
> 
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|