072c97
From 1054c2ab4381145ddc9e937a40c109980f15cf69 Mon Sep 17 00:00:00 2001
072c97
Message-Id: <1054c2ab4381145ddc9e937a40c109980f15cf69@dist-git>
072c97
From: Jiri Denemark <jdenemar@redhat.com>
072c97
Date: Fri, 5 Apr 2019 11:33:32 +0200
072c97
Subject: [PATCH] cpu_x86: Do not cache microcode version
072c97
MIME-Version: 1.0
072c97
Content-Type: text/plain; charset=UTF-8
072c97
Content-Transfer-Encoding: 8bit
072c97
072c97
The microcode version checks are used to invalidate cached CPU data we
072c97
get from QEMU. To minimize /proc/cpuinfo parsing the microcode version
072c97
was only read when libvirtd started and cached for the daemon's
072c97
lifetime. However, the CPU microcode can change anytime (updating the
072c97
microcode package can automatically upload it to the CPU) and we need to
072c97
stop caching it to avoid using stale CPU model data.
072c97
072c97
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
072c97
Reviewed-by: Ján Tomko <jtomko@redhat.com>
072c97
(cherry picked from commit be46f613261d3b655a1f15afd635087e68a9c39b)
072c97
072c97
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130
072c97
072c97
Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
072c97
---
072c97
 src/cpu/cpu_x86.c | 5 +----
072c97
 1 file changed, 1 insertion(+), 4 deletions(-)
072c97
072c97
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
072c97
index cf3d80eeb5..1acd8c4f49 100644
072c97
--- a/src/cpu/cpu_x86.c
072c97
+++ b/src/cpu/cpu_x86.c
072c97
@@ -155,7 +155,6 @@ struct _virCPUx86Map {
072c97
 };
072c97
 
072c97
 static virCPUx86MapPtr cpuMap;
072c97
-static unsigned int microcodeVersion;
072c97
 
072c97
 int virCPUx86DriverOnceInit(void);
072c97
 VIR_ONCE_GLOBAL_INIT(virCPUx86Driver);
072c97
@@ -1469,8 +1468,6 @@ virCPUx86DriverOnceInit(void)
072c97
     if (!(cpuMap = virCPUx86LoadMap()))
072c97
         return -1;
072c97
 
072c97
-    microcodeVersion = virHostCPUGetMicrocodeVersion();
072c97
-
072c97
     return 0;
072c97
 }
072c97
 
072c97
@@ -2553,7 +2550,7 @@ virCPUx86GetHost(virCPUDefPtr cpu,
072c97
         goto cleanup;
072c97
 
072c97
     ret = x86DecodeCPUData(cpu, cpuData, models);
072c97
-    cpu->microcodeVersion = microcodeVersion;
072c97
+    cpu->microcodeVersion = virHostCPUGetMicrocodeVersion();
072c97
 
072c97
  cleanup:
072c97
     virCPUx86DataFree(cpuData);
072c97
-- 
072c97
2.21.0
072c97