libvirt

~ubuntu-virt/libvirt/+git/libvirt-lp-import:v5.3-maint

  1. Git
  2. lp:~ubuntu-virt/libvirt/+git/libvirt-lp-import
  3. v5.3-maint
Last commit made on 2019-06-24
Get this branch:
git clone -b v5.3-maint https://git.launchpad.net/~ubuntu-virt/libvirt/+git/libvirt-lp-import

Branch merges

Branch information

Name:
v5.3-maint
Repository:
lp:~ubuntu-virt/libvirt/+git/libvirt-lp-import

Recent commits

d8e4d13... by =?utf-8?q?J=C3=A1n_Tomko?= <email address hidden>

api: disallow virConnect*HypervisorCPU on read-only connections

These APIs can be used to execute arbitrary emulators.
Forbid them on read-only connections.

Fixes: CVE-2019-10168
Signed-off-by: Ján Tomko <email address hidden>
Reviewed-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit bf6c2830b6c338b1f5699b095df36f374777b291)
Signed-off-by: Ján Tomko <email address hidden>

97a737c... by =?utf-8?q?J=C3=A1n_Tomko?= <email address hidden>

api: disallow virConnectGetDomainCapabilities on read-only connections

This API can be used to execute arbitrary emulators.
Forbid it on read-only connections.

Fixes: CVE-2019-10167
Signed-off-by: Ján Tomko <email address hidden>
Reviewed-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit 8afa68bac0cf99d1f8aaa6566685c43c22622f26)
Signed-off-by: Ján Tomko <email address hidden>

f4dabe9... by =?utf-8?q?J=C3=A1n_Tomko?= <email address hidden>

api: disallow virDomainManagedSaveDefineXML on read-only connections

The virDomainManagedSaveDefineXML can be used to alter the domain's
config used for managedsave or even execute arbitrary emulator binaries.
Forbid it on read-only connections.

Fixes: CVE-2019-10166
Reported-by: Matthias Gerstner <email address hidden>
Signed-off-by: Ján Tomko <email address hidden>
Reviewed-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit db0b78457f183e4c7ac45bc94de86044a1e2056a)
Signed-off-by: Ján Tomko <email address hidden>

dae6767... by =?utf-8?q?J=C3=A1n_Tomko?= <email address hidden>

api: disallow virDomainSaveImageGetXMLDesc on read-only connections

The virDomainSaveImageGetXMLDesc API is taking a path parameter,
which can point to any path on the system. This file will then be
read and parsed by libvirtd running with root privileges.

Forbid it on read-only connections.

Fixes: CVE-2019-10161
Reported-by: Matthias Gerstner <email address hidden>
Signed-off-by: Ján Tomko <email address hidden>
Reviewed-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit aed6a032cead4386472afb24b16196579e239580)
Signed-off-by: Ján Tomko <email address hidden>

3c10553... by Michal Privoznik <email address hidden>

qemu: Get default hugepage size only if needed

Fixes: 6864d8f740e2502dc7625bdf18ffde4465b14f69

Hugepages don't work in session mode but when building memory
part of command line we query for the default size anyway. This
breaks creating domains under session daemon. Query the page size
only if it's clear we need hugepages.

Signed-off-by: Michal Privoznik <email address hidden>
Reviewed-by: Erik Skultety <email address hidden>
(cherry picked from commit c46bdad5768da39bbccaa66c5c63f7303e56ad49)
Signed-off-by: Michal Privoznik <email address hidden>

a968b31... by Daniel Berrange

logging: restrict sockets to mode 0600

The virtlogd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600

Fixes CVE-2019-10132

Reviewed-by: Ján Tomko <email address hidden>
Signed-off-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit e37bd65f9948c1185456b2cdaa3bd6e875af680f)

8c2c611... by Daniel Berrange

locking: restrict sockets to mode 0600

The virtlockd daemon's only intended client is the libvirtd daemon. As
such it should never allow clients from other user accounts to connect.
The code already enforces this and drops clients from other UIDs, but
we can get earlier (and thus stronger) protection against DoS by setting
the socket permissions to 0600

Fixes CVE-2019-10132

Reviewed-by: Ján Tomko <email address hidden>
Signed-off-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit f111e09468693909b1f067aa575efdafd9a262a1)

fd48a87... by Daniel Berrange

admin: reject clients unless their UID matches the current UID

The admin protocol RPC messages are only intended for use by the user
running the daemon. As such they should not be allowed for any client
UID that does not match the server UID.

Fixes CVE-2019-10132

Reviewed-by: Ján Tomko <email address hidden>
Signed-off-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit 96f41cd765c9e525fe28ee5abbfbf4a79b3720c7)

150b8cf... by Jiri Denemark <email address hidden>

cpu_map: Define md-clear CPUID bit

CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

The bit is set when microcode provides the mechanism to invoke a flush
of various exploitable CPU buffers by invoking the VERW instruction.

Signed-off-by: Paolo Bonzini <email address hidden>
Signed-off-by: Jiri Denemark <email address hidden>
Reviewed-by: Daniel P. Berrangé <email address hidden>
(cherry picked from commit 538d873571d7a682852dc1d70e5f4478f4d64e85)

cfaf65d... by Jiri Denemark <email address hidden>

cputest: Add data for Intel(R) Xeon(R) CPU E3-1225 v5

Reviewed-by: Daniel P. Berrangé <email address hidden>
Signed-off-by: Jiri Denemark <email address hidden>
(cherry picked from commit 5cd9db3ac11e88846cbcf95fad9f6fae9d880dee)