From nobody Wed Feb 11 10:11:56 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.39 as permitted sender) client-ip=209.132.183.39; envelope-from=libvir-list-bounces@redhat.com; helo=mx6-phx2.redhat.com; Authentication-Results: mx.zoho.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.39 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; Return-Path: Received: from mx6-phx2.redhat.com (mx6-phx2.redhat.com [209.132.183.39]) by mx.zohomail.com with SMTPS id 1489510948070866.1963176129105; Tue, 14 Mar 2017 10:02:28 -0700 (PDT) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by mx6-phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v2EGwUoc017521; Tue, 14 Mar 2017 12:58:30 -0400 Received: from int-mx09.intmail.prod.int.phx2.redhat.com (int-mx09.intmail.prod.int.phx2.redhat.com [10.5.11.22]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id v2EGvup2002647 for ; Tue, 14 Mar 2017 12:57:56 -0400 Received: from virval.usersys.redhat.com (dhcp129-92.brq.redhat.com [10.34.129.92]) by int-mx09.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id v2EGvtiY018332 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO) for ; Tue, 14 Mar 2017 12:57:56 -0400 Received: by virval.usersys.redhat.com (Postfix, from userid 500) id 91E551062D9; Tue, 14 Mar 2017 17:57:53 +0100 (CET) From: Jiri Denemark To: libvir-list@redhat.com Date: Tue, 14 Mar 2017 17:57:51 +0100 Message-Id: In-Reply-To: References: In-Reply-To: References: Mail-Followup-To: libvir-list@redhat.com X-Scanned-By: MIMEDefang 2.68 on 10.5.11.22 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH 12/12] qemu: Enforce guest CPU specification X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When guest CPU definition uses VIR_CPU_CHECK_FULL checks, we need to make sure QEMU does not add or remove any features. https://bugzilla.redhat.com/show_bug.cgi?id=3D822148 https://bugzilla.redhat.com/show_bug.cgi?id=3D824989 Signed-off-by: Jiri Denemark --- src/cpu/cpu.c | 3 ++- src/cpu/cpu_x86.c | 62 ++++++++++++++++++++++++++++++++++++++++++++++++---= ---- 2 files changed, 56 insertions(+), 9 deletions(-) diff --git a/src/cpu/cpu.c b/src/cpu/cpu.c index 992a0339c..1461190ba 100644 --- a/src/cpu/cpu.c +++ b/src/cpu/cpu.c @@ -722,7 +722,8 @@ virCPUUpdate(virArch arch, * hypervisor * * Update custom mode CPU according to the virtual CPU created by the - * hypervisor. + * hypervisor. The function refuses to update the CPU in case cpu->check i= s set + * to VIR_CPU_CHECK_FULL. * * Returns -1 on error, * 0 when the CPU was successfully updated, diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c index a43bb2bdf..9e208b094 100644 --- a/src/cpu/cpu_x86.c +++ b/src/cpu/cpu_x86.c @@ -2686,6 +2686,10 @@ virCPUx86UpdateLive(virCPUDefPtr cpu, virCPUx86ModelPtr model =3D NULL; virCPUx86Data enabled =3D VIR_CPU_X86_DATA_INIT; virCPUx86Data disabled =3D VIR_CPU_X86_DATA_INIT; + virBuffer bufAdded =3D VIR_BUFFER_INITIALIZER; + virBuffer bufRemoved =3D VIR_BUFFER_INITIALIZER; + char *added =3D NULL; + char *removed =3D NULL; size_t i; int ret =3D -1; =20 @@ -2709,28 +2713,70 @@ virCPUx86UpdateLive(virCPUDefPtr cpu, virCPUx86FeaturePtr feature =3D map->features[i]; =20 if (x86DataIsSubset(&enabled, &feature->data)) { - VIR_DEBUG("Adding feature '%s' enabled by the hypervisor", - feature->name); - if (virCPUDefUpdateFeature(cpu, feature->name, - VIR_CPU_FEATURE_REQUIRE) < 0) + VIR_DEBUG("Feature '%s' enabled by the hypervisor", feature->n= ame); + if (cpu->check =3D=3D VIR_CPU_CHECK_FULL) + virBufferAsprintf(&bufAdded, "%s,", feature->name); + else if (virCPUDefUpdateFeature(cpu, feature->name, + VIR_CPU_FEATURE_REQUIRE) < 0) goto cleanup; } =20 if (x86DataIsSubset(&disabled, &feature->data)) { - VIR_DEBUG("Removing feature '%s' disabled by the hypervisor", - feature->name); - if (virCPUDefUpdateFeature(cpu, feature->name, - VIR_CPU_FEATURE_DISABLE) < 0) + VIR_DEBUG("Feature '%s' disabled by the hypervisor", feature->= name); + if (cpu->check =3D=3D VIR_CPU_CHECK_FULL) + virBufferAsprintf(&bufRemoved, "%s,", feature->name); + else if (virCPUDefUpdateFeature(cpu, feature->name, + VIR_CPU_FEATURE_DISABLE) < 0) goto cleanup; } } =20 + virBufferTrim(&bufAdded, ",", -1); + virBufferTrim(&bufRemoved, ",", -1); + + if (virBufferCheckError(&bufAdded) < 0 || + virBufferCheckError(&bufRemoved) < 0) + goto cleanup; + + added =3D virBufferContentAndReset(&bufAdded); + removed =3D virBufferContentAndReset(&bufRemoved); + + if (added || removed) { + if (added && removed) + virReportError(VIR_ERR_OPERATION_FAILED, + _("guest CPU doesn't match specification: " + "extra features: %s, missing features: %s"), + added, removed); + else if (added) + virReportError(VIR_ERR_OPERATION_FAILED, + _("guest CPU doesn't match specification: " + "extra features: %s"), + added); + else + virReportError(VIR_ERR_OPERATION_FAILED, + _("guest CPU doesn't match specification: " + "missing features: %s"), + removed); + goto cleanup; + } + + if (cpu->check =3D=3D VIR_CPU_CHECK_FULL && + !x86DataIsEmpty(&disabled)) { + virReportError(VIR_ERR_OPERATION_FAILED, "%s", + _("guest CPU doesn't match specification")); + goto cleanup; + } + ret =3D 0; =20 cleanup: x86ModelFree(model); virCPUx86DataClear(&enabled); virCPUx86DataClear(&disabled); + VIR_FREE(added); + VIR_FREE(removed); + virBufferFreeAndReset(&bufAdded); + virBufferFreeAndReset(&bufRemoved); return ret; } =20 --=20 2.12.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list