rpms
/
libvirt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Rebased to version 1.1.3.4 

Fix domain events when ACLs are used (bz #1058839)
CVE-2013-6456: unsafe usage of paths under /proc//root (bz #1048628, bz #1048627)
remotes/origin/f20
Cole Robinson 2014-02-18 19:05:58 -05:00
parent a1418ae1be
commit a95910f9d1
7 changed files with 9 additions and 646 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
0001-qemu-Change-the-default-unix-monitor-timeout.patch
View File

@ -1,33 +0,0 @@
From 844476f1f21fc3ea4d13aa3ea01ac56a155432a8 Mon Sep 17 00:00:00 2001
From: Martin Kletzander <mkletzan@redhat.com>
Date: Thu, 9 Jan 2014 07:57:59 +0100
Subject: [PATCH] qemu: Change the default unix monitor timeout
There is a number of reported issues when we fail starting a domain.
Turns out that, in some scenarios like high load, 3 second timeout is
not enough for qemu to start up to the phase where the socket is
created. Since there is no downside of waiting longer, raise the
timeout right to 30 seconds.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
(cherry picked from commit fe89b687a02d1a8e1dce695a67b4f9d2c254d7b9)
---
src/qemu/qemu_monitor.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 7e26377..55d0ad1 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -268,7 +268,7 @@ qemuMonitorOpenUnix(const char *monitor, pid_t cpid)
{
struct sockaddr_un addr;
int monfd;
- int timeout = 3; /* In seconds */
+ int timeout = 30; /* In seconds */
int ret;
size_t i = 0;
--
1.8.4.2

75
0002-tests-Better-support-for-VIR_CONNECT_BASELINE_CPU_EX.patch
View File

@ -1,75 +0,0 @@
From 71ed29bb54143829ae46abcee9539e42c80d0d40 Mon Sep 17 00:00:00 2001
Message-Id: <71ed29bb54143829ae46abcee9539e42c80d0d40.1391110483.git.crobinso@redhat.com>
In-Reply-To: <844476f1f21fc3ea4d13aa3ea01ac56a155432a8.1391110483.git.crobinso@redhat.com>
References: <844476f1f21fc3ea4d13aa3ea01ac56a155432a8.1391110483.git.crobinso@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Tue, 28 Jan 2014 00:00:44 +0100
Subject: [PATCH 2/5] tests: Better support for
VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES
https://bugzilla.redhat.com/show_bug.cgi?id=1049391
virConnectBaselineCPU test results are now stored in different files
depending on VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES.
(cherry picked from commit 0e9373a5c04e5c69a95b6d1cae7cad8456332be7)
---
tests/cputest.c | 22 +++++++++++++++++++---
...ne-3-result.xml => x86-baseline-3-expanded.xml} | 0
2 files changed, 19 insertions(+), 3 deletions(-)
rename tests/cputestdata/{x86-baseline-3-result.xml => x86-baseline-3-expanded.xml} (100%)
diff --git a/tests/cputest.c b/tests/cputest.c
index 408a510..9bc786b 100644
--- a/tests/cputest.c
+++ b/tests/cputest.c
@@ -326,6 +326,7 @@ cpuTestBaseline(const void *arg)
virCPUDefPtr baseline = NULL;
unsigned int ncpus = 0;
char *result = NULL;
+ const char *suffix;
size_t i;
if (!(cpus = cpuTestLoadMultiXML(data->arch, data->name, &ncpus)))
@@ -345,7 +346,11 @@ cpuTestBaseline(const void *arg)
if (!baseline)
goto cleanup;
- if (virAsprintf(&result, "%s-result", data->name) < 0)
+ if (data->flags & VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES)
+ suffix = "expanded";
+ else
+ suffix = "result";
+ if (virAsprintf(&result, "%s-%s", data->name, suffix) < 0)
goto cleanup;
if (cpuTestCompareXML(data->arch, baseline, result, 0) < 0)
@@ -537,8 +542,19 @@ mymain(void)
} while (0)
#define DO_TEST_BASELINE(arch, name, flags, result) \
- DO_TEST(arch, API_BASELINE, name, NULL, "baseline-" name, \
- NULL, 0, NULL, flags, result)
+ do { \
+ const char *suffix = ""; \
+ char *label; \
+ if ((flags) & VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES) \
+ suffix = " (expanded)"; \
+ if (virAsprintf(&label, "%s%s", name, suffix) < 0) { \
+ ret = -1; \
+ } else { \
+ DO_TEST(arch, API_BASELINE, label, NULL, "baseline-" name, \
+ NULL, 0, NULL, flags, result); \
+ } \
+ VIR_FREE(label); \
+ } while (0)
#define DO_TEST_HASFEATURE(arch, host, feature, result) \
DO_TEST(arch, API_HAS_FEATURE, \
diff --git a/tests/cputestdata/x86-baseline-3-result.xml b/tests/cputestdata/x86-baseline-3-expanded.xml
similarity index 100%
rename from tests/cputestdata/x86-baseline-3-result.xml
rename to tests/cputestdata/x86-baseline-3-expanded.xml
--
1.8.5.3

165
0003-cpu-Fix-VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES.patch
View File

@ -1,165 +0,0 @@
From 16389962a601bee640c37985dc483415d0e7129e Mon Sep 17 00:00:00 2001
Message-Id: <16389962a601bee640c37985dc483415d0e7129e.1391110483.git.crobinso@redhat.com>
In-Reply-To: <844476f1f21fc3ea4d13aa3ea01ac56a155432a8.1391110483.git.crobinso@redhat.com>
References: <844476f1f21fc3ea4d13aa3ea01ac56a155432a8.1391110483.git.crobinso@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Mon, 27 Jan 2014 17:03:55 +0100
Subject: [PATCH 3/5] cpu: Fix VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES
https://bugzilla.redhat.com/show_bug.cgi?id=1049391
VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES flag for virConnectBaselineCPU
did not work if the resulting guest CPU would disable some features
present in its base model. This patch makes sure we won't try to add
such features twice.
(cherry picked from commit 802f157e8c7afaf4971b82705f67519939d2da0c)
Conflicts:
src/cpu/cpu_x86.c - some structs and functions were renamed
since 1.1.3
---
src/cpu/cpu_x86.c | 84 +++++++++++++++++++++++++++++++++----------------------
1 file changed, 50 insertions(+), 34 deletions(-)
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 3d5e16f..18e39be 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -748,6 +748,36 @@ ignore:
}
+static struct cpuX86Data *
+x86DataFromCPUFeatures(virCPUDefPtr cpu,
+ const struct x86_map *map)
+{
+ struct cpuX86Data *data;
+ size_t i;
+
+ if (VIR_ALLOC(data) < 0)
+ return NULL;
+
+ for (i = 0; i < cpu->nfeatures; i++) {
+ const struct x86_feature *feature;
+ if (!(feature = x86FeatureFind(map, cpu->features[i].name))) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("Unknown CPU feature %s"), cpu->features[i].name);
+ goto error;
+ }
+
+ if (x86DataAdd(data, feature->data) < 0)
+ goto error;
+ }
+
+ return data;
+
+error:
+ x86DataFree(data);
+ return NULL;
+}
+
+
static struct x86_model *
x86ModelNew(void)
{
@@ -1320,35 +1350,6 @@ x86GuestData(virCPUDefPtr host,
}
static int
-x86AddFeatures(virCPUDefPtr cpu,
- struct x86_map *map)
-{
- const struct x86_model *candidate;
- const struct x86_feature *feature = map->features;
-
- candidate = map->models;
- while (candidate != NULL) {
- if (STREQ(cpu->model, candidate->name))
- break;
- candidate = candidate->next;
- }
- if (!candidate) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("%s not a known CPU model"), cpu->model);
- return -1;
- }
- while (feature != NULL) {
- if (x86DataIsSubset(candidate->data, feature->data) &&
- virCPUDefAddFeature(cpu, feature->name,
- VIR_CPU_FEATURE_REQUIRE) < 0)
- return -1;
- feature = feature->next;
- }
- return 0;
-}
-
-
-static int
x86Decode(virCPUDefPtr cpu,
const struct cpuX86Data *data,
const char **models,
@@ -1361,6 +1362,9 @@ x86Decode(virCPUDefPtr cpu,
const struct x86_model *candidate;
virCPUDefPtr cpuCandidate;
virCPUDefPtr cpuModel = NULL;
+ struct cpuX86Data *copy = NULL;
+ struct cpuX86Data *features = NULL;
+ const struct cpuX86Data *cpuData = NULL;
size_t i;
virCheckFlags(VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, -1);
@@ -1417,6 +1421,7 @@ x86Decode(virCPUDefPtr cpu,
if (preferred && STREQ(cpuCandidate->model, preferred)) {
virCPUDefFree(cpuModel);
cpuModel = cpuCandidate;
+ cpuData = candidate->data;
break;
}
@@ -1424,8 +1429,10 @@ x86Decode(virCPUDefPtr cpu,
|| cpuModel->nfeatures > cpuCandidate->nfeatures) {
virCPUDefFree(cpuModel);
cpuModel = cpuCandidate;
- } else
+ cpuData = candidate->data;
+ } else {
virCPUDefFree(cpuCandidate);
+ }
next:
candidate = candidate->next;
@@ -1437,9 +1444,17 @@ x86Decode(virCPUDefPtr cpu,
goto out;
}
- if (flags & VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES &&
- x86AddFeatures(cpuModel, map) < 0)
- goto out;
+ if (flags & VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES) {
+ if (!(copy = x86DataCopy(cpuData)) ||
+ !(features = x86DataFromCPUFeatures(cpuModel, map)))
+ goto out;
+
+ x86DataSubtract(copy, features);
+ if (x86DataToCPUFeatures(cpuModel, VIR_CPU_FEATURE_REQUIRE,
+ copy, map) < 0)
+ goto out;
+ }
+
cpu->model = cpuModel->model;
cpu->vendor = cpuModel->vendor;
cpu->nfeatures = cpuModel->nfeatures;
@@ -1451,7 +1466,8 @@ x86Decode(virCPUDefPtr cpu,
out:
x86MapFree(map);
virCPUDefFree(cpuModel);
-
+ x86DataFree(copy);
+ x86DataFree(features);
return ret;
}
--
1.8.5.3

88
0004-cpu-Try-to-use-source-CPU-model-in-virConnectBaselin.patch
View File

@ -1,88 +0,0 @@
From d8d075e452325bd1e5392a1395c928a57f1dbc40 Mon Sep 17 00:00:00 2001
Message-Id: <d8d075e452325bd1e5392a1395c928a57f1dbc40.1391110483.git.crobinso@redhat.com>
In-Reply-To: <844476f1f21fc3ea4d13aa3ea01ac56a155432a8.1391110483.git.crobinso@redhat.com>
References: <844476f1f21fc3ea4d13aa3ea01ac56a155432a8.1391110483.git.crobinso@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Mon, 27 Jan 2014 20:41:43 +0100
Subject: [PATCH 4/5] cpu: Try to use source CPU model in virConnectBaselineCPU
https://bugzilla.redhat.com/show_bug.cgi?id=1049391
When all source CPU XMLs contain just a single CPU model (with a
possibly varying set of additional feature elements),
virConnectBaselineCPU will try to use this CPU model in the computed
guest CPU. Thus, when used on just a single CPU (useful with
VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES), the result will not use a
different CPU model.
If the computed CPU uses the source model, set fallback mode to 'forbid'
to make sure the guest CPU will always be as close as possible to the
source CPUs.
(cherry picked from commit 580ddf0d34ad61b26357b94783ff622d0e73cb2b)
---
src/cpu/cpu_x86.c | 17 ++++++++++++++++-
tests/cputestdata/x86-baseline-3-expanded.xml | 2 +-
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/cpu/cpu_x86.c b/src/cpu/cpu_x86.c
index 18e39be..0b82bf2 100644
--- a/src/cpu/cpu_x86.c
+++ b/src/cpu/cpu_x86.c
@@ -1735,6 +1735,8 @@ x86Baseline(virCPUDefPtr *cpus,
const struct x86_vendor *vendor = NULL;
struct x86_model *model = NULL;
bool outputVendor = true;
+ const char *modelName;
+ bool matchingNames = true;
if (!(map = x86LoadMap()))
goto error;
@@ -1757,9 +1759,19 @@ x86Baseline(virCPUDefPtr *cpus,
goto error;
}
+ modelName = cpus[0]->model;
for (i = 1; i < ncpus; i++) {
const char *vn = NULL;
+ if (matchingNames && cpus[i]->model) {
+ if (!modelName) {
+ modelName = cpus[i]->model;
+ } else if (STRNEQ(modelName, cpus[i]->model)) {
+ modelName = NULL;
+ matchingNames = false;
+ }
+ }
+
if (!(model = x86ModelFromCPU(cpus[i], map, VIR_CPU_FEATURE_REQUIRE)))
goto error;
@@ -1807,9 +1819,12 @@ x86Baseline(virCPUDefPtr *cpus,
if (vendor && x86DataAddCpuid(base_model->data, &vendor->cpuid) < 0)
goto error;
- if (x86Decode(cpu, base_model->data, models, nmodels, NULL, flags) < 0)
+ if (x86Decode(cpu, base_model->data, models, nmodels, modelName, flags) < 0)
goto error;
+ if (STREQ_NULLABLE(cpu->model, modelName))
+ cpu->fallback = VIR_CPU_FALLBACK_FORBID;
+
if (!outputVendor)
VIR_FREE(cpu->vendor);
diff --git a/tests/cputestdata/x86-baseline-3-expanded.xml b/tests/cputestdata/x86-baseline-3-expanded.xml
index d196112..a7e57be 100644
--- a/tests/cputestdata/x86-baseline-3-expanded.xml
+++ b/tests/cputestdata/x86-baseline-3-expanded.xml
@@ -1,5 +1,5 @@
<cpu mode='custom' match='exact'>
- <model fallback='allow'>Westmere</model>
+ <model fallback='forbid'>Westmere</model>
<feature policy='require' name='lahf_lm'/>
<feature policy='require' name='lm'/>
<feature policy='require' name='nx'/>
--
1.8.5.3

267
0005-tests-Add-more-tests-for-virConnectBaselineCPU.patch
View File

@ -1,267 +0,0 @@
From f541c18593fc553a863f8f559a42a2dcc51c1b2e Mon Sep 17 00:00:00 2001
Message-Id: <f541c18593fc553a863f8f559a42a2dcc51c1b2e.1391110483.git.crobinso@redhat.com>
In-Reply-To: <844476f1f21fc3ea4d13aa3ea01ac56a155432a8.1391110483.git.crobinso@redhat.com>
References: <844476f1f21fc3ea4d13aa3ea01ac56a155432a8.1391110483.git.crobinso@redhat.com>
From: Jiri Denemark <jdenemar@redhat.com>
Date: Mon, 27 Jan 2014 21:53:51 +0100
Subject: [PATCH 5/5] tests: Add more tests for virConnectBaselineCPU
https://bugzilla.redhat.com/show_bug.cgi?id=1049391
The new tests would fail in various ways without the two previous
commits.
(cherry picked from commit 7e4dcf3a47a4fea8534531cf0a4bee7bb85904be)
---
tests/cputest.c | 5 +++
tests/cputestdata/x86-baseline-3-result.xml | 3 ++
tests/cputestdata/x86-baseline-4-expanded.xml | 46 ++++++++++++++++++++++++++
tests/cputestdata/x86-baseline-4-result.xml | 14 ++++++++
tests/cputestdata/x86-baseline-4.xml | 18 ++++++++++
tests/cputestdata/x86-baseline-5-expanded.xml | 47 +++++++++++++++++++++++++++
tests/cputestdata/x86-baseline-5-result.xml | 10 ++++++
tests/cputestdata/x86-baseline-5.xml | 35 ++++++++++++++++++++
8 files changed, 178 insertions(+)
create mode 100644 tests/cputestdata/x86-baseline-3-result.xml
create mode 100644 tests/cputestdata/x86-baseline-4-expanded.xml
create mode 100644 tests/cputestdata/x86-baseline-4-result.xml
create mode 100644 tests/cputestdata/x86-baseline-4.xml
create mode 100644 tests/cputestdata/x86-baseline-5-expanded.xml
create mode 100644 tests/cputestdata/x86-baseline-5-result.xml
create mode 100644 tests/cputestdata/x86-baseline-5.xml
diff --git a/tests/cputest.c b/tests/cputest.c
index 9bc786b..cf4a2c4 100644
--- a/tests/cputest.c
+++ b/tests/cputest.c
@@ -619,7 +619,12 @@ mymain(void)
DO_TEST_BASELINE("x86", "some-vendors", 0, 0);
DO_TEST_BASELINE("x86", "1", 0, 0);
DO_TEST_BASELINE("x86", "2", 0, 0);
+ DO_TEST_BASELINE("x86", "3", 0, 0);
DO_TEST_BASELINE("x86", "3", VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, 0);
+ DO_TEST_BASELINE("x86", "4", 0, 0);
+ DO_TEST_BASELINE("x86", "4", VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, 0);
+ DO_TEST_BASELINE("x86", "5", 0, 0);
+ DO_TEST_BASELINE("x86", "5", VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES, 0);
DO_TEST_BASELINE("ppc64", "incompatible-vendors", 0, -1);
DO_TEST_BASELINE("ppc64", "no-vendor", 0, 0);
diff --git a/tests/cputestdata/x86-baseline-3-result.xml b/tests/cputestdata/x86-baseline-3-result.xml
new file mode 100644
index 0000000..7349831
--- /dev/null
+++ b/tests/cputestdata/x86-baseline-3-result.xml
@@ -0,0 +1,3 @@
+<cpu mode='custom' match='exact'>
+ <model fallback='forbid'>Westmere</model>
+</cpu>
diff --git a/tests/cputestdata/x86-baseline-4-expanded.xml b/tests/cputestdata/x86-baseline-4-expanded.xml
new file mode 100644
index 0000000..b5671b5
--- /dev/null
+++ b/tests/cputestdata/x86-baseline-4-expanded.xml
@@ -0,0 +1,46 @@
+<cpu mode='custom' match='exact'>
+ <model fallback='forbid'>Westmere</model>
+ <vendor>Intel</vendor>
+ <feature policy='require' name='hypervisor'/>
+ <feature policy='require' name='avx'/>
+ <feature policy='require' name='osxsave'/>
+ <feature policy='require' name='xsave'/>
+ <feature policy='require' name='tsc-deadline'/>
+ <feature policy='require' name='x2apic'/>
+ <feature policy='require' name='pcid'/>
+ <feature policy='require' name='pclmuldq'/>
+ <feature policy='require' name='ss'/>
+ <feature policy='require' name='vme'/>
+ <feature policy='require' name='lahf_lm'/>
+ <feature policy='require' name='lm'/>
+ <feature policy='require' name='nx'/>
+ <feature policy='require' name='syscall'/>
+ <feature policy='require' name='aes'/>
+ <feature policy='require' name='popcnt'/>
+ <feature policy='require' name='sse4.2'/>
+ <feature policy='require' name='sse4.1'/>
+ <feature policy='require' name='cx16'/>
+ <feature policy='require' name='ssse3'/>
+ <feature policy='require' name='pni'/>
+ <feature policy='require' name='sse2'/>
+ <feature policy='require' name='sse'/>
+ <feature policy='require' name='fxsr'/>
+ <feature policy='require' name='mmx'/>
+ <feature policy='require' name='clflush'/>
+ <feature policy='require' name='pse36'/>
+ <feature policy='require' name='pat'/>
+ <feature policy='require' name='cmov'/>
+ <feature policy='require' name='mca'/>
+ <feature policy='require' name='pge'/>
+ <feature policy='require' name='mtrr'/>
+ <feature policy='require' name='sep'/>
+ <feature policy='require' name='apic'/>
+ <feature policy='require' name='cx8'/>
+ <feature policy='require' name='mce'/>
+ <feature policy='require' name='pae'/>
+ <feature policy='require' name='msr'/>
+ <feature policy='require' name='tsc'/>
+ <feature policy='require' name='pse'/>
+ <feature policy='require' name='de'/>
+ <feature policy='require' name='fpu'/>
+</cpu>
diff --git a/tests/cputestdata/x86-baseline-4-result.xml b/tests/cputestdata/x86-baseline-4-result.xml
new file mode 100644
index 0000000..44fbc38
--- /dev/null
+++ b/tests/cputestdata/x86-baseline-4-result.xml
@@ -0,0 +1,14 @@
+<cpu mode='custom' match='exact'>
+ <model fallback='forbid'>Westmere</model>
+ <vendor>Intel</vendor>
+ <feature policy='require' name='hypervisor'/>
+ <feature policy='require' name='avx'/>
+ <feature policy='require' name='osxsave'/>
+ <feature policy='require' name='xsave'/>
+ <feature policy='require' name='tsc-deadline'/>
+ <feature policy='require' name='x2apic'/>
+ <feature policy='require' name='pcid'/>
+ <feature policy='require' name='pclmuldq'/>
+ <feature policy='require' name='ss'/>
+ <feature policy='require' name='vme'/>
+</cpu>
diff --git a/tests/cputestdata/x86-baseline-4.xml b/tests/cputestdata/x86-baseline-4.xml
new file mode 100644
index 0000000..7f5ae16
--- /dev/null
+++ b/tests/cputestdata/x86-baseline-4.xml
@@ -0,0 +1,18 @@
+<cpuTest>
+<cpu>
+ <arch>x86_64</arch>
+ <model>Westmere</model>
+ <vendor>Intel</vendor>
+ <topology sockets='4' cores='1' threads='1'/>
+ <feature name='hypervisor'/>
+ <feature name='avx'/>
+ <feature name='osxsave'/>
+ <feature name='xsave'/>
+ <feature name='tsc-deadline'/>
+ <feature name='x2apic'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='ss'/>
+ <feature name='vme'/>
+</cpu>
+</cpuTest>
diff --git a/tests/cputestdata/x86-baseline-5-expanded.xml b/tests/cputestdata/x86-baseline-5-expanded.xml
new file mode 100644
index 0000000..2408704
--- /dev/null
+++ b/tests/cputestdata/x86-baseline-5-expanded.xml
@@ -0,0 +1,47 @@
+<cpu mode='custom' match='exact'>
+ <model fallback='allow'>SandyBridge</model>
+ <vendor>Intel</vendor>
+ <feature policy='require' name='hypervisor'/>
+ <feature policy='require' name='osxsave'/>
+ <feature policy='require' name='pcid'/>
+ <feature policy='require' name='ss'/>
+ <feature policy='require' name='vme'/>
+ <feature policy='disable' name='rdtscp'/>
+ <feature policy='require' name='lahf_lm'/>
+ <feature policy='require' name='lm'/>
+ <feature policy='require' name='nx'/>
+ <feature policy='require' name='syscall'/>
+ <feature policy='require' name='avx'/>
+ <feature policy='require' name='xsave'/>
+ <feature policy='require' name='aes'/>
+ <feature policy='require' name='tsc-deadline'/>
+ <feature policy='require' name='popcnt'/>
+ <feature policy='require' name='x2apic'/>
+ <feature policy='require' name='sse4.2'/>
+ <feature policy='require' name='sse4.1'/>
+ <feature policy='require' name='cx16'/>
+ <feature policy='require' name='ssse3'/>
+ <feature policy='require' name='pclmuldq'/>
+ <feature policy='require' name='pni'/>
+ <feature policy='require' name='sse2'/>
+ <feature policy='require' name='sse'/>
+ <feature policy='require' name='fxsr'/>
+ <feature policy='require' name='mmx'/>
+ <feature policy='require' name='clflush'/>
+ <feature policy='require' name='pse36'/>
+ <feature policy='require' name='pat'/>
+ <feature policy='require' name='cmov'/>
+ <feature policy='require' name='mca'/>
+ <feature policy='require' name='pge'/>
+ <feature policy='require' name='mtrr'/>
+ <feature policy='require' name='sep'/>
+ <feature policy='require' name='apic'/>
+ <feature policy='require' name='cx8'/>
+ <feature policy='require' name='mce'/>
+ <feature policy='require' name='pae'/>
+ <feature policy='require' name='msr'/>
+ <feature policy='require' name='tsc'/>
+ <feature policy='require' name='pse'/>
+ <feature policy='require' name='de'/>
+ <feature policy='require' name='fpu'/>
+</cpu>
diff --git a/tests/cputestdata/x86-baseline-5-result.xml b/tests/cputestdata/x86-baseline-5-result.xml
new file mode 100644
index 0000000..3c2f38c
--- /dev/null
+++ b/tests/cputestdata/x86-baseline-5-result.xml
@@ -0,0 +1,10 @@
+<cpu mode='custom' match='exact'>
+ <model fallback='allow'>SandyBridge</model>
+ <vendor>Intel</vendor>
+ <feature policy='require' name='hypervisor'/>
+ <feature policy='require' name='osxsave'/>
+ <feature policy='require' name='pcid'/>
+ <feature policy='require' name='ss'/>
+ <feature policy='require' name='vme'/>
+ <feature policy='disable' name='rdtscp'/>
+</cpu>
diff --git a/tests/cputestdata/x86-baseline-5.xml b/tests/cputestdata/x86-baseline-5.xml
new file mode 100644
index 0000000..80cd533
--- /dev/null
+++ b/tests/cputestdata/x86-baseline-5.xml
@@ -0,0 +1,35 @@
+<cpuTest>
+<cpu>
+ <arch>x86_64</arch>
+ <model>Westmere</model>
+ <vendor>Intel</vendor>
+ <topology sockets='4' cores='1' threads='1'/>
+ <feature name='hypervisor'/>
+ <feature name='avx'/>
+ <feature name='osxsave'/>
+ <feature name='xsave'/>
+ <feature name='tsc-deadline'/>
+ <feature name='x2apic'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='ss'/>
+ <feature name='vme'/>
+</cpu>
+<cpu>
+ <arch>x86_64</arch>
+ <model>Nehalem</model>
+ <vendor>Intel</vendor>
+ <topology sockets='4' cores='1' threads='1'/>
+ <feature name='aes'/>
+ <feature name='hypervisor'/>
+ <feature name='avx'/>
+ <feature name='osxsave'/>
+ <feature name='xsave'/>
+ <feature name='tsc-deadline'/>
+ <feature name='x2apic'/>
+ <feature name='pcid'/>
+ <feature name='pclmuldq'/>
+ <feature name='ss'/>
+ <feature name='vme'/>
+</cpu>
+</cpuTest>
--
1.8.5.3

25
libvirt.spec
View File

@ -366,8 +366,8 @@
Summary: Library providing a simple virtualization API
Name: libvirt
Version: 1.1.3.3
Release: 5%{?dist}%{?extra_release}
Version: 1.1.3.4
Release: 1%{?dist}%{?extra_release}
License: LGPLv2+
Group: Development/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
@ -378,14 +378,6 @@ URL: http://libvirt.org/
%endif
Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz
# Increase default qemu monitor timeout from 3 to 30 seconds (upstream).
Patch0001: 0001-qemu-Change-the-default-unix-monitor-timeout.patch
# Fix baselineCPU EXPAND_FEATURES (bz #1049391)
Patch0002: 0002-tests-Better-support-for-VIR_CONNECT_BASELINE_CPU_EX.patch
Patch0003: 0003-cpu-Fix-VIR_CONNECT_BASELINE_CPU_EXPAND_FEATURES.patch
Patch0004: 0004-cpu-Try-to-use-source-CPU-model-in-virConnectBaselin.patch
Patch0005: 0005-tests-Add-more-tests-for-virConnectBaselineCPU.patch
%if %{with_libvirtd}
Requires: libvirt-daemon = %{version}-%{release}
%if %{with_network}
@ -1169,13 +1161,6 @@ of recent versions of Linux (and other OSes).
%prep
%setup -q
%patch0001 -p1
# Fix baselineCPU EXPAND_FEATURES (bz #1049391)
%patch0002 -p1
%patch0003 -p1
%patch0004 -p1
%patch0005 -p1
%build
%if ! %{with_xen}
%define _without_xen --without-xen
@ -2133,6 +2118,12 @@ fi
%endif
%changelog
* Tue Feb 18 2014 Cole Robinson <crobinso@redhat.com> - 1.1.3.4-1
- Rebased to version 1.1.3.4
- Fix domain events when ACLs are used (bz #1058839)
- CVE-2013-6456: unsafe usage of paths under /proc//root (bz #1048628, bz
#1048627)
* Sat Feb 01 2014 Cole Robinson <crobinso@redhat.com> - 1.1.3.3-5
- Rebuild again for openwsman soname bump

2
sources
View File

@ -1 +1 @@
c7d864b29e1eb53343d451496c589f28 libvirt-1.1.3.3.tar.gz
7242049e67b1ee5614c7cdbddfc8ff92 libvirt-1.1.3.4.tar.gz