summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMatthew Thode <prometheanfire@gentoo.org>2020-08-25 11:53:37 -0500
committerMatthew Thode <prometheanfire@gentoo.org>2020-08-25 11:53:53 -0500
commit440c9286ac4b1d2e10c25cb883250bc497611159 (patch)
treeefd136f7ad4bd67db9003f9ba49b8aad39200e33
parentapp-emulation/distrobuilder: fix metadata (diff)
downloadgentoo-440c9286ac4b1d2e10c25cb883250bc497611159.tar.gz
gentoo-440c9286ac4b1d2e10c25cb883250bc497611159.tar.bz2
gentoo-440c9286ac4b1d2e10c25cb883250bc497611159.zip
sys-cluster/nova: fix CVE-2020-17376 (live migration data leak)
Package-Manager: Portage-3.0.4, Repoman-2.3.23 RepoMan-Options: --force Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>
-rw-r--r--sys-cluster/nova/files/CVE-2020-17376.patch141
-rw-r--r--sys-cluster/nova/nova-21.0.0-r1.ebuild (renamed from sys-cluster/nova/nova-21.0.0.ebuild)5
2 files changed, 144 insertions, 2 deletions
diff --git a/sys-cluster/nova/files/CVE-2020-17376.patch b/sys-cluster/nova/files/CVE-2020-17376.patch
new file mode 100644
index 000000000000..8cb2d4423f72
--- /dev/null
+++ b/sys-cluster/nova/files/CVE-2020-17376.patch
@@ -0,0 +1,141 @@
+From bbf9d1de06e9991acd968fceee899a8df3776d60 Mon Sep 17 00:00:00 2001
+From: Lee Yarwood <lyarwood@redhat.com>
+Date: Wed, 5 Aug 2020 23:00:06 +0100
+Subject: [PATCH] libvirt: Provide VIR_MIGRATE_PARAM_PERSIST_XML during live
+ migration
+
+The VIR_MIGRATE_PARAM_PERSIST_XML parameter was introduced in libvirt
+v1.3.4 and is used to provide the new persistent configuration for the
+destination during a live migration:
+
+https://libvirt.org/html/libvirt-libvirt-domain.html#VIR_MIGRATE_PARAM_PERSIST_XML
+
+Without this parameter the persistent configuration on the destination
+will be the same as the original persistent configuration on the source
+when the VIR_MIGRATE_PERSIST_DEST flag is provided.
+
+As Nova does not currently provide the VIR_MIGRATE_PARAM_PERSIST_XML
+param but does provide the VIR_MIGRATE_PERSIST_DEST flag this means that
+a soft reboot by Nova of the instance after a live migration can revert
+the domain back to the original persistent configuration from the
+source.
+
+Note that this is only possible in Nova as a soft reboot actually
+results in the virDomainShutdown and virDomainLaunch libvirt APIs being
+called that recreate the domain using the persistent configuration.
+virDomainReboot does not result in this but is not called at this time.
+
+The impact of this on the instance after the soft reboot is pretty
+severe, host devices referenced in the original persistent configuration
+on the source may not exist or could even be used by other users on the
+destination. CPU and NUMA affinity could also differ drastically between
+the two hosts resulting in the instance being unable to start etc.
+
+As MIN_LIBVIRT_VERSION is now > v1.3.4 this change simply includes the
+VIR_MIGRATE_PARAM_PERSIST_XML param using the same updated XML for the
+destination as is already provided to VIR_MIGRATE_PARAM_DEST_XML.
+
+NOTE(lyarwood): A simple change to test_migrate_v3_unicode is included
+as Iccce0ab50eee515e533ab36c8e7adc10cb3f7019 had removed this from
+master.
+
+Co-authored-by: Tadayoshi Hosoya <tad-hosoya@wr.jp.nec.com>
+Closes-Bug: #1890501
+Change-Id: Ia3f1d8e83cbc574ce5cb440032e12bbcb1e10e98
+(cherry picked from commit 1bb8ee95d4c3ddc3f607ac57526b75af1b7fbcff)
+Signed-off-by: Matthew Thode <prometheanfire@gentoo.org>
+---
+ nova/tests/unit/virt/libvirt/test_driver.py | 8 +++++++-
+ nova/tests/unit/virt/libvirt/test_guest.py | 2 ++
+ nova/virt/libvirt/guest.py | 1 +
+ 3 files changed, 10 insertions(+), 1 deletion(-)
+
+diff --git a/nova/tests/unit/virt/libvirt/test_driver.py b/nova/tests/unit/virt/libvirt/test_driver.py
+index b416641d362..99ce85a870b 100644
+--- a/nova/tests/unit/virt/libvirt/test_driver.py
++++ b/nova/tests/unit/virt/libvirt/test_driver.py
+@@ -11196,6 +11196,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': disk_paths,
+ 'bandwidth': _bandwidth,
+ 'destination_xml': target_xml,
++ 'persistent_xml': target_xml,
+ }
+
+ # start test
+@@ -11303,7 +11304,8 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': disk_paths,
+ 'migrate_uri': 'tcp://127.0.0.2',
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+- 'destination_xml': target_xml
++ 'destination_xml': target_xml,
++ 'persistent_xml': target_xml,
+ }
+
+ # Start test
+@@ -11462,6 +11464,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_uri': 'tcp://127.0.0.2',
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+ 'destination_xml': target_xml,
++ 'persistent_xml': target_xml,
+ }
+
+ # start test
+@@ -11813,6 +11816,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': ['vda', 'vdb'],
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+ 'destination_xml': target_xml,
++ 'persistent_xml': target_xml,
+ }
+
+ # start test
+@@ -11939,6 +11943,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': device_names,
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+ 'destination_xml': '<xml/>',
++ 'persistent_xml': '<xml/>',
+ }
+ if not params['migrate_disks']:
+ del params['migrate_disks']
+@@ -12078,6 +12083,7 @@ class LibvirtConnTestCase(test.NoDBTestCase,
+ 'migrate_disks': disk_paths,
+ 'bandwidth': CONF.libvirt.live_migration_bandwidth,
+ 'destination_xml': '<xml/>',
++ 'persistent_xml': '<xml/>',
+ }
+
+ # Prepare mocks
+diff --git a/nova/tests/unit/virt/libvirt/test_guest.py b/nova/tests/unit/virt/libvirt/test_guest.py
+index 55642c66f66..51899b730b3 100644
+--- a/nova/tests/unit/virt/libvirt/test_guest.py
++++ b/nova/tests/unit/virt/libvirt/test_guest.py
+@@ -682,6 +682,7 @@ class GuestTestCase(test.NoDBTestCase):
+ 'an-uri', flags=1, params={'migrate_uri': 'dest-uri',
+ 'migrate_disks': 'disk1',
+ 'destination_xml': '</xml>',
++ 'persistent_xml': '</xml>',
+ 'bandwidth': 2})
+
+ @testtools.skipIf(not six.PY2, 'libvirt python3 bindings accept unicode')
+@@ -699,6 +700,7 @@ class GuestTestCase(test.NoDBTestCase):
+ 'migrate_disks': ['disk1',
+ 'disk2'],
+ 'destination_xml': expect_dest_xml,
++ 'persistent_xml': expect_dest_xml,
+ 'bandwidth': 2})
+
+ def test_abort_job(self):
+diff --git a/nova/virt/libvirt/guest.py b/nova/virt/libvirt/guest.py
+index 0d485eb86d9..46593247303 100644
+--- a/nova/virt/libvirt/guest.py
++++ b/nova/virt/libvirt/guest.py
+@@ -638,6 +638,7 @@ class Guest(object):
+
+ if destination_xml:
+ params['destination_xml'] = destination_xml
++ params['persistent_xml'] = destination_xml
+ if migrate_disks:
+ params['migrate_disks'] = migrate_disks
+ if migrate_uri:
+--
+2.26.2
+
diff --git a/sys-cluster/nova/nova-21.0.0.ebuild b/sys-cluster/nova/nova-21.0.0-r1.ebuild
index 8601ad73fd10..e96174c2c999 100644
--- a/sys-cluster/nova/nova-21.0.0.ebuild
+++ b/sys-cluster/nova/nova-21.0.0-r1.ebuild
@@ -148,8 +148,9 @@ RDEPEND="
acct-user/nova
acct-group/nova"
-#PATCHES=(
-#)
+PATCHES=(
+ "${FILESDIR}/CVE-2020-17376.patch"
+)
pkg_setup() {
linux-info_pkg_setup