From: Ján Tomko <jtomko@redhat.com>
Date: Sat, 28 Jan 2017 10:32:13 +0000 (+0100)
Subject: Validate required CPU features even for host-passthrough
X-Git-Tag: CVE-2017-2635~99
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76fd798191bfaf23b3f9e35c4807a7e2fee70117;p=thirdparty%2Flibvirt.git

Validate required CPU features even for host-passthrough

Commit adff345 allowed enabling features with -cpu host
without ajdusting the validity checks on domain startup
and migration.
---

diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 0f4a6cf212..0db1616aa7 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -2322,7 +2322,7 @@ qemuMigrationIsAllowed(virQEMUDriverPtr driver,
         if (!qemuMigrationIsAllowedHostdev(vm->def))
             return false;
 
-        if (vm->def->cpu && vm->def->cpu->mode != VIR_CPU_MODE_HOST_PASSTHROUGH) {
+        if (vm->def->cpu) {
             for (i = 0; i < vm->def->cpu->nfeatures; i++) {
                 virCPUFeatureDefPtr feature = &vm->def->cpu->features[i];
 
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 92fa69b3cc..76f132bc8f 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -3819,7 +3819,7 @@ qemuProcessVerifyGuestCPU(virQEMUDriverPtr driver,
             }
         }
 
-        if (def->cpu && def->cpu->mode != VIR_CPU_MODE_HOST_PASSTHROUGH) {
+        if (def->cpu) {
             for (i = 0; i < def->cpu->nfeatures; i++) {
                 virCPUFeatureDefPtr feature = &def->cpu->features[i];