cpu: Honor check='full' for host-passthrough CPUs

The check attribute was completely ignored for host-passthrough CPUs
even if they explicitly requested some features to be enabled. For
example, a domain with the following CPU definition

  <cpu mode='host-passthrough' check='full'>
    <feature policy='require' name='svm'/>
  </cpu>

would happily start even when 'svm' cannot be enabled.

Let's call virCPUArchUpdateLive for host-passthrough CPUs with
VIR_CPU_CHECK_FULL to make sure the architecture specific code can
validate the provided virtual CPU against the desired definition.

https://bugzilla.redhat.com/show_bug.cgi?id=1515677

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Jiri Denemark 2020-03-09 14:14:04 +01:00
parent 8dc791b5d3
commit ac36a82464
2 changed files with 11 additions and 2 deletions

View File

@ -647,7 +647,8 @@ virCPUUpdateLive(virArch arch,
if (!driver->updateLive) if (!driver->updateLive)
return 1; return 1;
if (cpu->mode == VIR_CPU_MODE_CUSTOM) { if (cpu->mode == VIR_CPU_MODE_CUSTOM ||
cpu->check == VIR_CPU_CHECK_FULL) {
if (driver->updateLive(cpu, dataEnabled, dataDisabled) < 0) if (driver->updateLive(cpu, dataEnabled, dataDisabled) < 0)
return -1; return -1;

View File

@ -3009,8 +3009,10 @@ virCPUx86UpdateLive(virCPUDefPtr cpu,
virCPUDataPtr dataEnabled, virCPUDataPtr dataEnabled,
virCPUDataPtr dataDisabled) virCPUDataPtr dataDisabled)
{ {
bool hostPassthrough = cpu->mode == VIR_CPU_MODE_HOST_PASSTHROUGH;
virCPUx86MapPtr map; virCPUx86MapPtr map;
virCPUx86ModelPtr model = NULL; virCPUx86ModelPtr model = NULL;
virCPUx86ModelPtr modelDisabled = NULL;
virCPUx86Data enabled = VIR_CPU_X86_DATA_INIT; virCPUx86Data enabled = VIR_CPU_X86_DATA_INIT;
virCPUx86Data disabled = VIR_CPU_X86_DATA_INIT; virCPUx86Data disabled = VIR_CPU_X86_DATA_INIT;
virBuffer bufAdded = VIR_BUFFER_INITIALIZER; virBuffer bufAdded = VIR_BUFFER_INITIALIZER;
@ -3026,6 +3028,10 @@ virCPUx86UpdateLive(virCPUDefPtr cpu,
if (!(model = x86ModelFromCPU(cpu, map, -1))) if (!(model = x86ModelFromCPU(cpu, map, -1)))
goto cleanup; goto cleanup;
if (hostPassthrough &&
!(modelDisabled = x86ModelFromCPU(cpu, map, VIR_CPU_FEATURE_DISABLE)))
goto cleanup;
if (dataEnabled && if (dataEnabled &&
x86DataCopy(&enabled, &dataEnabled->data.x86) < 0) x86DataCopy(&enabled, &dataEnabled->data.x86) < 0)
goto cleanup; goto cleanup;
@ -3040,7 +3046,8 @@ virCPUx86UpdateLive(virCPUDefPtr cpu,
if (x86DataIsSubset(&model->data, &feature->data)) if (x86DataIsSubset(&model->data, &feature->data))
expected = VIR_CPU_FEATURE_REQUIRE; expected = VIR_CPU_FEATURE_REQUIRE;
else else if (!hostPassthrough ||
x86DataIsSubset(&modelDisabled->data, &feature->data))
expected = VIR_CPU_FEATURE_DISABLE; expected = VIR_CPU_FEATURE_DISABLE;
if (expected == VIR_CPU_FEATURE_DISABLE && if (expected == VIR_CPU_FEATURE_DISABLE &&
@ -3101,6 +3108,7 @@ virCPUx86UpdateLive(virCPUDefPtr cpu,
cleanup: cleanup:
x86ModelFree(model); x86ModelFree(model);
x86ModelFree(modelDisabled);
virCPUx86DataClear(&enabled); virCPUx86DataClear(&enabled);
virCPUx86DataClear(&disabled); virCPUx86DataClear(&disabled);
VIR_FREE(added); VIR_FREE(added);