OpenStack Compute (nova)

Bug #1890501
Comment #44

Comment 44 for bug 1890501

Revision history for this message

Lee Yarwood (lyarwood) wrote on 2020-08-11: Re: Soft reboot after live-migration reverts instance to original source domain XML (CVE-2020-17376)

#44

Trying to summarise c#43 in terms of Nova:

* stable/queens
  - MIN_LIBVIRT_VERSION is v1.2.9
  - VIR_MIGRATE_PERSIST_DEST flag always provided
  - VIR_MIGRATE_PARAM_DEST_XML provided when libvirt is >= v1.2.17
  - migrateToURI2 used when libvirt is between v1.2.9 and v1.2.16
  - migrateToURI3 used when libvirt is >= v1.2.17

* stable/rocky
  - MIN_LIBVIRT_VERSION is v1.3.1
  - VIR_MIGRATE_PERSIST_DEST flag always provided
  - VIR_MIGRATE_PARAM_DEST_XML always provided
  - migrateToURI3 always used

So on stable/queens with libvirt between v1.2.17 and v1.3.4 we should see VIR_MIGRATE_PARAM_DEST_XML persisted on the destination via migrateToURI3.

When libvirt is between v1.2.9 and v1.2.16 we actually end up calling migrateToURI2 that I believe persists the domain_xml we provide as a kwarg when calling libvirt.

So AFAICT < v1.3.4 we are safe from hitting this and we only need to care about the > v1.3.4 case on all branches from stable/queens.