From 31f3e00656fe8e09bb6fc5fa003d495caf61ffee Mon Sep 17 00:00:00 2001
From: David Michael <fedora.dm0@gmail.com>
Date: Jan 11 2024 23:28:03 +0000
Subject: Backport vmm-sys-util updates for CVE-2023-50711


---

diff --git a/.gitignore b/.gitignore
index dedfef2..3bde073 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,3 @@
 /firecracker-1.6.0.tar.gz
-/kvm-bindings-b158595.tar.gz
-/micro_http-a4d632f.tar.gz
+/kvm-bindings-93af344.tar.gz
+/micro_http-e75dfa1.tar.gz
diff --git a/firecracker-1.6.0-update-vmm-sys-util.patch b/firecracker-1.6.0-update-vmm-sys-util.patch
new file mode 100644
index 0000000..d9ec2b6
--- /dev/null
+++ b/firecracker-1.6.0-update-vmm-sys-util.patch
@@ -0,0 +1,154 @@
+Update vmm-sys-util and its users for CVE-2023-50711 by backporting upstream
+commit 8382687b88f8dd1ae60526f40175aefc8ae3aa13.
+
+--- a/Cargo.toml
++++ b/Cargo.toml
+@@ -11,4 +11,4 @@
+ lto = true
+ 
+ [patch.crates-io]
+-kvm-bindings = { git = "https://github.com/firecracker-microvm/kvm-bindings", tag = "v0.6.0-2", features = ["fam-wrappers"] }
++kvm-bindings = { git = "https://github.com/firecracker-microvm/kvm-bindings", tag = "v0.7.0-1", features = ["fam-wrappers"] }
+--- a/src/firecracker/Cargo.toml
++++ b/src/firecracker/Cargo.toml
+@@ -14,7 +14,7 @@
+ 
+ [dependencies]
+ displaydoc = "0.2.4"
+-event-manager = "0.3.0"
++event-manager = "0.4.0"
+ libc = "0.2.151"
+ log-instrument = { path = "../log-instrument", optional = true }
+ serde_json = "1.0.108"
+--- a/src/snapshot/Cargo.toml
++++ b/src/snapshot/Cargo.toml
+@@ -11,7 +11,7 @@
+ 
+ [dependencies]
+ libc = "0.2.117"
+-versionize = "0.1.10"
++versionize = "0.2.0"
+ versionize_derive = "0.1.6"
+ thiserror = "1.0.32"
+ displaydoc = "0.2.4"
+--- a/src/utils/Cargo.toml
++++ b/src/utils/Cargo.toml
+@@ -14,10 +14,10 @@
+ serde = { version = "1.0.165", features = ["derive"] }
+ thiserror = "1.0.32"
+ displaydoc = "0.2.4"
+-versionize = "0.1.10"
++versionize = "0.2.0"
+ versionize_derive = "0.1.6"
+-vmm-sys-util = "0.11.2"
+-vm-memory = { version = "0.13.0", features = ["backend-mmap", "backend-bitmap"] }
++vmm-sys-util = "0.12.0"
++vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-bitmap"] }
+ log-instrument = { path = "../log-instrument", optional = true }
+ 
+ [dev-dependencies]
+--- a/src/vmm/Cargo.toml
++++ b/src/vmm/Cargo.toml
+@@ -12,9 +12,9 @@
+ rand = "0.8.5"
+ bitflags = "2.0.2"
+ derive_more = { version = "0.99.17", default-features = false, features = ["from", "display"] }
+-event-manager = "0.3.0"
+-kvm-bindings = { version = "0.6.0", features = ["fam-wrappers"] }
+-kvm-ioctls = "0.15.0"
++event-manager = "0.4.0"
++kvm-bindings = { version = "0.7.0", features = ["fam-wrappers"] }
++kvm-ioctls = "0.16.0"
+ lazy_static = "1.4.0"
+ libc = "0.2.117"
+ memfd = "0.6.3"
+@@ -26,12 +26,12 @@
+ thiserror = "1.0.32"
+ displaydoc = "0.2.4"
+ userfaultfd = "0.7.0"
+-versionize = "0.1.10"
++versionize = "0.2.0"
+ versionize_derive = "0.1.6"
+-vhost = { version = "0.9.0", features = ["vhost-user-frontend"] }
++vhost = { version = "0.10.0", features = ["vhost-user-frontend"] }
+ vm-allocator = "0.1.0"
+ vm-superio = "0.7.0"
+-vm-memory = { version = "0.13.1", features = ["backend-mmap", "backend-bitmap"] }
++vm-memory = { version = "0.14.0", features = ["backend-mmap", "backend-bitmap"] }
+ log = { version = "0.4.17", features = ["std", "serde"] }
+ aes-gcm =  { version = "0.10.1", default-features = false, features = ["aes"] }
+ base64 = "0.21.0"
+--- a/src/vmm/src/vstate/vcpu/mod.rs
++++ b/src/vmm/src/vstate/vcpu/mod.rs
+@@ -496,7 +496,7 @@
+                 VcpuExit::SystemEvent(event_type, event_flags) => match event_type {
+                     KVM_SYSTEM_EVENT_RESET | KVM_SYSTEM_EVENT_SHUTDOWN => {
+                         info!(
+-                            "Received KVM_SYSTEM_EVENT: type: {}, event: {}",
++                            "Received KVM_SYSTEM_EVENT: type: {}, event: {:?}",
+                             event_type, event_flags
+                         );
+                         Ok(VcpuEmulation::Stopped)
+@@ -504,7 +504,7 @@
+                     _ => {
+                         METRICS.vcpu.failures.inc();
+                         error!(
+-                            "Received KVM_SYSTEM_EVENT signal type: {}, flag: {}",
++                            "Received KVM_SYSTEM_EVENT signal type: {}, flag: {:?}",
+                             event_type, event_flags
+                         );
+                         Err(VcpuError::FaultyKvmExit(format!(
+@@ -752,24 +752,24 @@
+             )
+         );
+ 
+-        *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(2, 0)));
++        *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(2, &[])));
+         let res = vcpu.run_emulation();
+         assert!(res.is_ok());
+         assert_eq!(res.unwrap(), VcpuEmulation::Stopped);
+ 
+-        *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(1, 0)));
++        *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(1, &[])));
+         let res = vcpu.run_emulation();
+         assert!(res.is_ok());
+         assert_eq!(res.unwrap(), VcpuEmulation::Stopped);
+ 
+-        *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(3, 0)));
++        *(vcpu.test_vcpu_exit_reason.lock().unwrap()) = Some(Ok(VcpuExit::SystemEvent(3, &[])));
+         let res = vcpu.run_emulation();
+         assert!(res.is_err());
+         assert_eq!(
+             format!("{:?}", res.unwrap_err()),
+             format!(
+                 "{:?}",
+-                EmulationError::FaultyKvmExit("SystemEvent(3, 0)".to_string())
++                EmulationError::FaultyKvmExit("SystemEvent(3, [])".to_string())
+             )
+         );
+ 
+--- a/tests/integration_tests/functional/test_shut_down.py
++++ b/tests/integration_tests/functional/test_shut_down.py
+@@ -6,6 +6,8 @@
+ import platform
+ import time
+ 
++from packaging import version
++
+ from framework import utils
+ 
+ 
+@@ -56,7 +58,12 @@
+     assert len(datapoints) == 2
+ 
+     if platform.machine() != "x86_64":
+-        vm.check_log_message("Received KVM_SYSTEM_EVENT: type: 2, event: 0")
++        message = (
++            "Received KVM_SYSTEM_EVENT: type: 2, event: [0]"
++            if version.parse(utils.get_kernel_version()) >= version.parse("5.18")
++            else "Received KVM_SYSTEM_EVENT: type: 2, event: []"
++        )
++        vm.check_log_message(message)
+         vm.check_log_message("Vmm is stopping.")
+ 
+     # Make sure that the FC process was not killed by a seccomp fault
diff --git a/firecracker.spec b/firecracker.spec
index d5fdb5d..f644615 100644
--- a/firecracker.spec
+++ b/firecracker.spec
@@ -9,25 +9,26 @@
 
 Name:           firecracker
 Version:        1.6.0
-Release:        1%{?dist}
+Release:        2%{?dist}
 
 Summary:        Secure and fast microVMs for serverless computing
-License:        Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-3-Clause AND MIT AND Unicode-DFS-2016
+License:        Apache-2.0 AND (Apache-2.0 OR BSD-3-Clause) AND (Apache-2.0 OR BSL-1.0) AND (Apache-2.0 OR MIT) AND (Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT) AND BSD-3-Clause AND MIT AND (MIT OR Unlicense) AND Unicode-DFS-2016
 URL:            https://firecracker-microvm.github.io/
 
 Source0:        https://github.com/firecracker-microvm/firecracker/archive/v%{version}/%{name}-%{version}.tar.gz
 
 # Bundle forked versions of existing crates to avoid conflicts with upstreams.
-Source1:        https://github.com/firecracker-microvm/kvm-bindings/archive/b1585959b4ac4075629765fb90ecf298a3203bfc/kvm-bindings-b158595.tar.gz
-Source2:        https://github.com/firecracker-microvm/micro-http/archive/a4d632f2c5ea45712c0d2002dc909a63879e85c3/micro_http-a4d632f.tar.gz
-Provides:       bundled(crate(kvm-bindings)) = 0.6.0^gitb158595
-Provides:       bundled(crate(micro_http)) = 0.1.0^gita4d632f
+Source1:        https://github.com/firecracker-microvm/kvm-bindings/archive/93af344a93b83b39cdfea0d0a860b3b57d29d28b/kvm-bindings-93af344.tar.gz
+Source2:        https://github.com/firecracker-microvm/micro-http/archive/e75dfa1eeea23b69caa7407bc2c3a76d7b7262fb/micro_http-e75dfa1.tar.gz
+Provides:       bundled(crate(kvm-bindings)) = 0.6.0^git93af344
+Provides:       bundled(crate(micro_http)) = 0.1.0^gite75dfa1
 
 # Edit crate dependencies to track what is packaged in Fedora.
 Patch:          %{name}-1.6.0-remove-aws-lc-rs.patch
 Patch:          %{name}-1.6.0-remove-cargo_toml.patch
 Patch:          %{name}-1.6.0-remove-criterion.patch
 Patch:          %{name}-1.6.0-remove-device_tree.patch
+Patch:          %{name}-1.6.0-update-vmm-sys-util.patch
 
 BuildRequires:  cargo-rpm-macros >= 24
 %if %{defined cargo_target}
@@ -100,6 +101,9 @@ done
 
 
 %changelog
+* Thu Jan 11 2024 David Michael <fedora.dm0@gmail.com> - 1.6.0-2
+- Backport changes to update vmm-sys-util for CVE-2023-50711.
+
 * Wed Dec 20 2023 David Michael <fedora.dm0@gmail.com> - 1.6.0-1
 - Update to the 1.6.0 release.
 
diff --git a/sources b/sources
index 514e854..435b89d 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
 SHA512 (firecracker-1.6.0.tar.gz) = 393c4ef91dde7b6f6ec1cd0bd429508853b7a479fe366e600cf09f89b74eca5f68eae1013a2ef3854e7ab7432314eff1d0b67c517f3bf19596ea63ad6413c5db
-SHA512 (kvm-bindings-b158595.tar.gz) = 5e5a8f76858dcc1bc1d17243b5ca55b2e9cdd346d20e8a517d8f9e6b3273c146c76906909a2dca96a449f6dfecf8aaeb295024767848537bd2fc81a4055412a6
-SHA512 (micro_http-a4d632f.tar.gz) = 6d0cd910a2e790f8b4e12353641da9aeba4cf283f8aa519395c6add1e7a040cd9a1f0b95430d5545401309b888e4a7f947a5115cbd3ce612c7c1cee6317804a4
+SHA512 (kvm-bindings-93af344.tar.gz) = 40188c8fceace602019729b84ba0c31a7b1e3ce83a42610b48a0072c3107fac896d52b7f17c5d92c4e2228fa951a3f10fc327b5ad445cb3d0c462779db94d8ed
+SHA512 (micro_http-e75dfa1.tar.gz) = ef323a95919334c97cf17b1bb874bcf35d4a822b440086685f9bc9e8f25e79a87ddda2f3dc63718ccb7ec4baf3ec6eab4a9cec06b07b24ad0bac57e1d2283d05