1. 10 12月, 2012 5 次提交
    • G
      0004a118
    • L
      util: do a better job of matching up pids with their binaries · 58320848
      Laine Stump 提交于
      This patch resolves: https://bugzilla.redhat.com/show_bug.cgi?id=871201
      
      If libvirt is restarted after updating the dnsmasq or radvd packages,
      a subsequent "virsh net-destroy" will fail to kill the dnsmasq/radvd
      process.
      
      The problem is that when libvirtd restarts, it re-reads the dnsmasq
      and radvd pidfiles, then does a sanity check on each pid it finds,
      including checking that the symbolic link in /proc/$pid/exe actually
      points to the same file as the path used by libvirt to execute the
      binary in the first place. If this fails, libvirt assumes that the
      process is no longer alive.
      
      But if the original binary has been replaced, the link in /proc is set
      to "$binarypath (deleted)" (it literally has the string " (deleted)"
      appended to the link text stored in the filesystem), so even if a new
      binary exists in the same location, attempts to resolve the link will
      fail.
      
      In the end, not only is the old dnsmasq/radvd not terminated when the
      network is stopped, but a new dnsmasq can't be started when the
      network is later restarted (because the original process is still
      listening on the ports that the new process wants).
      
      The solution is, when the initial "use stat to check for identical
      inodes" check for identity between /proc/$pid/exe and $binpath fails,
      to check /proc/$pid/exe for a link ending with " (deleted)" and if so,
      truncate that part of the link and compare what's left with the
      original binarypath.
      
      A twist to this problem is that on systems with "merged" /sbin and
      /usr/sbin (i.e. /sbin is really just a symlink to /usr/sbin; Fedora
      17+ is an example of this), libvirt may have started the process using
      one path, but /proc/$pid/exe lists a different path (indeed, on F17
      this is the case - libvirtd uses /sbin/dnsmasq, but /proc/$pid/exe
      shows "/usr/sbin/dnsmasq"). The further bit of code to resolve this is
      to call virFileResolveAllLinks() on both the original binarypath and
      on the truncated link we read from /proc/$pid/exe, and compare the
      results.
      
      The resulting code still succeeds in all the same cases it did before,
      but also succeeds if the binary was deleted or replaced after it was
      started.
      (cherry picked from commit 7bafe009)
      58320848
    • V
      qemu: pass -usb and usb hubs earlier, so USB disks with static address are handled properly · d8199361
      Vladislav Bogdanov 提交于
      (cherry picked from commit 81af5336)
      
      Conflicts:
      	tests/qemuxml2argvdata/qemuxml2argv-bios.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-copy_on_read.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-ioeventfd.args
      	tests/qemuxml2argvdata/qemuxml2argv-event_idx.args
      	tests/qemuxml2argvdata/qemuxml2argv-hyperv.args
      	tests/qemuxml2argvdata/qemuxml2argv-virtio-lun.args
      d8199361
    • V
      qemu: Do not ignore address for USB disks · 3f3d0944
      Vladislav Bogdanov 提交于
      (cherry picked from commit 8f708761)
      3f3d0944
    • M
      esx: Fix connection to ESX 5.1 · b29534a6
      Martin Kletzander 提交于
      After separating 5.x and 5.1 versions of ESX, we forgot to add 5.1
      into the list of allowed connections, so connections to 5.1 fail since
      v1.0.0-rc1-5-g1e7cd395
      (cherry picked from commit bab7752c)
      b29534a6
  2. 04 12月, 2012 1 次提交
    • L
      conf: fix virDomainNetGetActualDirect*() and BridgeName() · 48aaabd9
      Laine Stump 提交于
      This resolves:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=881480
      
      These three functions:
      
        virDomainNetGetActualBridgeName
        virDomainNetGetActualDirectDev
        virDomainNetGetActualDirectMode
      
      return attributes that are in a union whose contents are interpreted
      differently depending on the actual->type and so they should only
      return non-0 when actual->type is 'bridge' (in the first case) or
      'direct' (in the other two cases, but I had neglected to do that, so
      ...DirectDev() was returning bridge.brname (which happens to share the
      same spot in the union with direct.linkdev) if actual->type was
      'bridge', and ...BridgeName was returning direct.linkdev when
      actual->type was 'direct'.
      
      How does this involve Bug 881480 (which was about the inability to
      switch between two networks that both have "<forward mode='bridge'/>
      <bridge name='xxx'/>"? Whenever the return value of
      virDomainNetGetActualDirectDev() for the new and old network
      definitions doesn't match, qemuDomainChangeNet() requires a "complete
      reconnect" of the device, which qemu currently doesn't
      support. ...DirectDev() *should* have been returning NULL for old and
      new, but was instead returning the old and new bridge names, which
      differ.
      
      (The other two functions weren't causing any behavioral problems in
      virDomainChangeNet(), but their problem and fix was identical, so I
      included them in this same patch).
      (cherry picked from commit 3738cf41)
      48aaabd9
  3. 30 11月, 2012 3 次提交
    • L
      network: use dnsmasq --bind-dynamic when available · 3fbab08a
      Laine Stump 提交于
      This bug resolves CVE-2012-3411, which is described in the following
      bugzilla report:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=833033
      
      The following report is specifically for libvirt on Fedora:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=874702
      
      In short, a dnsmasq instance run with the intention of listening for
      DHCP/DNS requests only on a libvirt virtual network (which is
      constructed using a Linux host bridge) would also answer queries sent
      from outside the virtualization host.
      
      This patch takes advantage of a new dnsmasq option "--bind-dynamic",
      which will cause the listening socket to be setup such that it will
      only receive those requests that actually come in via the bridge
      interface. In order for this behavior to actually occur, not only must
      "--bind-interfaces" be replaced with "--bind-dynamic", but also all
      "--listen-address" options must be replaced with a single
      "--interface" option. Fully:
      
         --bind-interfaces --except-interface lo --listen-address x.x.x.x ...
      
      (with --listen-address possibly repeated) is replaced with:
      
         --bind-dynamic --interface virbrX
      
      Of course libvirt can't use this new option if the host's dnsmasq
      doesn't have it, but we still want libvirt to function (because the
      great majority of libvirt installations, which only have mode='nat'
      networks using RFC1918 private address ranges (e.g. 192.168.122.0/24),
      are immune to this vulnerability from anywhere beyond the local subnet
      of the host), so we use the new dnsmasqCaps API to check if dnsmasq
      supports the new option and, if not, we use the "old" option style
      instead. In order to assure that this permissiveness doesn't lead to a
      vulnerable system, we do check for non-private addresses in this case,
      and refuse to start the network if both a) we are using the old-style
      options, and b) the network has a publicly routable IP
      address. Hopefully this will provide the proper balance of not being
      disruptive to those not practically affected, and making sure that
      those who *are* affected get their dnsmasq upgraded.
      
      (--bind-dynamic was added to dnsmasq in upstream commit
      54dd393f3938fc0c19088fbd319b95e37d81a2b0, which was included in
      dnsmasq-2.63)
      3fbab08a
    • L
      util: new virSocketAddrIsPrivate function · 337efad9
      Laine Stump 提交于
      This new function returns true if the given address is in the range of
      any "private" or "local" networks as defined in RFC1918 (IPv4) or
      RFC3484/RFC4193 (IPv6), otherwise they return false.
      
      These ranges are:
      
         192.168.0.0/16
         172.16.0.0/16
         10.0.0.0/24
         FC00::/7
         FEC0::/10
      337efad9
    • L
      util: capabilities detection for dnsmasq · c1bbfabd
      Laine Stump 提交于
      In order to optionally take advantage of new features in dnsmasq when
      the host's version of dnsmasq supports them, but still be able to run
      on hosts that don't support the new features, we need to be able to
      detect the version of dnsmasq running on the host, and possibly
      determine from the help output what options are in this dnsmasq.
      
      This patch implements a greatly simplified version of the capabilities
      code we already have for qemu. A dnsmasqCaps device can be created and
      populated either from running a program on disk, reading a file with
      the concatenated output of "dnsmasq --version; dnsmasq --help", or
      examining a buffer in memory that contains the concatenated output of
      those two commands. Simple functions to retrieve capabilities flags,
      the version number, and the path of the binary are also included.
      
      bridge_driver.c creates a single dnsmasqCaps object at driver startup,
      and disposes of it at driver shutdown. Any time it must be used, the
      dnsmasqCapsRefresh method is called - it checks the mtime of the
      binary, and re-runs the checks if the binary has changed.
      
      networkxml2argvtest.c creates 2 "artificial" dnsmasqCaps objects at
      startup - one "restricted" (doesn't support --bind-dynamic) and one
      "full" (does support --bind-dynamic). Some of the test cases use one
      and some the other, to make sure both code pathes are tested.
      c1bbfabd
  4. 17 11月, 2012 1 次提交
  5. 13 11月, 2012 1 次提交
    • J
      qemu: Always format CPU topology · 165518d5
      Jiri Denemark 提交于
      When libvirt cannot find a suitable CPU model for host CPU (easily
      reproducible by running libvirt in a guest), it would not provide CPU
      topology in capabilities XML either. Even though CPU topology is known
      and can be queried by virNodeGetInfo. With this patch, CPU topology will
      always be provided in capabilities XML regardless on the presence of CPU
      model.
      (cherry picked from commit f1c70100)
      
      Conflicts:
      
          src/qemu/qemu_capabilities.c
          src/qemu/qemu_command.c
      
          The new code uses capabilities caching.
      165518d5
  6. 06 11月, 2012 1 次提交
  7. 02 11月, 2012 2 次提交
  8. 28 10月, 2012 26 次提交
    • C
      Prep for release 0.10.2.1 · 3feed5c1
      Cole Robinson 提交于
      3feed5c1
    • C
      d564e0a8
    • L
      parallels: fix build for some older compilers · 93ac917c
      Laine Stump 提交于
      Found this when building on RHEL5:
      
      parallels/parallels_storage.c: In function 'parallelsStorageOpen':
      parallels/parallels_storage.c:180: error: 'for' loop initial declaration used outside C99 mode
      
      (and similar error in parallels_driver.c). This was in spite of
      configuring with "-Wno-error".
      (cherry picked from commit 73ebd86d)
      93ac917c
    • P
      documentation: HTML tag fix · 9a9527d2
      Philipp Hahn 提交于
      Replace '%' by '&' for correct escaping of '>' in Domain specification.
      Signed-off-by: NPhilipp Hahn <hahn@univention.de>
      (cherry picked from commit 7083cdc7)
      9a9527d2
    • L
      network: fix networkValidate check for default portgroup and vlan · e9f16f25
      Laine Stump 提交于
      This was found during testing of the fix for:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=868483
      
      networkValidate was supposed to check for the existence of multiple
      portgroups and report an error if this was encountered. It did, but
      there were two problems:
      
      1) even though it logged an error, it still returned success, allowing
      the operation to continue.
      
      2) It could exit the portgroup checking loop early (or possibly not
      even do it once) if a vlan tag was supplied in the base network config
      or one of the portgroups.
      
      This patch fixes networkValidate to return failure in addition to
      logging the error, and also changes it to not exit the portgroup
      checking loop early. The logic was a bit off in the checking for vlan
      anyway, and it's intertwined with fixing the early loop exit, so I
      fixed that as well. Now it correctly checks for combinations where a
      <virtualport> is specified in the base network def and <vlan> is given
      in a portgroup, as well as the opposite (<vlan> in base network def
      and <virtualport> in portgroup), and ignores the case of a disallowed
      vlan when using *no* portgroup if there is a default portgroup (since
      in that case there is no way to not use any portgroup).
      (cherry picked from commit d8aae15a)
      e9f16f25
    • M
      esx: Update version checks for vSphere 5.1 · addce0a7
      Matthias Bolte 提交于
      Also remove warnings for upcoming versions. There hadn't been any
      compatibility problems with new ESX version over the whole lifetime
      of the ESX driver, so I don't expect any in the future.
      
      Update documentation to mention vSphere 5.x support.
      (cherry picked from commit 1e7cd395)
      addce0a7
    • J
      Fix detection of Xen sysctl version 9 · 9f85b713
      Jim Fehlig 提交于
      In commit 371ddc98, I mistakenly added the check for sysctl
      version 9 after setting the hypercall version to 1, which will
      fail with
      
      error : xenHypervisorDoV1Op:967 : Unable to issue hypervisor
      ioctl 3166208: Function not implemented
      
      This check should be included along with the others that use
      hypercall version 2.
      (cherry picked from commit 9785f2b6)
      9f85b713
    • C
      selinux: Don't fail RestoreAll if file doesn't have a default label · ff5a1ea0
      Cole Robinson 提交于
      When restoring selinux labels after a VM is stopped, any non-standard
      path that doesn't have a default selinux label causes the process
      to stop and exit early. This isn't really an error condition IMO.
      
      Of course the selinux API could be erroring for some other reason
      but hopefully that's rare enough to not need explicit handling.
      
      Common example here is storing disk images in a non-standard location
      like under /mnt.
      (cherry picked from commit 767be8be)
      ff5a1ea0
    • J
      storage: don't shadow global 'wait' declaration · 03bf498f
      Ján Tomko 提交于
      Rename the 'wait' parameter to 'loop'.
      This silences the warning:
      storage/storage_backend.c:1348:34: error: declaration of 'wait' shadows
      a global declaration [-Werror=shadow]
      and fixes the build with -Werror.
      --
      Note: loop is pool backwards.
      (cherry picked from commit b326765c)
      03bf498f
    • C
      Remove a couple duplicates from AUTHORS.in · bd098c11
      Cole Robinson 提交于
      (cherry picked from commit 2e99fa03)
      bd098c11
    • C
      storage: Don't do wait loops from VolLookupByPath · cbee5d8b
      Cole Robinson 提交于
      virStorageVolLookupByPath is an API call that virt-manager uses
      quite a bit when dealing with storage. This call use BackendStablePath
      which has several usleep() heuristics that can be tripped up
      and hang virt-manager for a while.
      
      Current example: an empty mpath pool pointing to /dev/mapper makes
      _any_ calls to virStorageVolLookupByPath take 5 seconds.
      
      The sleep heuristics are actually only needed in certain cases
      when we are waiting for new storage to appear, so let's skip the
      timeout steps when calling from LookupByPath.
      (cherry picked from commit 77eff5ee)
      cbee5d8b
    • O
      storage: Add timeout for iscsi volume's stable path discovery · aa9f65c8
      Osier Yang 提交于
      It might need some time till the LUN's stable path shows up on
      initiator host, and although the time window is not foreseeable,
      as a better than nothing fix, this patch adds timeout for the
      stable path discovery process.
      (cherry picked from commit de7f0774)
      aa9f65c8
    • C
      spec: Fix multilib issue with systemtap tapsets · acb169d0
      Cole Robinson 提交于
      If building on a 64bit host, rename the affected tapsets to <name>-64.stp.
      This is similar to what the python package does in fedora.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=831425
      (cherry picked from commit 18d0632d)
      acb169d0
    • C
      docs: Fix installation of internals/*.html · 965e4c3c
      Cole Robinson 提交于
      We were just installing them in the top level html directory, which
      broke navigation and overwrote other pages.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=837825
      (cherry picked from commit 7146d416)
      965e4c3c
    • O
      virsh: Fix segfault of snapshot-list · 3d124636
      Osier Yang 提交于
      'snaps' is used after free()'ed.
      (cherry picked from commit e0ad4669)
      3d124636
    • C
      6bae2c41
    • C
      daemon: Avoid 'Could not find keytab file' in syslog · a5f8a78f
      Cole Robinson 提交于
      On F17 at least, every time libvirtd starts we get this in syslog:
      
      libvirtd: Could not find keytab file: /etc/libvirt/krb5.tab: No such file or directory
      
      This comes from cyrus-sasl, and happens regardless of whether the
      gssapi plugin is requested, which is what actually uses
      /etc/libvirt/krb5.tab.
      
      While cyrus-sasl shouldn't complain, we can easily make it shut up by
      commenting out the keytab value by default.
      
      Also update the keytab comment to the more modern one from qemu's
      sasl config file.
      (cherry picked from commit fe772f24)
      a5f8a78f
    • L
      network: don't allow multiple default portgroups · 10f8762b
      Laine Stump 提交于
      This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=868483
      
      virNetworkUpdate, virNetworkDefine, and virNetworkCreate all three
      allow network definitions to contain multiple <portgroup> elements
      with default='yes'. Only a single default portgroup should be allowed
      for each network.
      
      This patch updates networkValidate() (called by both
      virNetworkCreate() and virNetworkDefine()) and
      virNetworkDefUpdatePortGroup (called by virNetworkUpdate() to not
      allow multiple default portgroups.
      (cherry picked from commit 6f8a8b30)
      10f8762b
    • L
      network: always create dnsmasq hosts and addnhosts files, even if empty · 874a3361
      Laine Stump 提交于
      This fixes the problem reported in:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=868389
      
      Previously, the dnsmasq hosts file (used for static dhcp entries, and
      addnhosts file (used for additional dns host entries) were only
      created/referenced on the dnsmasq commandline if there was something
      to put in them at the time the network was started. Once we can update
      a network definition while it's active (which is now possible with
      virNetworkUpdate), this is no longer a valid strategy - if there were
      0 dhcp static hosts (resulting in no reference to the hosts file on the
      commandline), then one was later added, the commandline wouldn't have
      linked dnsmasq up to the file, so even though we create it, dnsmasq
      doesn't pay any attention.
      
      The solution is to just always create these files and reference them
      on the dnsmasq commandline (almost always, anyway). That way dnsmasq
      can notice when a new entry is added at runtime (a SIGHUP is sent to
      dnsmasq by virNetworkUdpate whenever a host entry is added or removed)
      
      The exception to this is that the dhcp static hosts file isn't created
      if there are no lease ranges *and* no static hosts. This is because in
      this case dnsmasq won't be setup to listen for dhcp requests anyway -
      in that case, if the count of dhcp hosts goes from 0 to 1, dnsmasq
      will need to be restarted anyway (to get it listening on the dhcp
      port). Likewise, if the dhcp hosts count goes from 1 to 0 (and there
      are no dhcp ranges) we need to restart dnsmasq so that it will stop
      listening on port 67. These special situations are handled in the
      bridge driver's networkUpdate() by checking for ((bool)
      nranges||nhosts) both before and after the update, and triggering a
      dnsmasq restart if the before and after don't match.
      (cherry picked from commit 1cb1f9da)
      874a3361
    • L
      network: free/null newDef if network fails to start · f1de8d3b
      Laine Stump 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=866364
      
      pointed out a crash due to virNetworkObjAssignDef free'ing
      network->newDef without NULLing it afterward. A fix for this is in
      upstream commit b7e92024. While the
      NULLing of newDef was a legitimate fix, newDef should have already
      been empty (NULL) anyway (as indicated in the comment that was deleted
      by that commit).
      
      The reason that newDef had a non-NULL value (i.e. the root cause) was
      that networkStartNetwork() had failed after populating
      network->newDef, but then neglected to free/NULL newDef in the
      cleanup.
      
      (A bit of background here: network->newDef should contain the
      persistent config of a network when a network is active (and of course
      only when it is persisten), and NULL at all other times. There is also
      a network->def which should contain the persistent definition of the
      network when it is inactive, and the current live state at all other
      times. The idea is that you can make changes to network->newDef which
      will take effect the next time the network is restarted, but won't
      mess with the current state of the network (virDomainObj has a similar
      pair of virDomainDefs that behave in the same fashion). Personally I
      think there should be a network->live and network->config, and the
      location of the persistent config should *always* be in
      network->config, but that's for a later cleanup).
      
      Since I love things to be symmetric, I created a new function called
      virNetworkObjUnsetDefTransient(), which reverses the effects of
      virNetworkObjSetDefTransient(). I don't really like the name of the
      new function, but then I also didn't really like the name of the old
      one either (it's just named that way to match a similar function in
      the domain conf code).
      (cherry picked from commit 78fab277)
      f1de8d3b
    • C
      Autogenerate AUTHORS · 11b13b36
      Cole Robinson 提交于
      AUTHORS.in tracks the maintainers, as well as some folks who were
      previously in AUTHORS but don't have a git commit with proper
      attribution.
      
      Generated output is sorted alphabetically and lacks pretty spacing, so
      tweak AUTHORS.in to follow the same format.
      
      Additionally, drop the syntax-check rule that previously validated
      AUTHORS against git log.
      (cherry picked from commit 7b21981c)
      
      Conflicts:
      	.mailmap
      	AUTHORS
      11b13b36
    • E
      build: avoid infinite autogen loop · 64a9993c
      Eric Blake 提交于
      Several people have reported that if the .gnulib submodule is dirty,
      then 'make' will go into an infinite loop attempting to rerun bootstrap,
      because that never cleans up the dirty submodule.  By default, we
      should halt and make the user investigate, but if the user doesn't
      know why or care that the submodule is dirty, I also added the ability
      to 'make CLEAN_SUBMODULE=1' to get things going again.
      
      Also, while testing this, I noticed that when a submodule update was
      needed, 'make' would first run autoreconf, then bootstrap (which
      reruns autoreconf); adding a strategic dependency allows for less work.
      
      * .gnulib: Update to latest, for maint.mk improvements.
      * cfg.mk (_autogen): Also hook maint.mk, to run before autoreconf.
      * autogen.sh (bootstrap): Refuse to run if gnulib is dirty, unless
      user requests discarding gnulib changes.
      (cherry picked from commit c5f16220)
      64a9993c
    • G
      selinux: relabel tapfd in qemuPhysIfaceConnect · cefa64ca
      Guannan Ren 提交于
      Relabeling tapfd right after the tap device is created.
      qemuPhysIfaceConnect is common function called both for static
      netdevs and for hotplug netdevs.
      (cherry picked from commit 4492ef7f)
      cefa64ca
    • M
      network: Set to NULL after virNetworkDefFree() · ec08a738
      Michal Privoznik 提交于
      which frees all allocated memory but doesn't set the passed pointer to
      NULL.  Therefore, we must do it ourselves. This is causing actual
      libvirtd crash: Basically, when doing 'virsh net-edit' the newDef should
      be dropped.  And the memory is freed, indeed. However, the pointer is
      not set to NULL but kept instead. And the next duo of calls 'virsh
      net-start' and 'virsh net-destroy' starts the disaster. The latter one
      does the same as 'virsh destroy'; it sees that newDef is nonNULL so it
      replaces def with newDef (which has been freed already as said a few
      lines above). Therefore any subsequent call accessing def will hit the ground.
      (cherry picked from commit b7e92024)
      ec08a738
    • G
      selinux: remove unused variables in socket labelling · 4c2a38d1
      Guannan Ren 提交于
      (cherry picked from commit d37a3a1d)
      4c2a38d1
    • G
      selinux: fix wrong tapfd relablling · 2716c78c
      Guannan Ren 提交于
      It should relabel tapfd of virtual network of type VIR_DOMAIN_NET_TYPE_DIRECT
      rather than VIR_DOMAIN_NET_TYPE_NETWORK and VIR_DOMAIN_NET_TYPE_BRIDGE
      (commit ae368ebf introduced this bug)
      
      Caution: The context of the two hunks is identical other than indentation.
      Please be extremely cautious of where the patch gets applied.
      (cherry picked from commit 89b63f0a)
      2716c78c