1. 14 11月, 2014 1 次提交
    • L
      util: eliminate "use after free" in callers of virNetDevLinkDump · 0869cab5
      Laine Stump 提交于
      virNetDevLinkDump() gets a message from netlink into "resp", then
      calls nlmsg_parse() to fill the table "tb" with pointers into resp. It
      then returns tb to its caller, but not before freeing the buffer at
      resp. That means that all the callers of virNetDevLinkDump() are
      examining memory that has already been freed. This can be verified by
      filling the buffer at resp with garbage prior to freeing it (or, I
      suppose, just running libvirtd under valgrind) then performing some
      operation that calls virNetDevLinkDump().
      
      The upstream commit log incorrectly states that the code has been like
      this ever since virNetDevLinkDump() was written. In reality, the
      problem was introduced with commit e95de74d, first in libvirt-1.0.5,
      which was attempting to eliminate a typecast that caused compiler
      warnings. It has only been pure luck (or maybe a lack of heavy load,
      and/or maybe an allocation algorithm in malloc() that delays re-use of
      just-freed memory) that has kept this from causing errors, for example
      when configuring a PCI passthrough or macvtap passthrough network
      interface.
      
      The solution taken in this patch is the simplest - just return resp to
      the caller along with tb, then have the caller free it after they are
      finished using the data (pointers) in tb. I alternately could have
      made a cleaner interface by creating a new struct that put tb and resp
      together along with a vir*Free() function for it, but this function is
      only used in a couple places, and I'm not sure there will be
      additional new uses of virNetDevLinkDump(), so the value of adding a
      new type, extra APIs, etc. is dubious.
      
      (cherry picked from commit f9f9699f)
      
      Conflicts:
      	src/util/virnetdevvportprofile.c - whitespace/copyright change
      0869cab5
  2. 08 4月, 2013 1 次提交
    • D
      Avoid casts between unsigned char * and struct nlmsghdr · e95de74d
      Daniel P. Berrange 提交于
      The virNetlinkCommand() method takes an 'unsigned char **'
      parameter to be filled with the received netlink message.
      The callers then immediately cast this to 'struct nlmsghdr',
      triggering (bogus) warnings about increasing alignment
      requirements
      
      util/virnetdev.c: In function 'virNetDevLinkDump':
      util/virnetdev.c:1300:12: warning: cast increases required alignment of target type [-Wcast-align]
           resp = (struct nlmsghdr *)*recvbuf;
                  ^
      util/virnetdev.c: In function 'virNetDevSetVfConfig':
      util/virnetdev.c:1429:12: warning: cast increases required alignment of target type [-Wcast-align]
           resp = (struct nlmsghdr *)recvbuf;
      
      Since all callers cast to 'struct nlmsghdr' we can avoid
      the warning problem entirely by simply changing the
      signature of virNetlinkCommand to return a 'struct nlmsghdr **'
      instead of 'unsigned char **'. The way we do the cast inside
      virNetlinkCommand does not have any alignment issues.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e95de74d
  3. 21 12月, 2012 3 次提交
  4. 04 10月, 2012 1 次提交
  5. 21 9月, 2012 1 次提交
  6. 31 8月, 2012 1 次提交
    • N
      Fix issue of PF brought down if VF is 8021.Qbh and pci passthrough · 3044433f
      Nishank Trivedi 提交于
      If a 8021.Qbh network device supports SRIOV and its VF is being used
      in pci passthrough mode, when the guest is shutdown or destroyed, the
      PF inteface is also brought down. qemuDomainHostdevNetConfigRestore()
      finds out the PF for provided hostdev (which is VF) and passes it to
      virNetDevPortProfileDisassociate() as linkdev. Later, linkdev gets passed
      to virNetDevSetOnline() where the interface is brought down by clearing
      IFF_UP flag.
      
      Bringing down a PF, when only VF is being brought down is not expected
      behavior. This patch adds a check so that virNetDevSetOnline() is called
      only for PF and not if device is a VF.
      Signed-off-by: NNishank Trivedi <nistrive@cisco.com>
      3044433f
  7. 22 8月, 2012 1 次提交
  8. 15 8月, 2012 4 次提交
    • L
      util: include memory.h even if WITH_VIRTUALPORT isn't defined · 5faff3d3
      Laine Stump 提交于
      This caused compilation of virnetdevvportprofile.c to fail on systems
      without IFLA support in netlink (these are netlink commands used to
      configure the VF's of SR-IOV network devices).
      5faff3d3
    • L
      util: utility functions for virNetDevVPortProfile · 1c02ed14
      Laine Stump 提交于
      This patch adds three utility functions that operate on
      virNetDevVPortProfile objects.
      
      * virNetDevVPortProfileCheckComplete() - verifies that all attributes
          required for the type of the given virtport are specified.
      
      * virNetDevVPortProfileCheckNoExtras() - verifies that there are no
          attributes specified which are inappropriate for the type of the
          given virtport.
      
      * virNetDevVPortProfileMerge3() - merges 3 virtports into a single,
          newly allocated virtport. If any attributes are specified in
          more than one of the three sources, and do not exactly match,
          an error is logged and the function fails.
      
      These new functions depend on new fields in the virNetDevVPortProfile
      object that keep track of whether or not each attribute was
      specified. Since the higher level parse function doesn't yet set those
      fields, these functions are not actually usable yet (but that's okay,
      because they also aren't yet used - all of that functionality comes in
      a later patch.)
      
      Note that these three functions return 0 on success and -1 on
      failure. This may seem odd for the first two Check functions, since
      they could also easily return true/false, but since they actually log
      an error when the requested condition isn't met (and should result in
      a failure of the calling function), I thought 0/-1 was more
      appropriate.
      1c02ed14
    • L
      util: add openvswitch case to virNetDevVPortProfileEqual · 8450d7b2
      Laine Stump 提交于
      This function was overlooked when openvswitch support was
      added. Fortunately it's only use for update-device, which is
      relatively new and seldom-used.
      8450d7b2
    • L
      util: eliminate union in virNetDevVPortProfile · 21ea73e8
      Laine Stump 提交于
      virNetDevVPortProfile has (had) a type field that can be set to one of
      several values, and a union of several structs, one for each
      type. When a domain's interface object is of type "network", the
      domain config may not know beforehand which type of virtualport is
      going to be provided in the actual device handed down from the network
      driver at runtime, but may want to set some values in the virtualport
      that may or may not be used, depending on the type. To support this
      usage, this patch replaces the union of structs with toplevel fields
      in the struct, making it possible for all of the fields to be set at
      the same time.
      21ea73e8
  9. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  10. 18 7月, 2012 1 次提交
  11. 17 7月, 2012 1 次提交
    • S
      Convert 'raw MAC address' usages to use virMacAddr · 387117ad
      Stefan Berger 提交于
      Introduce new members in the virMacAddr 'class'
      - virMacAddrSet: set virMacAddr from a virMacAddr
      - virMacAddrSetRaw: setting virMacAddr from raw 6 byte MAC address buffer
      - virMacAddrGetRaw: writing virMacAddr into raw 6 byte MAC address buffer
      - virMacAddrCmp: comparing two virMacAddr
      - virMacAddrCmpRaw: comparing a virMacAddr with a raw 6 byte MAC address buffer
      
      then replace raw MAC addresses by replacing
      
      - 'unsigned char *' with virMacAddrPtr
      - 'unsigned char ... [VIR_MAC_BUFLEN]' with virMacAddr
      
      and introduce usage of above functions where necessary.
      387117ad
  12. 08 5月, 2012 2 次提交
    • L
      util: set src_pid for virNetlinkCommand when appropriate · cc073771
      Laine Stump 提交于
      Until now, the nl_pid of the source address of every message sent by
      virNetlinkCommand has been set to the value of getpid(). Most of the
      time this doesn't matter, and in the one case where it does
      (communication with lldpad), it previously was the proper thing to do,
      because the netlink event service (which listens on a netlink socket
      for unsolicited messages from lldpad) coincidentally always happened
      to bind with a local nl_pid == getpid().
      
      With the fix for:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=816465
      
      that particular nl_pid is now effectively a reserved value, so the
      netlink event service will always bind to something else
      (coincidentally "getpid() + (1 << 22)", but it really could be
      anything). The result is that communication between lldpad and
      libvirtd is broken (lldpad gets a "disconnected" error when it tries
      to send a directed message).
      
      The solution to this problem caused by a solution, is to query the
      netlink event service's nlhandle for its "local_port", and send that
      as the source nl_pid (but only when sending to lldpad, of course - in
      other cases we maintain the old behavior of sending getpid()).
      
      There are two cases where a message is being directed at lldpad - one
      in virNetDevLinkDump, and one in virNetDevVPortProfileOpSetLink.
      
      The case of virNetDevVPortProfileOpSetLink is simplest to explain -
      only if !nltarget_kernel, i.e. the message isn't targetted for the
      kernel, is the dst_pid set (by calling
      virNetDevVPortProfileGetLldpadPid()), so only in that case do we call
      virNetlinkEventServiceLocalPid() to set src_pid.
      
      For virNetDevLinkDump, it's a bit more complicated. The call to
      virNetDevVPortProfileGetLldpadPid() was effectively up one level (in
      virNetDevVPortProfileOpCommon), although obscured by an unnecessary
      passing of a function pointer. This patch removes the function
      pointer, and calls virNetDevVPortProfileGetLldpadPid() directly in
      virNetDevVPortProfileOpCommon - if it's doing this, it knows that it
      should also call virNetlinkEventServiceLocalPid() to set src_pid too;
      then it just passes src_pid and dst_pid down to
      virNetDevLinkDump. Since (src_pid == 0 && dst_pid == 0) implies that
      the kernel is the destination, there is no longer any need to send
      nltarget_kernel as an arg to virNetDevLinkDump, so it's been removed.
      
      The disparity between src_pid being int and dst_pid being uint32_t may
      be a bit disconcerting to some, but I didn't want to complicate
      virNetlinkEventServiceLocalPid() by having status returned separately
      from the value.
      cc073771
    • L
      util: allow specifying both src and dst pid in virNetlinkCommand · cca7bb1f
      Laine Stump 提交于
      Until now, virNetlinkCommand has assumed that the nl_pid in the source
      address of outgoing netlink messages should always be the return value
      of getpid(). In most cases it actually doesn't matter, but in the case
      of communication with lldpad, lldpad saves this info and later uses it
      to send netlink messages back to libvirt. A recent patch to fix Bug
      816465 changed the order of the universe such that the netlink event
      service socket is no longer bound with nl_pid == getpid(), so lldpad
      could no longer send unsolicited messages to libvirtd. Adding src_pid
      as an argument to virNetlinkCommand() is the first step in notifying
      lldpad of the proper address of the netlink event service socket.
      cca7bb1f
  13. 09 3月, 2012 1 次提交
    • L
      util: standardize return from functions calling virNetlinkCommand · 0208face
      Laine Stump 提交于
      There are several functions that call virNetlinkCommand, and they all
      follow a common pattern, with three exit labels: err_exit (or
      cleanup), malformed_resp, and buffer_too_small. All three of these
      labels do their own cleanup and have their own return. However, the
      malformed_resp label usually frees the same items as the
      cleanup/err_exit label, and the buffer_too_small label just doesn't
      free recvbuf (because it's known to always be NULL at the time we goto
      buffer_too_small.
      
      In order to simplify and standardize the code, I've made the following
      changes to all of these functions:
      
      1) err_exit is replaced with the more libvirt-ish "cleanup", which
         makes sense because in all cases this code is also executed in the
         case of success, so labelling it err_exit may be confusing.
      
      2) rc is initialized to -1, and set to 0 just before the cleanup
         label. Any code that currently sets rc = -1 is made to instead goto
         cleanup.
      
      3) malformed_resp and buffer_too_small just log their error and goto
         cleanup. This gives us a single return path, and a single place to
         free up resources.
      
      4) In one instance, rather then logging an error immediately, a char*
         msg was pointed to an error string, then goto cleanup (and cleanup
         would log an error if msg != NULL). It takes no more lines of code
         to just log the message as we encounter it.
      
      This patch should have 0 functional effects.
      0208face
  14. 06 3月, 2012 2 次提交
    • R
      util: Changes to support portprofiles for hostdevs · 15bbfd83
      Roopa Prabhu 提交于
      This patch includes the following changes to virnetdevmacvlan.c and
      virnetdevvportprofile.c:
      
       - removes some netlink functions which are now available in
         virnetdev.c
      
       - Adds a vf argument to all port profile functions.
      
      For 802.1Qbh devices, the port profile calls can use a vf argument if
      passed by the caller. If the vf argument is -1 it will try to derive the vf
      if the device passed is a virtual function.
      
      For 802.1Qbg devices, This patch introduces a null check for the device
      argument because during port profile assignment on a hostdev, this argument
      can be null.
      Signed-off-by: NRoopa Prabhu <roprabhu@cisco.com>
      15bbfd83
    • J
      Fix build after commit e3ba4025 · 118cfc25
      Jim Fehlig 提交于
      Commit e3ba4025 introduced a few build errors with HAVE_LIBNL undefined.
      118cfc25
  15. 29 2月, 2012 1 次提交
  16. 16 2月, 2012 1 次提交
    • A
      network: support Open vSwitch · df810046
      Ansis Atteka 提交于
      This patch allows libvirt to add interfaces to already
      existing Open vSwitch bridges. The following syntax in
      domain XML file can be used:
      
          <interface type='bridge'>
            <mac address='52:54:00:d0:3f:f2'/>
            <source bridge='ovsbr'/>
            <virtualport type='openvswitch'>
              <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'/>
            </virtualport>
            <address type='pci' domain='0x0000' bus='0x00'
                                slot='0x03' function='0x0'/>
          </interface>
      
      or if libvirt should auto-generate the interfaceid use
      following syntax:
      
          <interface type='bridge'>
            <mac address='52:54:00:d0:3f:f2'/>
            <source bridge='ovsbr'/>
            <virtualport type='openvswitch'>
            </virtualport>
            <address type='pci' domain='0x0000' bus='0x00'
                                slot='0x03' function='0x0'/>
          </interface>
      
      It is also possible to pass an optional profileid. To do that
      use following syntax:
      
         <interface type='bridge'>
           <source bridge='ovsbr'/>
           <mac address='00:55:1a:65:a2:8d'/>
           <virtualport type='openvswitch'>
             <parameters interfaceid='921a80cd-e6de-5a2e-db9c-ab27f15a6e1d'
                         profileid='test-profile'/>
           </virtualport>
         </interface>
      
      To create Open vSwitch bridge install Open vSwitch and
      run the following command:
      
          ovs-vsctl add-br ovsbr
      df810046
  17. 04 2月, 2012 1 次提交
  18. 23 11月, 2011 1 次提交
  19. 19 11月, 2011 4 次提交
    • D
      Move ifaceMacvtapLinkDump and ifaceGetNthParent functions · 91904106
      Daniel P. Berrange 提交于
      Move the ifaceMacvtapLinkDump and ifaceGetNthParent functions
      into virnetdevvportprofile.c since they are specific to that
      code. This avoids polluting the headers with the Linux specific
      netlink data types
      
      * src/util/interface.c, src/util/interface.h: Move
        ifaceMacvtapLinkDump and ifaceGetNthParent functions and delete
        remaining file
      * src/util/virnetdevvportprofile.c: Add ifaceMacvtapLinkDump
        and ifaceGetNthParent functions
      * src/network/bridge_driver.c, src/nwfilter/nwfilter_gentech_driver.c,
        src/nwfilter/nwfilter_learnipaddr.c, src/util/virnetdevmacvlan.c:
        Remove include of interface.h
      91904106
    • D
      Rename APIs for dealing with virtual/physical functions · 8f688c85
      Daniel P. Berrange 提交于
      Rename ifaceIsVirtualFunction to virNetDevIsVirtualFunction,
      ifaceGetVirtualFunctionIndex to virNetDevGetVirtualFunctionIndex
      and ifaceGetPhysicalFunction to virNetDevGetPhysicalFunction
      
      * src/util/interface.c, src/util/interface.h: Rename APIs
      * src/util/virnetdevvportprofile.c: Update for API rename
      8f688c85
    • D
      Rename ifaceGetIndex and ifaceGetVLAN · ebbb6bd1
      Daniel P. Berrange 提交于
      Rename the ifaceGetIndex method to virNetDevGetIndex and
      ifaceGetVlanID to virNetDevGetVLanID. Also change the error
      reporting behaviour to always raise errors and return -1 on
      failure
      
      * util/interface.c, util/interface.h: Rename ifaceGetIndex
        and ifaceGetVLAN
      * nwfilter/nwfilter_gentech_driver.c, nwfilter/nwfilter_learnipaddr.c,
        nwfilter/nwfilter_learnipaddr.c, util/virnetdevvportprofile.c: Update
        for API renames and error handling changes
      ebbb6bd1
    • D
      Rename and split the macvtap.c file · 896104c9
      Daniel P. Berrange 提交于
      Rename the macvtap.c file to virnetdevmacvlan.c to reflect its
      functionality. Move the port profile association code out into
      virnetdevvportprofile.c. Make the APIs available unconditionally
      to callers
      
      * src/util/macvtap.h: rename to src/util/virnetdevmacvlan.h,
      * src/util/macvtap.c: rename to src/util/virnetdevmacvlan.c
      * src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h:
        Pull in vport association code
      * src/Makefile.am, src/conf/domain_conf.h, src/qemu/qemu_conf.c,
        src/qemu/qemu_conf.h, src/qemu/qemu_driver.c: Update include
        paths & remove conditional compilation
      896104c9
  20. 15 11月, 2011 1 次提交
    • D
      Split src/util/network.{c,h} into 5 pieces · d3406045
      Daniel P. Berrange 提交于
      The src/util/network.c file is a dumping ground for many different
      APIs. Split it up into 5 pieces, along functional lines
      
       - src/util/virnetdevbandwidth.c: virNetDevBandwidth type & helper APIs
       - src/util/virnetdevvportprofile.c: virNetDevVPortProfile type & helper APIs
       - src/util/virsocketaddr.c: virSocketAddr and APIs
       - src/conf/netdev_bandwidth_conf.c: XML parsing / formatting
         for virNetDevBandwidth
       - src/conf/netdev_vport_profile_conf.c: XML parsing / formatting
         for virNetDevVPortProfile
      
      * src/util/network.c, src/util/network.h: Split into 5 pieces
      * src/conf/netdev_bandwidth_conf.c, src/conf/netdev_bandwidth_conf.h,
        src/conf/netdev_vport_profile_conf.c, src/conf/netdev_vport_profile_conf.h,
        src/util/virnetdevbandwidth.c, src/util/virnetdevbandwidth.h,
        src/util/virnetdevvportprofile.c, src/util/virnetdevvportprofile.h,
        src/util/virsocketaddr.c, src/util/virsocketaddr.h: New pieces
      * daemon/libvirtd.h, daemon/remote.c, src/conf/domain_conf.c,
        src/conf/domain_conf.h, src/conf/network_conf.c,
        src/conf/network_conf.h, src/conf/nwfilter_conf.h,
        src/esx/esx_util.h, src/network/bridge_driver.c,
        src/qemu/qemu_conf.c, src/rpc/virnetsocket.c,
        src/rpc/virnetsocket.h, src/util/dnsmasq.h, src/util/interface.h,
        src/util/iptables.h, src/util/macvtap.c, src/util/macvtap.h,
        src/util/virnetdev.h, src/util/virnetdevtap.c,
        tools/virsh.c: Update include files
      d3406045