- 19 2月, 2014 21 次提交
-
-
由 Daniel P. Berrange 提交于
Rewrite lxcDomainAttachDeviceHostdevMiscLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 1cadeafc) Conflicts: src/lxc/lxc_driver.c: OOM + cgroups error reporting
-
由 Daniel P. Berrange 提交于
Rewrite lxcDomainAttachDeviceHostdevStorageLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 1754c7f0) Conflicts: src/lxc/lxc_driver.c: OOM + cgroups error reporting
-
由 Daniel P. Berrange 提交于
Rewrite lxcDomainAttachDeviceHostdevSubsysUSBLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 7fba01c1) Conflicts: src/lxc/lxc_driver.c: OOM + cgroups error reporting
-
由 Daniel P. Berrange 提交于
Rewrite lxcDomainAttachDeviceDiskLive function to use the virProcessRunInMountNamespace helper. This avoids risk of a malicious guest replacing /dev with a absolute symlink, tricking the driver into changing the host OS filesystem. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 4dd3a7d5) Conflicts: src/lxc/lxc_driver.c: OOM + cgroups error reporting and remove usernamespace integration
-
由 Eric Blake 提交于
Use helper virProcessRunInMountNamespace in lxcDomainShutdownFlags and lxcDomainReboot. Otherwise, a malicious guest could use symlinks to force the host to manipulate the wrong file in the host's namespace. Idea by Dan Berrange, based on an initial report by Reco <recoverym4n@gmail.com> at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit aebbcdd3) Conflicts: src/lxc/lxc_driver.c: OOM error reporting changes src/util/virinitctl.c: OOM error reporting changes
-
由 Daniel P. Berrange 提交于
Implement virProcessRunInMountNamespace, which runs callback of type virProcessNamespaceCallback in a container namespace. This uses a child process to run the callback, since you can't change the mount namespace of a thread. This implies that callbacks have to be careful about what code they run due to async safety rules. Idea by Dan Berrange, based on an initial report by Reco <recoverym4n@gmail.com> at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394Signed-off-by: NDaniel Berrange <berrange@redhat.com> Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 7c72ef6f) Backport fixed for OOM error reporting
-
由 Daniel P. Berrange 提交于
Add a helper function which takes a file path and ensures that all directory components leading up to the file exist. IOW, it strips the filename part of the path and passes the result to virFileMakePath. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit c321bfc5) Conflicts: src/libvirt_private.syms, src/util/virfile.c, src/util/virfile.h: Moved code to virutil.{c,h}
-
由 Daniel P. Berrange 提交于
The check for whether the cgroup devices ACL is available is done quite late during LXC hotplug - in fact after the device node is already created in the container in some cases. Better to do it upfront so we fail immediately. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit c3eb12ca)
-
由 Daniel P. Berrange 提交于
The LXC disk hotplug code was allowing block or character devices to be given as disk. A disk is always a block device. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit d24e6b8b)
-
由 Daniel P. Berrange 提交于
When detaching a USB device from an LXC guest we must remove the device from the cgroup ACL. Unfortunately we were telling the cgroup code to use the guest /dev path, not the host /dev path, and the guest device node had already been unlinked. This was, however, fortunate since the code passed &priv->cgroup instead of priv->cgroup, so would have crash if the device node were accessible. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 2c2bec94)
-
由 Daniel P. Berrange 提交于
After hotplugging a USB device, the LXC driver forgot to add the device def to the virDomainDefPtr. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit a537827d) Backport fixed for OOM error reporting
-
由 Daniel P. Berrange 提交于
The LXC code missed the 'usb' component out of the path /dev/bus/usb/$BUSNUM/$DEVNUM, so it failed to actually setup cgroups for the device. This was in fact lucky because the call to virLXCSetupHostUsbDeviceCgroup was also mistakenly passing '&priv->cgroup' instead of just 'priv->cgroup'. So once the path is fixed, libvirtd would then crash trying to access the bogus virCgroupPtr pointer. This would have been a security issue, were it not for the bogus path preventing the pointer reference being reached. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit c3648972)
-
由 Daniel P. Berrange 提交于
virDomainDefCompatibleDevice blocks use of USB if no USB controller is present. This is not correct for containers since devices can be assigned directly regardless of any controllers. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 7a44af96)
-
由 Eric Blake 提交于
Our backing file chain code was not very robust to an ill-timed EINTR, which could lead to a short read causing us to randomly treat metadata differently than usual. But the existing virFileReadLimFD forces an error if we don't read the entire file, even though we only care about the header of the file. So add a new virFile function that does what we want. * src/util/virfile.h (virFileReadHeaderFD): New prototype. * src/util/virfile.c (virFileReadHeaderFD): New function. * src/libvirt_private.syms (virfile.h): Export it. * src/util/virstoragefile.c (virStorageFileGetMetadataInternal) (virStorageFileProbeFormatFromFD): Use it. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 5327fad4) Conflicts: src/util/virstoragefile.c: OOM error reporting & buffer signedness Conflicts: src/libvirt_private.syms, src/util/virfile.c, src/util/virfile.h: Moved code to virutil.{c,h}
-
由 Eric Blake 提交于
* src/lxc/lxc_controller.c (virLXCControllerSetupDisk): Fix typo. * src/lxc/lxc_driver.c (lxcDomainAttachDeviceDiskLive): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 8de47efd) Conflicts: src/lxc/lxc_controller.c: No userns support yet
-
由 Chen Hanxiao 提交于
Free dst before lxcDomainAttachDeviceDiskLive returns Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com> (cherry picked from commit c82513ac)
-
由 Hongwei Bi 提交于
The variable vroot should be freed in label cleanup. (cherry picked from commit 46c9bce4)
-
由 Yuri Chornoivan 提交于
Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 5b4c035b) Conflicts: docs/news.html.in: old releases
-
由 Gao feng 提交于
Create parent directroy for hostdev automatically when we start a lxc domain or attach a hostdev to a lxc domain. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> (cherry picked from commit 468ee0bc)
-
由 Daniel P. Berrange 提交于
Many methods accept a string parameter specifying the old root directory prefix. Since removal of the non-pivot root container setup codepaths, this parameter is obsolete in many methods where the callers always pass "/.oldroot". Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 31453a83)
-
由 Gao feng 提交于
This helper function is used to create parent directory for the hostdev which will be added to the container. If the parent directory of this hostdev doesn't exist, the mknod of the hostdev will fail. eg with /dev/net/tun Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com> (cherry picked from commit c0d8c7c8) Adapted to lack of VIR_STRDUP
-
- 06 2月, 2014 3 次提交
-
-
由 Daniel P. Berrange 提交于
The NWFilter code has as a deadlock race condition between the virNWFilter{Define,Undefine} APIs and starting of guest VMs due to mis-matched lock ordering. In the virNWFilter{Define,Undefine} codepaths the lock ordering is 1. nwfilter driver lock 2. virt driver lock 3. nwfilter update lock 4. domain object lock In the VM guest startup paths the lock ordering is 1. virt driver lock 2. domain object lock 3. nwfilter update lock As can be seen the domain object and nwfilter update locks are not acquired in a consistent order. The fix used is to push the nwfilter update lock upto the top level resulting in a lock ordering for virNWFilter{Define,Undefine} of 1. nwfilter driver lock 2. nwfilter update lock 3. virt driver lock 4. domain object lock and VM start using 1. nwfilter update lock 2. virt driver lock 3. domain object lock This has the effect of serializing VM startup once again, even if no nwfilters are applied to the guest. There is also the possibility of deadlock due to a call graph loop via virNWFilterInstantiate and virNWFilterInstantiateFilterLate. These two problems mean the lock must be turned into a read/write lock instead of a plain mutex at the same time. The lock is used to serialize changes to the "driver->nwfilters" hash, so the write lock only needs to be held by the define/undefine methods. All other methods can rely on a read lock which allows good concurrency. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 6e5c79a1) Conflicts: src/conf/nwfilter_conf.c - virReportOOMError() in context of one hunk. src/lxc/lxc_driver.c - functions renamed, and lxc object locking changed, creating a conflict in the context.
-
由 Daniel P. Berrange 提交于
Add virRWLock backed up by a POSIX rwlock primitive Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit c065984b)
-
由 Daniel P. Berrange 提交于
For inexplicable reasons, the nwfilter XML parser is intentionally ignoring errors that arise during parsing. As well as meaning that users don't get any feedback on their XML mistakes, this will lead it to silently drop data in OOM conditions. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 4f209434) Conflicts: tests/nwfilterxml2xmltest.c - args to virNWFilterDefParseString are different, causing small conflict in context.
-
- 17 1月, 2014 2 次提交
-
-
由 Cole Robinson 提交于
-
由 Daniel P. Berrange 提交于
Currently the virDBusAddWatch does virEventAddHandle(fd, flags, virDBusWatchCallback, watch, NULL); dbus_watch_set_data(watch, info, virDBusWatchFree); Unfortunately this is racy - since the event loop is in a different thread, the virDBusWatchCallback method may be run before we get to calling dbus_watch_set_data. We must reverse the order of these calls See https://bugzilla.redhat.com/show_bug.cgi?id=885445Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 7d3a1c8b)
-
- 16 1月, 2014 8 次提交
-
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When writing commit 173c2914, I missed the fact virNetServerClientClose unlocks the client object before actually clearing client->sock and thus it is possible to hit a window when client->keepalive is NULL while client->sock is not NULL. I was thinking client->sock == NULL was a better check for a closed connection but apparently we have to go with client->keepalive == NULL to actually fix the crash. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit 066c8ef6)
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, the daemon's event loop delegates it to a worker thread. In case the event loop detects EOF on the connection and calls virNetServerClientClose before the worker thread starts to handle REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be disposed by the time virNetServerClientStartKeepAlive gets called from remoteDispatchConnectSupportsFeature. Because the flow is common for both authenticated and read-only connections, even unprivileged clients may cause the daemon to crash. To avoid the crash, virNetServerClientStartKeepAlive needs to check if the connection is still open before starting keep-alive protocol. Every libvirt release since 0.9.8 is affected by this bug. (cherry picked from commit 173c2914)
-
由 Jiri Denemark 提交于
CVE-2013-6458 Every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit 3b564259)
-
由 Jiri Denemark 提交于
Every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit ff5f30b6) Conflicts: src/qemu/qemu_driver.c - context
-
由 Jiri Denemark 提交于
CVE-2013-6458 Every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit f93d2caa)
-
由 Jiri Denemark 提交于
CVE-2013-6458 Generally, every API that is going to begin a job should do that before fetching data from vm->def. However, qemuDomainGetBlockInfo does not know whether it will have to start a job or not before checking vm->def. To avoid using disk alias that might have been freed while we were waiting for a job, we use its copy. In case the disk was removed in the meantime, we will fail with "cannot find statistics for device '...'" error message. (cherry picked from commit b7992595) Conflicts: src/qemu/qemu_driver.c - VIR_STRDUP not backported
-
由 Jiri Denemark 提交于
CVE-2013-6458 https://bugzilla.redhat.com/show_bug.cgi?id=1043069 When virDomainDetachDeviceFlags is called concurrently to virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats finds a disk in vm->def before getting a job on a domain and uses the disk pointer after getting the job. However, the domain in unlocked while waiting on a job condition and thus data behind the disk pointer may disappear. This happens when thread 1 runs virDomainDetachDeviceFlags and enters monitor to actually remove the disk. Then another thread starts running virDomainBlockStats, finds the disk in vm->def, and while it's waiting on the job condition (owned by the first thread), the first thread finishes the disk removal. When the second thread gets the job, the memory pointed to be the disk pointer is already gone. That said, every API that is going to begin a job should do that before fetching data from vm->def. (cherry picked from commit db86da5c) Conflicts: src/qemu/qemu_driver.c - context: no ACLs
-
由 Eric Blake 提交于
While working on v1.0.5-maint (the branch in use on Fedora 19) with the host at Fedora 20, I got a failure in virstoragetest. I traced it to the fact that we were using qemu-img to create a qcow2 file, but qemu-img changed from creating v2 files by default in F19 to creating v3 files in F20. Rather than leaving it up to qemu-img, it is better to write the test to force testing of BOTH file formats (better code coverage and all). This patch alone does not fix all the failures in v1.0.5-maint; for that, we must decide to either teach the older branch to understand v3 files, or to reject them outright as unsupported. But for upstream, making the test less dependent on changing qemu-img defaults is always a good thing. * tests/virstoragetest.c (testPrepImages): Simplify creation of raw file; check if qemu supports compat and if so use it. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 974e5914) Conflicts: tests/virstoragetest.c - hardcode test to v2, since this branch doesn't handle v3 correctly
-
- 09 1月, 2014 5 次提交
-
-
由 Zeng Junliang 提交于
If there's a migration cancelled, the bitmap of migration port should be cleaned up too. Signed-off-by: NZeng Junliang <zengjunliang@huawei.com> Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit c92ca769)
-
由 Michal Privoznik 提交于
Commit e3ef20d7 allows user to configure migration ports range via qemu.conf. However, it forgot to update augeas definition file and even the test data was malicious. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit d9be5a71) Conflicts: missing support for changing migration listen_address src/qemu/libvirtd_qemu.aug src/qemu/test_libvirtd_qemu.aug.in
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1019053 (cherry picked from commit e3ef20d7) Conflicts: missing support for changing the migration listen address src/qemu/qemu.conf src/qemu/qemu_conf.c src/qemu/qemu_conf.h src/qemu/test_libvirtd_qemu.aug.in
-
由 Wang Yufei 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1019053 When we migrate vms concurrently, there's a chance that libvirtd on destination assigns the same port for different migrations, which will lead to migration failure during prepare phase on destination. So we use virPortAllocator here to solve the problem. Signed-off-by: NWang Yufei <james.wangyufei@huawei.com> Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit 0196845d) Conflicts: missing support for WebSockets and listen address virAsprintf doesn't report OOM src/qemu/qemu_command.h src/qemu/qemu_conf.h src/qemu/qemu_driver.c src/qemu/qemu_migration.c
-
由 Jiri Denemark 提交于
Whenever virPortAllocatorRelease is called with port == 0, it complains that the port is not in an allowed range, which is expectable as the port was never allocated. Let's make virPortAllocatorRelease ignore 0 ports in a similar way free() ignores NULL pointers. (cherry picked from commit 86dba8f3) Conflicts: missing VNC websocket support src/qemu/qemu_process.c
-
- 20 12月, 2013 1 次提交
-
-
由 Martin Kletzander 提交于
The function doesn't check whether the request is made for active or inactive domain. Thus when the domain is not running it still tries accessing non-existing cgroups (priv->cgroup, which is NULL). I re-made the function in order for it to work the same way it's qemu counterpart does. Reproducer: 1) Define an LXC domain 2) Do 'virsh memtune <domain> --hard-limit 133T' Backtrace: Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)): #0 0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764 #1 0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824") at util/vircgroup.c:669 #2 0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3, key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740 #3 0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904 #4 0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576) at util/vircgroup.c:1944 #5 0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420, params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774 #6 0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420, params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051 #7 0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510) at remote_dispatch.h:7621 #8 0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510, ret=0x7fffe40b84f0) at remote_dispatch.h:7591 #9 0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0) at rpc/virnetserverprogram.c:435 #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0, server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0) at rpc/virnetserverprogram.c:305 #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10, prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165 #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00) at rpc/virnetserver.c:186 #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144 #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161 #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308 #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 9faf3f29) Conflicts: src/lxc/lxc_driver.c
-