1. 18 10月, 2013 2 次提交
    • Z
      remote: fix regression in event deregistration · 194cd4d0
      Zhou Yimin 提交于
      Introduced by 7b87a3
      When I quit the process which only register VIR_DOMAIN_EVENT_ID_REBOOT,
      I got error like:
      "libvirt: XML-RPC error : internal error: domain event 0 not registered".
      Then I add the following code, it fixed.
      Signed-off-by: NZhou Yimin <zhouyimin@huawei.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 9712c251)
      194cd4d0
    • M
      virsh: Fix debugging · be1b52e2
      Martin Kletzander 提交于
      Commit a0b6a36f "fixed" what abfff210 broke (URI precedence), but
      there was still one more thing missing to fix.  When using virsh
      parameters to setup debugging, those weren't honored, because at the
      time debugging was initializing, arguments weren't parsed yet.  To
      make ewerything work as expected, we need to initialize the debugging
      twice, once before debugging (so we can debug option parsing properly)
      and then again after these options are parsed.
      
      As a side effect, this patch also fixes a leak when virsh is ran with
      multiple '-l' parameters.
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      (cherry picked from commit ac43da70)
      be1b52e2
  2. 15 10月, 2013 6 次提交
  3. 07 10月, 2013 1 次提交
  4. 01 10月, 2013 1 次提交
  5. 19 9月, 2013 1 次提交
    • D
      Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) · 6d1acf71
      Daniel P. Berrange 提交于
      The 'stats' variable was not initialized to NULL, so if some
      early validation of the RPC call fails, it is possible to jump
      to the 'cleanup' label and VIR_FREE an uninitialized pointer.
      This is a security flaw, since the API can be called from a
      readonly connection which can trigger the validation checks.
      
      This was introduced in release v0.9.1 onwards by
      
        commit 158ba873
        Author: Daniel P. Berrange <berrange@redhat.com>
        Date:   Wed Apr 13 16:21:35 2011 +0100
      
          Merge all returns paths from dispatcher into single path
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit e7f400a1)
      
      Conflicts:
      	daemon/remote.c - context
      6d1acf71
  6. 18 9月, 2013 1 次提交
    • D
      Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) · a338c40b
      Daniel P. Berrange 提交于
      With the existing pkcheck (pid, start time) tuple for identifying
      the process, there is a race condition, where a process can make
      a libvirt RPC call and in another thread exec a setuid application,
      causing it to change to effective UID 0. This in turn causes polkit
      to do its permission check based on the wrong UID.
      
      To address this, libvirt must get the UID the caller had at time
      of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
      triple to the pkcheck program.
      Signed-off-by: NColin Walters <walters@redhat.com>
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 922b7fda)
      
      Conflicts:
      	src/access/viraccessdriverpolkit.c
      
      Resolution:
        Dropped file that does not exist in this branch.
      a338c40b
  7. 05 9月, 2013 1 次提交
  8. 20 8月, 2013 1 次提交
    • P
      virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array · c56f17e5
      Peter Krempa 提交于
      The virBitmapParse function was calling virBitmapIsSet() function that
      requires the caller to check the bounds of the bitmap without checking
      them. This resulted into crashes when parsing a bitmap string that was
      exceeding the bounds used as argument.
      
      This patch refactors the function to use virBitmapSetBit without
      checking if the bit is set (this function does the checks internally)
      and then counts the bits in the bitmap afterwards (instead of keeping
      track while parsing the string).
      
      This patch also changes the "parse_error" label to a more common
      "error".
      
      The refactor should also get rid of the need to call sa_assert on the
      returned variable as the callpath should allow coverity to infer the
      possible return values.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367
      
      Thanks to Alex Jia for tracking down the issue. This issue is introduced
      by commit 0fc89098.
      
      (cherry picked from commit 47b9127e)
      c56f17e5
  9. 12 7月, 2013 1 次提交
  10. 11 7月, 2013 2 次提交
  11. 09 7月, 2013 1 次提交
  12. 01 7月, 2013 3 次提交
    • D
      Fix vPort management: FC vHBA creation · e898a917
      Dennis Chen 提交于
      When creating a virtual FC HBA with virsh/libvirt API, an error message
      will be returned: "error: Node device not found",
      also the 'nodedev-dumpxml' shows wrong information of wwpn & wwnn
      for the new created device.
      
      Signed-off-by: xschen@tnsoft.com.cn
      
      This reverts f90af691 which switched wwpn & wwwn in the wrong place.
      
      https://www.kernel.org/doc/Documentation/scsi/scsi_fc_transport.txt
      (cherry picked from commit 3c0d5e22)
      e898a917
    • J
      bridge: don't crash on bandwidth unplug with no bandwidth · b3e3bd30
      Ján Tomko 提交于
      If networkUnplugBandwidth is called on a network which has
      no bandwidth defined, print a warning instead of crashing.
      
      This can happen when destroying a domain with bandwidth if
      bandwidth was removed from the network after the domain was
      started.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=975359
      (cherry picked from commit 658c932a)
      b3e3bd30
    • D
      Crash of libvirtd by unprivileged user in virConnectListAllInterfaces · 67a2f4c6
      Daniel P. Berrange 提交于
      On Thu, Jun 27, 2013 at 03:56:42PM +0100, Daniel P. Berrange wrote:
      > Hi Security Team,
      >
      > I've discovered a way for an unprivileged user with a readonly connection
      > to libvirtd, to crash the daemon.
      
      Ok, the final patch for this is issue will be the simpler variant that
      Eric suggested
      
      The embargo can be considered to be lifted on Monday July 1st, at
      0900 UTC
      
      The following is the GIT change that DV or myself will apply to libvirt
      GIT master immediately before the 1.1.0 release:
      
      >From 177b4165c531a4b3ba7f6ab6aa41dca9ceb0b8cf Mon Sep 17 00:00:00 2001
      From: "Daniel P. Berrange" <berrange@redhat.com>
      Date: Fri, 28 Jun 2013 10:48:37 +0100
      Subject: [PATCH] CVE-2013-2218: Fix crash listing network interfaces with
       filters
      
      The virConnectListAllInterfaces method has a double-free of the
      'struct netcf_if' object when any of the filtering flags cause
      an interface to be skipped over. For example when running the
      command 'virsh iface-list --inactive'
      
      This is a regression introduced in release 1.0.6 by
      
        commit 7ac2c4fe
        Author: Guannan Ren <gren@redhat.com>
        Date:   Tue May 21 21:29:38 2013 +0800
      
          interface: list all interfaces with flags == 0
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 244e0b8c)
      67a2f4c6
  13. 26 6月, 2013 3 次提交
    • J
      Fix invalid read in virCgroupGetValueStr · 38edb034
      Ján Tomko 提交于
      Don't check for '\n' at the end of file if zero bytes were read.
      
      Found by valgrind:
      ==404== Invalid read of size 1
      ==404==    at 0x529B09F: virCgroupGetValueStr (vircgroup.c:540)
      ==404==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)
      ==404==    by 0x1EB475: qemuSetupCgroupForEmulator (qemu_cgroup.c:1061)
      ==404==    by 0x1D9489: qemuProcessStart (qemu_process.c:3801)
      ==404==    by 0x18557E: qemuDomainObjStart (qemu_driver.c:5787)
      ==404==    by 0x190FA4: qemuDomainCreateWithFlags (qemu_driver.c:5839)
      
      Introduced by 0d0b4098.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=978356
      (cherry picked from commit 306c49ff)
      38edb034
    • J
      Plug leak in virCgroupMoveTask · 8b9b6c25
      Ján Tomko 提交于
      We only break out of the while loop if *content is an empty string.
      However the buffer has been allocated to BUFSIZ + 1 (8193 in my case),
      but it gets overwritten in the next for iteration.
      
      Move VIR_FREE right before we overwrite it to avoid the leak.
      
      ==5777== 16,386 bytes in 2 blocks are definitely lost in loss record 1,022 of 1,027
      ==5777==    by 0x5296E28: virReallocN (viralloc.c:184)
      ==5777==    by 0x52B0C66: virFileReadLimFD (virfile.c:1137)
      ==5777==    by 0x52B0E1A: virFileReadAll (virfile.c:1199)
      ==5777==    by 0x529B092: virCgroupGetValueStr (vircgroup.c:534)
      ==5777==    by 0x529AF64: virCgroupMoveTask (vircgroup.c:1079)
      
      Introduced by 83e4c775.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=978352
      (cherry picked from commit 5bc8ecb8)
      8b9b6c25
    • J
      virsh: edit: don't leak XML string on reedit or redefine · ad62d2c7
      Ján Tomko 提交于
      Free the old XML strings before overwriting them if the user
      has chosen to reedit the file or force the redefinition.
      
      Found by Alex Jia trying to reproduce another bug:
      https://bugzilla.redhat.com/show_bug.cgi?id=977430#c3
      (cherry picked from commit 1e3a2529)
      ad62d2c7
  14. 20 6月, 2013 2 次提交
    • J
      lxc: Resolve issue with GetScheduler APIs for non running domain · f90b0249
      John Ferlan 提交于
      As a consequence of the cgroup layout changes from commit 'cfed9ad4', the
      lxcDomainGetSchedulerParameters[Flags]()' and lxcGetSchedulerType() APIs
      failed to return data for a non running domain.  This can be seen through
      a 'virsh schedinfo <domain>' command which returns:
      
      Scheduler      : Unknown
      error: Requested operation is not valid: cgroup CPU controller is not mounted
      
      Prior to that change a non running domain would return:
      
      Scheduler      : posix
      cpu_shares     : 0
      vcpu_period    : 0
      vcpu_quota     : 0
      emulator_period: 0
      emulator_quota : 0
      
      This patch will restore the capability to return configuration only data
      for a non running domain regardless of whether cgroups are available.
      (cherry picked from commit 38ada092)
      f90b0249
    • J
      qemu: Resolve issue with GetScheduler APIs for non running domain · 245fc93c
      John Ferlan 提交于
      As a consequence of the cgroup layout changes from commit '632f78ca', the
      qemuDomainGetSchedulerParameters[Flags]()' and qemuGetSchedulerType() APIs
      failed to return data for a non running domain.  This can be seen through
      a 'virsh schedinfo <domain>' command which returns:
      
      Scheduler      : Unknown
      error: Requested operation is not valid: cgroup CPU controller is not mounted
      
      Prior to that change a non running domain would return:
      
      Scheduler      : posix
      cpu_shares     : 0
      vcpu_period    : 0
      vcpu_quota     : 0
      emulator_period: 0
      emulator_quota : 0
      
      This patch will restore the capability to return configuration only data
      for a non running domain regardless of whether cgroups are available.
      (cherry picked from commit b2375453)
      245fc93c
  15. 18 6月, 2013 4 次提交
  16. 04 6月, 2013 3 次提交
  17. 03 6月, 2013 3 次提交
  18. 01 6月, 2013 4 次提交
    • O
      conf: Generate address for scsi host device automatically · cdb97895
      Osier Yang 提交于
      With unknown good reasons, the attribute "bus" of scsi device
      address is always set to 0, same for attribute "target". (See
      virDomainDiskDefAssignAddress).
      
      Though we might need to change the algorithm to honor "bus"
      and "target" too, that's a different issue. The address generator
      for scsi host device in this patch just follows the unknown
      good reasons, only considering the "controller" and "unit".
      It walks through all scsi controllers and their units, to see
      if the address $controller:0:0:$unit can be used (if not used
      by any disk or scsi host device yet), if found one, it sits on
      it, otherwise, it creates a new controller (actually the controller
      is implicitly created by someone else), and sits on
      $new_controller:0:0:0 instead.
      cdb97895
    • L
      qemu: prevent termination of guests w/hostdev on driver reconnect · 2ea45647
      Laine Stump 提交于
      This should resolve:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=959191
      
      The problem was that qemuUpdateActivePciHostdevs was returning 0
      (success) when no hostdevs were present, but would otherwise return -1
      (failure) even when it completed successfully. It is only called from
      qemuProcessReconnect(), and when qemuProcessReconnect got back an
      error, it would not only stop reconnecting, but would terminate the
      guest qemu process "to remove danger of it ending up running twice if
      user tries to start it again later".
      
      (This bug was introduced in commit 011cf7ad, which was pushed between
      v1.0.2 and v1.0.3, so all maintenance branches from v1.0.3 up to 1.0.5
      will need this one line patch applied.)
      2ea45647
    • G
      vbox: define DYNLIB_NAME for kFreeBSD · aeef20e9
      Guido Günther 提交于
      Similar to what Eric did for Cygwin it helps at least to compile
      without --without-vbox
      aeef20e9
    • E
      build: skip qemu in tests when !WITH_QEMU · 3d2b9715
      Eric Blake 提交于
      A mingw build (where the qemu driver is not built, so WITH_QEMU
      is undefined) failed with:
      
      In file included from ../../src/qemu/qemu_command.h:30:0,
                       from ../../tests/testutilsqemu.h:4,
                       from ../../tests/networkxml2xmltest.c:14:
      ../../src/qemu/qemu_conf.h:53:4: error: #error "Port me"
      
      But since testutilsqemu.c is already conditional, the header
      should be likewise.
      
      * tests/testutilsqemu.h: Make content conditional.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      3d2b9715