1. 21 12月, 2017 1 次提交
  2. 18 12月, 2017 1 次提交
  3. 07 11月, 2017 1 次提交
    • N
      rpc,lockd: Add missing netserver refcount increment on reload · 47eb77fb
      Nikolay Shirokovskiy 提交于
      After the virNetDaemonAddServerPostExec call in virtlogd we should have
      netserver refcount set to 2. One goes to netdaemon servers hashtable
      and one goes to virt{logd,lock} own reference to netserver. Let's add
      the missing increment in virNetDaemonAddServerPostExec itself while
      holding the daemon lock.
      
      Since lockd defers management of the @srv object by the presence
      in the hash table, virLockDaemonNewPostExecRestart must Unref the
      alloc'd Ref on the @srv object done as part of virNetDaemonAddServerPostExec
      and virNetServerNewPostExecRestart processing. The virNetDaemonGetServer
      in lock_daemon main will also take a reference which is Unref'd during
      main cleanup.
      47eb77fb
  4. 03 11月, 2017 1 次提交
    • A
      Remove backslash alignment attempts · 3e7db8d3
      Andrea Bolognani 提交于
      Right-aligning backslashes when defining macros or using complex
      commands in Makefiles looks cute, but as soon as any changes is
      required to the code you end up with either distractingly broken
      alignment or unnecessarily big diffs where most of the changes
      are just pushing all backslashes a few characters to one side.
      
      Generated using
      
        $ git grep -El '[[:blank:]][[:blank:]]\\$' | \
          grep -E '*\.([chx]|am|mk)$$' | \
          while read f; do \
            sed -Ei 's/[[:blank:]]*[[:blank:]]\\$/ \\/g' "$f"; \
          done
      Signed-off-by: NAndrea Bolognani <abologna@redhat.com>
      3e7db8d3
  5. 28 9月, 2017 1 次提交
    • P
      rpc: for messages with FDs always decode count of FDs from the message · 5c52aed1
      Pavel Hrdina 提交于
      The packet with passed FD has the following format:
      
          --------------------------
          | len | header | payload |
          --------------------------
      
      where "payload" has an additional count of FDs before the actual data:
      
          ------------------
          | nfds | payload |
          ------------------
      
      When the packet is received we parse the "header", which as a side
      effect updates msg->bufferOffset to point to the beginning of "payload".
      If the message call contains FDs, we need to also parse the count of
      FDs, which also updates the msg->bufferOffset.
      
      The issue here is that when we attempt to read the FDs data from the
      socket and we receive EAGAIN we finish the reading and call poll()
      to wait for the data the we need.  When the data arrives we already have
      the packet in our buffer so we read the "header" again but this time
      we don't read the count of FDs because we already have it stored.
      
      That means that the msg->bufferOffset is not updated to point to the
      actual beginning of the payload data, but it points to the count of
      FDs.  After all FDs are processed we dispatch the message to process
      it and decode the payload.  Since the msg->bufferOffset points to wrong
      data, we decode the wrong payload and the API call fails with
      error messages:
      
          Domain not found: no domain with matching uuid '67656e65-7269-6300-0c87-5003ca6941f2' ()
      
      Broken by commit 133c511b which fixed a FD and memory leak.
      Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
      5c52aed1
  6. 25 9月, 2017 1 次提交
  7. 19 9月, 2017 1 次提交
  8. 12 9月, 2017 1 次提交
  9. 01 9月, 2017 1 次提交
  10. 30 8月, 2017 1 次提交
    • D
      rpc: avoid ssh interpreting malicious hostname as arguments · e4cb8500
      Daniel P. Berrange 提交于
      Inspired by the recent GIT / Mercurial security flaws
      (http://blog.recurity-labs.com/2017-08-10/scm-vulns),
      consider someone/something manages to feed libvirt a bogus
      URI such as:
      
        virsh -c qemu+ssh://-oProxyCommand=gnome-calculator/system
      
      In this case, the hosname "-oProxyCommand=gnome-calculator"
      will get interpreted as an argument to ssh, not a hostname.
      Fortunately, due to the set of args we have following the
      hostname, SSH will then interpret our bit of shell script
      that runs 'nc' on the remote host as a cipher name, which is
      clearly invalid. This makes ssh exit during argv parsing and
      so it never tries to run gnome-calculator.
      
      We are lucky this time, but lets be more paranoid, by using
      '--' to explicitly tell SSH when it has finished seeing
      command line options. This forces it to interpret
      "-oProxyCommand=gnome-calculator" as a hostname, and thus
      see a fail from hostname lookup.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e4cb8500
  11. 01 8月, 2017 1 次提交
    • M
      virNetDaemonCallInhibit: Call virNetDaemonGotInhibitReply properly · ace45e67
      Michal Privoznik 提交于
      So there are couple of issues here. Firstly, we never unref the
      @pendingReply and thus it leaks.
      
      ==13279== 144 (72 direct, 72 indirect) bytes in 1 blocks are definitely lost in loss record 1,095 of 1,259
      ==13279==    at 0x4C2E080: calloc (vg_replace_malloc.c:711)
      ==13279==    by 0x781FA97: _dbus_pending_call_new_unlocked (in /usr/lib64/libdbus-1.so.3.14.11)
      ==13279==    by 0x7812A4C: dbus_connection_send_with_reply (in /usr/lib64/libdbus-1.so.3.14.11)
      ==13279==    by 0x56BEDF3: virNetDaemonCallInhibit (virnetdaemon.c:514)
      ==13279==    by 0x56BEF18: virNetDaemonAddShutdownInhibition (virnetdaemon.c:536)
      ==13279==    by 0x12473B: daemonInhibitCallback (libvirtd.c:742)
      ==13279==    by 0x1249BD: daemonRunStateInit (libvirtd.c:823)
      ==13279==    by 0x554FBCF: virThreadHelper (virthread.c:206)
      ==13279==    by 0x8F913D3: start_thread (in /lib64/libpthread-2.23.so)
      ==13279==    by 0x928DE3C: clone (in /lib64/libc-2.23.so)
      
      Secondly, while we send the message, we are suspended ('cos we're
      talking to a UNIX socket).  However, until we are resumed back
      again the reply might have came therefore subsequent
      dbus_pending_call_set_notify() has no effect and in fact the
      virNetDaemonGotInhibitReply() callback is never called. Thirdly,
      the dbus_connection_send_with_reply() has really stupid policy
      for return values. To cite the man page:
      
        Returns
            FALSE if no memory, TRUE otherwise.
      
      Yes, that's right. If anything goes wrong and it's not case of
      OOM then TRUE is returned, i.e. you're trying to pass FDs and
      it's not supported, or you're not connected, or anything else.
      Therefore, checking for return value of
      dbus_connection_send_with_reply() is not enoguh. We also have to
      check if @pendingReply is not NULL before proceeding any further.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      ace45e67
  12. 13 7月, 2017 1 次提交
    • D
      Revert "Prevent more compiler optimization of mockable functions" · 407a281a
      Daniel P. Berrange 提交于
      This reverts commit e4b980c8.
      
      When a binary links against a .a archive (as opposed to a shared library),
      any symbols which are marked as 'weak' get silently dropped. As a result
      when the binary later runs, those 'weak' functions have an address of
      0x0 and thus crash when run.
      
      This happened with virtlogd and virtlockd because they don't link to
      libvirt.so, but instead just libvirt_util.a and libvirt_rpc.a. The
      virRandomBits symbols was weak and so left out of the virtlogd &
      virtlockd binaries, despite being required by virHashTable functions.
      
      Various other binaries like libvirt_lxc, libvirt_iohelper, etc also
      link directly to .a files instead of libvirt.so, so are potentially
      at risk of dropping symbols leading to a later runtime crash.
      
      This is normal linker behaviour because a weak symbol is not treated
      as undefined, so nothing forces it to be pulled in from the .a You
      have to force the linker to pull in weak symbols using -u$SYMNAME
      which is not a practical approach.
      
      This risk is silent bad linkage that affects runtime behaviour is
      not acceptable for a fix that was merely trying to fix the test
      suite. So stop using __weak__ again.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      407a281a
  13. 11 7月, 2017 2 次提交
    • D
      rpc: improve error message for bounds check · c8fb3c31
      Daniel P. Berrange 提交于
      If we exceed a fixed limit in RPC code we get a horrible message
      like this, if the parameter type is a 'string', because we forgot
      to initialize the error message type field:
      
        $ virsh snapshot-list ostack1
        error: too many remote undefineds: 1329 > 1024
      
      It would also be useful to know which RPC call and field was
      exceeded. So this patch makes us report:
      
        $ virsh snapshot-list ostack1
        error: too many remote undefineds: 1329 > 1024,
        in parameter 'names' for 'virDomainSnapshotListNames'
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      c8fb3c31
    • D
      Prevent more compiler optimization of mockable functions · e4b980c8
      Daniel P. Berrange 提交于
      Currently all mockable functions are annotated with the 'noinline'
      attribute. This is insufficient to guarantee that a function can
      be reliably mocked with an LD_PRELOAD. The C language spec allows
      the compiler to assume there is only a single implementation of
      each function. It can thus do things like propagating constant
      return values into the caller at compile time, or creating
      multiple specialized copies of the function body each optimized
      for a different caller. To prevent these optimizations we must
      also set the 'noclone' and 'weak' attributes.
      
      This fixes the test suite when libvirt.so is built with CLang
      with optimization enabled.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e4b980c8
  14. 05 7月, 2017 2 次提交
  15. 13 6月, 2017 2 次提交
  16. 08 6月, 2017 1 次提交
  17. 26 5月, 2017 1 次提交
  18. 24 5月, 2017 1 次提交
    • P
      rpc: Bump maximum message size to 32M · 97863780
      Peter Krempa 提交于
      While most of the APIs are okay with 16M messages, the bulk stats API
      can run into the limit in big configurations. Before we devise a new
      plan for this, bump this limit slightly to accomodate some more configs.
      97863780
  19. 18 5月, 2017 13 次提交
  20. 03 5月, 2017 1 次提交
    • J
      client: Report proper close reason · 42faf316
      Jiri Denemark 提交于
      When we get a POLLHUP or VIR_EVENT_HANDLE_HANGUP event for a client, we
      still want to read from the socket to process any accumulated data. But
      doing so inevitably results in an error and a call to
      virNetClientMarkClose before we get to processing the hangup event (and
      another call to virNetClientMarkClose). However the close reason passed
      to the second virNetClientMarkClose call is ignored because another one
      was already set. We need to pass the correct close reason when marking
      the socket to be closed for the first time.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1373859Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      42faf316
  21. 27 4月, 2017 1 次提交
  22. 24 4月, 2017 1 次提交
    • Y
      rpc: fix keep alive timer segfault · ab5bb6f3
      Yi Wang 提交于
      ka maybe have been freeed in virObjectUnref, application using
      virKeepAliveTimer will segfault when unlock ka. We should keep
      ka's refs positive before using it.
      
      #0  0x00007fd8f79970e8 in virClassIsDerivedFrom (klass=0xdeadbeef, parent=0x7fd8e8001b80) at util/virobject.c:169
      #1  0x00007fd8f799742e in virObjectIsClass (anyobj=anyobj entry=0x7fd8e800b9c0, klass=<optimized out>) at util/virobject.c:365
      #2  0x00007fd8f79974e4 in virObjectUnlock (anyobj=0x7fd8e800b9c0) at util/virobject.c:338
      #3  0x00007fd8f7ac477e in virKeepAliveTimer (timer=<optimized out>, opaque=0x7fd8e800b9c0) at rpc/virkeepalive.c:177
      #4  0x00007fd8f7e5c9cf in libvirt_virEventInvokeTimeoutCallback () from /usr/lib64/python2.7/site-packages/libvirtmod.so
      #5  0x00007fd8ff64db94 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
      #6  0x00007fd8ff64f1ad in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
      #7  0x00007fd8ff64d85f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
      #8  0x00007fd8ff64d950 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
      #9  0x00007fd8ff64d950 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0
      #10 0x00007fd8ff64f1ad in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0
      #11 0x00007fd8ff5dc098 in function_call () from /lib64/libpython2.7.so.1.0
      #12 0x00007fd8ff5b7073 in PyObject_Call () from /lib64/libpython2.7.so.1.0
      #13 0x00007fd8ff5c6085 in instancemethod_call () from /lib64/libpython2.7.so.1.0
      #14 0x00007fd8ff5b7073 in PyObject_Call () from /lib64/libpython2.7.so.1.0
      #15 0x00007fd8ff648ff7 in PyEval_CallObjectWithKeywords () from /lib64/libpython2.7.so.1.0
      #16 0x00007fd8ff67d7e2 in t_bootstrap () from /lib64/libpython2.7.so.1.0
      #17 0x00007fd8ff358df3 in start_thread () from /lib64/libpthread.so.0
      #18 0x00007fd8fe97d3ed in clone () from /lib64/libc.so.6
      Signed-off-by: NYi Wang <wang.yi59@zte.com.cn>
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      ab5bb6f3
  23. 20 4月, 2017 1 次提交
    • D
      Fix error reporting when poll returns POLLHUP/POLLERR · 234ac4e1
      Daniel P. Berrange 提交于
      In the RPC client event loop code, if poll() returns only a POLLHUP
      or POLLERR status, then we end up reporting a bogus error message:
      
        error: failed to connect to the hypervisor
        error: An error occurred, but the cause is unknown
      
      We do actually report an error, but we virNetClientMarkClose method
      has already captured the error status before we report it, so the
      real error gets thrown away. The key fix is to report the error
      before calling virNetClientMarkClose(). In changing this, we also
      split out reporting of POLLHUP vs POLLERR to make any future bugs
      easier to diagnose.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      234ac4e1
  24. 19 4月, 2017 2 次提交
    • D
      Ignore SASL deprecation warnings on OS-X · f7d7825d
      Daniel P. Berrange 提交于
      Apple have annotated all SASL functions as deprecated for
      unknown reasons. Since they still work, lets just ignore
      the warnings. If Apple finally delete the SASL functions
      our configure check should already catch that
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f7d7825d
    • D
      annotate all mocked functions with noinline · 728cacc8
      Daniel P. Berrange 提交于
      CLang's optimizer is more aggressive at inlining functions than
      gcc and so will often inline functions that our tests want to
      mock-override. This causes the test to fail in bizarre ways.
      
      We don't want to disable inlining completely, but we must at
      least prevent inlining of mocked functions. Fortunately there
      is a 'noinline' attribute that lets us control this per function.
      
      A syntax check rule is added that parses tests/*mock.c to extract
      the list of functions that are mocked (restricted to names starting
      with 'vir' prefix). It then checks that src/*.h header file to
      ensure it has a 'ATTRIBUTE_NOINLINE' annotation. This should prevent
      use from bit-rotting in future.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      728cacc8