1. 08 1月, 2013 7 次提交
  2. 14 12月, 2012 1 次提交
    • L
      network: prevent dnsmasq from listening on localhost · 84cbd3a9
      Laine Stump 提交于
      This patch resolves the problem reported in:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=886663
      
      The source of the problem was the fix for CVE 2011-3411:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=833033
      
      which was originally committed upstream in commit
      753ff83a. That commit improperly
      removed the "--except-interface lo" from dnsmasq commandlines when
      --bind-dynamic was used (based on comments in the latter bug).
      
      It turns out that the problem reported in the CVE could be eliminated
      without removing "--except-interface lo", and removing it actually
      caused each instance of dnsmasq to listen on localhost on port 53,
      which created a new problem:
      
      If another instance of dnsmasq using "bind-interfaces" (instead of
      "bind-dynamic") had already been started (or if another instance
      started later used "bind-dynamic"), this wouldn't have any immediately
      visible ill effects, but if you tried to start another dnsmasq
      instance using "bind-interfaces" *after* starting any libvirt
      networks, the new dnsmasq would fail to start, because there was
      already another process listening on port 53.
      
      This patch changes the network driver to *always* add
      "except-interface=lo" to dnsmasq conf files, regardless of whether we use
      bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances
      are listening on localhost (and the CVE is still fixed).
      
      The actual code change is miniscule, but must be propogated through all
      of the test files as well.
      
      (This is *not* a cherry-pick of the upstream commit that fixes the bug
      (commit d66eb786), because subsequent
      to the CVE fix, another patch changed the network driver to put
      dnsmasq options in a conf file rather than directly on the dnsmasq
      commandline preserving the same options), so a cherry-pick is just one
      very large conflict.)
      84cbd3a9
  3. 10 12月, 2012 32 次提交
    • C
      Prep for release 0.10.2.2 · 475b0044
      Cole Robinson 提交于
      475b0044
    • M
      dnsmasq: Fix parsing of the version number · 88e3b40e
      Michal Privoznik 提交于
      If debugging is enabled, the debug messages are sent to stderr.
      Moreover, if a command has catching of stderr set, the messages
      gets mixed with stdout output (assuming both outputs are stored
      in the same variable). The resulting string then doesn't
      necessarily have to start with desired prefix then. This bug
      exposes itself when parsing dnsmasq output:
      
      2012-12-06 11:18:11.445+0000: 18491: error :
      dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
      /usr/sbin/dnsmasq version number in '2012-12-06
      11:11:02.232+0000: 18492: debug : virFileClose:72 : Closed fd 22'
      
      We can clearly see that the output of dnsmasq --version doesn't
      start with expected "Dnsmasq version " string but a libvirt debug
      output.
      (cherry picked from commit ff33f807)
      88e3b40e
    • M
      dnsmasq: Fix parsing of the version number · 0617864e
      Michal Privoznik 提交于
      If the debugging is enabled, the virCommand subsystem catches debug
      messages in the command output as well. In that case, we can't assume
      the string corresponding to command's stdout will start with specific
      prefix. But the prefix can be moved deeper in the string. This bug
      shows itself when parsing dnsmasq output:
      
      2012-12-06 11:18:11.445+0000: 18491: error :
      dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
      /usr/sbin/dnsmasq version number in '2012-12-06 11:11:02.232+0000:
      18492: debug : virFileClose:72 : Closed fd 22'
      
      We can clearly see that the output of dnsmasq --version
      doesn't start with expected "Dnsmasq version " string but a libvirt
      debug output.
      (cherry picked from commit 51144313)
      0617864e
    • O
      storage: Error out earlier if the volume target path already exists · 9b625cbc
      Osier Yang 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=832302
      
      It's odd to fall through to buildVol, and the existed file is
      removed when buildVol fails. This checks if the volume target
      path already exists in createVol. The reason for not using
      error like "Volume already exists" is that there isn't volume
      maintained by libvirt for the path until a operation like
      pool-refresh, using error like that will just cause confusion.
      (cherry picked from commit d1f3d149)
      9b625cbc
    • D
      remote: Avoid the thread race condition · 97743435
      Daniel P. Berrange 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=866524
      
      Since the virConnect object is not locked wholely when doing
      virConenctDispose, a thread can get the lock and thus might
      cause the race.
      
      Detected by valgrind:
      
      ==23687== Invalid read of size 4
      ==23687==    at 0x38BAA091EC: pthread_mutex_lock (pthread_mutex_lock.c:61)
      ==23687==    by 0x3FBA919E36: remoteClientCloseFunc (remote_driver.c:337)
      ==23687==    by 0x3FBA936BF2: virNetClientCloseLocked (virnetclient.c:688)
      ==23687==    by 0x3FBA9390D8: virNetClientIncomingEvent (virnetclient.c:1859)
      ==23687==    by 0x3FBA851AAE: virEventPollRunOnce (event_poll.c:485)
      ==23687==    by 0x3FBA850846: virEventRunDefaultImpl (event.c:247)
      ==23687==    by 0x40CD61: vshEventLoop (virsh.c:2128)
      ==23687==    by 0x3FBA8626F8: virThreadHelper (threads-pthread.c:161)
      ==23687==    by 0x38BAA077F0: start_thread (pthread_create.c:301)
      ==23687==    by 0x33F68E570C: clone (clone.S:115)
      ==23687==  Address 0x4ca94e0 is 144 bytes inside a block of size 312 free'd
      ==23687==    at 0x4A0595D: free (vg_replace_malloc.c:366)
      ==23687==    by 0x3FBA8588B8: virFree (memory.c:309)
      ==23687==    by 0x3FBA86AAFC: virObjectUnref (virobject.c:145)
      ==23687==    by 0x3FBA8EA767: virConnectClose (libvirt.c:1458)
      ==23687==    by 0x40C8B8: vshDeinit (virsh.c:2584)
      ==23687==    by 0x41071E: main (virsh.c:3022)
      
      The above race is caused by the eventLoop thread tries to handle
      the net client event by calling the callback set by:
          virNetClientSetCloseCallback(priv->client,
                                       remoteClientCloseFunc,
                                       conn, NULL);
      
      I.E. remoteClientCloseFunc, which lock/unlock the virConnect object.
      
      This patch is to fix the bug by setting the callback to NULL when
      doRemoteClose.
      (cherry picked from commit b362938e)
      97743435
    • J
      qemu: Don't free PCI device if adding it to activePciHostdevs fails · 9034c928
      Jiri Denemark 提交于
      The device is still referenced from pcidevs and freeing it would leave
      an invalid pointer there.
      (cherry picked from commit ea1a9b5f)
      9034c928
    • E
      build: fix incremental autogen.sh when no AUTHORS is present · 61874071
      Eric Blake 提交于
      Commit 71d12562 tried to fix a problem where rebasing an old
      branch on top of newer libvirt.git resulted in automake failing
      because of a missing AUTHORS file.  However, while the fix
      worked for an incremental 'make', it did not work for someone
      that directly reran './autogen.sh'.  Reported by Laine Stump.
      
      * autogen.sh (autoreconf): Check for same conditions as cfg.mk.
      * cfg.mk (_update_required): Add comments.
      (cherry picked from commit 55dc872b)
      61874071
    • J
      conf: prevent crash with no uuid in cephx auth secret · 8b60ff7f
      Ján Tomko 提交于
      Fix the null pointer access when UUID is not specified.
      Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates
      if uuid was specified or not and use it instead of the pointless
      comparison of the static UUID array to NULL.
      Add an error message if both uuid and usage are specified.
      
      Fixes:
      Error: FORWARD_NULL (CWE-476):
      libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing
          null pointer "uuid" to function "virUUIDParse(char const *, unsigned
          char *)", which dereferences it. (The dereference is assumed on the
          basis of the 'nonnull' parameter attribute.)
      Error: NO_EFFECT (CWE-398):
          libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an
          array to null is not useful: "src->auth.cephx.secret.uuid != NULL".
      (cherry picked from commit bc680e13)
      8b60ff7f
    • D
      Allow duration=0 for virsh nodesuspend · 68fb799b
      Daniel P. Berrange 提交于
      The virNodeSuspend API allows for a duration of 0, to mean no
      timed wakup. virsh needlessly forbids this though
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 1cad5eba)
      68fb799b
    • D
      Quote client identity in SASL whitelist log message · 8a0bb98d
      Daniel P. Berrange 提交于
      When seeing a message
      
       virNetSASLContextCheckIdentity:146 : SASL client admin not allowed in whitelist
      
      it isn't immediately obvious that 'admin' is the identity
      being checked. Quote the string to make it more obvious
      (cherry picked from commit 07da0a6b)
      8a0bb98d
    • G
      Fix uninitialized variables · 34d3627a
      Guido Günther 提交于
      detecet by
      
      	http://honk.sigxcpu.org:8001/job/libvirt-build/348/console
      (cherry picked from commit d01e427e)
      34d3627a
    • J
      nwfilter: report an error on OOM · 0e78179d
      Ján Tomko 提交于
      Also removed some unreachable code found by coverity:
      libvirt-0.10.2/src/nwfilter/nwfilter_driver.c:259: unreachable: This
      code cannot be reached: "nwfilterDriverUnlock(driver...".
      (cherry picked from commit 4f9af085)
      0e78179d
    • J
      virsh: check the return value of virStoragePoolGetAutostart · 9720cc81
      Ján Tomko 提交于
      On error, virStoragePoolGetAutostart would return -1 leaving autostart
      untouched.
      
      Removed the misleading debug message as well.
      
      Error: CHECKED_RETURN (CWE-252):
      libvirt-0.10.2/tools/virsh-pool.c:1386: unchecked_value: No check of the
          return value of "virStoragePoolGetAutostart(pool, &autostart)".
      (cherry picked from commit e9d74a7a)
      9720cc81
    • J
      conf: fix uninitialized variable in virDomainListSnapshots · 2f4d266d
      Ján Tomko 提交于
      If allocation of names fails, list is uninitialized.
      (cherry picked from commit 892582f9)
      2f4d266d
    • J
      rpc: don't destroy xdr before creating it in virNetMessageEncodeHeader · e8d28ec3
      Ján Tomko 提交于
      On OOM, xdr_destroy got called even though it wasn't created yet.
      
      Found by coverity:
      Error: UNINIT (CWE-457):
          libvirt-0.10.2/src/rpc/virnetmessage.c:214: var_decl: Declaring
          variable "xdr" without initializer.
          libvirt-0.10.2/src/rpc/virnetmessage.c:219: cond_true: Condition
          "virReallocN(&msg->buffer, 1UL /* sizeof (*msg->buffer) */,
          msg->bufferLength) < 0", taking true branch
          libvirt-0.10.2/src/rpc/virnetmessage.c:221: goto: Jumping to label
          "cleanup"
          libvirt-0.10.2/src/rpc/virnetmessage.c:257: label: Reached label
          "cleanup"
          libvirt-0.10.2/src/rpc/virnetmessage.c:258: uninit_use: Using
          uninitialized value "xdr.x_ops".
      (cherry picked from commit 6e1fc355)
      e8d28ec3
    • J
      virsh: do timing even for unusable connections · caf1377a
      Ján Tomko 提交于
      Time values were uninitialized if the connection wasn't usable.
      (cherry picked from commit 8b235d40)
      caf1377a
    • J
      virsh: use correct sizeof when allocating cpumap · a565e20b
      Ján Tomko 提交于
      Found by coverity:
      Error: SIZEOF_MISMATCH (CWE-569):
          libvirt-0.10.2/tools/virsh-domain.c:4754: suspicious_sizeof: Passing
          argument "8UL /* sizeof (cpumap) */" to function
          "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and
          then casting the return value to "unsigned char *" is suspicious.
      
      Error: SIZEOF_MISMATCH (CWE-569):
          libvirt-0.10.2/tools/virsh-domain.c:4942: suspicious_sizeof: Passing
          argument "8UL /* sizeof (cpumap) */" to function
          "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and
          then casting the return value to "unsigned char *" is suspicious.
      (cherry picked from commit dc04b2a7)
      a565e20b
    • J
      util: fix virBitmap allocation in virProcessInfoGetAffinity · e4e5a4d3
      Ján Tomko 提交于
      Found by coverity:
      Error: REVERSE_INULL (CWE-476):
          libvirt-0.10.2/src/util/processinfo.c:141: deref_ptr: Directly
          dereferencing pointer "map".
          libvirt-0.10.2/src/util/processinfo.c:142: check_after_deref:
          Null-checking "map" suggests that it may be null, but it has already
          been dereferenced on all paths leading to the check.
      (cherry picked from commit 7730257d)
      e4e5a4d3
    • L
      network: fix crash when portgroup has no name · 2e7298d7
      Laine Stump 提交于
      This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=879473
      
      The name attribute is required for portgroup elements (yes, the RNG
      specifies that), and there is code in libvirt that assumes it is
      non-null.  Unfortunately, the portgroup parsing function wasn't
      checking for lack of portgroup. One adverse result of this was that
      attempts to update a network by adding a portgroup with no name would
      cause libvirtd to segfault. For example:
      
         virsh net-update default add portgroup "<portgroup default='yes'/>"
      
      This patch causes virNetworkPortGroupParseXML to fail if no name is
      specified, thus avoiding any later problems.
      (cherry picked from commit 012d69df)
      2e7298d7
    • D
      Fix leak of virNetworkPtr in LXC startup failure path · 3926d857
      Daniel P. Berrange 提交于
      When starting an LXC guest with a virNetwork based NIC device,
      if the network was not active, the virNetworkPtr device would
      be leaked
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 509ce943)
      3926d857
    • D
      Fix error reporting in virNetDevVethDelete · e69aaf2f
      Daniel P. Berrange 提交于
      In virNetDevVethDelete the virRun method will properly report
      errors, but when checking the exit status for non-zero exit
      code no error is reported
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 0584d662)
      e69aaf2f
    • D
      Ensure transient def is removed if LXC start fails · dd35c8da
      Daniel P. Berrange 提交于
      When starting a container, newDef is initialized to a
      copy of 'def', but when startup fails newDef is never
      removed. This cause later attempts to use 'virDomainDefine'
      to lose the new data being defined.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 9d2bfc1c)
      dd35c8da
    • D
      Ensure failure to create macvtap device aborts LXC start · f928284b
      Daniel P. Berrange 提交于
      A mistaken initialization of 'ret' caused failure to create
      macvtap devices to be ignored. The libvirt_lxc process
      would later fail to start due to missing devices
      
      Also make sure code checks '< 0' and not '!= 0' since only
      -1 is considered an error condition
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 43db9cf4)
      f928284b
    • D
      Avoid crash when LXC start fails with no interface target · 74aa3ffe
      Daniel P. Berrange 提交于
      If the <interface> device did not contain any <target>
      element, LXC would crash on a NULL pointer if starting
      the container failed
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 68dceb63)
      74aa3ffe
    • D
      Specify name of target interface with macvlan error · 49ed3cd1
      Daniel P. Berrange 提交于
      When failing to create a macvlan interface, make sure the
      error message contains the name of the host interface
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit e11daa2b)
      49ed3cd1
    • D
      Treat missing driver cgroup as fatal in LXC driver · 1083e418
      Daniel P. Berrange 提交于
      The LXC driver relies on use of cgroups to kill off LXC processes
      in shutdown. If cgroups aren't available, we're unable to kill
      off processes, so we must treat lack of cgroups as a fatal startup
      error.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 7c5ba648)
      1083e418
    • D
      Ensure LXC container exits if cgroups setup fails · 7e3b1283
      Daniel P. Berrange 提交于
      The code setting up LXC cgroups used an 'rc' variable both
      for capturing the return value of methods it calls, and
      its own return status. The result was that several failures
      in setting up cgroups would actually result in success being
      returned.
      
      Use a separate 'ret' for tracking return value as per normal
      code design in other parts of libvirt
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 8e1f0c38)
      7e3b1283
    • P
      lxc: Don't crash if no security driver is specified in libvirt_lxc · bf8efc33
      Peter Krempa 提交于
      When no security driver is specified libvirt_lxc segfaults as a debug
      message tries to access security labels for the container that are not
      present.
      
      This problem was introduced in commit 6c3cf57d.
      (cherry picked from commit 99a388e6)
      bf8efc33
    • P
      lxc: Avoid segfault of libvirt_lxc helper on early cleanup paths · fac1a19d
      Peter Krempa 提交于
      Early jumps to the cleanup label caused a crash of the libvirt_lxc
      container helper as the cleanup section called
      virLXCControllerDeleteInterfaces(ctrl) without checking the ctrl argument
      for NULL. The argument was de-referenced soon after.
      
      $ /usr/libexec/libvirt_lxc
      /usr/libexec/libvirt_lxc: missing --name argument for configuration
      Segmentation fault
      (cherry picked from commit 81efb13b)
      fac1a19d
    • J
      storage: fix logical volume cloning · 89cecbbe
      Ján Tomko 提交于
      Commit 258e06c8 removed setting of the volume type to
      VIR_STORAGE_VOL_BLOCK, which leads to failures in
      storageVolumeCreateXMLFrom.
      
      The type (and target.format) of the volume was set to zero. In
      virStorageBackendGetBuildVolFromFunction, this gets interpreted as
      VIR_STORAGE_FILE_NONE and the qemu-img tool is called with unknown
      "none" format.
      
      Bug: https://bugzilla.redhat.com/show_bug.cgi?id=879780
      (cherry picked from commit 70f0bbe8)
      89cecbbe
    • D
      Skip deleted timers when calculting next timeout · 1f45a323
      Daniel P. Berrange 提交于
      It is possible for there to be deleted timers when we
      calculate the next timeout, and they must be skipped.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit afbd9667)
      1f45a323
    • D
      Warn if requesting update to non-existent timer/handle watch · 9d239b59
      Daniel P. Berrange 提交于
      The event code is a no-op if requested to update a non-existent
      timer/handle watch. This makes it hard to detect bugs in the
      caller who have passed bogus data. Add a VIR_WARN output in
      such cases, since the API does not allow for return errors.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 39064f0f)
      9d239b59