- 08 1月, 2013 7 次提交
-
-
由 Cole Robinson 提交于
Most of this deals with moving the libvirt-guests.sh script which does all the work to /usr/libexec, so it can be shared by both systemd and traditional init. Previously systemd depended on the script being in /etc/init.d Required to fix https://bugzilla.redhat.com/show_bug.cgi?id=789747 (cherry picked from commit d13155c2)
-
由 Eric Blake 提交于
* tools/Makefile.am: Fix tab damage in previous patch. (cherry picked from commit 07049e4c)
-
由 Eric Blake 提交于
Patch 61299a1c fixed a long-standing pod error in the man page. But we should be preventing these up front. See also https://bugzilla.redhat.com/show_bug.cgi?id=870273 * tools/Makefile.am (virt-xml-validate.1, virt-pki-validate.1) (virt-host-validate.1, virt-sanlock-cleanup.8, virsh.1): Reject pod conversion errors. * daemon/Makefile.am ($(srcdir)/libvirtd.8.in): Likewise. (cherry picked from commit 2639949a)
-
由 Cole Robinson 提交于
(cherry picked from commit 0801c149)
-
由 Jim Fehlig 提交于
Commit dfa1e1dd removed libxenctrl from LIBXL_LIBS, but the libxl driver uses a symbol from this library. Explicitly link with libxenctrl instead of relying on the build system to support implicit DSO linking. (cherry picked from commit 68e7bc45)
-
由 Jim Fehlig 提交于
Based on a patch originally authored by Daniel De Graaf http://lists.xen.org/archives/html/xen-devel/2012-05/msg00565.html This patch converts the Xen libxl driver to support only Xen >= 4.2. Support for Xen 4.1 libxl is dropped since that version of libxl is designated 'technology preview' only and is incompatible with Xen 4.2 libxl. Additionally, the default toolstack in Xen 4.1 is still xend, for which libvirt has a stable, functional driver. (cherry picked from commit dfa1e1dd) Conflicts: src/libxl/libxl_conf.c - commit e5e8d5 not backported src/libxl/libxl_driver.c - commit 1c04f999 not backported
-
由 Daniel P. Berrange 提交于
This introduces a few new APIs for dealing with strings. One to split a char * into a char **, another to join a char ** into a char *, and finally one to free a char ** There is a simple test suite to validate the edge cases too. No more need to use the horrible strtok_r() API, or hand-written code for splitting strings. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 76c1fd33) Conflicts: tests/Makefile.am - commit eca72d47 not backported
-
- 14 12月, 2012 1 次提交
-
-
由 Laine Stump 提交于
This patch resolves the problem reported in: https://bugzilla.redhat.com/show_bug.cgi?id=886663 The source of the problem was the fix for CVE 2011-3411: https://bugzilla.redhat.com/show_bug.cgi?id=833033 which was originally committed upstream in commit 753ff83a. That commit improperly removed the "--except-interface lo" from dnsmasq commandlines when --bind-dynamic was used (based on comments in the latter bug). It turns out that the problem reported in the CVE could be eliminated without removing "--except-interface lo", and removing it actually caused each instance of dnsmasq to listen on localhost on port 53, which created a new problem: If another instance of dnsmasq using "bind-interfaces" (instead of "bind-dynamic") had already been started (or if another instance started later used "bind-dynamic"), this wouldn't have any immediately visible ill effects, but if you tried to start another dnsmasq instance using "bind-interfaces" *after* starting any libvirt networks, the new dnsmasq would fail to start, because there was already another process listening on port 53. This patch changes the network driver to *always* add "except-interface=lo" to dnsmasq conf files, regardless of whether we use bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances are listening on localhost (and the CVE is still fixed). The actual code change is miniscule, but must be propogated through all of the test files as well. (This is *not* a cherry-pick of the upstream commit that fixes the bug (commit d66eb786), because subsequent to the CVE fix, another patch changed the network driver to put dnsmasq options in a conf file rather than directly on the dnsmasq commandline preserving the same options), so a cherry-pick is just one very large conflict.)
-
- 10 12月, 2012 32 次提交
-
-
由 Cole Robinson 提交于
-
由 Michal Privoznik 提交于
If debugging is enabled, the debug messages are sent to stderr. Moreover, if a command has catching of stderr set, the messages gets mixed with stdout output (assuming both outputs are stored in the same variable). The resulting string then doesn't necessarily have to start with desired prefix then. This bug exposes itself when parsing dnsmasq output: 2012-12-06 11:18:11.445+0000: 18491: error : dnsmasqCapsSetFromBuffer:664 : internal error cannot parse /usr/sbin/dnsmasq version number in '2012-12-06 11:11:02.232+0000: 18492: debug : virFileClose:72 : Closed fd 22' We can clearly see that the output of dnsmasq --version doesn't start with expected "Dnsmasq version " string but a libvirt debug output. (cherry picked from commit ff33f807)
-
由 Michal Privoznik 提交于
If the debugging is enabled, the virCommand subsystem catches debug messages in the command output as well. In that case, we can't assume the string corresponding to command's stdout will start with specific prefix. But the prefix can be moved deeper in the string. This bug shows itself when parsing dnsmasq output: 2012-12-06 11:18:11.445+0000: 18491: error : dnsmasqCapsSetFromBuffer:664 : internal error cannot parse /usr/sbin/dnsmasq version number in '2012-12-06 11:11:02.232+0000: 18492: debug : virFileClose:72 : Closed fd 22' We can clearly see that the output of dnsmasq --version doesn't start with expected "Dnsmasq version " string but a libvirt debug output. (cherry picked from commit 51144313)
-
由 Osier Yang 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=832302 It's odd to fall through to buildVol, and the existed file is removed when buildVol fails. This checks if the volume target path already exists in createVol. The reason for not using error like "Volume already exists" is that there isn't volume maintained by libvirt for the path until a operation like pool-refresh, using error like that will just cause confusion. (cherry picked from commit d1f3d149)
-
由 Daniel P. Berrange 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=866524 Since the virConnect object is not locked wholely when doing virConenctDispose, a thread can get the lock and thus might cause the race. Detected by valgrind: ==23687== Invalid read of size 4 ==23687== at 0x38BAA091EC: pthread_mutex_lock (pthread_mutex_lock.c:61) ==23687== by 0x3FBA919E36: remoteClientCloseFunc (remote_driver.c:337) ==23687== by 0x3FBA936BF2: virNetClientCloseLocked (virnetclient.c:688) ==23687== by 0x3FBA9390D8: virNetClientIncomingEvent (virnetclient.c:1859) ==23687== by 0x3FBA851AAE: virEventPollRunOnce (event_poll.c:485) ==23687== by 0x3FBA850846: virEventRunDefaultImpl (event.c:247) ==23687== by 0x40CD61: vshEventLoop (virsh.c:2128) ==23687== by 0x3FBA8626F8: virThreadHelper (threads-pthread.c:161) ==23687== by 0x38BAA077F0: start_thread (pthread_create.c:301) ==23687== by 0x33F68E570C: clone (clone.S:115) ==23687== Address 0x4ca94e0 is 144 bytes inside a block of size 312 free'd ==23687== at 0x4A0595D: free (vg_replace_malloc.c:366) ==23687== by 0x3FBA8588B8: virFree (memory.c:309) ==23687== by 0x3FBA86AAFC: virObjectUnref (virobject.c:145) ==23687== by 0x3FBA8EA767: virConnectClose (libvirt.c:1458) ==23687== by 0x40C8B8: vshDeinit (virsh.c:2584) ==23687== by 0x41071E: main (virsh.c:3022) The above race is caused by the eventLoop thread tries to handle the net client event by calling the callback set by: virNetClientSetCloseCallback(priv->client, remoteClientCloseFunc, conn, NULL); I.E. remoteClientCloseFunc, which lock/unlock the virConnect object. This patch is to fix the bug by setting the callback to NULL when doRemoteClose. (cherry picked from commit b362938e)
-
由 Jiri Denemark 提交于
The device is still referenced from pcidevs and freeing it would leave an invalid pointer there. (cherry picked from commit ea1a9b5f)
-
由 Eric Blake 提交于
Commit 71d12562 tried to fix a problem where rebasing an old branch on top of newer libvirt.git resulted in automake failing because of a missing AUTHORS file. However, while the fix worked for an incremental 'make', it did not work for someone that directly reran './autogen.sh'. Reported by Laine Stump. * autogen.sh (autoreconf): Check for same conditions as cfg.mk. * cfg.mk (_update_required): Add comments. (cherry picked from commit 55dc872b)
-
由 Ján Tomko 提交于
Fix the null pointer access when UUID is not specified. Introduce a bool 'uuidUsable' to virStoragePoolAuthCephx that indicates if uuid was specified or not and use it instead of the pointless comparison of the static UUID array to NULL. Add an error message if both uuid and usage are specified. Fixes: Error: FORWARD_NULL (CWE-476): libvirt-0.10.2/src/conf/storage_conf.c:461: var_deref_model: Passing null pointer "uuid" to function "virUUIDParse(char const *, unsigned char *)", which dereferences it. (The dereference is assumed on the basis of the 'nonnull' parameter attribute.) Error: NO_EFFECT (CWE-398): libvirt-0.10.2/src/conf/storage_conf.c:979: array_null: Comparing an array to null is not useful: "src->auth.cephx.secret.uuid != NULL". (cherry picked from commit bc680e13)
-
由 Daniel P. Berrange 提交于
The virNodeSuspend API allows for a duration of 0, to mean no timed wakup. virsh needlessly forbids this though Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 1cad5eba)
-
由 Daniel P. Berrange 提交于
When seeing a message virNetSASLContextCheckIdentity:146 : SASL client admin not allowed in whitelist it isn't immediately obvious that 'admin' is the identity being checked. Quote the string to make it more obvious (cherry picked from commit 07da0a6b)
-
由 Guido Günther 提交于
detecet by http://honk.sigxcpu.org:8001/job/libvirt-build/348/console (cherry picked from commit d01e427e)
-
由 Ján Tomko 提交于
On error, virStoragePoolGetAutostart would return -1 leaving autostart untouched. Removed the misleading debug message as well. Error: CHECKED_RETURN (CWE-252): libvirt-0.10.2/tools/virsh-pool.c:1386: unchecked_value: No check of the return value of "virStoragePoolGetAutostart(pool, &autostart)". (cherry picked from commit e9d74a7a)
-
由 Ján Tomko 提交于
On OOM, xdr_destroy got called even though it wasn't created yet. Found by coverity: Error: UNINIT (CWE-457): libvirt-0.10.2/src/rpc/virnetmessage.c:214: var_decl: Declaring variable "xdr" without initializer. libvirt-0.10.2/src/rpc/virnetmessage.c:219: cond_true: Condition "virReallocN(&msg->buffer, 1UL /* sizeof (*msg->buffer) */, msg->bufferLength) < 0", taking true branch libvirt-0.10.2/src/rpc/virnetmessage.c:221: goto: Jumping to label "cleanup" libvirt-0.10.2/src/rpc/virnetmessage.c:257: label: Reached label "cleanup" libvirt-0.10.2/src/rpc/virnetmessage.c:258: uninit_use: Using uninitialized value "xdr.x_ops". (cherry picked from commit 6e1fc355)
-
由 Ján Tomko 提交于
Found by coverity: Error: SIZEOF_MISMATCH (CWE-569): libvirt-0.10.2/tools/virsh-domain.c:4754: suspicious_sizeof: Passing argument "8UL /* sizeof (cpumap) */" to function "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and then casting the return value to "unsigned char *" is suspicious. Error: SIZEOF_MISMATCH (CWE-569): libvirt-0.10.2/tools/virsh-domain.c:4942: suspicious_sizeof: Passing argument "8UL /* sizeof (cpumap) */" to function "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and then casting the return value to "unsigned char *" is suspicious. (cherry picked from commit dc04b2a7)
-
由 Ján Tomko 提交于
Found by coverity: Error: REVERSE_INULL (CWE-476): libvirt-0.10.2/src/util/processinfo.c:141: deref_ptr: Directly dereferencing pointer "map". libvirt-0.10.2/src/util/processinfo.c:142: check_after_deref: Null-checking "map" suggests that it may be null, but it has already been dereferenced on all paths leading to the check. (cherry picked from commit 7730257d)
-
由 Laine Stump 提交于
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=879473 The name attribute is required for portgroup elements (yes, the RNG specifies that), and there is code in libvirt that assumes it is non-null. Unfortunately, the portgroup parsing function wasn't checking for lack of portgroup. One adverse result of this was that attempts to update a network by adding a portgroup with no name would cause libvirtd to segfault. For example: virsh net-update default add portgroup "<portgroup default='yes'/>" This patch causes virNetworkPortGroupParseXML to fail if no name is specified, thus avoiding any later problems. (cherry picked from commit 012d69df)
-
由 Daniel P. Berrange 提交于
When starting an LXC guest with a virNetwork based NIC device, if the network was not active, the virNetworkPtr device would be leaked Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 509ce943)
-
由 Daniel P. Berrange 提交于
In virNetDevVethDelete the virRun method will properly report errors, but when checking the exit status for non-zero exit code no error is reported Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 0584d662)
-
由 Daniel P. Berrange 提交于
When starting a container, newDef is initialized to a copy of 'def', but when startup fails newDef is never removed. This cause later attempts to use 'virDomainDefine' to lose the new data being defined. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 9d2bfc1c)
-
由 Daniel P. Berrange 提交于
A mistaken initialization of 'ret' caused failure to create macvtap devices to be ignored. The libvirt_lxc process would later fail to start due to missing devices Also make sure code checks '< 0' and not '!= 0' since only -1 is considered an error condition Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 43db9cf4)
-
由 Daniel P. Berrange 提交于
If the <interface> device did not contain any <target> element, LXC would crash on a NULL pointer if starting the container failed Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 68dceb63)
-
由 Daniel P. Berrange 提交于
When failing to create a macvlan interface, make sure the error message contains the name of the host interface Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit e11daa2b)
-
由 Daniel P. Berrange 提交于
The LXC driver relies on use of cgroups to kill off LXC processes in shutdown. If cgroups aren't available, we're unable to kill off processes, so we must treat lack of cgroups as a fatal startup error. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 7c5ba648)
-
由 Daniel P. Berrange 提交于
The code setting up LXC cgroups used an 'rc' variable both for capturing the return value of methods it calls, and its own return status. The result was that several failures in setting up cgroups would actually result in success being returned. Use a separate 'ret' for tracking return value as per normal code design in other parts of libvirt Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 8e1f0c38)
-
由 Peter Krempa 提交于
When no security driver is specified libvirt_lxc segfaults as a debug message tries to access security labels for the container that are not present. This problem was introduced in commit 6c3cf57d. (cherry picked from commit 99a388e6)
-
由 Peter Krempa 提交于
Early jumps to the cleanup label caused a crash of the libvirt_lxc container helper as the cleanup section called virLXCControllerDeleteInterfaces(ctrl) without checking the ctrl argument for NULL. The argument was de-referenced soon after. $ /usr/libexec/libvirt_lxc /usr/libexec/libvirt_lxc: missing --name argument for configuration Segmentation fault (cherry picked from commit 81efb13b)
-
由 Ján Tomko 提交于
Commit 258e06c8 removed setting of the volume type to VIR_STORAGE_VOL_BLOCK, which leads to failures in storageVolumeCreateXMLFrom. The type (and target.format) of the volume was set to zero. In virStorageBackendGetBuildVolFromFunction, this gets interpreted as VIR_STORAGE_FILE_NONE and the qemu-img tool is called with unknown "none" format. Bug: https://bugzilla.redhat.com/show_bug.cgi?id=879780 (cherry picked from commit 70f0bbe8)
-
由 Daniel P. Berrange 提交于
It is possible for there to be deleted timers when we calculate the next timeout, and they must be skipped. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit afbd9667)
-
由 Daniel P. Berrange 提交于
The event code is a no-op if requested to update a non-existent timer/handle watch. This makes it hard to detect bugs in the caller who have passed bogus data. Add a VIR_WARN output in such cases, since the API does not allow for return errors. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 39064f0f)
-