1. 30 6月, 2016 1 次提交
  2. 03 2月, 2016 1 次提交
  3. 02 2月, 2016 1 次提交
  4. 01 2月, 2016 1 次提交
  5. 19 1月, 2016 2 次提交
    • M
      virLogManagerDomainReadLogFile: Don't do dummy allocs · bce46d6a
      Michal Privoznik 提交于
      Since we pass dummy variables @fdout and @fdoutlen into
      virNetClientProgramCall() we make it alloc @fdout array (even
      though it's an array of 0 elements since vitlogd can hardly pass
      us some FDs at this stage). Nevertheless, it's an allocation not
      followed by free():
      
      ==29385== 0 bytes in 60 blocks are definitely lost in loss record 2 of 1,009
      ==29385==    at 0x4C2C070: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==29385==    by 0x54B99EF: virAllocN (viralloc.c:191)
      ==29385==    by 0x56821B1: virNetClientProgramCall (virnetclientprogram.c:359)
      ==29385==    by 0x563B304: virLogManagerDomainReadLogFile (log_manager.c:272)
      ==29385==    by 0x217CD613: qemuDomainLogContextRead (qemu_domain.c:2485)
      ==29385==    by 0x217EDC76: qemuProcessReadLog (qemu_process.c:1660)
      ==29385==    by 0x217EDE1D: qemuProcessReportLogError (qemu_process.c:1696)
      ==29385==    by 0x217EE8C1: qemuProcessWaitForMonitor (qemu_process.c:1957)
      ==29385==    by 0x217F6636: qemuProcessLaunch (qemu_process.c:4955)
      ==29385==    by 0x217F71A4: qemuProcessStart (qemu_process.c:5152)
      ==29385==    by 0x21846582: qemuDomainObjStart (qemu_driver.c:7396)
      ==29385==    by 0x218467DE: qemuDomainCreateWithFlags (qemu_driver.c:7450)
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit c03fbecc)
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      bce46d6a
    • M
      qemuProcessReadLog: Fix memmove arguments · 58832fe4
      Michal Privoznik 提交于
      So I can observe this crasher that with freshly started daemon
      (and virtlogd enabled) I am trying to startup a domain that
      immediately dies (because it's said to use huge pages but I
      haven't allocated a single one in the pool). Hardly reproducible
      with -O0 or under valgrind. But I just got lucky:
      
      ==20469== Invalid write of size 8
      ==20469==    at 0x4C2E99B: memcpy@GLIBC_2.2.5 (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==20469==    by 0x217EDD07: qemuProcessReadLog (qemu_process.c:1670)
      ==20469==    by 0x217EDE1D: qemuProcessReportLogError (qemu_process.c:1696)
      ==20469==    by 0x217EE8C1: qemuProcessWaitForMonitor (qemu_process.c:1957)
      ==20469==    by 0x217F6636: qemuProcessLaunch (qemu_process.c:4955)
      ==20469==    by 0x217F71A4: qemuProcessStart (qemu_process.c:5152)
      ==20469==    by 0x21846582: qemuDomainObjStart (qemu_driver.c:7396)
      ==20469==    by 0x218467DE: qemuDomainCreateWithFlags (qemu_driver.c:7450)
      ==20469==    by 0x21846845: qemuDomainCreate (qemu_driver.c:7468)
      ==20469==    by 0x5611CD0: virDomainCreate (libvirt-domain.c:6753)
      ==20469==    by 0x125D9A: remoteDispatchDomainCreate (remote_dispatch.h:3613)
      ==20469==    by 0x125CB7: remoteDispatchDomainCreateHelper (remote_dispatch.h:3589)
      ==20469==  Address 0x27a52ad0 is 0 bytes after a block of size 5,584 alloc'd
      ==20469==    at 0x4C29F80: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==20469==    by 0x9B8D1DB: xdr_string (in /lib64/libc-2.21.so)
      ==20469==    by 0x563B39C: xdr_virLogManagerProtocolNonNullString (log_protocol.c:24)
      ==20469==    by 0x563B6B7: xdr_virLogManagerProtocolDomainReadLogFileRet (log_protocol.c:123)
      ==20469==    by 0x164B34: virNetMessageDecodePayload (virnetmessage.c:407)
      ==20469==    by 0x5682360: virNetClientProgramCall (virnetclientprogram.c:379)
      ==20469==    by 0x563B30E: virLogManagerDomainReadLogFile (log_manager.c:272)
      ==20469==    by 0x217CD613: qemuDomainLogContextRead (qemu_domain.c:2485)
      ==20469==    by 0x217EDC76: qemuProcessReadLog (qemu_process.c:1660)
      ==20469==    by 0x217EDE1D: qemuProcessReportLogError (qemu_process.c:1696)
      ==20469==    by 0x217EE8C1: qemuProcessWaitForMonitor (qemu_process.c:1957)
      ==20469==    by 0x217F6636: qemuProcessLaunch (qemu_process.c:4955)
      
      This points to memmove() in qemuProcessReadLog(). Imagine we just
      read the following string from qemu:
      
      "abc\n2016-01-18T09:40:44.022744Z qemu-system-x86_64: Error\n"
      
      After the first pass of the while() loop in the
      qemuProcessReadLog() (in which we have taken the false branch in
      the if) @buf still points to the beginning of the string,
      @filter_next points to the beginning of the second line.  So we
      start second iteration because there is yet another newline
      character at the end. In this iteration @eol points to it
      actually. Now, the control gets inside true branch of if(). Just
      to remind you:
      
      got = 58
      filter_next = buf + 5,
      eol = buf + 58.
      
      Therefore skip = 54 which is correct. The message we want to skip
      is 54 bytes long. However:
      
      memmove(filter_next, eol + 1, (got - skip) +1);
      
      which is
      
      memmove(filter_next, eol + 1, 5)
      
      is obviously wrong as there is only one byte we can access, not 5!
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit 105b51f4)
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      58832fe4
  6. 17 1月, 2016 1 次提交
  7. 15 1月, 2016 6 次提交
  8. 14 1月, 2016 5 次提交
  9. 13 1月, 2016 8 次提交
    • C
      build: fix distdir with wireshark disabled · e20dd2a4
      Cole Robinson 提交于
      Even though the Makefile has WITH_WIRESHARK guards, the _SOURCES
      variables are still processed when adding bits to the dist archive.
      
      plugin.c is a generated file that is only built when wireshark is
      enabled and it shouldn't be distributed, so use 'nodist'
      e20dd2a4
    • M
      qemuProcessCleanupChardevDevice: Don't unlink NULL paths · e988ba94
      Michal Privoznik 提交于
      So, you try to start a domain, but before we even get to the part
      where chardev part of qemu command line is generated (and
      possibly missing path to unix sockets is made up) an error occurs
      which results in calling qemuProcessStop. This will then try to
      clean up the mess and possibly ends up calling unlink(NULL).
      
      ==8085== Thread 3:
      ==8085== Syscall param unlink(pathname) points to unaddressable byte(s)
      ==8085==    at 0xA85EA57: unlink (in /lib64/libc-2.21.so)
      ==8085==    by 0x213D3C24: qemuProcessCleanupChardevDevice (qemu_process.c:2866)
      ==8085==    by 0x558D6B1: virDomainChrDefForeach (domain_conf.c:22924)
      ==8085==    by 0x213DA9AE: qemuProcessStop (qemu_process.c:5326)
      ==8085==    by 0x213DA2F2: qemuProcessStart (qemu_process.c:5190)
      ==8085==    by 0x2142957F: qemuDomainObjStart (qemu_driver.c:7396)
      ==8085==    by 0x214297DB: qemuDomainCreateWithFlags (qemu_driver.c:7450)
      ==8085==    by 0x21429842: qemuDomainCreate (qemu_driver.c:7468)
      ==8085==    by 0x5611B95: virDomainCreate (libvirt-domain.c:6753)
      ==8085==    by 0x125D9A: remoteDispatchDomainCreate (remote_dispatch.h:3613)
      ==8085==    by 0x125CB7: remoteDispatchDomainCreateHelper (remote_dispatch.h:3589)
      ==8085==    by 0x568BF41: virNetServerProgramDispatchCall (virnetserverprogram.c:437)
      ==8085==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
      ==8085==
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      e988ba94
    • J
      xenconfig: check return value of regcomp · 71daae96
      Jim Fehlig 提交于
      Commit ec63000a missed checking the return value of regcomp(),
      which coverity promptly identified.
      71daae96
    • M
      wireshark: Install into DESTDIR · 50078cfb
      Michal Privoznik 提交于
      Like everything we install, it should be prefixed with DESTDIR.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      50078cfb
    • J
      Xen: use correct domctl version in domaininfolist union · 6564de5e
      Jim Fehlig 提交于
      Commmit fd2e3c4c used the domctl version 8 structure for version 9
      in the xen_getdomaininfolist union, resulting in insufficient buffer
      size (and subsequent memory corruption) for the GETDOMAININFOLIST
      ioctl.
      Signed-off-by: NJim Fehlig <jfehlig@suse.com>
      6564de5e
    • C
      testutils: Fix coverity warning with REGENERATE_OUTPUT · ebfd6f45
      Cole Robinson 提交于
      - Don't double check for expectName
      - actual is always non-NULL by this point, so don't check it either
      ebfd6f45
    • C
      build: Kill tools/wireshark Makefiles · 3445acdb
      Cole Robinson 提交于
      Just handle it all in tools/Makefile.am. I verified the generated output
      looks similar to the pre patch output, but I didn't test it.
      3445acdb
    • M
      Expand $(wildcard) correctly · 8c67ab66
      Michal Privoznik 提交于
      So after da176bf6 and friend we have switched to $(wildcard
      some/path/*.xml) instead of enumerating the files explicitly.
      This is nice, however it makes distcheck build from VPATH fail.
      The reason is that it's is not obvious to what does the wildcard
      refer to: srcdir or builddir?
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      8c67ab66
  10. 12 1月, 2016 14 次提交