- 01 12月, 2012 1 次提交
-
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=872292 Libvirt should not attempt to call a QMP command that has not been documented in qemu.git - if future qemu introduces a command by the same name but with subtly different semantics, then libvirt will be broken when trying to use that command. We also had some code that could never be reached - some of our commands have an alternate for new vs. old qemu HMP commands; but if we are new enough to support QMP, we only need a fallback to the new HMP counterpart, and don't need to try for a QMP counterpart for the old HMP version. See also this attempt to convert the three snapshot commands to QMP: https://lists.gnu.org/archive/html/qemu-devel/2012-07/msg01597.html although it looks like that will still not happen before qemu 1.3. That thread eventually decided that qemu would use the name 'save-vm' rather than 'savevm', which mitigates the fact that libvirt's attempt to use a QMP 'savevm' would be broken, but we might not be as lucky on the other commands. * src/qemu/qemu_monitor_json.c (qemuMonitorJSONSetCPU) (qemuMonitorJSONAddDrive, qemuMonitorJSONDriveDel) (qemuMonitorJSONCreateSnapshot, qemuMonitorJSONLoadSnapshot) (qemuMonitorJSONDeleteSnapshot): Use only HMP fallback for now. (qemuMonitorJSONAddHostNetwork, qemuMonitorJSONRemoveHostNetwork) (qemuMonitorJSONAttachDrive, qemuMonitorJSONGetGuestDriveAddress): Delete; QMP implies QEMU_CAPS_DEVICE, which prefers AddNetdev, RemoveNetdev, and AddDrive anyways (qemu_hotplug.c has all callers). * src/qemu/qemu_monitor.c (qemuMonitorAddHostNetwork) (qemuMonitorRemoveHostNetwork, qemuMonitorAttachDrive): Reflect deleted commands. * src/qemu/qemu_monitor_json.h (qemuMonitorJSONAddHostNetwork) (qemuMonitorJSONRemoveHostNetwork, qemuMonitorJSONAttachDrive): Likewise.
-
- 30 11月, 2012 16 次提交
-
-
由 Eric Blake 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=876828 Commit 38c4a9cc introduced a regression in hot unplugging of disks from qemu, where cgroup device ACLs were no longer being revoked (thankfully not a security hole: cgroup ACLs only prevent open() of the disk; so reverting the ACL prevents future abuse but doesn't stop abuse from an fd that was already opened before the ACL change). Commit 1b2ebf95 overlooked that there were two spots affected. * src/qemu/qemu_hotplug.c (qemuDomainDetachDiskDevice): Transfer backing chain before deletion. * src/qemu/qemu_driver.c (qemuDomainDetachDeviceDiskLive): Fix spacing (partly to ensure a different-looking patch).
-
由 Ján Tomko 提交于
Also removed some unreachable code found by coverity: libvirt-0.10.2/src/nwfilter/nwfilter_driver.c:259: unreachable: This code cannot be reached: "nwfilterDriverUnlock(driver...".
-
由 Ján Tomko 提交于
On error, virStoragePoolGetAutostart would return -1 leaving autostart untouched. Removed the misleading debug message as well. Error: CHECKED_RETURN (CWE-252): libvirt-0.10.2/tools/virsh-pool.c:1386: unchecked_value: No check of the return value of "virStoragePoolGetAutostart(pool, &autostart)".
-
由 Peter Krempa 提交于
This patch adds two labels and gets rid of a ton of duplicated code. This patch also fixes some error message and switches most of them to proper error reporting functions.
-
由 Peter Krempa 提交于
This patch adds macros to help retrieve configuration values from qemu driver's configuration. Some configuration options are grouped together in the process.
-
由 Laine Stump 提交于
This bug resolves CVE-2012-3411, which is described in the following bugzilla report: https://bugzilla.redhat.com/show_bug.cgi?id=833033 The following report is specifically for libvirt on Fedora: https://bugzilla.redhat.com/show_bug.cgi?id=874702 In short, a dnsmasq instance run with the intention of listening for DHCP/DNS requests only on a libvirt virtual network (which is constructed using a Linux host bridge) would also answer queries sent from outside the virtualization host. This patch takes advantage of a new dnsmasq option "--bind-dynamic", which will cause the listening socket to be setup such that it will only receive those requests that actually come in via the bridge interface. In order for this behavior to actually occur, not only must "--bind-interfaces" be replaced with "--bind-dynamic", but also all "--listen-address" options must be replaced with a single "--interface" option. Fully: --bind-interfaces --except-interface lo --listen-address x.x.x.x ... (with --listen-address possibly repeated) is replaced with: --bind-dynamic --interface virbrX Of course libvirt can't use this new option if the host's dnsmasq doesn't have it, but we still want libvirt to function (because the great majority of libvirt installations, which only have mode='nat' networks using RFC1918 private address ranges (e.g. 192.168.122.0/24), are immune to this vulnerability from anywhere beyond the local subnet of the host), so we use the new dnsmasqCaps API to check if dnsmasq supports the new option and, if not, we use the "old" option style instead. In order to assure that this permissiveness doesn't lead to a vulnerable system, we do check for non-private addresses in this case, and refuse to start the network if both a) we are using the old-style options, and b) the network has a publicly routable IP address. Hopefully this will provide the proper balance of not being disruptive to those not practically affected, and making sure that those who *are* affected get their dnsmasq upgraded. (--bind-dynamic was added to dnsmasq in upstream commit 54dd393f3938fc0c19088fbd319b95e37d81a2b0, which was included in dnsmasq-2.63)
-
由 Laine Stump 提交于
This new function returns true if the given address is in the range of any "private" or "local" networks as defined in RFC1918 (IPv4) or RFC3484/RFC4193 (IPv6), otherwise they return false. These ranges are: 192.168.0.0/16 172.16.0.0/16 10.0.0.0/24 FC00::/7 FEC0::/10
-
由 Laine Stump 提交于
In order to optionally take advantage of new features in dnsmasq when the host's version of dnsmasq supports them, but still be able to run on hosts that don't support the new features, we need to be able to detect the version of dnsmasq running on the host, and possibly determine from the help output what options are in this dnsmasq. This patch implements a greatly simplified version of the capabilities code we already have for qemu. A dnsmasqCaps device can be created and populated either from running a program on disk, reading a file with the concatenated output of "dnsmasq --version; dnsmasq --help", or examining a buffer in memory that contains the concatenated output of those two commands. Simple functions to retrieve capabilities flags, the version number, and the path of the binary are also included. bridge_driver.c creates a single dnsmasqCaps object at driver startup, and disposes of it at driver shutdown. Any time it must be used, the dnsmasqCapsRefresh method is called - it checks the mtime of the binary, and re-runs the checks if the binary has changed. networkxml2argvtest.c creates 2 "artificial" dnsmasqCaps objects at startup - one "restricted" (doesn't support --bind-dynamic) and one "full" (does support --bind-dynamic). Some of the test cases use one and some the other, to make sure both code pathes are tested.
-
由 Ján Tomko 提交于
If allocation of names fails, list is uninitialized.
-
由 Ján Tomko 提交于
On OOM, xdr_destroy got called even though it wasn't created yet. Found by coverity: Error: UNINIT (CWE-457): libvirt-0.10.2/src/rpc/virnetmessage.c:214: var_decl: Declaring variable "xdr" without initializer. libvirt-0.10.2/src/rpc/virnetmessage.c:219: cond_true: Condition "virReallocN(&msg->buffer, 1UL /* sizeof (*msg->buffer) */, msg->bufferLength) < 0", taking true branch libvirt-0.10.2/src/rpc/virnetmessage.c:221: goto: Jumping to label "cleanup" libvirt-0.10.2/src/rpc/virnetmessage.c:257: label: Reached label "cleanup" libvirt-0.10.2/src/rpc/virnetmessage.c:258: uninit_use: Using uninitialized value "xdr.x_ops".
-
由 Ján Tomko 提交于
Time values were uninitialized if the connection wasn't usable.
-
由 Ján Tomko 提交于
Found by coverity: Error: SIZEOF_MISMATCH (CWE-569): libvirt-0.10.2/tools/virsh-domain.c:4754: suspicious_sizeof: Passing argument "8UL /* sizeof (cpumap) */" to function "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and then casting the return value to "unsigned char *" is suspicious. Error: SIZEOF_MISMATCH (CWE-569): libvirt-0.10.2/tools/virsh-domain.c:4942: suspicious_sizeof: Passing argument "8UL /* sizeof (cpumap) */" to function "_vshCalloc(vshControl *, size_t, size_t, char const *, int)" and then casting the return value to "unsigned char *" is suspicious.
-
由 Ján Tomko 提交于
Found by coverity: Error: REVERSE_INULL (CWE-476): libvirt-0.10.2/src/util/processinfo.c:141: deref_ptr: Directly dereferencing pointer "map". libvirt-0.10.2/src/util/processinfo.c:142: check_after_deref: Null-checking "map" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
-
由 Ján Tomko 提交于
Found by coverity: Error: REVERSE_INULL (CWE-476): libvirt-0.10.2/src/conf/netdev_bandwidth_conf.c:99: deref_ptr: Directly dereferencing pointer "node". libvirt-0.10.2/src/conf/netdev_bandwidth_conf.c:107: check_after_deref: Null-checking "node" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
-
由 Daniel P. Berrange 提交于
The virStateInitialize method and several cgroups methods were using an 'int privileged' parameter or similar for dual-state values. These are better represented with the bool type. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
To allow actions to be performed in libvirtd when the host shuts down, or user session exits, introduce a 'stop' method to virDriverState. This will do things like saving the VM state to a file. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 29 11月, 2012 22 次提交
-
-
由 Daniel P. Berrange 提交于
Implement the new API for sending signals to processes in a guest for the LXC driver. Only support sending signals to the init process for now, because - The kernel does not appear to expose the mapping between container PID numbers and host PID numbers anywhere in the host OS namespace - There is no race-free way to validate whether a host PID corresponds to a process in a container. * src/lxc/lxc_driver.c: Allow sending processes signals Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
* tools/virsh.c: Add send-process-signal * tools/virsh.pod: Document new command Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
* src/remote/remote_protocol.x: message definition * src/remote/remote_driver.c: Register driver function * src/remote_protocol-structs: Test case Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Add an API for sending signals to arbitrary processes in the guest OS. This is primarily useful for container based virt, but can be used for machine virt too, if there is a suitable guest agent, * include/libvirt/libvirt.h.in: Add virDomainSendProcessSignal and virDomainProcessSignal enum * src/driver.h: Driver entry point * src/libvirt.c, src/libvirt_public.syms: Impl for new API Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Jiri Denemark 提交于
-
由 Guido Günther 提交于
As of 1a50ba2c we fail to connect to the monitor instead of getting an exit status != 0 from qemu itself. This breaks capabilities probing for the non QMP case.
-
由 Michal Privoznik 提交于
The documentation to this API has some defects from grammar and wording POV. These were raised after I've pushed the patches, so they are in a separate commit.
-
由 Osier Yang 提交于
The 3 options accept 0, and merely checking for non-zero values would cause wrong results.
-
由 Osier Yang 提交于
It makes no sense to fail the whole getting command if there is a parameter unsupported by the kernel. This patch fixes it by omitting the unsupported parameter for getMemoryParameters. And for setMemoryParameters, this checks if there is an unsupported parameter up front of the setting, and just returns failure if not all parameters are supported.
-
由 Daniel P. Berrange 提交于
Replace the following names * struct qemu_snap_remove with virQEMUSnapRemovePtr * struct qemu_snap_reparent with virQEMUSnapReparentPtr * struct qemu_save_header with virQEMUSaveHeaderPtr * enum qemu_save_formats with virQEMUSaveFormat Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
Remove the obsolete 'qemud' naming prefix and underscore based type name. Introduce virQEMUDriverPtr as the replacement, in common with LXC driver naming style
-
由 Laine Stump 提交于
This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=879473 The name attribute is required for portgroup elements (yes, the RNG specifies that), and there is code in libvirt that assumes it is non-null. Unfortunately, the portgroup parsing function wasn't checking for lack of portgroup. One adverse result of this was that attempts to update a network by adding a portgroup with no name would cause libvirtd to segfault. For example: virsh net-update default add portgroup "<portgroup default='yes'/>" This patch causes virNetworkPortGroupParseXML to fail if no name is specified, thus avoiding any later problems.
-
由 Michal Privoznik 提交于
Throughout the code, we've always used VIR_DOMAIN_SHUTDOWN* flags even for virDomainReboot() API and its implementation. Fortunately, the appropriate macros has the same value. But if we want to keep things consistent, we should be using the correct macros. This patch doesn't break anything, luckily.
-
由 Eric Blake 提交于
Commit cb022152 went overboard and introduced a dead conditional while trying to get rid of a potential NULL dereference. * src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqNew): Remove redundant conditional.
-
由 Ján Tomko 提交于
If it's negative, this might result in a request to allocate lots of memory.
-
由 Ján Tomko 提交于
In a few places, the return value could get passed to VIR_ALLOC_N without being checked, resulting in a request to allocate a lot of memory if the return value was negative.
-
由 Ján Tomko 提交于
The error messages did not correspond to the attributes they printed.
-
由 Ján Tomko 提交于
Missing break in the switch.
-
由 Ján Tomko 提交于
The size of the controllers array is VIR_CGROUP_CONTROLLER_LAST, however we only call it with values less than VIR_CGROUP_CONTROLLER_LAST.
-
由 Ján Tomko 提交于
This can't lead to a crash since virNWFilterSnoopReqNew is only called with a static array as the argument, but if we check for NULL we should do it right.
-
- 28 11月, 2012 1 次提交
-
-
由 Peter Krempa 提交于
Error messages produced while dispatching guest agent commands didn't have an apparent reference to the fact that they are dealing with guest agent commands. This patch fixes up some of the messages to contain that reference.
-