- 23 12月, 2014 5 次提交
-
-
由 Peter Krempa 提交于
Avoid leaving the domain locked on a failed ACL check in qemuDomainMigratePerform() and qemuDomainMigrateFinish2(). Introduced in commit abf75aea (Add ACL checks into the QEMU driver). (cherry picked from commit 2bdcd29c)
-
由 Michal Privoznik 提交于
https://bugs.gentoo.org/show_bug.cgi?id=508336 At wireshark, they have this promise to change public dissector APIs only with minor version number change. Which they did when releasing the version of 1.12. Firstly, they've changed tvb_memdup() in a0c53ffaa1bb46d8c9db2ec739401aa411c9790e so now it takes four arguments instead of three. The new argument is placed at the very beginning of the list of arguments and basically says the scope where we'd like to allocate the memory. According to the documentation NULL should be the default value. Then, the tcp_dissect_pdus() signature changed too. Well, the function that actually dissects reassembled packets as tcp_dissect_pdus() reorder TCP packets into one big chunk and then calls a user function to dissect the PDU at once. The change is dated back to 8081cf1d90397cbbb4404f9720595e1537ed5e14. Then, WS_DLL_PUBLIC_NOEXTERN was replaced with WS_DLL_PUBLIC_DEF in 5d87a8c46171f572568db5a47c093423482e342f. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit e74fa570)
-
由 Michal Privoznik 提交于
The rationale is to not duplicate code which is done in packet-libvirt.h for instance. Moreover, this way we can drop __attribute_((unused)) used int packet-libvirt.c in favor of ATTRIBUTE_UNUSED. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit 906d0abf)
-
由 Jim Fehlig 提交于
Commit 292d3f2d fixed the build with libselinux 2.3, but missed some suggestions by eblake https://www.redhat.com/archives/libvir-list/2014-May/msg00977.html This patch changes the macro introduced in 292d3f2d to either be empty in the case of newer libselinux, or contain 'const' in the case of older libselinux. The macro is then used directly in tests/securityselinuxhelper.c. (cherry picked from commit b109c097)
-
由 Cédric Bosdonnat 提交于
Several function signatures changed in libselinux 2.3, now taking a 'const char *' instead of 'security_context_t'. The latter is defined in selinux/selinux.h as typedef char *security_context_t; Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 292d3f2d)
-
- 13 11月, 2014 1 次提交
-
-
由 Laine Stump 提交于
virNetDevLinkDump() gets a message from netlink into "resp", then calls nlmsg_parse() to fill the table "tb" with pointers into resp. It then returns tb to its caller, but not before freeing the buffer at resp. That means that all the callers of virNetDevLinkDump() are examining memory that has already been freed. This can be verified by filling the buffer at resp with garbage prior to freeing it (or, I suppose, just running libvirtd under valgrind) then performing some operation that calls virNetDevLinkDump(). The upstream commit log incorrectly states that the code has been like this ever since virNetDevLinkDump() was written. In reality, the problem was introduced with commit e95de74d, first in libvirt-1.0.5, which was attempting to eliminate a typecast that caused compiler warnings. It has only been pure luck (or maybe a lack of heavy load, and/or maybe an allocation algorithm in malloc() that delays re-use of just-freed memory) that has kept this from causing errors, for example when configuring a PCI passthrough or macvtap passthrough network interface. The solution taken in this patch is the simplest - just return resp to the caller along with tb, then have the caller free it after they are finished using the data (pointers) in tb. I alternately could have made a cleaner interface by creating a new struct that put tb and resp together along with a vir*Free() function for it, but this function is only used in a couple places, and I'm not sure there will be additional new uses of virNetDevLinkDump(), so the value of adding a new type, extra APIs, etc. is dubious. (cherry picked from commit f9f9699f)
-
- 07 11月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Commit 28f8dfdc (v1.0.0) introduced a security hole: in at least the qemu implementation of virDomainGetXMLDesc, the use of the flag VIR_DOMAIN_XML_MIGRATABLE (which is usable from a read-only connection) triggers the implicit use of VIR_DOMAIN_XML_SECURE prior to calling qemuDomainFormatXML. However, the use of VIR_DOMAIN_XML_SECURE is supposed to be restricted to read-write clients only. This patch treats the migratable flag as requiring the same permissions, rather than analyzing what might break if migratable xml no longer includes secret information. Fortunately, the information leak is low-risk: all that is gated by the VIR_DOMAIN_XML_SECURE flag is the VNC connection password; but VNC passwords are already weak (FIPS forbids their use, and on a non-FIPS machine, anyone stupid enough to trust a max-8-byte password sent in plaintext over the network deserves what they get). SPICE offers better security than VNC, and all other secrets are properly protected by use of virSecret associations rather than direct output in domain XML. * src/remote/remote_protocol.x (REMOTE_PROC_DOMAIN_GET_XML_DESC): Tighten rules on use of migratable flag. * src/libvirt-domain.c (virDomainGetXMLDesc): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit b1674ad5) Conflicts: src/libvirt-domain.c - file split from older src/libvirt.c Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 02 10月, 2014 1 次提交
-
-
由 Pavel Hrdina 提交于
If you use public api virConnectListAllDomains() with second parameter set to NULL to get only the number of domains you will lock out all other operations with domains. Introduced by commit 2c680804. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> (cherry picked from commit fc22b2e7)
-
- 18 9月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
Live definition was used to look up the disk index while persistent one was indexed leading to a crash in qemuDomainGetBlockIoTune. Use the correct def and report a nice error. Unfortunately it's accessible via read-only connection, though it can only crash libvirtd in the cases where the guest is hot-plugging disks without reflecting those changes to the persistent definition. So avoiding hotplug, or doing hotplug where persistent is always modified alongside live definition, will avoid the out-of-bounds access. Introduced in: eca96694a (v0.9.8) Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1140724Reported-by: NLuyao Huang <lhuang@redhat.com> Signed-off-by: NPeter Krempa <pkrempa@redhat.com> (cherry picked from commit 3e745e8f)
-
- 02 7月, 2014 1 次提交
-
-
由 Peter Krempa 提交于
We have the following matrix of possible arguments handled by the logic statement touched by this patch: | flags & _REUSE_EXT | !(flags & _REUSE_EXT) -------+--------------------+---------------------- format| (1) | (2) -------+--------------------+---------------------- !format| (3) | (4) -------+--------------------+---------------------- In cases 1 and 2 the user provided a format, in cases 3 and 4 not. The user requests to use a pre-existing image in 1 and 3 and libvirt will create a new image in 2 and 4. The difference between cases 3 and 4 is that for 3 the format is probed from the user-provided image, whereas in 4 we just use the existing disk format. The current code would treat cases 1,3 and 4 correctly but in case 2 the format provided by the user would be ignored. The particular piece of code was broken in commit 35c7701c but since it was introduced a few commits before that it was never released as working. (cherry picked from commit 42619ed0) Signed-off-by: NEric Blake <eblake@redhat.com> Conflicts: src/qemu/qemu_driver.c - no refactoring of commit 7b7bf001
-
- 27 6月, 2014 2 次提交
-
-
由 Eric Blake 提交于
We publish libvirt-api.xml for others to use, and in fact, the libvirt-python bindings use it to generate python constants that correspond to our enum values. However, we had an off-by-one bug that any enum that relied on C's rules for implicit initialization of the first enum member to 0 got listed in the xml as having a value of 1 (and all later members of the enum were equally botched). The fix is simple - since we add one to the previous value when encountering an enum without an initializer, the previous value must start at -1 so that the first enum member is assigned 0. The python generator code has had the off-by-one ever since DV first wrote it years ago, but most of our public enums were immune because they had an explicit = 0 initializer. The only affected enums are: - virDomainEventGraphicsAddressType (such as VIR_DOMAIN_EVENT_GRAPHICS_ADDRESS_IPV4), since commit 987e31ed (libvirt v0.8.0) - virDomainCoreDumpFormat (such as VIR_DOMAIN_CORE_DUMP_FORMAT_RAW), since commit 9fbaff00 (libvirt v1.2.3) - virIPAddrType (such as VIR_IP_ADDR_TYPE_IPV4), since commit 03e0e79e (not yet released) Thanks to Nehal J Wani for reporting the problem on IRC, and for helping me zero in on the culprit function. * docs/apibuild.py (CParser.parseEnumBlock): Fix implicit enum values. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 9b291bbe)
-
由 Peter Krempa 提交于
When creating a new disk mirror the new struct is stored in a separate variable until everything went well. The removed hunk would actually remove existing mirror information for example when the api would be run if a mirror still exists. (cherry picked from commit 02b364e1) This fixes a regression introduced in commit ff5f30b6. Signed-off-by: NEric Blake <eblake@redhat.com> Conflicts: src/qemu/qemu_driver.c - no refactoring of commit 7b7bf001
-
- 11 6月, 2014 1 次提交
-
-
由 Eric Blake 提交于
Jim Fehlig reported a regression found by libvirt-TCK tests: > ~ # perl /usr/share/libvirt-tck/tests/qemu/100-disk-encryption.t ... > ok 4 - defined persistent domain config > # Starting inactive domain config > libvirt error code: 1, message: internal error: unable to execute QEMU command > 'cont': 'drive-ide0-0-1' > (/var/cache/libvirt-tck/300-disk-encryption/demo.qcow2) is encrypted Commit 2279d560 converted a boolean into a pointer with the intent of transferring that pointer out of a temporary object into the caller's data structure. The temporary structure meant that meta->encryption was always NULL on entry, so we could get away with blindly allocating the pointer when the header said so. But later, commit 8823272d tweaked things to do backing chain detection in-place, rather than via a temporary object; this has the net result that meta->encryption can be non-NULL on entry. Not only did this turn the latent behavior into a memory leak, it is also a behavior regression: blindly allocating a new pointer wipes out what secrets we already knew about the chain, making it impossible to restart the domain. Of course, no one in their right mind should be relying on qcow2 encryption - it is fundamentally flawed. And sadly, the TCK tests don't get run often enough, and this shows that our virstoragetest does not exercise encrypted images at all. Otherwise, we could have avoided a release containing this regression. * src/util/virstoragefile.c (virStorageFileGetMetadataInternal): Don't nuke an already-existing encryption. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 1c7eb95c)
-
- 06 5月, 2014 1 次提交
-
-
由 Daniel P. Berrange 提交于
If the XML_PARSE_NOENT flag is passed to libxml2, then any entities in the input document will be fully expanded. This allows the user to read arbitrary files on the host machine by creating an entity pointing to a local file. Removing the XML_PARSE_NOENT flag means that any entities are left unchanged by the parser, or expanded to "" by the XPath APIs. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit d6b27d3e)
-
- 04 5月, 2014 1 次提交
-
-
由 Daniel Veillard 提交于
* docs/news.html.in libvirt.spec.in: updates for release * po/*.po*: fetched new localization and regenerated
-
- 03 5月, 2014 2 次提交
-
-
由 Guido Günther 提交于
This fixes link failures like: CCLD virfirewalltest /usr/bin/ld: virfirewalltest-virfirewalltest.o: undefined reference to symbol 'dbus_message_iter_init_append'
-
由 Guido Günther 提交于
When building packages in a clean chroot the QEMU_USER and QEMU_GROUP don't exist making VirQemuDriverConfigNew fail with privileged=true. Avoid that by not requiring privileged mode upfront but setting it later so we skip the user/group existence check. This solution was suggested by Daniel P. Berrange and tested by Martin Kletzander.
-
- 02 5月, 2014 8 次提交
-
-
由 Roman Bogorodskiy 提交于
Currently firewalling is supported on Linux only, so skip the virfirewalltest on other platforms.
-
由 John Ferlan 提交于
Commit id 'ac9a0963' refactored out the 'withCapacity' for the virStorageBackendUpdateVolInfo() API. See: http://www.redhat.com/archives/libvir-list/2014-April/msg00043.html This resulted in a difference in how 'virsh vol-info --pool <poolName> <volume>' or 'virsh vol-list vol-list --pool <poolName> --details' outputs the capacity information for a directory pool with a qcow2 sparse file. For example, using the following XML mkdir /home/TestPool cat testpool.xml <pool type='dir'> <name>TestPool</name> <uuid>6bf80895-10b6-75a6-6059-89fdea2aefb7</uuid> <source> </source> <target> <path>/home/TestPool</path> <permissions> <mode>0755</mode> <owner>0</owner> <group>0</group> </permissions> </target> </pool> virsh pool-create testpool.xml virsh vol-create-as --pool TestPool temp_vol_1 \ --capacity 1048576 --allocation 1048576 --format qcow2 virsh vol-info --pool TestPool temp_vol_1 Results in listing a Capacity value. Prior to the commit, the value would be '1.0 MiB' (1048576 bytes). However, after the commit the output would be (for example) '192.50 KiB', which for my system was the size of the volume in my file system (eg 'ls -l TestPool/temp_vol_1' results in '197120' bytes or 192.50 KiB). While perhaps technically correct, it's not necessarily what the user expected (certainly virt-test didn't expect it). This patch restores the code to not update the target capacity for this path
-
由 Martin Kletzander 提交于
gnutls-3.3.0 and newer leaves 2 FDs open in order to be backwards compatible when it comes to chrooted binaries [1]. Linking commandhelper with gnutls then leaves these two FDs open and commandtest fails thanks to that. This patch does not link commandhelper with libvirt.la, but rather only the utilities making the test pass. Based on suggestion from Daniel [2]. [1] http://lists.gnutls.org/pipermail/gnutls-help/2014-April/003429.html [2] https://www.redhat.com/archives/libvir-list/2014-April/msg01119.htmlSigned-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Ján Tomko 提交于
Older gcc (4.1.2-55.el5, 4.2.1 on FreeBSD) reports bogus warnings: ../../src/conf/nwfilter_conf.c:2111: warning: 'protocol' may be used uninitialized in this function ../../src/conf/nwfilter_conf.c:2110: warning: 'dataProtocolID' may be used uninitialized in this function Initialize them to NULL to make the compiler happy.
-
由 Eric Blake 提交于
Commit f22b7899 stumbled across a difference between 32-bit and 64-bit platforms when parsing "-1" as an int. Now that we've fixed that difference, it's time to fix the testsuite. * src/util/virstoragefile.c (virStorageFileParseChainIndex): Require a positive index. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
strtoul() is required to parse negative numbers as their twos-complement positive counterpart. But sometimes we want to reject negative numbers. Add new functions to do this. The 'p' suffix is a mnemonic for 'positive' (technically it also parses 0, but 'non-negative' doesn't lend itself to a nice one-letter suffix). * src/util/virstring.h (virStrToLong_uip, virStrToLong_ulp) (virStrToLong_ullp): New prototypes. * src/util/virstring.c (virStrToLong_uip, virStrToLong_ulp) (virStrToLong_ullp): New functions. * src/libvirt_private.syms (virstring.h): Export them. * tests/virstringtest.c (testStringToLong): Test them. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Commit f22b7899 called to light a long-standing latent bug: the behavior of virStrToLong_ui was different on 32-bit platforms than on 64-bit platforms. Curse you, C type promotion and narrowing rules, and strtoul specification. POSIX says that for a 32-bit long, strtol handles only 2^32 values [LONG_MIN to LONG_MAX] while strtoul handles 2^33 - 1 values [-ULONG_MAX to ULONG_MAX] with twos-complement wraparound for negatives. Thus, parsing -1 as unsigned long produces ULONG_MAX, rather than a range error. We WANT[1] this same shortcut for turning -1 into UINT_MAX when parsing to int; and get it for free with 32-bit long. But with 64-bit long, ULONG_MAX is outside the range of int and we were rejecting it as invalid; meanwhile, we were silently treating -18446744073709551615 as 1 even though it textually exceeds INT_MIN. Too bad there's not a strtoui() in libc that does guaranteed parsing to int, regardless of the size of long. The bug has been latent since 2007, introduced by Jim Meyering in commit 5d254191 in the attempt to eradicate unsafe use of strto[u]l when parsing ints and longs. How embarrassing that we are only discovering it now - so I'm adding a testsuite to ensure that it covers all the corner cases we care about. [1] Ideally, we really want the caller to be able to choose whether to allow negative numbers to wrap around to their 2s-complement counterpart, as in strtoul, or to force a stricter input range of [0 to UINT_MAX] by rejecting negative signs; this will be added in a later patch for all three int types. This patch is tested on both 32- and 64-bit; the enhanced virstringtest passes on both platforms, while virstoragetest now reliably fails on both platforms instead of just 32-bit platforms. That test will be fixed later. * src/util/virstring.c (virStrToLong_ui): Ensure same behavior regardless of platform long size. * tests/virstringtest.c (testStringToLong): New function. (mymain): Comprehensively test string to long parsing. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Daniel P. Berrange 提交于
A couple of places in the QEMU XML -> ARGV conversion code raised an error but then forgot to return an error status due to missing gotos. While fixing this also tweak style of a couple of other error reports Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
- 01 5月, 2014 4 次提交
-
-
由 Laine Stump 提交于
If a domain network interface that contains a <filterref> is modified "live" using "virsh update-device --live", libvirtd would crash. This was because the code supporting live update of an interface's filterref was assuming that a filterref might be added or modified, but didn't account for removing the filterref, resulting in a null dereference of the filter name. Introduced with commit 258fb278, which was first in libvirt v1.0.1. This addresses https://bugzilla.redhat.com/show_bug.cgi?id=1093301
-
由 Peter Krempa 提交于
To avoid memory leak of the "backingStoreRaw" field when reparsing backing chains a new function is being introduced by this patch that shall be used to clear backing store information. The memory leak was introduced in commit 8823272d.
-
由 Stefan Berger 提交于
Refactor the ebiptablesTearNewRules function so that the teardown of temporary filters can also be called by the ebiptablesAllTeardown function. This fixes a problem that leaves temporary filters behind when a VM shuts down while its filters are modified. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> v1->v2: - test cases adjusted to expect more commands
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=808463 Well, libvirt doesn't distinguish between domain poweroff and hibernation (S4). It's hard to differentiate these two on a real machine anyway. As a result, any device that is hot(un-)plugged is lost (appears again) when domain is started again as from our POV it is a fresh cold boot. Instead of doing anything wise here, we should just document this as known limitation. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 30 4月, 2014 6 次提交
-
-
由 Daniel P. Berrange 提交于
The LXC controller itself needs to mknod the USB device node in /dev/bus/usb, so we can't block mknod permission from the cgroup. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Stefan Berger 提交于
An IP or IPv6 rule with port specification but without protocol specification cannot be instantiated by ebtables. The documentation points to 'protocol' being required but implementation does not enforce it to be given. Implement a rule validation function that checks whether the rule is valid when it is defined. This for example prevents the definition of rules like: <ip dstportstart='53'> where a protocol attribute would be required for it to be valid and for ebtables to be able to instantiate it. A valid rule then is: <ip protocol='udp' dstportstart='53'> Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com>
-
由 Sahid Orentino Ferdjaoui 提交于
This commit adds a new example to illustrate peer to peer domain migration with virDomainMigrateToURI. Signed-off-by: NSahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com>
-
由 Sahid Orentino Ferdjaoui 提交于
This commit provides the ability to virDomainMigrateToURI to check for SASL credentials when attempts to migrate a domain with the driver QEMU. Signed-off-by: NSahid Orentino Ferdjaoui <sahid.ferdjaoui@cloudwatt.com>
-
由 Pavel Hrdina 提交于
We need to include the testutils.h also for freebsd. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
Freebsd doesn't know ENODATA so we have to use different EINVAL error code. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
- 29 4月, 2014 5 次提交
-
-
由 Eric Blake 提交于
Commit 5c43e2e0 introduced a NULL deref if there is a failure in virStorageFileGetMetadataInternal. * src/util/virstoragefile.c (virStorageFileGetMetadataFromBuf): Fix error handling. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Daniel P. Berrange 提交于
We don't support building libvirtd on Win32 since we lack the fork/exec feature needed for the stateful drivers. Disable this by default, so users can just do 'mingw32-configure' with no special args required. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Daniel P. Berrange 提交于
SO_REUSEADDR on Windows is actually akin to SO_REUSEPORT on Linux/BSD. ie it allows 2 apps to listen to the same port at once. Thus we must not set it on Win32 platforms See http://msdn.microsoft.com/en-us/library/windows/desktop/ms740621.aspxSigned-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Martin Kletzander 提交于
When EIO comes to qemu while it's replying to qemuMigrationUpdateJobStatus(), qemu blocks, the migration of RAM can complete in the meantime, and when qemu unblocks, it sends us BLOCK_IO_ERROR plus migrations "status": "complete". Even though we act upon the BLOCK_IO_ERROR by setting the proper state of the domain, the call still waits for the proper reply on monitor for query_migrate and after it gets it, it checks that migration is completed and the migration is finished. This is what abort_on_error flag was meant for (we can migrate with these errors, but this flag must inhibit such behaviour). Changing the order of the steps guarantees the flag works properly. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1045833Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Martin Kletzander 提交于
Based on suggestion from Eric [1], because it might not get cleaned up before the release, so to avoid potential errors. [1] https://www.redhat.com/archives/libvir-list/2014-April/msg00929.htmlSigned-off-by: NMartin Kletzander <mkletzan@redhat.com>
-