1. 04 2月, 2014 2 次提交
    • D
      Push nwfilter update locking up to top level · 51c40f62
      Daniel P. Berrange 提交于
      The NWFilter code has as a deadlock race condition between
      the virNWFilter{Define,Undefine} APIs and starting of guest
      VMs due to mis-matched lock ordering.
      
      In the virNWFilter{Define,Undefine} codepaths the lock ordering
      is
      
        1. nwfilter driver lock
        2. virt driver lock
        3. nwfilter update lock
        4. domain object lock
      
      In the VM guest startup paths the lock ordering is
      
        1. virt driver lock
        2. domain object lock
        3. nwfilter update lock
      
      As can be seen the domain object and nwfilter update locks are
      not acquired in a consistent order.
      
      The fix used is to push the nwfilter update lock upto the top
      level resulting in a lock ordering for virNWFilter{Define,Undefine}
      of
      
        1. nwfilter driver lock
        2. nwfilter update lock
        3. virt driver lock
        4. domain object lock
      
      and VM start using
      
        1. nwfilter update lock
        2. virt driver lock
        3. domain object lock
      
      This has the effect of serializing VM startup once again, even if
      no nwfilters are applied to the guest. There is also the possibility
      of deadlock due to a call graph loop via virNWFilterInstantiate
      and virNWFilterInstantiateFilterLate.
      
      These two problems mean the lock must be turned into a read/write
      lock instead of a plain mutex at the same time. The lock is used to
      serialize changes to the "driver->nwfilters" hash, so the write lock
      only needs to be held by the define/undefine methods. All other
      methods can rely on a read lock which allows good concurrency.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 6e5c79a1)
      51c40f62
    • D
      Add a read/write lock implementation · 9a713d64
      Daniel P. Berrange 提交于
      Add virRWLock backed up by a POSIX rwlock primitive
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit c065984b)
      9a713d64
  2. 16 1月, 2014 3 次提交
    • E
      event: filter global events by domain:getattr ACL [CVE-2014-0028] · 7ccc1359
      Eric Blake 提交于
      Ever since ACL filtering was added in commit 76397360 (v1.1.1), a
      user could still use event registration to obtain access to a
      domain that they could not normally access via virDomainLookup*
      or virConnectListAllDomains and friends.  We already have the
      framework in the RPC generator for creating the filter, and
      previous cleanup patches got us to the point that we can now
      wire the filter through the entire object event stack.
      
      Furthermore, whether or not domain:getattr is honored, use of
      global events is a form of obtaining a list of networks, which
      is covered by connect:search_domains added in a93cd08f (v1.1.0).
      Ideally, we'd have a way to enforce connect:search_domains when
      doing global registrations while omitting that check on a
      per-domain registration.  But this patch just unconditionally
      requires connect:search_domains, even when no list could be
      obtained, based on the following observations:
      1. Administrators are unlikely to grant domain:getattr for one
      or all domains while still denying connect:search_domains - a
      user that is able to manage domains will want to be able to
      manage them efficiently, but efficient management includes being
      able to list the domains they can access.  The idea of denying
      connect:search_domains while still granting access to individual
      domains is therefore not adding any real security, but just
      serves as a layer of obscurity to annoy the end user.
      2. In the current implementation, domain events are filtered
      on the client; the server has no idea if a domain filter was
      requested, and must therefore assume that all domain event
      requests are global.  Even if we fix the RPC protocol to
      allow for server-side filtering for newer client/server combos,
      making the connect:serach_domains ACL check conditional on
      whether the domain argument was NULL won't benefit older clients.
      Therefore, we choose to document that connect:search_domains
      is a pre-requisite to any domain event management.
      
      Network events need the same treatment, with the obvious
      change of using connect:search_networks and network:getattr.
      
      * src/access/viraccessperm.h
      (VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS)
      (VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional
      effect of the permission.
      * src/conf/domain_event.h (virDomainEventStateRegister)
      (virDomainEventStateRegisterID): Add new parameter.
      * src/conf/network_event.h (virNetworkEventStateRegisterID):
      Likewise.
      * src/conf/object_event_private.h (virObjectEventStateRegisterID):
      Likewise.
      * src/conf/object_event.c (_virObjectEventCallback): Track a filter.
      (virObjectEventDispatchMatchCallback): Use filter.
      (virObjectEventCallbackListAddID): Register filter.
      * src/conf/domain_event.c (virDomainEventFilter): New function.
      (virDomainEventStateRegister, virDomainEventStateRegisterID):
      Adjust callers.
      * src/conf/network_event.c (virNetworkEventFilter): New function.
      (virNetworkEventStateRegisterID): Adjust caller.
      * src/remote/remote_protocol.x
      (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER)
      (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY)
      (REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a
      filter, and require connect:search_domains instead of weaker
      connect:read.
      * src/test/test_driver.c (testConnectDomainEventRegister)
      (testConnectDomainEventRegisterAny)
      (testConnectNetworkEventRegisterAny): Update callers.
      * src/remote/remote_driver.c (remoteConnectDomainEventRegister)
      (remoteConnectDomainEventRegisterAny): Likewise.
      * src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
      (xenUnifiedConnectDomainEventRegisterAny): Likewise.
      * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise.
      * src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
      (libxlConnectDomainEventRegisterAny): Likewise.
      * src/qemu/qemu_driver.c (qemuConnectDomainEventRegister)
      (qemuConnectDomainEventRegisterAny): Likewise.
      * src/uml/uml_driver.c (umlConnectDomainEventRegister)
      (umlConnectDomainEventRegisterAny): Likewise.
      * src/network/bridge_driver.c
      (networkConnectNetworkEventRegisterAny): Likewise.
      * src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
      (lxcConnectDomainEventRegisterAny): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit f9f56340)
      
      Conflicts:
      	src/conf/object_event.c - not backporting event refactoring
      	src/conf/object_event_private.h - likewise
      	src/conf/network_event.c - not backporting network events
      	src/conf/network_event.h - likewise
      	src/network/bridge_driver.c - likewise
      	src/access/viraccessperm.h - likewise
      	src/remote/remote_protocol.x - likewise
      	src/conf/domain_event.c - includes code that upstream has in object_event
      	src/conf/domain_event.h - context
      	src/libxl/libxl_driver.c - context
      	src/lxc/lxc_driver.c - context
      	src/remote/remote_driver.c - context, not backporting network events
      	src/test/test_driver.c - context, not backporting network events
      	src/uml/uml_driver.c - context
      	src/xen/xen_driver.c - context
      7ccc1359
    • E
      Fix memory leak in virObjectEventCallbackListRemoveID() · e122c603
      Eric Blake 提交于
      While running objecteventtest, it was found that valgrind pointed out the
      following memory leak:
      
      ==13464== 5 bytes in 1 blocks are definitely lost in loss record 7 of 134
      ==13464==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
      ==13464==    by 0x341F485E21: strdup (strdup.c:42)
      ==13464==    by 0x4CAE28F: virStrdup (virstring.c:554)
      ==13464==    by 0x4CF3CBE: virObjectEventCallbackListAddID (object_event.c:286)
      ==13464==    by 0x4CF49CA: virObjectEventStateRegisterID (object_event.c:729)
      ==13464==    by 0x4CF73FE: virDomainEventStateRegisterID (domain_event.c:1424)
      ==13464==    by 0x4D7358F: testConnectDomainEventRegisterAny (test_driver.c:6032)
      ==13464==    by 0x4D600C8: virConnectDomainEventRegisterAny (libvirt.c:19128)
      ==13464==    by 0x402409: testDomainStartStopEvent (objecteventtest.c:232)
      ==13464==    by 0x403451: virtTestRun (testutils.c:138)
      ==13464==    by 0x402012: mymain (objecteventtest.c:395)
      ==13464==    by 0x403AF2: virtTestMain (testutils.c:593)
      ==13464==
      
      (cherry picked from commit 34d52b34)
      
      Conflicts:
      	src/conf/object_event.c - 1.2.1 refactoring to object_event not
      backported, so change applied directly in older domain_event.c instead
      e122c603
    • M
      virDomainEventCallbackListFree: Don't leak @list->callbacks · 541c80bf
      Michal Privoznik 提交于
      The @list->callbacks is an array that is inflated whenever a new event
      is added, e.g. via virDomainEventCallbackListAddID(). However, when we
      are freeing the array, we free the items within it but forgot to
      actually free it.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit ea13a759)
      541c80bf
  3. 15 1月, 2014 7 次提交
    • J
      Really don't crash if a connection closes early · eb365315
      Jiri Denemark 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1047577
      
      When writing commit 173c2914, I missed the fact virNetServerClientClose
      unlocks the client object before actually clearing client->sock and thus
      it is possible to hit a window when client->keepalive is NULL while
      client->sock is not NULL. I was thinking client->sock == NULL was a
      better check for a closed connection but apparently we have to go with
      client->keepalive == NULL to actually fix the crash.
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      (cherry picked from commit 066c8ef6)
      eb365315
    • J
      Don't crash if a connection closes early · d2740153
      Jiri Denemark 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1047577
      
      When a client closes its connection to libvirtd early during
      virConnectOpen, more specifically just after making
      REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if
      VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for
      the result, libvirtd may crash due to a race in keep-alive
      initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE
      call, the daemon's event loop delegates it to a worker thread. In case
      the event loop detects EOF on the connection and calls
      virNetServerClientClose before the worker thread starts to handle
      REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be
      disposed by the time virNetServerClientStartKeepAlive gets called from
      remoteDispatchConnectSupportsFeature. Because the flow is common for
      both authenticated and read-only connections, even unprivileged clients
      may cause the daemon to crash.
      
      To avoid the crash, virNetServerClientStartKeepAlive needs to check if
      the connection is still open before starting keep-alive protocol.
      
      Every libvirt release since 0.9.8 is affected by this bug.
      
      (cherry picked from commit 173c2914)
      d2740153
    • J
      qemu: Fix job usage in virDomainGetBlockIoTune · 8fcc0f02
      Jiri Denemark 提交于
      CVE-2013-6458
      
      Every API that is going to begin a job should do that before fetching
      data from vm->def.
      
      (cherry picked from commit 3b564259)
      8fcc0f02
    • J
      qemu: Fix job usage in qemuDomainBlockCopy · 94256e69
      Jiri Denemark 提交于
      Every API that is going to begin a job should do that before fetching
      data from vm->def.
      
      (cherry picked from commit ff5f30b6)
      94256e69
    • J
      qemu: Fix job usage in qemuDomainBlockJobImpl · 36c1691c
      Jiri Denemark 提交于
      CVE-2013-6458
      
      Every API that is going to begin a job should do that before fetching
      data from vm->def.
      
      (cherry picked from commit f93d2caa)
      36c1691c
    • J
      qemu: Avoid using stale data in virDomainGetBlockInfo · 4ee6ed6f
      Jiri Denemark 提交于
      CVE-2013-6458
      
      Generally, every API that is going to begin a job should do that before
      fetching data from vm->def. However, qemuDomainGetBlockInfo does not
      know whether it will have to start a job or not before checking vm->def.
      To avoid using disk alias that might have been freed while we were
      waiting for a job, we use its copy. In case the disk was removed in the
      meantime, we will fail with "cannot find statistics for device '...'"
      error message.
      
      (cherry picked from commit b7992595)
      4ee6ed6f
    • J
      qemu: Do not access stale data in virDomainBlockStats · c8fa19d9
      Jiri Denemark 提交于
      CVE-2013-6458
      https://bugzilla.redhat.com/show_bug.cgi?id=1043069
      
      When virDomainDetachDeviceFlags is called concurrently to
      virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats
      finds a disk in vm->def before getting a job on a domain and uses the
      disk pointer after getting the job. However, the domain in unlocked
      while waiting on a job condition and thus data behind the disk pointer
      may disappear. This happens when thread 1 runs
      virDomainDetachDeviceFlags and enters monitor to actually remove the
      disk. Then another thread starts running virDomainBlockStats, finds the
      disk in vm->def, and while it's waiting on the job condition (owned by
      the first thread), the first thread finishes the disk removal. When the
      second thread gets the job, the memory pointed to be the disk pointer is
      already gone.
      
      That said, every API that is going to begin a job should do that before
      fetching data from vm->def.
      
      (cherry picked from commit db86da5c)
      c8fa19d9
  4. 29 12月, 2013 1 次提交
    • D
      libxl: avoid crashing if calling `virsh numatune' on inactive domain · 626eb91f
      Dario Faggioli 提交于
      by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
      possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
      happens, without having initialized the nodemap, and hence crashing after some
      invalid free()-s:
      
       # ./daemon/libvirtd -v
       *** Error in `/home/xen/libvirt.git/daemon/.libs/lt-libvirtd': munmap_chunk(): invalid pointer: 0x00007fdd42592666 ***
       ======= Backtrace: =========
       /lib64/libc.so.6(+0x7bbe7)[0x7fdd3f767be7]
       /lib64/libxenlight.so.4.3(libxl_bitmap_dispose+0xd)[0x7fdd2c88c045]
       /home/xen/libvirt.git/daemon/.libs/../../src/.libs/libvirt_driver_libxl.so(+0x12d26)[0x7fdd2caccd26]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(virDomainGetNumaParameters+0x15c)[0x7fdd4247898c]
       /home/xen/libvirt.git/daemon/.libs/lt-libvirtd(+0x1d9a2)[0x7fdd42ecc9a2]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(virNetServerProgramDispatch+0x3da)[0x7fdd424e9eaa]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0x1a6f38)[0x7fdd424e3f38]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa81e5)[0x7fdd423e51e5]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa783e)[0x7fdd423e483e]
       /lib64/libpthread.so.0(+0x7c53)[0x7fdd3febbc53]
       /lib64/libc.so.6(clone+0x6d)[0x7fdd3f7e1dbd]
      Signed-off-by: NDario Faggili <dario.faggioli@citrix.com>
      Cc: Jim Fehlig <jfehlig@suse.com>
      Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
      (cherry picked from commit f9ee91d3)
      626eb91f
  5. 20 12月, 2013 2 次提交
    • M
      Fix crash in lxcDomainSetMemoryParameters · ec01411a
      Martin Kletzander 提交于
      The function doesn't check whether the request is made for active or
      inactive domain.  Thus when the domain is not running it still tries
      accessing non-existing cgroups (priv->cgroup, which is NULL).
      
      I re-made the function in order for it to work the same way it's qemu
      counterpart does.
      
      Reproducer:
       1) Define an LXC domain
       2) Do 'virsh memtune <domain> --hard-limit 133T'
      
      Backtrace:
       Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)):
       #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764
       #1  0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824")
           at util/vircgroup.c:669
       #2  0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740
       #3  0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904
       #4  0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576)
           at util/vircgroup.c:1944
       #5  0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420,
           params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774
       #6  0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420,
           params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051
       #7  0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00,
           client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510)
           at remote_dispatch.h:7621
       #8  0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00,
           client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510,
           ret=0x7fffe40b84f0) at remote_dispatch.h:7591
       #9  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
           server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
           at rpc/virnetserverprogram.c:435
       #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
           server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
           at rpc/virnetserverprogram.c:305
       #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10,
           prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165
       #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00)
           at rpc/virnetserver.c:186
       #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
       #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
       #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
       #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      (cherry picked from commit 9faf3f29)
      ec01411a
    • M
      CVE-2013-6436: fix crash in lxcDomainGetMemoryParameters · 09956c7d
      Martin Kletzander 提交于
      The function doesn't check whether the request is made for active or
      inactive domain.  Thus when the domain is not running it still tries
      accessing non-existing cgroups (priv->cgroup, which is NULL).
      
      I re-made the function in order for it to work the same way it's qemu
      counterpart does.
      
      Reproducer:
       1) Define an LXC domain
       2) Do 'virsh memtune <domain>'
      
      Backtrace:
       Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)):
       #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764
       #1  0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705
       #2  0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804
       #3  0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8)
           at util/vircgroup.c:1962
       #4  0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0,
           params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826
       #5  0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0,
           params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137
       #6  0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00,
           client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
           ret=0x7fffd4002420) at remote.c:1895
       #7  0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00,
           client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
           ret=0x7fffd4002420) at remote_dispatch.h:4050
       #8  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
           server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
           at rpc/virnetserverprogram.c:435
       #9  0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
           server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
           at rpc/virnetserverprogram.c:305
       #10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0,
           prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165
       #11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00)
           at rpc/virnetserver.c:186
       #12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
       #13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
       #14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
       #15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      (cherry picked from commit f8c1cb90)
      09956c7d
  6. 04 11月, 2013 2 次提交
    • D
      Release of libvirt-1.1.4 · a4a7c7e9
      Daniel Veillard 提交于
      * configure.ac docs/news.html.in libvirt.spec.in: update for the release
      * po/*.po*: update localizations from transifex and regenerate
      a4a7c7e9
    • R
      virnetsocket: fix getsockopt on FreeBSD · 8079b0e0
      Ryota Ozaki 提交于
      aa0f0992 introduced a strict error checking for getsockopt and it
      revealed that getting a peer credential of a socket on FreeBSD
      didn't work. Libvirtd hits the error:
        error : virNetSocketGetUNIXIdentity:1198 : Failed to get valid
        client socket identity groups
      
      SOL_SOCKET (0xffff) was used as a level of getsockopt for
      LOCAL_PEERCRED, however, it was wrong. 0 is correct as well as
      Mac OS X.
      
      So for LOCAL_PEERCRED our options are SOL_LOCAL (if defined) or
      0 on Mac OS X and FreeBSD. According to the fact, the patch
      simplifies the code by removing ifdef __APPLE__.
      
      I tested the patch on FreeBSD 8.4, 9.2 and 10.0-BETA1.
      Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com>
      8079b0e0
  7. 03 11月, 2013 1 次提交
    • D
      MacOS: Handle changes to xdrproc_t definition · 9fa3a8ab
      Doug Goldstein 提交于
      With Mac OS X 10.9, xdrproc_t is no longer defined as:
      
      typedef bool_t (*xdrproc_t)(XDR *, ...);
      
      but instead as:
      
      typdef bool_t (*xdrproc_t)(XDR *, void *, unsigned int);
      
      For reference, Linux systems typically define it as:
      
      typedef bool_t (*xdrproc_t)(XDR *, void *, ...);
      
      The rationale explained in the header is that using a vararg is
      incorrect and has a potential to change the ABI slightly do to compiler
      optimizations taken and the undefined behavior. They decided
      to specify the exact number of parameters and for compatibility with old
      code decided to make the signature require 3 arguments. The third
      argument is ignored for cases that its not used and its recommended to
      supply a 0.
      9fa3a8ab
  8. 01 11月, 2013 8 次提交
    • J
      libxl: fix dubious cpumask handling in libxlDomainSetVcpuAffinities · ba1bf100
      Jeremy Fitzhardinge 提交于
      Rather than casting the virBitmap pointer to uint8_t* and then using
      the structure contents as a byte array, use the virBitmap API to determine
      the bitmap size and test each bit.
      Signed-off-by: NJeremy Fitzhardinge <jeremy@goop.org>
      ba1bf100
    • J
      Revert "libxl: Fix possible invalid read" · 835f992a
      Jim Fehlig 提交于
      This reverts commit 394d6e0a.
      The real problem is accessing the virtBitmap structure as a byte
      array, which was correctly identified and fixed by Jeremy Fitzhardinge
      
      https://www.redhat.com/archives/libvir-list/2013-October/msg01257.html
      835f992a
    • B
      fix api changes in xen restore · a52fa556
      Bamvor Jian Zhang 提交于
      in recently xen commit: 7051d5c8, there is a api changes in
      libxl_domain_create_restore.
      Author: Andrew Cooper <andrew.cooper3@citrix.com>
      Date:   Thu Oct 10 12:23:10 2013 +0100
      
          tools/migrate: Fix regression when migrating from older version of Xen
      
      use the macro LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS in libxl.h
      in order to make libvirt could compile with old and new xen.
      
      the params checkpointed_stream is useful if libvirt libxl driver
      support migration. for new, set it as zero.
      Signed-off-by: NBamvor Jian Zhang <bjzhang@suse.com>
      a52fa556
    • D
      Fix race in starting transient VMs · 89759301
      Daniel P. Berrange 提交于
      When starting a transient VM the first thing done is to check
      for duplicates. The check looks if there are any running VMs
      with the matching name/uuid. It explicitly allows there to
      be inactive VMs, so that a persistent VM can be temporarily
      booted with a different config.
      
      There is a race condition, however, where 2 or more clients
      try to create the same transient VM. The first client will
      cause a virDomainObjPtr to be added to the domain list, and
      it is inactive at this stage. The second client may then
      come along and see this inactive VM, and mistake it for a
      persistent VM.
      
      If the first VM fails to start its transient guest for any
      reason, then it'll remove the virDomainObjPtr from the list.
      The second client now has a virDomainObjPtr that it can try
      to boot, which libvirt no longer has a record of. The result
      can be a running QEMU process that is orphaned.
      
      It was also, however, possible for the virDomainObjPtr to be
      completely free'd which will cause libvirtd to crash in some
      scenarios.
      
      The fix is to only allow an existing inactive VM if it is
      marked as persistent.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      89759301
    • J
      Use a port from the migration range for NBD as well · 3e1e16aa
      Ján Tomko 提交于
      Instead of using a port from the remote display range.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1025699
      3e1e16aa
    • R
      nodedev_hal: fix segfault when virDBusGetSystemBus fails · 87176d0c
      Ryota Ozaki 提交于
      Thie patch fixes the segfault:
          error : nodeStateInitialize:658 : DBus not available,
            disabling HAL driver: internal error: Unable to get DBus
            system bus connection: Failed to connect to socket
            /var/run/dbus/system_bus_socket: No such file or directory
          error : nodeStateInitialize:719 :  ?:
          Caught Segmentation violation dumping internal log buffer:
      
      This segfault occurs at the below VIR_ERROR:
        failure:
            if (dbus_error_is_set(&err)) {
                VIR_ERROR(_("%s: %s"), err.name, err.message);
      
      When virDBusGetSystemBus fails, the code jumps to the above failure
      path. However, the err variable is not correctly initialized
      before calling virDBusGetSystemBus. As a result, dbus_error_is_set
      may pass over the uninitialized err variable whose name or
      message may point to somewhere unknown memory region, which
      causes a segfault on VIR_ERROR.
      
      The new code initializes the err variable before calling
      virDBusGetSystemBus.
      Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com>
      87176d0c
    • D
      Improve debugging of QEMU start/stop · 4b986277
      Daniel P. Berrange 提交于
      Include reference of the VM object pointer and name in debug
      logs for QEMU start/stop functions. Also make sure we log the
      PID that we started, since it isn't available elsewhere in the
      logs.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      4b986277
    • D
      Improve debugging of job enter/exit code · dddc57a3
      Daniel P. Berrange 提交于
      In debugging a recent oVirt/libvirt race condition, I was very
      frustrated by lack of logging in the job enter/exit code. This
      patch adds some key data which would have been useful in by
      debugging attempts.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      dddc57a3
  9. 31 10月, 2013 9 次提交
  10. 30 10月, 2013 5 次提交
    • D
      Fix race condition reconnecting to vms & loading configs · f26701f5
      Daniel P. Berrange 提交于
      The following sequence
      
       1. Define a persistent QMEU guest
       2. Start the QEMU guest
       3. Stop libvirtd
       4. Kill the QEMU process
       5. Start libvirtd
       6. List persistent guests
      
      At the last step, the previously running persistent guest
      will be missing. This is because of a race condition in the
      QEMU driver startup code. It does
      
       1. Load all VM state files
       2. Spawn thread to reconnect to each VM
       3. Load all VM config files
      
      Only at the end of step 3, does the 'virDomainObjPtr' get
      marked as "persistent". There is therefore a window where
      the thread reconnecting to the VM will remove the persistent
      VM from the list.
      
      The easy fix is to simply switch the order of steps 2 & 3.
      
      In addition to this though, we must only attempt to reconnect
      to a VM which had a non-zero PID loaded from its state file.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      f26701f5
    • D
      Fix leak of objects when reconnecting to QEMU instances · 54a24112
      Daniel P. Berrange 提交于
      The 'error' cleanup block in qemuProcessReconnect() had a
      'return' statement in the middle of it. This caused a leak
      of virConnectPtr & virQEMUDriverConfigPtr instances. This
      was identified because netcf recently started checking its
      refcount in libvirtd shutdown:
      
      netcfStateCleanup:109 : internal error: Attempt to close netcf state driver with open connections
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      54a24112
    • D
      Don't update dom->persistent without lock held · b260a77e
      Daniel P. Berrange 提交于
      virDomainObjListLoadAllConfigs sets dom->persistent after
      having released its lock on the domain object. This exposes
      a possible race condition.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      b260a77e
    • C
      docs: fix typos in formatnwfilter · d70840f6
      Chen Hanxiao 提交于
      s/initated/initiated
      Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
      d70840f6
    • D
      MacOS: Re-add support for QEMU backend · 915c6936
      Doug Goldstein 提交于
      The QEMU backend was disabled on Mac OS X without a reason in the code
      and due to refactors its difficult to understand when/why it was
      disabled. With QEMU being supported on Mac OS X there is no reason to
      disable QEMU on this platform.
      915c6936