1. 18 2月, 2014 6 次提交
  2. 05 2月, 2014 1 次提交
    • E
      event: move event filtering to daemon (regression fix) · b19f3269
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1058839
      
      Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
      need to check the ACL rules to filter which events to send.  But
      it overlooked one thing: the event dispatch queue is running in
      the main loop thread, and therefore does not normally have a
      current virIdentityPtr.  But filter checks can be based on current
      identity, so when libvirtd.conf contains access_drivers=["polkit"],
      we ended up rejecting access for EVERY event due to failure to
      look up the current identity, even if it should have been allowed.
      
      Furthermore, even for events that are triggered by API calls, it
      is important to remember that the point of events is that they can
      be copied across multiple connections, which may have separate
      identities and permissions.  So even if events were dispatched
      from a context where we have an identity, we must change to the
      correct identity of the connection that will be receiving the
      event, rather than basing a decision on the context that triggered
      the event, when deciding whether to filter an event to a
      particular connection.
      
      If there were an easy way to get from virConnectPtr to the
      appropriate virIdentityPtr, then object_event.c could adjust the
      identity prior to checking whether to dispatch an event.  But
      setting up that back-reference is a bit invasive.  Instead, it
      is easier to delay the filtering check until lower down the
      stack, at the point where we have direct access to the RPC
      client object that owns an identity.  As such, this patch ends
      up reverting a large portion of the framework of commit f9f56340.
      We also have to teach 'make check' to special-case the fact that
      the event registration filtering is done at the point of dispatch,
      rather than the point of registration.  Note that even though we
      don't actually use virConnectDomainEventRegisterCheckACL (because
      the RegisterAny variant is sufficient), we still generate the
      function for the purposes of documenting that the filtering
      takes place.
      
      Also note that I did not entirely delete the notion of a filter
      from object_event.c; I still plan on using that for my upcoming
      patch series for qemu monitor events in libvirt-qemu.so.  In
      other words, while this patch changes ACL filtering to live in
      remote.c and therefore we have no current client of the filtering
      in object_event.c, the notion of filtering in object_event.c is
      still useful down the road.
      
      * src/check-aclrules.pl: Exempt event registration from having to
      pass checkACL filter down call stack.
      * daemon/remote.c (remoteRelayDomainEventCheckACL)
      (remoteRelayNetworkEventCheckACL): New functions.
      (remoteRelay*Event*): Use new functions.
      * src/conf/domain_event.h (virDomainEventStateRegister)
      (virDomainEventStateRegisterID): Drop unused parameter.
      * src/conf/network_event.h (virNetworkEventStateRegisterID):
      Likewise.
      * src/conf/domain_event.c (virDomainEventFilter): Delete unused
      function.
      * src/conf/network_event.c (virNetworkEventFilter): Likewise.
      * src/libxl/libxl_driver.c: Adjust caller.
      * src/lxc/lxc_driver.c: Likewise.
      * src/network/bridge_driver.c: Likewise.
      * src/qemu/qemu_driver.c: Likewise.
      * src/remote/remote_driver.c: Likewise.
      * src/test/test_driver.c: Likewise.
      * src/uml/uml_driver.c: Likewise.
      * src/vbox/vbox_tmpl.c: Likewise.
      * src/xen/xen_driver.c: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 11f20e43)
      
      Conflicts:
      	daemon/remote.c - not backporting network events
      	src/conf/network_event.c - likewise
      	src/conf/network_event.h - likewise
      	src/network/bridge_driver.c - likewise
      	src/conf/domain_event.c - revert back to pre-CVE state
      	src/conf/domain_event.h - likewise
      	src/libxl/libxl_driver.c - likewise
      	src/lxc/lxc_driver.c - likewise
      	src/remote/remote_driver.c - likewise
      	src/test/test_driver.c - likewise
      	src/uml/uml_driver.c - likewise
      	src/xen/xen_driver.c - likewise
      b19f3269
  3. 04 2月, 2014 2 次提交
    • D
      Push nwfilter update locking up to top level · f3aa956f
      Daniel P. Berrange 提交于
      The NWFilter code has as a deadlock race condition between
      the virNWFilter{Define,Undefine} APIs and starting of guest
      VMs due to mis-matched lock ordering.
      
      In the virNWFilter{Define,Undefine} codepaths the lock ordering
      is
      
        1. nwfilter driver lock
        2. virt driver lock
        3. nwfilter update lock
        4. domain object lock
      
      In the VM guest startup paths the lock ordering is
      
        1. virt driver lock
        2. domain object lock
        3. nwfilter update lock
      
      As can be seen the domain object and nwfilter update locks are
      not acquired in a consistent order.
      
      The fix used is to push the nwfilter update lock upto the top
      level resulting in a lock ordering for virNWFilter{Define,Undefine}
      of
      
        1. nwfilter driver lock
        2. nwfilter update lock
        3. virt driver lock
        4. domain object lock
      
      and VM start using
      
        1. nwfilter update lock
        2. virt driver lock
        3. domain object lock
      
      This has the effect of serializing VM startup once again, even if
      no nwfilters are applied to the guest. There is also the possibility
      of deadlock due to a call graph loop via virNWFilterInstantiate
      and virNWFilterInstantiateFilterLate.
      
      These two problems mean the lock must be turned into a read/write
      lock instead of a plain mutex at the same time. The lock is used to
      serialize changes to the "driver->nwfilters" hash, so the write lock
      only needs to be held by the define/undefine methods. All other
      methods can rely on a read lock which allows good concurrency.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 6e5c79a1)
      f3aa956f
    • D
      Add a read/write lock implementation · 4912cccd
      Daniel P. Berrange 提交于
      Add virRWLock backed up by a POSIX rwlock primitive
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit c065984b)
      4912cccd
  4. 16 1月, 2014 2 次提交
    • E
      event: filter global events by domain:getattr ACL [CVE-2014-0028] · eb7ec231
      Eric Blake 提交于
      Ever since ACL filtering was added in commit 76397360 (v1.1.1), a
      user could still use event registration to obtain access to a
      domain that they could not normally access via virDomainLookup*
      or virConnectListAllDomains and friends.  We already have the
      framework in the RPC generator for creating the filter, and
      previous cleanup patches got us to the point that we can now
      wire the filter through the entire object event stack.
      
      Furthermore, whether or not domain:getattr is honored, use of
      global events is a form of obtaining a list of networks, which
      is covered by connect:search_domains added in a93cd08f (v1.1.0).
      Ideally, we'd have a way to enforce connect:search_domains when
      doing global registrations while omitting that check on a
      per-domain registration.  But this patch just unconditionally
      requires connect:search_domains, even when no list could be
      obtained, based on the following observations:
      1. Administrators are unlikely to grant domain:getattr for one
      or all domains while still denying connect:search_domains - a
      user that is able to manage domains will want to be able to
      manage them efficiently, but efficient management includes being
      able to list the domains they can access.  The idea of denying
      connect:search_domains while still granting access to individual
      domains is therefore not adding any real security, but just
      serves as a layer of obscurity to annoy the end user.
      2. In the current implementation, domain events are filtered
      on the client; the server has no idea if a domain filter was
      requested, and must therefore assume that all domain event
      requests are global.  Even if we fix the RPC protocol to
      allow for server-side filtering for newer client/server combos,
      making the connect:serach_domains ACL check conditional on
      whether the domain argument was NULL won't benefit older clients.
      Therefore, we choose to document that connect:search_domains
      is a pre-requisite to any domain event management.
      
      Network events need the same treatment, with the obvious
      change of using connect:search_networks and network:getattr.
      
      * src/access/viraccessperm.h
      (VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS)
      (VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional
      effect of the permission.
      * src/conf/domain_event.h (virDomainEventStateRegister)
      (virDomainEventStateRegisterID): Add new parameter.
      * src/conf/network_event.h (virNetworkEventStateRegisterID):
      Likewise.
      * src/conf/object_event_private.h (virObjectEventStateRegisterID):
      Likewise.
      * src/conf/object_event.c (_virObjectEventCallback): Track a filter.
      (virObjectEventDispatchMatchCallback): Use filter.
      (virObjectEventCallbackListAddID): Register filter.
      * src/conf/domain_event.c (virDomainEventFilter): New function.
      (virDomainEventStateRegister, virDomainEventStateRegisterID):
      Adjust callers.
      * src/conf/network_event.c (virNetworkEventFilter): New function.
      (virNetworkEventStateRegisterID): Adjust caller.
      * src/remote/remote_protocol.x
      (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER)
      (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY)
      (REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a
      filter, and require connect:search_domains instead of weaker
      connect:read.
      * src/test/test_driver.c (testConnectDomainEventRegister)
      (testConnectDomainEventRegisterAny)
      (testConnectNetworkEventRegisterAny): Update callers.
      * src/remote/remote_driver.c (remoteConnectDomainEventRegister)
      (remoteConnectDomainEventRegisterAny): Likewise.
      * src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister)
      (xenUnifiedConnectDomainEventRegisterAny): Likewise.
      * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise.
      * src/libxl/libxl_driver.c (libxlConnectDomainEventRegister)
      (libxlConnectDomainEventRegisterAny): Likewise.
      * src/qemu/qemu_driver.c (qemuConnectDomainEventRegister)
      (qemuConnectDomainEventRegisterAny): Likewise.
      * src/uml/uml_driver.c (umlConnectDomainEventRegister)
      (umlConnectDomainEventRegisterAny): Likewise.
      * src/network/bridge_driver.c
      (networkConnectNetworkEventRegisterAny): Likewise.
      * src/lxc/lxc_driver.c (lxcConnectDomainEventRegister)
      (lxcConnectDomainEventRegisterAny): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit f9f56340)
      
      Conflicts:
      	src/conf/object_event.c - not backporting event refactoring
      	src/conf/object_event_private.h - likewise
      	src/conf/network_event.c - not backporting network events
      	src/conf/network_event.h - likewise
      	src/network/bridge_driver.c - likewise
      	src/access/viraccessperm.h - likewise
      	src/remote/remote_protocol.x - likewise
      	src/conf/domain_event.c - includes code that upstream has in object_event
      	src/conf/domain_event.h - context
      	src/libxl/libxl_driver.c - context
      	src/lxc/lxc_driver.c - context
      	src/remote/remote_driver.c - context, not backporting network events
      	src/test/test_driver.c - context, not backporting network events
      	src/uml/uml_driver.c - context
      	src/xen/xen_driver.c - context
      eb7ec231
    • E
      Fix memory leak in virObjectEventCallbackListRemoveID() · 076a7eca
      Eric Blake 提交于
      While running objecteventtest, it was found that valgrind pointed out the
      following memory leak:
      
      ==13464== 5 bytes in 1 blocks are definitely lost in loss record 7 of 134
      ==13464==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
      ==13464==    by 0x341F485E21: strdup (strdup.c:42)
      ==13464==    by 0x4CAE28F: virStrdup (virstring.c:554)
      ==13464==    by 0x4CF3CBE: virObjectEventCallbackListAddID (object_event.c:286)
      ==13464==    by 0x4CF49CA: virObjectEventStateRegisterID (object_event.c:729)
      ==13464==    by 0x4CF73FE: virDomainEventStateRegisterID (domain_event.c:1424)
      ==13464==    by 0x4D7358F: testConnectDomainEventRegisterAny (test_driver.c:6032)
      ==13464==    by 0x4D600C8: virConnectDomainEventRegisterAny (libvirt.c:19128)
      ==13464==    by 0x402409: testDomainStartStopEvent (objecteventtest.c:232)
      ==13464==    by 0x403451: virtTestRun (testutils.c:138)
      ==13464==    by 0x402012: mymain (objecteventtest.c:395)
      ==13464==    by 0x403AF2: virtTestMain (testutils.c:593)
      ==13464==
      
      (cherry picked from commit 34d52b34)
      
      Conflicts:
      	src/conf/object_event.c - 1.2.1 refactoring to object_event not
      backported, so change applied directly in older domain_event.c instead
      076a7eca
  5. 15 1月, 2014 7 次提交
    • J
      Really don't crash if a connection closes early · a19f700b
      Jiri Denemark 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1047577
      
      When writing commit 173c2914, I missed the fact virNetServerClientClose
      unlocks the client object before actually clearing client->sock and thus
      it is possible to hit a window when client->keepalive is NULL while
      client->sock is not NULL. I was thinking client->sock == NULL was a
      better check for a closed connection but apparently we have to go with
      client->keepalive == NULL to actually fix the crash.
      Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
      (cherry picked from commit 066c8ef6)
      a19f700b
    • J
      Don't crash if a connection closes early · b06acd14
      Jiri Denemark 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1047577
      
      When a client closes its connection to libvirtd early during
      virConnectOpen, more specifically just after making
      REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if
      VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for
      the result, libvirtd may crash due to a race in keep-alive
      initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE
      call, the daemon's event loop delegates it to a worker thread. In case
      the event loop detects EOF on the connection and calls
      virNetServerClientClose before the worker thread starts to handle
      REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be
      disposed by the time virNetServerClientStartKeepAlive gets called from
      remoteDispatchConnectSupportsFeature. Because the flow is common for
      both authenticated and read-only connections, even unprivileged clients
      may cause the daemon to crash.
      
      To avoid the crash, virNetServerClientStartKeepAlive needs to check if
      the connection is still open before starting keep-alive protocol.
      
      Every libvirt release since 0.9.8 is affected by this bug.
      
      (cherry picked from commit 173c2914)
      b06acd14
    • J
      qemu: Fix job usage in virDomainGetBlockIoTune · c6fbbe85
      Jiri Denemark 提交于
      CVE-2013-6458
      
      Every API that is going to begin a job should do that before fetching
      data from vm->def.
      
      (cherry picked from commit 3b564259)
      c6fbbe85
    • J
      qemu: Fix job usage in qemuDomainBlockCopy · 26ff7d4c
      Jiri Denemark 提交于
      Every API that is going to begin a job should do that before fetching
      data from vm->def.
      
      (cherry picked from commit ff5f30b6)
      26ff7d4c
    • J
      qemu: Fix job usage in qemuDomainBlockJobImpl · 4d8c603c
      Jiri Denemark 提交于
      CVE-2013-6458
      
      Every API that is going to begin a job should do that before fetching
      data from vm->def.
      
      (cherry picked from commit f93d2caa)
      4d8c603c
    • J
      qemu: Avoid using stale data in virDomainGetBlockInfo · 3a0286f9
      Jiri Denemark 提交于
      CVE-2013-6458
      
      Generally, every API that is going to begin a job should do that before
      fetching data from vm->def. However, qemuDomainGetBlockInfo does not
      know whether it will have to start a job or not before checking vm->def.
      To avoid using disk alias that might have been freed while we were
      waiting for a job, we use its copy. In case the disk was removed in the
      meantime, we will fail with "cannot find statistics for device '...'"
      error message.
      
      (cherry picked from commit b7992595)
      3a0286f9
    • J
      qemu: Do not access stale data in virDomainBlockStats · 13051a86
      Jiri Denemark 提交于
      CVE-2013-6458
      https://bugzilla.redhat.com/show_bug.cgi?id=1043069
      
      When virDomainDetachDeviceFlags is called concurrently to
      virDomainBlockStats: libvirtd may crash because qemuDomainBlockStats
      finds a disk in vm->def before getting a job on a domain and uses the
      disk pointer after getting the job. However, the domain in unlocked
      while waiting on a job condition and thus data behind the disk pointer
      may disappear. This happens when thread 1 runs
      virDomainDetachDeviceFlags and enters monitor to actually remove the
      disk. Then another thread starts running virDomainBlockStats, finds the
      disk in vm->def, and while it's waiting on the job condition (owned by
      the first thread), the first thread finishes the disk removal. When the
      second thread gets the job, the memory pointed to be the disk pointer is
      already gone.
      
      That said, every API that is going to begin a job should do that before
      fetching data from vm->def.
      
      (cherry picked from commit db86da5c)
      13051a86
  6. 29 12月, 2013 1 次提交
    • D
      libxl: avoid crashing if calling `virsh numatune' on inactive domain · 36378d1a
      Dario Faggioli 提交于
      by, in libxlDomainGetNumaParameters(), calling libxl_bitmap_init() as soon as
      possible, which avoids getting to 'cleanup:', where libxl_bitmap_dispose()
      happens, without having initialized the nodemap, and hence crashing after some
      invalid free()-s:
      
       # ./daemon/libvirtd -v
       *** Error in `/home/xen/libvirt.git/daemon/.libs/lt-libvirtd': munmap_chunk(): invalid pointer: 0x00007fdd42592666 ***
       ======= Backtrace: =========
       /lib64/libc.so.6(+0x7bbe7)[0x7fdd3f767be7]
       /lib64/libxenlight.so.4.3(libxl_bitmap_dispose+0xd)[0x7fdd2c88c045]
       /home/xen/libvirt.git/daemon/.libs/../../src/.libs/libvirt_driver_libxl.so(+0x12d26)[0x7fdd2caccd26]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(virDomainGetNumaParameters+0x15c)[0x7fdd4247898c]
       /home/xen/libvirt.git/daemon/.libs/lt-libvirtd(+0x1d9a2)[0x7fdd42ecc9a2]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(virNetServerProgramDispatch+0x3da)[0x7fdd424e9eaa]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0x1a6f38)[0x7fdd424e3f38]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa81e5)[0x7fdd423e51e5]
       /home/xen/libvirt.git/src/.libs/libvirt.so.0(+0xa783e)[0x7fdd423e483e]
       /lib64/libpthread.so.0(+0x7c53)[0x7fdd3febbc53]
       /lib64/libc.so.6(clone+0x6d)[0x7fdd3f7e1dbd]
      Signed-off-by: NDario Faggili <dario.faggioli@citrix.com>
      Cc: Jim Fehlig <jfehlig@suse.com>
      Cc: Ian Jackson <Ian.Jackson@eu.citrix.com>
      (cherry picked from commit f9ee91d3)
      36378d1a
  7. 20 12月, 2013 2 次提交
    • M
      Fix crash in lxcDomainSetMemoryParameters · 99d1b7ed
      Martin Kletzander 提交于
      The function doesn't check whether the request is made for active or
      inactive domain.  Thus when the domain is not running it still tries
      accessing non-existing cgroups (priv->cgroup, which is NULL).
      
      I re-made the function in order for it to work the same way it's qemu
      counterpart does.
      
      Reproducer:
       1) Define an LXC domain
       2) Do 'virsh memtune <domain> --hard-limit 133T'
      
      Backtrace:
       Thread 6 (Thread 0x7fffec8c0700 (LWP 26826)):
       #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf718) at util/vircgroup.c:1764
       #1  0x00007ffff70e9206 in virCgroupSetValueStr (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffe409f360 "1073741824")
           at util/vircgroup.c:669
       #2  0x00007ffff70e98b4 in virCgroupSetValueU64 (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", value=1073741824) at util/vircgroup.c:740
       #3  0x00007ffff70ee518 in virCgroupSetMemory (group=0x0, kb=1048576) at util/vircgroup.c:1904
       #4  0x00007ffff70ee675 in virCgroupSetMemoryHardLimit (group=0x0, kb=1048576)
           at util/vircgroup.c:1944
       #5  0x00005555557d54c8 in lxcDomainSetMemoryParameters (dom=0x7fffe40cc420,
           params=0x7fffe409f100, nparams=1, flags=0) at lxc/lxc_driver.c:774
       #6  0x00007ffff72c20f9 in virDomainSetMemoryParameters (domain=0x7fffe40cc420,
           params=0x7fffe409f100, nparams=1, flags=0) at libvirt.c:4051
       #7  0x000055555561365f in remoteDispatchDomainSetMemoryParameters (server=0x555555eb7e00,
           client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510)
           at remote_dispatch.h:7621
       #8  0x00005555556133fd in remoteDispatchDomainSetMemoryParametersHelper (server=0x555555eb7e00,
           client=0x555555ec4b10, msg=0x555555eb94e0, rerr=0x7fffec8bfb70, args=0x7fffe40b8510,
           ret=0x7fffe40b84f0) at remote_dispatch.h:7591
       #9  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
           server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
           at rpc/virnetserverprogram.c:435
       #10 0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
           server=0x555555eb7e00, client=0x555555ec4b10, msg=0x555555eb94e0)
           at rpc/virnetserverprogram.c:305
       #11 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ec4b10,
           prog=0x555555ec3ae0, msg=0x555555eb94e0) at rpc/virnetserver.c:165
       #12 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ec3e30, opaque=0x555555eb7e00)
           at rpc/virnetserver.c:186
       #13 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
       #14 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
       #15 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
       #16 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      (cherry picked from commit 9faf3f29)
      99d1b7ed
    • M
      CVE-2013-6436: fix crash in lxcDomainGetMemoryParameters · 705f388b
      Martin Kletzander 提交于
      The function doesn't check whether the request is made for active or
      inactive domain.  Thus when the domain is not running it still tries
      accessing non-existing cgroups (priv->cgroup, which is NULL).
      
      I re-made the function in order for it to work the same way it's qemu
      counterpart does.
      
      Reproducer:
       1) Define an LXC domain
       2) Do 'virsh memtune <domain>'
      
      Backtrace:
       Thread 6 (Thread 0x7fffec8c0700 (LWP 13387)):
       #0  0x00007ffff70edcc4 in virCgroupPathOfController (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", path=0x7fffec8bf750) at util/vircgroup.c:1764
       #1  0x00007ffff70e958c in virCgroupGetValueStr (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf7c0) at util/vircgroup.c:705
       #2  0x00007ffff70e9d29 in virCgroupGetValueU64 (group=0x0, controller=3,
           key=0x7ffff75734bd "memory.limit_in_bytes", value=0x7fffec8bf810) at util/vircgroup.c:804
       #3  0x00007ffff70ee706 in virCgroupGetMemoryHardLimit (group=0x0, kb=0x7fffec8bf8a8)
           at util/vircgroup.c:1962
       #4  0x00005555557d590f in lxcDomainGetMemoryParameters (dom=0x7fffd40024a0,
           params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at lxc/lxc_driver.c:826
       #5  0x00007ffff72c28d3 in virDomainGetMemoryParameters (domain=0x7fffd40024a0,
           params=0x7fffd40027a0, nparams=0x7fffec8bfa24, flags=0) at libvirt.c:4137
       #6  0x000055555563714d in remoteDispatchDomainGetMemoryParameters (server=0x555555eb7e00,
           client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
           ret=0x7fffd4002420) at remote.c:1895
       #7  0x00005555556052c4 in remoteDispatchDomainGetMemoryParametersHelper (server=0x555555eb7e00,
           client=0x555555ebaef0, msg=0x555555ebb3e0, rerr=0x7fffec8bfb70, args=0x7fffd40024e0,
           ret=0x7fffd4002420) at remote_dispatch.h:4050
       #8  0x00007ffff73b293f in virNetServerProgramDispatchCall (prog=0x555555ec3ae0,
           server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
           at rpc/virnetserverprogram.c:435
       #9  0x00007ffff73b207f in virNetServerProgramDispatch (prog=0x555555ec3ae0,
           server=0x555555eb7e00, client=0x555555ebaef0, msg=0x555555ebb3e0)
           at rpc/virnetserverprogram.c:305
       #10 0x00007ffff73a4d2c in virNetServerProcessMsg (srv=0x555555eb7e00, client=0x555555ebaef0,
           prog=0x555555ec3ae0, msg=0x555555ebb3e0) at rpc/virnetserver.c:165
       #11 0x00007ffff73a4e8d in virNetServerHandleJob (jobOpaque=0x555555ebc7e0, opaque=0x555555eb7e00)
           at rpc/virnetserver.c:186
       #12 0x00007ffff7187f3f in virThreadPoolWorker (opaque=0x555555eb7ac0) at util/virthreadpool.c:144
       #13 0x00007ffff718733a in virThreadHelper (data=0x555555eb7890) at util/virthreadpthread.c:161
       #14 0x00007ffff468ed89 in start_thread (arg=0x7fffec8c0700) at pthread_create.c:308
       #15 0x00007ffff3da26bd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      (cherry picked from commit f8c1cb90)
      705f388b
  8. 11 12月, 2013 1 次提交
    • E
      storage: fix omitted slash in gluster volume URI · 0dbd2845
      Eric Blake 提交于
      When doing 'virsh vol-dumpxml' on a gluster pool's volume, the
      resulting URI incorrectly omitted a slash between hostname and
      path:  gluster://192.168.122.206rhsvol1/fedora-19.img
      
      This is fallout from me rebasing earlier versions of my patch
      that ended up as commit efee1af5; I had originally played with
      always requiring the gluster volume to have a leading slash,
      but it was easier to use the gluster API if the gluster volume
      name was guaranteed to have no slash.  While I got the URI of
      the pool correct, I forgot to fix the URI of a libvirt volume.
      
      * src/storage/storage_backend_gluster.c
      (virStorageBackendGlusterRefreshVol): Use correct starting point
      since uri construction requires leading slash.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 6cd60b68)
      0dbd2845
  9. 02 12月, 2013 10 次提交
    • D
      Release of libvirt-1.2.0 · 4e41a2a3
      Daniel Veillard 提交于
      * configure.ac docs/news.html.in libvirt.spec.in: update for release
      * po/*.po*: update and merge localizations from transifex
      4e41a2a3
    • R
      vbox: handle errors of virDomainHostdevDefAlloc correctly · 1ed7e014
      Ryota Ozaki 提交于
      The original code ignored errors of virDomainHostdevDefAlloc,
      however, we should properly do error return from the function
      if it occurs.
      
      The fix pulls out virDomainHostdevDefAlloc from the loop and
      executes it all together before the loop. So we can easily
      return on errors without the notion of other memory allocations
      in the loop.
      
      The deallocation code is separated from the allocation code
      because it will be used by a further patch for fixing other error
      handlings.
      Reported-by: NLaine Stump <laine@laine.org>
      Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com>
      1ed7e014
    • R
      vbox: fix incorrect loop condition in vboxHostDeviceGetXMLDesc · 82b5dd23
      Ryota Ozaki 提交于
      The fixed loop used logical OR to combine two conditions, however,
      it is apparently incorrect and logical AND is correct.
      
      We can fix it by replacing OR with AND, but this patch instead
      fixes the problem by getting rid of the first conditional
      statement: USBFilterCount < def->nhostdevs. It isn't needed
      because USBFilterCount will never be greater than or equal to
      def->nhostdevs.
      
      def->nhostdevs is calculated in the following code
      above the loop in question like this:
      
          for (i = 0; i < deviceFilters.count; i++) {
              PRBool active = PR_FALSE;
              IUSBDeviceFilter *deviceFilter = deviceFilters.items[i];
      
              deviceFilter->vtbl->GetActive(deviceFilter, &active);
              if (active) {
                  def->nhostdevs++;
              }
          }
      
      And the loop is constructed as like this:
      
          for (i = 0; (USBFilterCount < def->nhostdevs) || (i < deviceFilters.count); i++) {
              PRBool active                  = PR_FALSE;
      (snip)
              deviceFilter->vtbl->GetActive(deviceFilter, &active);
              if (!active)
                  continue;
      (snip)
              USBFilterCount++;
          }
      
      So def->nhostdevs is the number of active device filters and
      USBFilterCount is counted up only when a device filter is active.
      Thus, we can remove USBFilterCount < def->nhostdevs safely.
      Reported-by: NLaine Stump <laine@laine.org>
      Signed-off-by: NRyota Ozaki <ozaki.ryota@gmail.com>
      82b5dd23
    • C
      docs: fix typos in libvirt.h.in · d3572bb7
      Chen Hanxiao 提交于
      s/caused/causes
      Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
      d3572bb7
    • D
      Link libvirt-sandbox from apps page · 484b6040
      Daniel P. Berrange 提交于
      Add a link to the http://sandbox.libvirt.org sub-site from the
      list of libraries related to libvirt. Also fix formatting for
      the ruby libvirt binding.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      484b6040
    • D
      Add docs about audit subsystem logging · 84fe15c3
      Daniel P. Berrange 提交于
      Adds a new page to the website "Deployment" section describing
      what data is sent to the audit logs and how to configure libvirtd
      audit settings.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      84fe15c3
    • N
      Fix memory leak in virNWFilterDefParseXML() · 6c874c01
      Nehal J Wani 提交于
      While running nwfilterxml2xmltest, it was found that valgrind pointed out the
      following error...
      
      ==7466== 16 bytes in 1 blocks are definitely lost in loss record 26 of 90
      ==7466==    at 0x4A06B6F: calloc (vg_replace_malloc.c:593)
          ==7466==    by 0x4C651AD: virAlloc (viralloc.c:142)
          ==7466==    by 0x4D0450D: virNWFilterDefParseNode (nwfilter_conf.c:2575)
          ==7466==    by 0x4D05D84: virNWFilterDefParse (nwfilter_conf.c:2647)
          ==7466==    by 0x401FDE: testCompareXMLToXMLHelper (nwfilterxml2xmltest.c:39)
          ==7466==    by 0x402DE1: virtTestRun (testutils.c:138)
          ==7466==    by 0x4018E9: mymain (nwfilterxml2xmltest.c:111)
          ==7466==    by 0x403482: virtTestMain (testutils.c:593)
          ==7466==    by 0x341F421A04: (below main) (libc-start.c:225)
      
      ...21 times, which are related to 21 tests in nwfilterxml2xmltest.c which sent
      EXPECT_WARN = false. There were two scenarios in virNWFilterDefParseXML(),
      when the variable 'entry' was malloc'ed, but not freed.
      6c874c01
    • N
      Fix memory leak in virDomainDefParseXML() · 2cfcd2cc
      Nehal J Wani 提交于
      This patch fixes the memory leaks found while running qemuxml2argvtest
      
      ==8260== 3 bytes in 1 blocks are definitely lost in loss record 1 of
      129
      ==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
      ==8260==    by 0x341F485E21: strdup (strdup.c:42)
      ==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
      ==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
      ==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
      ==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
      ==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
      ==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
      ==8260==    by 0x427111: virtTestRun (testutils.c:138)
      ==8260==    by 0x41D3FE: mymain (qemuxml2argvtest.c:452)
      ==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
      ==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
      ==8260==
      ==8260== 4 bytes in 1 blocks are definitely lost in loss record 5 of
      129
      ==8260==    at 0x4A0887C: malloc (vg_replace_malloc.c:270)
      ==8260==    by 0x341F485E21: strdup (strdup.c:42)
      ==8260==    by 0x4CADCFF: virStrdup (virstring.c:554)
      ==8260==    by 0x4CBB839: virXPathString (virxml.c:90)
      ==8260==    by 0x4CE753A: virDomainDefParseXML (domain_conf.c:11478)
      ==8260==    by 0x4CEB4FE: virDomainDefParseNode (domain_conf.c:12742)
      ==8260==    by 0x4CEB675: virDomainDefParse (domain_conf.c:12684)
      ==8260==    by 0x425958: testCompareXMLToArgvHelper (qemuxml2argvtest.c:107)
      ==8260==    by 0x427111: virtTestRun (testutils.c:138)
      ==8260==    by 0x41D39A: mymain (qemuxml2argvtest.c:451)
      ==8260==    by 0x4277B2: virtTestMain (testutils.c:593)
      ==8260==    by 0x341F421A04: (below main) (libc-start.c:225)
      ==8260==
      2cfcd2cc
    • N
      virsh: fix doc typos · 77b97d80
      Nehal J Wani 提交于
      Fix 6 minor spelling errors in virsh doc
      77b97d80
    • N
      Fix typos in various docs · 968a4692
      Nehal J Wani 提交于
      Fix 8 minor spelling errors in docs/*.html.in
      968a4692
  10. 29 11月, 2013 1 次提交
  11. 28 11月, 2013 6 次提交
    • L
      network: properly update iptables rules during net-update · 54f94923
      Laine Stump 提交于
      This patch resolves:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=1035336
      
      The basic problem is that during a network update, the required
      iptables rules sometimes change, and this was being handled by simply
      removing and re-adding the rules. However, the removal of the old
      rules was done based on the *new* state of the network, which would
      mean that some of the rules would not match those currently in the
      system, so the old rules wouldn't be removed.
      
      This patch removes the old rules prior to updating the network
      definition then adds the new rules as soon as the definition is
      updated. Note that this could lead to a stray packet or two during the
      interim, but that was already a problem before (the period of limbo is
      now just slightly longer).
      
      While moving the location for the rules, I added a few more sections
      that should result in the iptables rules being redone:
      
      DHCP_RANGE and DHCP_HOST - these are needed because adding/removing a dhcp
      host entry could lead to the dhcp service being started/stopped, which
      would require that the mangle rule that fixes up dhcp response
      checksums sould need to be added/removed, and this wasn't being done.
      54f94923
    • D
      Fix bug in identifying sub-mounts · 84fd470d
      Daniel P. Berrange 提交于
      The code for extracting sub-mounts would just do a STRPREFIX
      check on the mount. This was flawed because if there were
      the following mounts
      
       /etc/aliases
       /etc/aliases.db
      
      and '/etc/aliases' was asked for, it would return both even
      though the latter isn't a sub-mount.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      84fd470d
    • D
      Pull lxcContainerGetSubtree out into shared virfile module · d45b833d
      Daniel P. Berrange 提交于
      Move the code for lxcContainerGetSubtree into the virfile
      module creating 2 new functions
      
        int virFileGetMountSubtree(const char *mtabpath,
                                   const char *prefix,
                                   char ***mountsret,
                                   size_t *nmountsret);
        int virFileGetMountReverseSubtree(const char *mtabpath,
                                          const char *prefix,
                                          char ***mountsret,
                                          size_t *nmountsret);
      
      Add a new virfiletest.c test case to validate the new code.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      d45b833d
    • D
      Introduce standard methods for sorting strings with qsort · c60a2713
      Daniel P. Berrange 提交于
      Add virStringSortCompare and virStringSortRevCompare as
      standard functions to use with qsort.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      c60a2713
    • E
      tests: fix virpcitest with read-only srcdir · e821de2c
      Eric Blake 提交于
      'make distcheck' has been broken since commit 21685c95; basically,
      it emulates the case of a read-only $(srcdir) (such as building
      from a tarball exploded onto a CD-ROM), but we were creating our
      fake pci device as a symlink into $(srcdir) and failing when that
      requires opening the config file for writing:
      
       3) testVirPCIDeviceReset                                             ... libvirt:  error : Failed to open config space file '/sys/bus/pci/devices/0000:00:01.0/config': Permission denied
      
      Fix it by copying rather than symlinking.
      
      * tests/virpcimock.c (make_file): Add parameter to allow binary
      creation; adjust all callers.
      (pci_device_new_from_stub): Copy rather than symlink.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      e821de2c
    • E
      tests: guarantee abs_srcdir in all C tests · 0aa873d7
      Eric Blake 提交于
      While trying to debug a failure of virpcitest during 'make distcheck',
      I noticed that with a VPATH build, 'cd tests; ./virpcitest' fails for
      an entirely different reason.  To reproduce the distcheck failure, I
      had to run 'cd tests; abs_srcdir=/path/to/src ./virpcitest'.  But we
      document in HACKING that all of our tests are supposed to be runnable
      without requiring extra environment variables.
      
      The solution: hardcode the location of srcdir into the just-built
      binaries, rather than requiring make to prepopulate environment
      variables.  With this, './virpcitest' passes even in a VPATH build
      (provided that $(srcdir) is writable; a followup patch will fix the
      conditions required by 'make distcheck').  [Note: the makefile must
      still pass on directory variables to the test environment of shell
      scripts, since those aren't compiled.  So while this solves the case
      of a compiled test, it still requires environment variables to pass
      a VPATH build of any shell script test case that relies on srcdir.]
      
      * tests/Makefile.am (AM_CFLAGS): Define abs_srcdir in all compiled
      tests.
      * tests/testutils.h (abs_srcdir): Quit declaring.
      * tests/testutils.c (virtTestMain): Rely on define rather than
      environment variable.
      * tests/virpcimock.c (pci_device_new_from_stub): Rely on define.
      * tests/cputest.c (mymain): Adjust abs_top_srcdir default.
      * tests/qemuxml2argvtest.c (mymain): Likewise.
      * tests/qemuxmlnstest.c (mymain): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      0aa873d7
  12. 27 11月, 2013 1 次提交