1. 07 2月, 2014 1 次提交
  2. 06 2月, 2014 11 次提交
  3. 05 2月, 2014 4 次提交
    • E
      event: move event filtering to daemon (regression fix) · 11f20e43
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1058839
      
      Commit f9f56340 for CVE-2014-0028 almost had the right idea - we
      need to check the ACL rules to filter which events to send.  But
      it overlooked one thing: the event dispatch queue is running in
      the main loop thread, and therefore does not normally have a
      current virIdentityPtr.  But filter checks can be based on current
      identity, so when libvirtd.conf contains access_drivers=["polkit"],
      we ended up rejecting access for EVERY event due to failure to
      look up the current identity, even if it should have been allowed.
      
      Furthermore, even for events that are triggered by API calls, it
      is important to remember that the point of events is that they can
      be copied across multiple connections, which may have separate
      identities and permissions.  So even if events were dispatched
      from a context where we have an identity, we must change to the
      correct identity of the connection that will be receiving the
      event, rather than basing a decision on the context that triggered
      the event, when deciding whether to filter an event to a
      particular connection.
      
      If there were an easy way to get from virConnectPtr to the
      appropriate virIdentityPtr, then object_event.c could adjust the
      identity prior to checking whether to dispatch an event.  But
      setting up that back-reference is a bit invasive.  Instead, it
      is easier to delay the filtering check until lower down the
      stack, at the point where we have direct access to the RPC
      client object that owns an identity.  As such, this patch ends
      up reverting a large portion of the framework of commit f9f56340.
      We also have to teach 'make check' to special-case the fact that
      the event registration filtering is done at the point of dispatch,
      rather than the point of registration.  Note that even though we
      don't actually use virConnectDomainEventRegisterCheckACL (because
      the RegisterAny variant is sufficient), we still generate the
      function for the purposes of documenting that the filtering
      takes place.
      
      Also note that I did not entirely delete the notion of a filter
      from object_event.c; I still plan on using that for my upcoming
      patch series for qemu monitor events in libvirt-qemu.so.  In
      other words, while this patch changes ACL filtering to live in
      remote.c and therefore we have no current client of the filtering
      in object_event.c, the notion of filtering in object_event.c is
      still useful down the road.
      
      * src/check-aclrules.pl: Exempt event registration from having to
      pass checkACL filter down call stack.
      * daemon/remote.c (remoteRelayDomainEventCheckACL)
      (remoteRelayNetworkEventCheckACL): New functions.
      (remoteRelay*Event*): Use new functions.
      * src/conf/domain_event.h (virDomainEventStateRegister)
      (virDomainEventStateRegisterID): Drop unused parameter.
      * src/conf/network_event.h (virNetworkEventStateRegisterID):
      Likewise.
      * src/conf/domain_event.c (virDomainEventFilter): Delete unused
      function.
      * src/conf/network_event.c (virNetworkEventFilter): Likewise.
      * src/libxl/libxl_driver.c: Adjust caller.
      * src/lxc/lxc_driver.c: Likewise.
      * src/network/bridge_driver.c: Likewise.
      * src/qemu/qemu_driver.c: Likewise.
      * src/remote/remote_driver.c: Likewise.
      * src/test/test_driver.c: Likewise.
      * src/uml/uml_driver.c: Likewise.
      * src/vbox/vbox_tmpl.c: Likewise.
      * src/xen/xen_driver.c: Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      11f20e43
    • E
      rpm: create libvirt-wireshark sub-package · f9ada9f3
      Eric Blake 提交于
      On Fedora 20, with wireshark-devel installed, 'make rpm' failed
      due to installed but unpackaged files related to wireshark.  As
      F20 is already released without wireshark, I chose to add a new
      sub-package that is enabled only for F21 and later.  Furthermore,
      all existing wireshark plugins belong to the wireshark package,
      so I got to invent behavior of how the first third-party wireshark
      module will behave.
      
      * libvirt.spec.in (with_wireshark): Add new conditional.
      * configure.ac (ws-plugindir): Improve wording.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      f9ada9f3
    • L
      network: disallow <bandwidth>/<mac> for bridged/macvtap/hostdev networks · eafb53fe
      Laine Stump 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1057321
      
      pointed out that we weren't honoring the <bandwidth> element in
      libvirt networks using <forward mode='bridge'/>. In fact, these
      networks are just a method of giving a libvirt network name to an
      existing Linux host bridge on the system, and libvirt doesn't have
      enough information to know where to set such limits. We are working on
      a method of supporting network bandwidths for some specific cases of
      <forward mode='bridge'/>, but currently libvirt doesn't support it. So
      the proper thing to do now is just log an error when someone tries to
      put a <bandwidth> element in that type of network. (It's unclear if we
      will be able to do proper bandwidth limiting for macvtap networks, and
      most definitely we will not be able to support it for hostdev
      networks).
      
      While looking through the network XML documentation and comparing it
      to the networkValidate function, I noticed that we also ignore the
      presence of a mac address in the config in the same cases, rather than
      failing so that the user will understand that their desired action has
      not been taken.
      
      This patch updates networkValidate() (which is called any time a
      persistent network is defined, or a transient network created) to log
      an error and fail if it finds either a <bandwidth> or <mac> element
      and the network forward mode is anything except 'route'. 'nat', or
      nothing. (Yes, neither of those elements is acceptable for any macvtap
      mode, nor for a hostdev network).
      
      NB: This does *not* cause failure to start any existing network that
      contains one of those elements, so someone might have erroneously
      defined such a network in the past, and that network will continue to
      function unmodified. I considered it too disruptive to suddenly break
      working configs on the next reboot after a libvirt upgrade.
      eafb53fe
    • J
      Fix minor typo in governance doc · a6992f60
      Justin Clift 提交于
      While at it, also relinquish active commit rights:
      [x years between commits] is probably a poster child example of inactivity :)
      Signed-off-by: NEric Blake <eblake@redhat.com>
      a6992f60
  4. 04 2月, 2014 10 次提交
    • J
      Honor blacklist for modprobe command · 19259574
      John Ferlan 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1045124
      
      When loading modules, libvirt does not honor the modprobe blacklist.
      Use the new virKModLoad() API in order to attempt load with blacklist check.
      Use the new virKModIsBlacklisted() API to check if the failure to load
      was due to the blacklist
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      19259574
    • J
      tests: Add test for new virkmod functions · 02bf6568
      John Ferlan 提交于
      Adding tests for new virKMod{Config|Load|Unload}() API's.
      
      A test for virKModIsBlacklisted() would require some setup which cannot
      be assumed.
      02bf6568
    • J
      utils: Introduce functions for kernel module manipulation · 4a2179ea
      John Ferlan 提交于
      virKModConfig()        - Return a buffer containing kernel module configuration
      virKModLoad()          - Load a specific module into the kernel configuration
      virKModUnload()        - Unload a specific module from the kernel configuration
      virKModIsBlacklisted() - Determine whether a module is blacklisted within
                               the kernel configuration
      4a2179ea
    • L
      qemu: be sure we're using the updated value of backend during hotplug · 0d0a7bf4
      Laine Stump 提交于
      commit f094aaac changed qemuPrepareHostdevPCIDevices() such that it
      may modify the "backend" (vfio vs. legacy kvm) setting in the
      virHostdevDef. However, qemuDomainAttachHostPciDevice() (used by
      hotplug) copies the backend setting into a local *before* calling
      qemuPrepareHostdevPCIDevices(), and then later makes a decision based
      on that pre-change value.
      
      The result is that, if the backend had been set to "default" (i.e. not
      specified in the config) and was later updated to "VFIO" by
      qemuPrepareHostdevPCIDevices(), the qemu process' MacMemLock is not
      increased (as is required for VFIO device assignment).
      
      This patch delays making the local copy of backend until after its
      potential modification.
      0d0a7bf4
    • D
      Write up the project governance process · e45b0731
      Daniel P. Berrange 提交于
      The project has historically operated as a meritocratic
      consensus based community. Formally document what has
      always been an unwritten assumption amongst the community
      participants. Also include an explicit code of conduct
      to preempt any potential, but unlikely, future problems.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      e45b0731
    • L
      network: change default of forwardPlainNames to 'yes' · 66f75925
      Laine Stump 提交于
      The previous patch fixed "forwardPlainNames" so that it really is
      doing only what is intended, but left the default to be
      "forwardPlainNames='no'". Discussion around the initial version of
      that patch led to the decision that the default should instead be
      "forwardPlainNames='yes'" (i.e. the original behavior before commit
      f3886825). This patch makes that change to the default.
      66f75925
    • L
      network: only prevent forwarding of DNS requests for unqualified names · f69a6b98
      Laine Stump 提交于
      In commit f3868259 we began adding the options
      
        --domain-needed
        --local=/$mydomain/
      
      to all dnsmasq commandlines with the stated reason of preventing
      forwarding of DNS queries for names that weren't fully qualified
      domain names ("FQDN", i.e. a name that included some "."s and a domain
      name). This was later changed to
      
        domain-needed
        local=/$mydomain/
      
      when we moved the options from the dnsmasq commandline to a conf file.
      
      The original patch on the list, and discussion about it, is here:
      
        https://www.redhat.com/archives/libvir-list/2012-August/msg01594.html
      
      When a domain name isn't specified (mydomain == ""), the addition of
      "domain-needed local=//" will prevent forwarding of domain-less
      requests to the virtualization host's DNS resolver, but if a domain
      *is* specified, the addition of "local=/domain/" will prevent
      forwarding of any requests for *qualified* names within that domain
      that aren't resolvable by libvirt's dnsmasq itself.
      
      An example of the problems this causes - let's say a network is
      defined with:
      
         <domain name='example.com'/>
         <dhcp>
            ..
            <host mac='52:54:00:11:22:33' ip='1.2.3.4' name='myguest'/>
         </dhcp>
      
      This results in "local=/example.com/" being added to the dnsmasq options.
      
      If a guest requests "myguest" or "myguest.example.com", that will be
      resolved by dnsmasq. If the guest asks for "www.example.com", dnsmasq
      will not know the answer, but instead of forwarding it to the host, it
      will return NOT FOUND to the guest. In most cases that isn't the
      behavior an admin is looking for.
      
      A later patch (commit 4f595ba6) attempted to remedy this by adding a
      "forwardPlainNames" attribute to the <dns> element. The idea was that
      if forwardPlainNames='yes' (default is 'no'), we would allow
      unresolved names to be forwarded. However, that patch was botched, in
      that it only removed the "domain-needed" option when
      forwardPlainNames='yes', and left the "local=/mydomain/".
      
      Really we should have been just including the option "--domain-needed
      --local=//" (note the lack of domain name) regardless of the
      configured domain of the network, so that requests for names without a
      domain would be treated as "local to dnsmasq" and not forwarded, but
      all others (including those in the network's configured domain) would
      be forwarded. We also shouldn't include *either* of those options if
      forwardPlainNames='yes'. This patch makes those corrections.
      
      This patch doesn't remedy the fact that default behavior was changed
      by the addition of this feature. That will be handled in a subsequent
      patch.
      f69a6b98
    • M
      9073f8a7
    • J
      man: shm-merge-across-nodes is optional · 530a3c7e
      Ján Tomko 提交于
      Mark the shm-merge-across-nodes parameter of node-memory-tune command
      as optional in the virsh man page.
      530a3c7e
    • M
      virnetdevbandwidthtest: Link with libxml2 · defec0de
      Michal Privoznik 提交于
      I've received a notice over IRC that on some systems, the
      virnetdevbandwidthtest is not linked with libxml:
      
        /usr/bin/ld: virnetdevbandwidthtest.o: undefined reference to symbol 'xmlStrEqual@@LIBXML2_2.4.30'
        /usr/lib/x86_64-linux-gnu/libxml2.so.2: error adding symbols: DSO missing from command line
      
      Trivial way avoiding this is to add LIBXML_LIBS to
      virnetdevbandwidthtest_LDADD.
      defec0de
  5. 03 2月, 2014 1 次提交
  6. 01 2月, 2014 1 次提交
    • J
      Resolve Coverity dead_error_begin · 5c36e631
      John Ferlan 提交于
      Coverity complains about default: label in libxl_driver.c not be able
      to be reached. It's by design for the code and since it's not necessary
      in the code nor does it elicit any compiler/make check warnings - just
      remove it rather than adding a coverity[dead_error_begin] tag.
      
      While I'm at it, lxc_driver.c and nodeinfo.c have the same design, so I
      removed the default labels and the existing coverity tags.
      5c36e631
  7. 31 1月, 2014 7 次提交
    • M
      virnetdevbandwidthtest: Introduce some more tests · e60b36cb
      Michal Privoznik 提交于
      And while doing this, fix one error raised by coverity. With
      current code, @actual_cmd is allowed to be NULL for the whole
      run of testVirNetDevBandwidthSet. However, if something else
      was expected, the @actal_cmd is passed to virtTestDifference
      which dereference it immediately.
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      e60b36cb
    • C
      virnetdevbandwidthtest: fix hard coded /sbin/tc · d01596a0
      Cédric Bosdonnat 提交于
      On openSuse, (and possibly other distros), tc isn't located in
      /sbin/tc. To get rid of that problem, use TC constant instead of hard
      coded /sbin/tc in the expected string
      d01596a0
    • D
      Push nwfilter update locking up to top level · 6e5c79a1
      Daniel P. Berrange 提交于
      The NWFilter code has as a deadlock race condition between
      the virNWFilter{Define,Undefine} APIs and starting of guest
      VMs due to mis-matched lock ordering.
      
      In the virNWFilter{Define,Undefine} codepaths the lock ordering
      is
      
        1. nwfilter driver lock
        2. virt driver lock
        3. nwfilter update lock
        4. domain object lock
      
      In the VM guest startup paths the lock ordering is
      
        1. virt driver lock
        2. domain object lock
        3. nwfilter update lock
      
      As can be seen the domain object and nwfilter update locks are
      not acquired in a consistent order.
      
      The fix used is to push the nwfilter update lock upto the top
      level resulting in a lock ordering for virNWFilter{Define,Undefine}
      of
      
        1. nwfilter driver lock
        2. nwfilter update lock
        3. virt driver lock
        4. domain object lock
      
      and VM start using
      
        1. nwfilter update lock
        2. virt driver lock
        3. domain object lock
      
      This has the effect of serializing VM startup once again, even if
      no nwfilters are applied to the guest. There is also the possibility
      of deadlock due to a call graph loop via virNWFilterInstantiate
      and virNWFilterInstantiateFilterLate.
      
      These two problems mean the lock must be turned into a read/write
      lock instead of a plain mutex at the same time. The lock is used to
      serialize changes to the "driver->nwfilters" hash, so the write lock
      only needs to be held by the define/undefine methods. All other
      methods can rely on a read lock which allows good concurrency.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      6e5c79a1
    • D
      Remove windows thread implementation in favour of pthreads · 0240d94c
      Daniel P. Berrange 提交于
      There are a number of pthreads impls available on Win32
      these days, in particular the mingw64 project has a good
      impl. Delete the native windows thread implementation and
      rely on using pthreads everywhere.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      0240d94c
    • D
      Fix pthread_sigmask check for mingw32 without winpthreads · ab697943
      Daniel P. Berrange 提交于
      On Fedora 19 and older the pthreads impl provided with
      mingw does not have any pthread_sigmask impl at all. The
      configure.ac check was not distinguishing this scenario
      from that of a broken pthread_sigmask impl, so was
      mistakenly enabling the libvirt workaround even when it
      was not needed. This in turn conflicted with the gnulib
      provided pthread_sigmask impl.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      ab697943
    • D
      Add a read/write lock implementation · c065984b
      Daniel P. Berrange 提交于
      Add virRWLock backed up by a POSIX rwlock primitive
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      c065984b
    • D
      Skip check-augeas-lockd when QEMU is disabled · 94e09068
      Daniel P. Berrange 提交于
      The check-augeas-lockd test depends on the file
      locking/qemu-lockd.conf, so must be skipped when QEMU
      is disabled.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      94e09068
  8. 30 1月, 2014 5 次提交