1. 17 3月, 2015 3 次提交
    • J
      libxl: fix regression introduced by commit 4ab8cd77 · a7d6b94a
      Jim Fehlig 提交于
      Commit 4ab8cd77 added a check requiring input devices to have
      a bus type of VIR_DOMAIN_INPUT_BUS_USB, failing to start the
      domain otherwise.  But virDomainDefParseXML adds implicit mouse
      and keyboard if a graphics device is configured.  See calls to
      virDomainDefMaybeAddInput.
      
      The regression is fixed by removing the check requiring USB input
      devices, and skipping non-USB input devices when populating USB
      'usbdevice' in libxl_domain_build_info struct.
      a7d6b94a
    • P
      qemu: block-commit: Mark disk in block jobs only on successful command · ee744b5b
      Peter Krempa 提交于
      Patch 51f9f03a introduces a regression
      where if a blockCommit operation fails the disk is still marked as being
      part of a block job but can't be unmarked later.
      ee744b5b
    • E
      daemon: avoid memleak when ListAll returns nothing · 3c2ff502
      Eric Blake 提交于
      Commit 4f25146b (v1.2.8) managed to silence Coverity, but at the
      cost of a memory leak detected by valgrind:
      ==24129== 40 bytes in 5 blocks are definitely lost in loss record 355 of 637
      ==24129==    at 0x4A08B1C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==24129==    by 0x5084B8E: virReallocN (viralloc.c:245)
      ==24129==    by 0x514D5AA: virDomainObjListExport (domain_conf.c:22200)
      ==24129==    by 0x201227DB: qemuConnectListAllDomains (qemu_driver.c:18042)
      ==24129==    by 0x51CC1B6: virConnectListAllDomains (libvirt-domain.c:6797)
      ==24129==    by 0x14173D: remoteDispatchConnectListAllDomains (remote.c:1580)
      ==24129==    by 0x121BE1: remoteDispatchConnectListAllDomainsHelper (remote_dispatch.h:1072)
      
      In short, every time a client calls a ListAll variant and asks
      for the resulting list, but there are 0 elements to return, we
      end up leaking the 1-entry array that holds the NULL terminator.
      
      What's worse, a read-only client can access these functions in a
      tight loop to cause libvirtd to eventually run out of memory; and
      this can be considered a denial of service attack against more
      privileged clients.  Thankfully, the leak is so small (8 bytes per
      call) that you would already have some other denial of service with
      any guest calling the API that frequently, so an out-of-memory
      crash is unlikely enough that this did not warrant a CVE.
      
      * daemon/remote.c (remoteDispatchConnectListAllDomains)
      (remoteDispatchDomainListAllSnapshots)
      (remoteDispatchDomainSnapshotListAllChildren)
      (remoteDispatchConnectListAllStoragePools)
      (remoteDispatchStoragePoolListAllVolumes)
      (remoteDispatchConnectListAllNetworks)
      (remoteDispatchConnectListAllInterfaces)
      (remoteDispatchConnectListAllNodeDevices)
      (remoteDispatchConnectListAllNWFilters)
      (remoteDispatchConnectListAllSecrets)
      (remoteDispatchNetworkGetDHCPLeases): Plug leak.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      3c2ff502
  2. 16 3月, 2015 21 次提交
  3. 15 3月, 2015 3 次提交
    • E
      network: avoid memory leak of dnsmasq capabilities · eea08abe
      Eric Blake 提交于
      Valgrind detected a leak:
      
      ==17820== 102 (56 direct, 46 indirect) bytes in 1 blocks are definitely lost in loss record 479 of 646
      ==17820==    at 0x4A08946: calloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==17820==    by 0x508521A: virAllocVar (viralloc.c:560)
      ==17820==    by 0x50D9FCA: virObjectNew (virobject.c:193)
      ==17820==    by 0x50A4FD9: dnsmasqCapsNewEmpty (virdnsmasq.c:784)
      ==17820==    by 0x50A514E: dnsmasqCapsNewFromBinary (virdnsmasq.c:830)
      ==17820==    by 0x1B508287: networkStateInitialize (bridge_driver.c:666)
      
      It looks like commit 172acef4 introduced the problem, because
      networkGetDnsmasqCaps() increments the reference count but an
      early exit never does a matching decrement.
      
      * src/network/bridge_driver.c (networkStateCleanup): Plug leak.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      eea08abe
    • E
      netdev: silence valgrind warning about ioctl use · a9abc08d
      Eric Blake 提交于
      Valgrind complained:
      
      ==3770== Syscall param ioctl(SIOCETHTOOL) points to uninitialised byte(s)
      ==3770==    at 0x919D407: ioctl (syscall-template.S:81)
      ==3770==    by 0x530FE7E: rpl_ioctl (ioctl.c:42)
      ==3770==    by 0x50CB433: virNetDevFeatureAvailable (virnetdev.c:2764)
      ==3770==    by 0x50CB6A7: virNetDevGetFeatures (virnetdev.c:2830)
      ==3770==    by 0x1F0E5347: udevProcessNetworkInterface (node_device_udev.c:722)
      ==3770==    by 0x1F0E689F: udevGetDeviceDetails (node_device_udev.c:1300)
      ==3770==    by 0x1F0E6E06: udevAddOneDevice (node_device_udev.c:1422)
      ==3770==    by 0x1F0E6FB8: udevProcessDeviceListEntry (node_device_udev.c:1464)
      ==3770==    by 0x1F0E70CF: udevEnumerateDevices (node_device_udev.c:1494)
      ==3770==    by 0x1F0E7BB4: nodeStateInitialize (node_device_udev.c:1806)
      ==3770==    by 0x51B4303: virStateInitialize (libvirt.c:777)
      ==3770==    by 0x11DEE7: daemonRunStateInit (libvirtd.c:906)
      ==3770==  Address 0x228e38d4 is on thread 12's stack
      ==3770==  in frame #2, created by virNetDevFeatureAvailable (virnetdev.c:2750)
      
      * src/util/virnetdev.c (virNetDevFeatureAvailable): Initialize all
      bytes of ifr.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      a9abc08d
    • E
      virsh: fix report of non-active commit completion · ceec58ac
      Eric Blake 提交于
      Commit f182da20 (v1.2.6) caused a slight regression in virsh
      reporting of a non-active block job; where it used to state
      "Commit complete", it now states "Now in synchronized phase".
      But the synchronized phase is only possible for an active commit.
      
      For a reproducer, I created a chain 'a <- b <- c <- d <- e' and
      ran virsh blockcommit $dom vda --top c --base a --verbose --wait
      
      * tools/virsh-domain.c (cmdBlockCommit): Synchronized phase is
      only possible on active commits.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ceec58ac
  4. 14 3月, 2015 6 次提交
  5. 13 3月, 2015 7 次提交