1. 14 9月, 2012 6 次提交
    • M
      security: Fix libvirtd crash possibility · b7ff9e69
      Martin Kletzander 提交于
      Fix for CVE-2012-4423.
      
      When generating RPC protocol messages, it's strictly needed to have a
      continuous line of numbers or RPC messages. However in case anyone
      tries backporting some functionality and will skip a number, there is
      a possibility to make the daemon segfault with newer virsh (version of
      the library, rpc call, etc.) even unintentionally.
      
      The problem is that the skipped numbers will get func filled with
      NULLs, but there is no check whether these are set before the daemon
      tries to run them. This patch very simply enhances one check and fixes
      that.
      b7ff9e69
    • G
      snapshot: fix rollback failure in transaction mode · ac89a611
      Guannan Ren 提交于
      BZ:https://bugzilla.redhat.com/show_bug.cgi?id=843372
      when qemu supports the 'transaction' monitor command,
      and libvirt's --reuse-ext flag was not specified, libvirt created
      a stub file with zero size in first place. After the failure of
      QEMU transaction command performing qcow2 snapshots on more than
      one drives, the stub file is left behind with non-empty
      by the QEMU transaction command.
      In order to unlink the file, the patch removes the file size checking.
      
      Steps to reproduce the issue:
      Steps:
       1, Create a qemu instance with two drive images of qcow2 type (root user)
          /usr/libexec/qemu-kvm -m 1024 -smp 1 -name "rhel6u1" \
            -drive file=/var/lib/libvirt/images/firstqcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=none
            -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x5,drive=drive-virtio-disk0,id=virtio-disk0,bootindex=1 \
            -drive file=/var/lib/libvirt/images/secondqcow2,if=none,id=drive-virtio-disk1,format=qcow2,cache=none \
            -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x7,drive=drive-virtio-disk1,id=virtio-disk1 -qmp stdio
      
       2, Initialize qemu qmp
          {"execute":"qmp_capabilities"}
      
       3, Remove the second drive image file
          rm -f /var/lib/libvirt/images/secondqcow2
      
       4, Run 'transaction' command with snapshot qemu commands in.
          {"execute":"transaction","arguments":
            {"actions":
              [{"type":"blockdev-snapshot-sync","data":
                {"device":"drive-virtio-disk0","snapshot-file":"/var/lib/libvirt/images/firstqcow2-snapshot.img","format":"qcow2"}
               },
               {"type":"blockdev-snapshot-sync","data":
                {"device":"drive-virtio-disk1","snapshot-file":"/var/lib/libvirt/images/secondqcow2-snapshot.img","format":"qcow2"}
               }]
            },
         "id":"libvirt-6"}
      
       5, Got the error as follows:
          {"id": "libvirt-6",
            "error": {"class": "OpenFileFailed", "desc": "Could not open '/var/lib/libvirt/images/secondqcow2-snapshot.img'",
                      "data": {"filename": "/var/lib/libvirt/images/secondqcow2-snapshot.img"}
                     }
          }
      
       6, List first newly-created snapshot file:
          -rw-r--r--. 1 root root     262144 Sep 13 11:43 firstqcow2-snapshot.img
      ac89a611
    • O
      Improve virTypedParameterValidateSet · 1e2864c2
      Osier Yang 提交于
      Assume not only domain object will use it.
      1e2864c2
    • G
      Look in Debian's multiarch libs too · 615851dd
      Guido Günther 提交于
      so we don't fail when libnetcf is built as multiarch lib.
      615851dd
    • E
      build: don't fail if libnl-3 is not found · 67936d13
      Eric Blake 提交于
      Commit 9298bfbc changed configure to split the libnl into two
      separate pkg config checks instead of nesting the second check
      on the failure path of the first.  But the default pkg config
      behavior is to abort configure if a check fails.  Since we have
      a second check lined up, we need an explicit failure case that
      does not abort if the first check fails.
      
      Meanwhile, commit 51b708c6 is reverted.  It did not fix any
      behavior, and in fact, introduced a regression to the fallback
      case when the user explicitly sets $LIBNL_CFLAGS.
      
      * configure.ac: Don't abort if libnl-3 is not found.
      67936d13
    • A
      conf: avoid libvirt crash with empty address guestfwd channel · 9ed534f0
      Alex Jia 提交于
      The 'def->target.addr' hasn't been initialized in virDomainChrDefNew() and
      its value is always '0xffffffff', in addition, the following test scenario
      hasn't also include 'address' element in channel XML block, so the branch
      'if (addrStr == NULL)' is hit in virDomainChrDefParseTargetXML(), the
      programming jumps to 'error' label to release relevant resources, and the
      statement 'if (VIR_ALLOC(def->target.addr) < 0)' hasn't been executed then
      the virDomainChrDefFree() will free 'def->target.addr'(0xffffffff) via
      VIR_FREE(), which results in libvirt crash, to use valgrind can also
      find a 'Invalid free() / delete / delete[]' error. This patch just adjusts
      codes order to initialize 'def->target.addr' firstly.
      
      With this patch, libvirt hasn't crash and can get a expected error message "
      XML error: guestfwd channel does not define a target address".
      
      How to reproduce?
      
      1. define a guest with the following channel XML configuration
      
      $ cat foo.xml
      <snip>
          <channel type='pty'>
            <target type='guestfwd'/>
          </channel>
      </snip>
      
      $ virsh define foo.xml
      
      2. actual result
      
      error: Failed to define domain from /tmp/foo.xml
      error: End of file while reading data: Input/output error
      error: Failed to reconnect to the hypervisor
      
      GDB debugger information:
      <snip>
      Breakpoint 1, virDomainChrDefFree (def=0x7f8ab000ec70) at conf/domain_conf.c:1264
      ...ignore
      1264    {
      (gdb) p def->target
      $2 = {port = -1, addr = 0xffffffff, name = 0xffffffff <Address 0xffffffff out of bounds>}
      </snip>
      
      RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=856489Signed-off-by: NAlex Jia <ajia@redhat.com>
      9ed534f0
  2. 13 9月, 2012 23 次提交
  3. 12 9月, 2012 11 次提交
    • D
      parallels: fix parallelsDomainDefineXML for domains with VNC and autoport · 4cf4120b
      Dmitry Guryanov 提交于
      virDomainDefParseString assigns 0 to port if autoport enabled.
      So fix code, which check different between old and new
      configurations.
      4cf4120b
    • D
      parallels: fix parallelsDoCmdRun in case of command failure · 748b6d8e
      Dmitry Guryanov 提交于
      Don't try to dereferece NULL pointer.
      748b6d8e
    • L
      Backcompt for console devices in virDomainDeviceInfoIterate · babe7dad
      Li Zhang 提交于
      Historically, the first <console> element is treated as the
      alias of a <serial> device. In the virDomainDeviceInfoIterate,
      This situation is not considered. It still handles the first <console>
      element as another devices, which means that for console[0] with
      serial targetType, it calls callback function another time.
      It will cause the problem of address conflicts when assigning
      spapr-vio address for serial device on pSeries guest.
      
      For pSeries guest, the serial configuration in the xml file
      is as the following:
               <serial type='pty'>
                     <target port='0'/>
                     <address type='spapr-vio'/>
                </serial>
      
      Console configuration is default, the dumped xml file is as the following:
         <serial type='pty'>
            <source path='/dev/pts/5'/>
            <target port='0'/>
            <alias name='serial0'/>
            <address type='spapr-vio' reg='0x30000000'/>
          </serial>
          <console type='pty' tty='/dev/pts/5'>
            <source path='/dev/pts/5'/>
            <target type='serial' port='0'/>
            <alias name='serial0'/>
            <address type='spapr-vio' reg='0x30000000'/>
          </console>
      
      It shows that the <console> device is the alias of serial device.
      So its address is the same as the serial device. When detecting
      the conflicts in the qemuAssignSpaprVIOAddress the first console
      and the serial device conflicts because virDomainDeviceInfoIterate()
      still handle these as two different devices, and in the qemuAssignSpaprVIOAddress(),
      it will compare these two devices' addressed. If they have same address,
      it will report address conflict error.
      
      So this patch is to handle the first console which targetType is serial
      as the alias of serial device to avoid address conflicts error reported.
      Signed-off-by: NLi Zhang <zhlcindy@linux.vnet.ibm.com>
      babe7dad
    • O
      list: Expose virConnectListAllInterfaces to Python binding · ec448fbf
      Osier Yang 提交于
      The implementation is done manually as the generator does not support
      wrapping lists of C pointers into Python objects.
      
      python/libvirt-override-api.xml: Document
      
      python/libvirt-override-virConnect.py:
        * New file, includes implementation of listAllInterfaces.
      
      python/libvirt-override.c: Implementation for the wrapper.
      ec448fbf
    • O
      list: Use virConnectListAllInterfaces in virsh · 3c2e6472
      Osier Yang 提交于
      tools/virsh-interface.c:
        * vshInterfaceSorter to sort interfaces by name
      
        * vshInterfaceListFree to free the interface objects list.
      
        * vshInterfaceListCollect to collect the interface objects, trying
          to use new API first, fall back to older APIs if it's not supported.
      3c2e6472
    • O
      list: Implement listAllInterfaces · a3cf061c
      Osier Yang 提交于
      This is not that ideal as API for other objects, as it's still
      O(n). Because interface driver uses netcf APIs to manage the
      stuffs, instead of by itself. And netcf APIs don't return a object.
      It provides APIs like old libvirt APIs:
      
         ncf_number_of_interfaces
         ncf_list_interfaces
         ncf_lookup_by_name
         ......
      
      Perhaps we should further improve netcf to let it provide an API
      to return the object, but it could be a later patch. And anyway,
      we will still benefit from the new API for the simplification,
      and no race like the old APIs.
      
      src/interface/netcf_driver.c: Implement listAllInterfaces
      a3cf061c
    • O
      list: Implemente RPC calls for virConnectListAllInterfaces · 65741d84
      Osier Yang 提交于
      The RPC generator doesn't support returning list of object yet, this patch
      do the work manually.
      
        * daemon/remote.c:
          Implemente the server side handler remoteDispatchConnectListAllInterfaces.
      
        * src/remote/remote_driver.c:
          Add remote driver handler remoteConnectListAllInterfaces.
      
        * src/remote/remote_protocol.x:
          New RPC procedure REMOTE_PROC_CONNECT_LIST_ALL_INTERFACES and
          structs to represent the args and ret for it.
      
        * src/remote_protocol-structs: Likewise.
      65741d84
    • O
      list: Define new API virConnectListAllInterfaces · f4af202f
      Osier Yang 提交于
      This is to list the interface objects, supported filtering flags
      are: active|inactive.
      
      include/libvirt/libvirt.h.in: Declare enum virConnectListAllInterfaceFlags
                                    and virConnectListAllInterfaces.
      python/generator.py: Skip auto-generating
      src/driver.h: (virDrvConnectListAllInterfaces)
      src/libvirt.c: Implement the public API
      src/libvirt_public.syms: Export the symbol to public
      f4af202f
    • E
      docs: mention another iaas app built on libvirt · 01fa1d7a
      Eric Blake 提交于
      Reported on the libvirt-users list.
      
      * docs/apps.html.in: Add Eucalyptus.
      Reported by Eric Choi.
      01fa1d7a
    • H
      fix bug in qemuSetupCgroupForEmulator · f7e1a546
      Hu Tao 提交于
      Should not return 0 when failed to setup cgroup.
      f7e1a546
    • E
      build: avoid dirty docs on fresh bootstrap · f36fadca
      Eric Blake 提交于
      * HACKING: Regenerate.
      f36fadca