1. 13 11月, 2013 2 次提交
    • M
      qemu: Don't access vm->priv on unlocked domain · b861c09a
      Michal Privoznik 提交于
      Since 86d90b3a (yes, my patch; again) we are supporting NBD storage
      migration. However, on error recovery path we got the steps reversed.
      The correct order is: return NBD port to the virPortAllocator and then
      either unlock the vm or remove it from the driver. Not vice versa.
      
      ==11192== Invalid write of size 4
      ==11192==    at 0x11488559: qemuMigrationPrepareAny (qemu_migration.c:2459)
      ==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
      ==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
      ==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
      ==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)
      ==11192==    by 0x12DECA: remoteDispatchDomainMigratePrepare3ParamsHelper (remote_dispatch.h:5741)
      ==11192==    by 0x5212127: virNetServerProgramDispatchCall (virnetserverprogram.c:435)
      ==11192==    by 0x5211C86: virNetServerProgramDispatch (virnetserverprogram.c:305)
      ==11192==    by 0x520A8FD: virNetServerProcessMsg (virnetserver.c:165)
      ==11192==    by 0x520A9E1: virNetServerHandleJob (virnetserver.c:186)
      ==11192==    by 0x50DA78F: virThreadPoolWorker (virthreadpool.c:144)
      ==11192==    by 0x50DA11C: virThreadHelper (virthreadpthread.c:161)
      ==11192==  Address 0x1368baa0 is 576 bytes inside a block of size 688 free'd
      ==11192==    at 0x4A07F5C: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==11192==    by 0x5079A2F: virFree (viralloc.c:580)
      ==11192==    by 0x11456C34: qemuDomainObjPrivateFree (qemu_domain.c:267)
      ==11192==    by 0x50F41B4: virDomainObjDispose (domain_conf.c:2034)
      ==11192==    by 0x50C2991: virObjectUnref (virobject.c:262)
      ==11192==    by 0x50F4CFC: virDomainObjListRemove (domain_conf.c:2361)
      ==11192==    by 0x1145C125: qemuDomainRemoveInactive (qemu_domain.c:2087)
      ==11192==    by 0x11488520: qemuMigrationPrepareAny (qemu_migration.c:2456)
      ==11192==    by 0x11488EA6: qemuMigrationPrepareDirect (qemu_migration.c:2652)
      ==11192==    by 0x114D1509: qemuDomainMigratePrepare3Params (qemu_driver.c:10332)
      ==11192==    by 0x519075D: virDomainMigratePrepare3Params (libvirt.c:7290)
      ==11192==    by 0x1502DA: remoteDispatchDomainMigratePrepare3Params (remote.c:4798)
      Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
      (cherry picked from commit 1f2f879e)
      b861c09a
    • J
      Disable nwfilter driver when running unprivileged · 17cfc546
      Ján Tomko 提交于
      When opening a new connection to the driver, nwfilterOpen
      only succeeds if the driverState has been allocated.
      
      Move the privilege check in driver initialization before
      the state allocation to disable the driver.
      
      This changes the nwfilter-define error from:
      error: cannot create config directory (null): Bad address
      To:
      this function is not supported by the connection driver:
      virNWFilterDefineXML
      
      https://bugzilla.redhat.com/show_bug.cgi?id=1029266
      (cherry picked from commit b7829f95)
      17cfc546
  2. 30 10月, 2013 13 次提交
  3. 23 10月, 2013 3 次提交
    • M
      python: Fix Create*WithFiles filefd passing · 713a4f4b
      Marian Neagul 提交于
      Commit d76227be added functions virDomainCreateWithFiles and
      virDomainCreateXMLWithFiles, but there was a little piece missing in
      python bindings.  This patch fixes proper passing of file descriptors
      in the overwrites of these functions.
      713a4f4b
    • J
      build: fix build of virt-login-shell on systems with older gnutls · 549f9649
      Jim Fehlig 提交于
      On systems where gnutls uses libgcrypt, I'm seeing the following
      build failure
      
      libvirt.c:314: error: variable 'virTLSThreadImpl' has initializer but incomplete type
      libvirt.c:319: error: 'GCRY_THREAD_OPTION_PTHREAD' undeclared here (not in a function)
      ...
      
      Fix by undefining WITH_GNUTLS_GCRYPT in config-post.h
      549f9649
    • J
      build: fix linking virt-login-shell · 5a275469
      Jim Fehlig 提交于
      After commit 3e2f27e1, I've noticed build failures of virt-login-shell
      when libapparmor-devel is installed on the build host
      
      CCLD     virt-login-shell
      ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o):
      In function `virExec':
      /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined
      reference to `aa_change_profile'
      collect2: error: ld returned 1 exit status
      
      I was about to commit an easy fix under the build-breaker rule
      (build-fix-1.patch), but thought to extend the notion of SECDRIVER_LIBS
      to SECDRIVER_CFLAGS, and use both throughout src/Makefile.am where it
      makes sense (build-fix-2.patch).
      
      Should I just stick with the simple fix, or is something along the lines
      of patch 2 preferred?
      
      Regards,
      Jim
      
      >From a0f35945f3127ab70d051101037e821b1759b4bb Mon Sep 17 00:00:00 2001
      From: Jim Fehlig <jfehlig@suse.com>
      Date: Mon, 21 Oct 2013 15:30:02 -0600
      Subject: [PATCH] build: fix virt-login-shell build with apparmor
      
      With libapparmor-devel installed, virt-login-shell fails to link
      
      CCLD     virt-login-shell
      ../src/.libs/libvirt-setuid-rpc-client.a(libvirt_setuid_rpc_client_la-vircommand.o): In function `virExec':
      /home/jfehlig/virt/upstream/libvirt/src/util/vircommand.c:653: undefined reference to `aa_change_profile'
      collect2: error: ld returned 1 exit status
      
      Fix by linking libvirt_setuid_rpc_client with previously determined
      SECDRIVER_LIBS in src/Makefile.am.  While at it, introduce SECDRIVER_CFLAGS
      and use both throughout src/Makefile.am where it makes sense.
      Signed-off-by: NJim Fehlig <jfehlig@suse.com>
      
      Conflicts:
      	src/Makefile.am: Context
      5a275469
  4. 21 10月, 2013 5 次提交
  5. 18 10月, 2013 1 次提交
  6. 15 10月, 2013 7 次提交
  7. 07 10月, 2013 1 次提交
  8. 01 10月, 2013 1 次提交
  9. 27 9月, 2013 1 次提交
    • D
      Fix crash in libvirtd when events are registered & ACLs active · 841284a0
      Daniel P. Berrange 提交于
      When a client disconnects from libvirtd, all event callbacks
      must be removed. This involves running the public API
      
        virConnectDomainEventDeregisterAny
      
      This code does not run in normal API dispatch context, so no
      identity was set. The result was that the access control drivers
      denied the attempt to deregister callbacks. The callbacks thus
      continued to trigger after the client was free'd causing fairly
      predictable use of free memory & a crash.
      
      This can be triggered by any client with readonly access when
      the ACL drivers are active.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 8294aa0c)
      841284a0
  10. 25 9月, 2013 1 次提交
    • M
      qemu: Fix seamless SPICE migration · b6ea7abc
      Martin Kletzander 提交于
      Since the wait is done during migration (still inside
      QEMU_ASYNC_JOB_MIGRATION_OUT), the code should enter the monitor as such
      in order to prohibit all other jobs from interfering in the meantime.
      This patch fixes bug #1009886 in which qemuDomainGetBlockInfo was
      waiting on the monitor condition and after GetSpiceMigrationStatus
      mangled its internal data, the daemon crashed.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009886
      (cherry picked from commit 484cc321)
      b6ea7abc
  11. 24 9月, 2013 1 次提交
  12. 20 9月, 2013 1 次提交
  13. 19 9月, 2013 1 次提交
    • D
      Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) · 10d159fe
      Daniel P. Berrange 提交于
      The 'stats' variable was not initialized to NULL, so if some
      early validation of the RPC call fails, it is possible to jump
      to the 'cleanup' label and VIR_FREE an uninitialized pointer.
      This is a security flaw, since the API can be called from a
      readonly connection which can trigger the validation checks.
      
      This was introduced in release v0.9.1 onwards by
      
        commit 158ba873
        Author: Daniel P. Berrange <berrange@redhat.com>
        Date:   Wed Apr 13 16:21:35 2011 +0100
      
          Merge all returns paths from dispatcher into single path
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit e7f400a1)
      10d159fe
  14. 18 9月, 2013 2 次提交