- 30 6月, 2016 3 次提交
-
-
由 Jiri Denemark 提交于
CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Jean-Marc Liger 提交于
RHEL-6 still needs to use libnl instead of libnl3, so re-add the spec conditional mistakenly removed in commit 3694e038 Author: Daniel P. Berrange <berrange@redhat.com> Date: Wed May 4 15:43:08 2016 +0100 libvirt.spec.in: drop Fedora < 20 and RHEL < 6
-
- 29 6月, 2016 2 次提交
-
-
由 Erik Skultety 提交于
Similarly to what virsh virt-login-shell do, call virAdmInitialize prior to initializing an event loop and initializing the error handler. Commit 97973ebb described and fixed an identical issue for libvirt_lxc. Since virAdmInitialize becomes a public API after applying this patch, the symbol is also added to public syms and the doc string of the method is slightly enhanced analogically to virInitialize. Signed-off-by: NErik Skultety <eskultet@redhat.com>
-
由 Ján Tomko 提交于
virNetServerClientGetInfo returns the client's remote address as a string, which is a part of the client object. Use VIR_STRDUP to make a copy which can be freely accessed even after the virNetServerClient object is unlocked. To reproduce, put a sleep between virObjectUnlock in virNetServerClientGetInfo and virTypedParamsAddString in adminClientGetInfo, then close the queried connection during that sleep.
-
- 28 6月, 2016 5 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1316370 Consider the following disk for a domain: <disk type='volume' device='cdrom'> <driver name='qemu' type='raw'/> <auth username='libvirt'> <secret type='iscsi' usage='libvirtiscsi'/> </auth> <source pool='iscsi-secret-pool' volume='unit:0:0:0' mode='direct' startupPolicy='optional'/> <target dev='sda' bus='scsi'/> <readonly/> <address type='drive' controller='0' bus='0' target='0' unit='0'/> </disk> Now, startupPolicy is currently not allowed for iscsi disks, so one would expect an error message to be thrown. But what a surprise is waiting for users if they try to start up such domain: ==15724== Invalid free() / delete / delete[] / realloc() ==15724== at 0x4C2B1F0: free (vg_replace_malloc.c:473) ==15724== by 0x54B7A69: virFree (viralloc.c:582) ==15724== by 0x552DC90: virStorageAuthDefFree (virstoragefile.c:1549) ==15724== by 0x552F023: virStorageSourceClear (virstoragefile.c:2055) ==15724== by 0x552F054: virStorageSourceFree (virstoragefile.c:2067) ==15724== by 0x55556AA: virDomainDiskDefFree (domain_conf.c:1562) ==15724== by 0x5557ABE: virDomainDefFree (domain_conf.c:2547) ==15724== by 0x1B43CC42: qemuProcessStop (qemu_process.c:5918) ==15724== by 0x1B43BA2E: qemuProcessStart (qemu_process.c:5511) ==15724== by 0x1B48993E: qemuDomainObjStart (qemu_driver.c:7050) ==15724== by 0x1B489B9A: qemuDomainCreateWithFlags (qemu_driver.c:7104) ==15724== by 0x1B489C01: qemuDomainCreate (qemu_driver.c:7122) ==15724== Address 0x21cfbb90 is 0 bytes inside a block of size 48 free'd ==15724== at 0x4C2B1F0: free (vg_replace_malloc.c:473) ==15724== by 0x54B7A69: virFree (viralloc.c:582) ==15724== by 0x552DC90: virStorageAuthDefFree (virstoragefile.c:1549) ==15724== by 0x12D1C8D4: virStorageTranslateDiskSourcePool (storage_driver.c:3475) ==15724== by 0x1B4396E4: qemuProcessPrepareDomain (qemu_process.c:4896) ==15724== by 0x1B43B880: qemuProcessStart (qemu_process.c:5466) ==15724== by 0x1B48993E: qemuDomainObjStart (qemu_driver.c:7050) ==15724== by 0x1B489B9A: qemuDomainCreateWithFlags (qemu_driver.c:7104) ==15724== by 0x1B489C01: qemuDomainCreate (qemu_driver.c:7122) ==15724== by 0x561CA97: virDomainCreate (libvirt-domain.c:6787) ==15724== by 0x12B6FD: remoteDispatchDomainCreate (remote_dispatch.h:4116) ==15724== by 0x12B61A: remoteDispatchDomainCreateHelper (remote_dispatch.h:4092) The problem is, in virStorageTranslateDiskSourcePool disk def->src->auth is freed, but the pointer is not set to NULL. So later, when qemuProcessStop starts to free the domain definition, virStorageAuthDefFree() tries to free the memory again, instead of jumping out immediately. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Jaroslav Suchanek 提交于
Reorder code for setting default log level from cmdline prior initialization of log outputs. Thus the --verbose option is reflected. This resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1325072
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Andrea Bolognani 提交于
-
由 Olga Krishtal 提交于
Patch fixes vz build after changes in IP-related netdev functions(cf0568b0, fbc1843d). Signed-off-by: NOlga Krishtal <okrishtal@virtuozzo.com>
-
- 27 6月, 2016 30 次提交
-
-
由 Andrea Bolognani 提交于
Commit cf0568b0 moved a bunch of functions from virNetDev to the more specific virNetDevIP; however, not all of the existing uses were moved properly, causing build failures on FreeBSD. Complete the transition to the new names and drop the obsolete declarations from the header file while at it.
-
由 Andrea Bolognani 提交于
Not including the header causes util/virnetdevip.c:520:5: error: unknown type name 'virCommandPtr'; did you mean 'virCondPtr'? virCommandPtr cmd = NULL; ^~~~~~~~~~~~~ and plenty more similar failures when compiling on FreeBSD.
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1343442 When a client connects, it is placed into a queue. As soon as it authenticate, it is taken out of that queue and placed into a different one. Now, we have a setting in the daemon config file that allows users to control the length of the queue of yet not authenticated clients. By default, it has a value 20 but in the description to the config knob we clam it's zero. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Laine Stump 提交于
For type='ethernet' interfaces only.
-
由 Laine Stump 提交于
-
由 Laine Stump 提交于
This will apply to any IP address setting that uses virNetDevIPInfoAddToDev() (which so far is only the guest-side of LXC type='ethernet' interfaces).
-
由 Laine Stump 提交于
This is place as a sub-element of <source>, where other aspects of the host-side connection to the network device are located (network or bridge name, udp listen port, etc). It's a bit odd that the interface we're configuring with this info is itself named in <target dev='x'/>, but that ship sailed long ago: <interface type='ethernet'> <mac address='00:16:3e:0f:ef:8a'/> <source> <ip address='192.168.122.12' family='ipv4' prefix='24' peer='192.168.122.1'/> <ip address='192.168.122.13' family='ipv4' prefix='24'/> <route family='ipv4' address='0.0.0.0' gateway='192.168.122.1'/> <route family='ipv4' address='192.168.124.0' prefix='24' gateway='192.168.124.1'/> </source> </interface> In practice, this will likely only be useful for type='ethernet', so its presence in any other type of interface is currently forbidden in the generic device Validate function (but it's been put into the general population of virDomainNetDef rather than the ethernet-specific union member so that 1) we can more easily add the capability to other types, and 2) we can retain the info when set to an invalid interface type all the way through to validation and report a proper error, rather than just ignoring it (which is currently what happens for many other type-specific settings). (NB: The already-existing configuration of IP info for the guest-side of interfaces is in subelements directly under <interface>, and the name of the guest-side interface (when configurable) is in <guest dev='x'/>).
-
由 Vasiliy Tolstov 提交于
The peer attribute is used to set the property of the same name in the interface IP info: <interface type='ethernet'> ... <ip family='ipv4' address='192.168.122.5' prefix='32' peer='192.168.122.6'/> ... </interface> Note that this element is used to set the IP information on the *guest* side interface, not the host side interface - that will be supported in an upcoming patch. (This is an updated *re*-commit of commit 690969af, which was subsequently reverted in commit 1d14b13f). Signed-off-by: NVasiliy Tolstov <v.tolstov@selfip.ru> Signed-off-by: NLaine Stump <laine@laine.org>
-
由 Laine Stump 提交于
This patch takes the code out of lxcContainerRenameAndEnableInterfaces() that adds all IP addresses and IP routes to the interface, and puts it into a utility function virNetDevIPInfoAddToDev() in virnetdevip.c so that it can be used by anyone. One small change in functionality - lxcContainerRenameAndEnableInterfaces() previously would add all IP addresses to the interface while it was still offline, then set the interface online, and then add the routes. Because I don't want the utility function to set the interface online, I've moved this up so the interface is first set online, then IP addresses and routes are added. This is the same order that the network service from initscripts (in ifup-ether) does it, so it shouldn't pose any problem (and hasn't, in the tests that I've run).
-
由 Laine Stump 提交于
It makes more sense to have the logging at the lower level so other callers can share the goodness. While removing so much stuff from / touching so many lines in lxcContainerRenameAndEnableInterfaces() (which used to have this debug/error logging), label names were changed and it was updated to use the now-more-common method of initializing ret to -1 (failure), then setting to 0 right before the cleanup label.
-
由 Laine Stump 提交于
virDomainNetIPInfoParseXML() and virDomainNetIPInfoFormat() are no longer "unused", so we can now remove the "ATTRIBUTE_UNUSED" from their definitions, since virDomainNetIPInfoFormat() is now the only caller of virDomainNetIPsFormat() and virDomainNetRoutesFormat(), those two functions can simply be subsumed into virDomainNetIPInfoFormat().
-
由 Laine Stump 提交于
libvirt's qemu driver doesn't have direct access to the config on the guest side of a network interface, and currently doesn't have any method in place to even inform the guest of the desired config. In the future, an unenforceable attempt to set the guest-side IP info could be made by adding a static host entry to the appropriate dnsmasq configuration (or changing the default dhcp client address on the qemu commandline for type='user' interfaces), or enhancing the guest agent to allow setting an IP address, but for now it can't have any effect, and we don't want to give the illusion that it does. To prevent the "disappearance" of any existing configs with ip address/route info (due to parser failure), this check is added in the newly implemented qemuDomainDeviceDefValidate(), which is only called when a domain is defined or started, *not* when it is reread from disk at libvirtd startup.
-
由 Laine Stump 提交于
All the same information was already there, just in slightly different places in the virDomainNetDef.
-
由 Laine Stump 提交于
a.k.a. <hostdev mode='capabilities' type='net'>. This replaces the existing nips, ips, nroutes, and routes with a single virNetDevIPInfo, and simplifies the code by calling that object's parse/format/clear functions instead of open coding.
-
由 Laine Stump 提交于
There are currently two places in the domain where this combination is used, and there is about to be another. This patch puts them together for brevity and uniformity. As with the newly-renamed virNetDevIPAddr and virNetDevIPRoute objects, the new virNetDevIPInfo object will need to be accessed by a utility function that calls low level Netlink functions (so we don't want it to be in the conf directory) and will be called from multiple hypervisor drivers (so it can't be in any hypervisor directory); the most appropriate place is thus once again the util directory. The parse and format functions are in conf/domain_conf.c because only the domain XML (i.e. *not* the network XML) has this exact combination of IP addresses plus routes. Note that virDomainNetIPInfoFormat() will end up being the only caller to virDomainNetRoutesFormat() and virDomainNetIPsFormat(), so it will just subsume those functions in a later patch, but we can't do that until they are no longer called. (It would have been nice to include the interface name within the virNetDevIPInfo object (with a slight name change), but that can't be done cleanly, because in each case the interface name is provided in a different place in the XML relative to the routes and IP addresses, so putting it in this object would actually make the code more confused rather than simpler).
-
由 Laine Stump 提交于
These functions all need to be called from a utility function that must be located in the util directory, so we move them all into util/virnetdevip.[ch] now that it exists. Function and struct names were appropriately changed for the new location, but all code is unchanged aside from motion and renaming.
-
由 Laine Stump 提交于
This patch splits virnetdev.[ch] into multiple files, with the new virnetdevip.[ch] containing all the functions related to setting and retrieving IP-related info for a device (both addresses and routes).
-
由 Laine Stump 提交于
When support for <interface type='ethernet'> was added in commit 9a4b705f back in 2010, it erroneously looked at <source dev='blah'/> for a user-specified guest-side interface name. This was never documented though. (that attribute already existed at the time in the data.ethernet union member of virDomainNetDef, but apparently had no practical use - it was only used as a storage place for a NetDef's bridge name during qemuDomainXMLToNative(), but even then that was never used for anything). When support for similar guest-side device naming was added to the lxc driver several years later, it was put in a new subelement <guest dev='blah'/>. In the intervening years, since there was no validation that ethernet.dev was NULL in the other drivers that didn't actually use it, innocent souls who were adding other features assuming they needed to account for non-NULL ethernet.dev when really they didn't, so little bits of the usual pointless cargo-cult code showed up. This patch not only switches the openvz driver to use the documented <guest dev='blah'/> notation for naming the guest-side device (just in case anyone is still using the openvz driver), and logs an error if anyone tries to set <source dev='blah'/> for a type='ethernet' interface, it also removes the cargo-cult uses of ethernet.dev and <source dev='blah'/>, and eliminates if from the RNG and from virDomainNetDef. NB: I decided on this course of action after mentioning the inconsistency here: https://www.redhat.com/archives/libvir-list/2016-May/msg02038.html and getting encouragement do eliminate it in a later IRC discussion with danpb.
-
由 Laine Stump 提交于
in qemuConnectDomainXMLToNative. This function was only accounting for about 1/10 of all the allocated items in the NetDef prior to memseting it to all 0's. On top of that, it was going to great pains to learn the name of the bridge device, but then never doing anything useful with it (just putting it into data.ethernet.dev, which is *never* used when building a qemu commandline). (I think this again all started off as code with good intentions, but it was never completed, and instead was just Frankensteinically cargo-culted into the odd mish mash we have today). The resulting code is much simpler, produces exactly the same output, and doesn't leak memory.
-
由 Laine Stump 提交于
This patch removes the expanded and duplicated code that all sprung out of two well-intentioned-but-useless settings of net->data.(bridge|ethernet).ipaddr. qemu has never supported even a single IP address in the interface config, much less a list of them. All of the instances of "clearing out the IP addresses" that are now in this function originated with commit d8dbd6 "Basic domain XML conversions for Xen/QEMU drivers" in May 2009, but even then the single "ipaddr" in the struct for type='ethernet' and type='bridge' wasn't used in the qemu driver (only in xen and openvz). Since then anyone who added a new interface type also tacked on another unnecessary clearing of ipaddr, and when it was made into a list of IPs (so far supported only by the LXC driver) this simple setting was turned into a loop (well, multiple loops) to clear them all.
-
由 Laine Stump 提交于
We need to clear these out without freeing the object completely.
-
由 Laine Stump 提交于
Commit c9a641 (first appearred in 1.2.12) added support for setting the guest-side IP address of veth devices in lxc domains. Unfortunately, it hardcoded the assumption that the proper prefix for any IP address with no explicit prefix in the config should be "24"; that is only correct for class C IPv4 addresses, but not for any other IPv4 address, nor for any IPv6 address. The good news is that there is already a function in libvirt that will determine the proper default prefix for any IP address. This patch replaces the use of the ill-fated VIR_SOCKET_ADDR_DEFAULT_PREFIX with calls to virSocketAddrGetIPPrefix().
-
由 Laine Stump 提交于
lxcContainerRenameAndEnableInterfaces() isn't making a copy of the interface's ifname_guest (into newname), it's just copying the pointer to it. This means that when it later calls VIR_FREE(newname), it's actually freeing up (and fortunately NULLing out, so at least we don't try to access free'd memory) netDef->ifname_guest.
-
由 Laine Stump 提交于
There are times when we don't have a netmask pointer to give to virSocketAddrGetIPPrefix() (e.g. the IP addresses in domain interfaces only have a prefix, no netmask), but it would have caused a segv if we called it with NULL instead of a pointer to a netmask. This patch qualifies the code that would use the netmask or address pointers to check for NULL first.