- 17 1月, 2014 2 次提交
-
-
由 Eric Blake 提交于
Several APIs clear out a user input buffer before attempting to populate it; but in a few cases we missed this memset if we detect a reason for an early exit. Note that these APIs check for non-NULL arguments, and exit early with an error message when NULL is passed in; which means that we must be careful to avoid a NULL deref in order to get to that error message. Also, we were inconsistent on the use of sizeof(virType) vs. sizeof(expression); the latter is more robust if we ever change the type of the expression (although such action is unlikely since these types are part of our public API). * src/libvirt.c (virDomainGetInfo, virDomainGetBlockInfo) (virStoragePoolGetInfo, virStorageVolGetInfo) (virDomainGetJobInfo, virDomainGetBlockJobInfo): Move memset before any returns. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Martin Kletzander 提交于
There is a number of reported issues when we fail starting a domain. Turns out that, in some scenarios like high load, 3 second timeout is not enough for qemu to start up to the phase where the socket is created. Since there is no downside of waiting longer, raise the timeout right to 30 seconds. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 16 1月, 2014 19 次提交
-
-
由 Pavel Hrdina 提交于
Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
In a "for" loop there are created two new strings and they may not be freed if a "target" string cannot be obtained. We have to free the two created strings to prevent the memory leak. This has been found by coverity. John also pointed out that we should somehow care about the "type" and "device" and Osier agreed to exit with error message if one of them is set to NULL. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Peter Krempa 提交于
To allow using the storage driver APIs to do operation on generic domain disks we will need to introduce internal storage pools that will give is a base to support this stuff even on files that weren't originally defined as a part of the pool. This patch introduces the 'internal' flag for a storage pool that will prevent it from being listed along with the user defined storage pools.
-
由 Peter Krempa 提交于
Separate the steps to create libvirt's volume metadata from the actual volume building process.
-
由 Peter Krempa 提交于
Separate the steps to create libvirt's volume metadata from the actual volume building process.
-
由 Peter Krempa 提交于
Separate the steps to create libvirt's volume metadata from the actual volume building process.
-
由 Peter Krempa 提交于
Separate the steps to create libvirt's volume metadata from the actual volume building process. This is already done for regular file based pools to allow job support for storage APIs.
-
由 Peter Krempa 提交于
Implement the "deleteVol" storage backend function for gluster volumes.
-
由 Christophe Fergeau 提交于
Currently, during XML parsing, when a call to a FromString() function to get an enum value fails, the error which is reported is either VIR_ERR_CONFIG_UNSUPPORTED, VIR_ERR_INTERNAL_ERROR or VIR_ERR_XML_ERROR. This commit makes such conversion failures consistently return VIR_ERR_CONFIG_UNSUPPORTED.
-
由 Christophe Fergeau 提交于
-
由 Daniel Veillard 提交于
* docs/news.html.in libvirt.spec.in: updated for the release * po/*.po*: updated localization from transifex and regenerated
-
由 Eric Blake 提交于
Ever since ACL filtering was added in commit 76397360 (v1.1.1), a user could still use event registration to obtain access to a domain that they could not normally access via virDomainLookup* or virConnectListAllDomains and friends. We already have the framework in the RPC generator for creating the filter, and previous cleanup patches got us to the point that we can now wire the filter through the entire object event stack. Furthermore, whether or not domain:getattr is honored, use of global events is a form of obtaining a list of networks, which is covered by connect:search_domains added in a93cd08f (v1.1.0). Ideally, we'd have a way to enforce connect:search_domains when doing global registrations while omitting that check on a per-domain registration. But this patch just unconditionally requires connect:search_domains, even when no list could be obtained, based on the following observations: 1. Administrators are unlikely to grant domain:getattr for one or all domains while still denying connect:search_domains - a user that is able to manage domains will want to be able to manage them efficiently, but efficient management includes being able to list the domains they can access. The idea of denying connect:search_domains while still granting access to individual domains is therefore not adding any real security, but just serves as a layer of obscurity to annoy the end user. 2. In the current implementation, domain events are filtered on the client; the server has no idea if a domain filter was requested, and must therefore assume that all domain event requests are global. Even if we fix the RPC protocol to allow for server-side filtering for newer client/server combos, making the connect:serach_domains ACL check conditional on whether the domain argument was NULL won't benefit older clients. Therefore, we choose to document that connect:search_domains is a pre-requisite to any domain event management. Network events need the same treatment, with the obvious change of using connect:search_networks and network:getattr. * src/access/viraccessperm.h (VIR_ACCESS_PERM_CONNECT_SEARCH_DOMAINS) (VIR_ACCESS_PERM_CONNECT_SEARCH_NETWORKS): Document additional effect of the permission. * src/conf/domain_event.h (virDomainEventStateRegister) (virDomainEventStateRegisterID): Add new parameter. * src/conf/network_event.h (virNetworkEventStateRegisterID): Likewise. * src/conf/object_event_private.h (virObjectEventStateRegisterID): Likewise. * src/conf/object_event.c (_virObjectEventCallback): Track a filter. (virObjectEventDispatchMatchCallback): Use filter. (virObjectEventCallbackListAddID): Register filter. * src/conf/domain_event.c (virDomainEventFilter): New function. (virDomainEventStateRegister, virDomainEventStateRegisterID): Adjust callers. * src/conf/network_event.c (virNetworkEventFilter): New function. (virNetworkEventStateRegisterID): Adjust caller. * src/remote/remote_protocol.x (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER) (REMOTE_PROC_CONNECT_DOMAIN_EVENT_REGISTER_ANY) (REMOTE_PROC_CONNECT_NETWORK_EVENT_REGISTER_ANY): Generate a filter, and require connect:search_domains instead of weaker connect:read. * src/test/test_driver.c (testConnectDomainEventRegister) (testConnectDomainEventRegisterAny) (testConnectNetworkEventRegisterAny): Update callers. * src/remote/remote_driver.c (remoteConnectDomainEventRegister) (remoteConnectDomainEventRegisterAny): Likewise. * src/xen/xen_driver.c (xenUnifiedConnectDomainEventRegister) (xenUnifiedConnectDomainEventRegisterAny): Likewise. * src/vbox/vbox_tmpl.c (vboxDomainGetXMLDesc): Likewise. * src/libxl/libxl_driver.c (libxlConnectDomainEventRegister) (libxlConnectDomainEventRegisterAny): Likewise. * src/qemu/qemu_driver.c (qemuConnectDomainEventRegister) (qemuConnectDomainEventRegisterAny): Likewise. * src/uml/uml_driver.c (umlConnectDomainEventRegister) (umlConnectDomainEventRegisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventRegisterAny): Likewise. * src/lxc/lxc_driver.c (lxcConnectDomainEventRegister) (lxcConnectDomainEventRegisterAny): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
We haven't had a release with network events yet, so we are free to fix the RPC so that it actually does what we want. Doing client-side filtering of per-network events is inefficient if a connection is only interested in events on a single network out of hundreds available on the server. But to do server-side per-network filtering, the server needs to know which network to filter on - so we need to pass an optional network over on registration. Furthermore, it is possible to have a client with both a global and per-network filter; in the existing code, the server sends only one event and the client replicates to both callbacks. But with server-side filtering, the server will send the event twice, so we need a way for the client to know which callbackID is sending an event, to ensure that the client can filter out events from a registration that does not match the callbackID from the server. Likewise, the existing style of deregistering by eventID alone is fine; but in the new style, we have to remember which callbackID to delete. This patch fixes the RPC wire definition to contain all the needed pieces of information, and hooks into the server and client side improvements of the previous patches, in order to switch over to full server-side filtering of network events. Also, since we fixed this in time, all released versions of libvirtd that support network events also support per-network filtering, so we can hard-code that assumption into network_event.c. Converting domain events to server-side filtering will require the introduction of new RPC numbers, as well as a server feature bit that the client can use to tell whether to use old-style (server only supports global events) or new-style (server supports filtered events), so that is deferred to a later set of patches. * src/conf/network_event.c (virNetworkEventStateRegisterClient): Assume server-side filtering. * src/remote/remote_protocol.x (remote_connect_network_event_register_any_args): Add network argument. (remote_connect_network_event_register_any_ret): Return callbackID instead of count. (remote_connect_network_event_deregister_any_args): Pass callbackID instead of eventID. (remote_connect_network_event_deregister_any_ret): Drop unused type. (remote_network_event_lifecycle_msg): Add callbackID. * daemon/remote.c (remoteDispatchConnectNetworkEventDeregisterAny): Drop unused arg, and deal with callbackID from client. (remoteRelayNetworkEventLifecycle): Pass callbackID. (remoteDispatchConnectNetworkEventRegisterAny): Likewise, and recognize non-NULL network. * src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny): Pass network, and track server side id. (remoteConnectNetworkEventDeregisterAny): Deregister by callback id. (remoteNetworkBuildEventLifecycle): Pass remote id to event queue. * src/remote_protocol-structs: Regenerate. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
In order to mirror a server with per-object filtering, the client needs to track which server callbackID is servicing the client callback. This patch introduces the notion of a serverID, as well as the plumbing to use it for network events, although the actual complexity of using per-object filtering in the remote driver is deferred to a later patch. * src/conf/object_event.h (virObjectEventStateEventID): Add parameter. (virObjectEventStateQueueRemote, virObjectEventStateSetRemote): New prototypes. (virObjectEventStateRegisterID): Move... * src/conf/object_event_private.h: ...here, and add parameter. (_virObjectEvent): Add field. * src/conf/network_event.h (virNetworkEventStateRegisterClient): New prototype. * src/conf/object_event.c (_virObjectEventCallback): Add field. (virObjectEventStateSetRemote): New function. (virObjectEventStateQueue): Make wrapper around... (virObjectEventStateQueueRemote): New function. (virObjectEventCallbackListCount): Tweak return count when remote id matching is used. (virObjectEventCallbackLookup, virObjectEventStateRegisterID): Tweak registration when remote id matching will be used. (virObjectEventNew): Default to no remote id. (virObjectEventCallbackListAddID): Likewise, but set remote id when one is available. (virObjectEventCallbackListRemoveID) (virObjectEventCallbackListMarkDeleteID): Adjust return value when remote id was set. (virObjectEventStateEventID): Query existing id. (virObjectEventDispatchMatchCallback): Require matching event id. (virObjectEventStateCallbackID): Adjust caller. * src/conf/network_event.c (virNetworkEventStateRegisterClient): New function. (virNetworkEventStateRegisterID): Update caller. * src/conf/domain_event.c (virDomainEventStateRegister) (virDomainEventStateRegisterID): Update callers. * src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny) (remoteConnectNetworkEventDeregisterAny) (remoteConnectDomainEventDeregisterAny): Likewise. (remoteEventQueue): Hoist earlier to avoid forward declaration, and add parameter. Adjust all callers. * src/libvirt_private.syms (conf/object_event.h): Drop function. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Right now, the daemon side of RPC events is hard-coded to at most one callback per eventID. But when there are hundreds of domains or networks coupled and multiple conections, then sending every event to every connection that wants an event, even for the connections that only care about events for a particular object, is inefficient. In order to track more than one callback in the server, we need to store callbacks by more than just their eventID. This patch rearranges the daemon side to store network callbacks in a dynamic array, which can eventually be used for multiple callbacks of the same eventID, although actual behavior is unchanged without further patches to the RPC protocol. For ease of review, domain events are saved for a later patch, as they touch more code. While at it, fix a bug where a malicious client could send a negative eventID to cause network event registration to access outside of array bounds (thankfully not a CVE, since domain events were already doing the bounds check, and since network events have not been released). * daemon/libvirtd.h (daemonClientPrivate): Alter the tracking of network events. * daemon/remote.c (daemonClientEventCallback): New struct. (remoteEventCallbackFree): New function. (remoteClientInitHook, remoteRelayNetworkEventLifecycle) (remoteClientFreeFunc) (remoteDispatchConnectNetworkEventRegisterAny): Track network callbacks differently. (remoteDispatchConnectNetworkEventDeregisterAny): Enforce bounds. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Peter Krempa 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1047659 If a VM dies very early during an attempted connect to the guest agent while the locks are down the domain monitor object will be freed. The object is then accessed later as any failure during guest agent startup isn't considered fatal. In the current upstream version this doesn't lead to a crash as virObjectLock called when entering the monitor in qemuProcessDetectVcpuPIDs checks the pointer before attempting to dereference (lock) it. The NULL pointer is then caught in the monitor helper code. Before the introduction of virObjectLockable - observed on 0.10.2 - the pointer is locked directly via virMutexLock leading to a crash. To avoid this problem we need to differentiate between the guest agent not being present and the VM quitting when the locks were down. The fix reorganizes the code in qemuConnectAgent to add the check and then adds special handling to the callers.
-
由 Eric Blake 提交于
While working on v1.0.5-maint (the branch in use on Fedora 19) with the host at Fedora 20, I got a failure in virstoragetest. I traced it to the fact that we were using qemu-img to create a qcow2 file, but qemu-img changed from creating v2 files by default in F19 to creating v3 files in F20. Rather than leaving it up to qemu-img, it is better to write the test to force testing of BOTH file formats (better code coverage and all). This patch alone does not fix all the failures in v1.0.5-maint; for that, we must decide to either teach the older branch to understand v3 files, or to reject them outright as unsupported. But for upstream, making the test less dependent on changing qemu-img defaults is always a good thing. * tests/virstoragetest.c (testPrepImages): Simplify creation of raw file; check if qemu supports compat and if so use it. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Mitre tried to assign us two separate CVEs for the fix for https://bugzilla.redhat.com/show_bug.cgi?id=1047577, on the grounds that the fixes were separated by more than an hour and thus triggered different hourly snapshots. But we explicitly do NOT want to treat transient security bugs as CVEs if they can only be triggered by patches in libvirt.git but where the problem is cleaned up before a formal release. Meanwhile, I noticed that while our wiki mentioned maintenance branches and releases, our formal documentation did not. * docs/downloads.html.in: Contrast hourly snapshots with maintenance branches. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Claudio Bley 提交于
s/is waken up/is woken up/ A registered PMSuspendCallback is called when the domain is suspended, not when it is woken up.
-
- 15 1月, 2014 7 次提交
-
-
由 Pavel Hrdina 提交于
For a "newfd1" the coverity tools thinks that the fd is closed in a "virCommandPassFD", but with "flags == 0" it cannot be closed. The code itself is ok, but coverity tool thinks that there is "double_close" of the "newfd1" and to prevent showing this error we simply add a comment before the proper close. This has been found by coverity. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
Strings "file" and "context" may not be freed if "VIR_EXPAND_N" fails and it leads into memory leak. This has been found by coverity. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
A "xmlstr" string may not be assigned into a "doc" pointer and it could cause memory leak. To fix it if the "doc" pointer is NULL and the "xmlstr" string is not assigned we should free it. This has been found by coverity. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Pavel Hrdina 提交于
There could be a memory leak caused by "managed_system" string, if any error occurs before "managed_system" is assigned into "phyp_driver->managed_system". The "managed_system" string wouldn't be freed at all. The better way is to free the "managed_system" instead of the one assigned in the "phyp_driver". This has been found by coverity. Pointed out by John, that the "phyp_driver->xmlopt" needs to be unreferenced as well. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Pavel Hrdina 提交于
If there is no error while executing a function "openvzParseBarrierLimit" a "str" string where is duplicate of a "value" string isn't freed and it leads into memory leak. This has been found by coverity. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Gao feng 提交于
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Eric Blake 提交于
I ran 'git add .' for a patch in progress, while in the middle of running 'make check' to test my work, and was surprised when it picked up some files I wasn't expecting. * .gitignore: Ignore *.pem. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 14 1月, 2014 4 次提交
-
-
由 Nehal J Wani 提交于
While running objecteventtest, it was found that valgrind pointed out the following memory leak: ==125== 538 (56 direct, 482 indirect) bytes in 1 blocks are definitely lost in loss record 216 of 226 ==125== at 0x4A06B6F: calloc (vg_replace_malloc.c:593) ==125== by 0x4C65D8D: virAllocVar (viralloc.c:558) ==125== by 0x4C9F055: virObjectNew (virobject.c:190) ==125== by 0x4D2B2E8: virGetDomain (datatypes.c:220) ==125== by 0x4D79180: testDomainDefineXML (test_driver.c:2962) ==125== by 0x4D4977D: virDomainDefineXML (libvirt.c:8512) ==125== by 0x4029C2: testDomainCreateXMLMixed (objecteventtest.c:226) ==125== by 0x403A21: virtTestRun (testutils.c:138) ==125== by 0x4021C2: mymain (objecteventtest.c:549) ==125== by 0x4040C2: virtTestMain (testutils.c:593) ==125== by 0x341F421A04: (below main) (libc-start.c:225) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When writing commit 173c2914, I missed the fact virNetServerClientClose unlocks the client object before actually clearing client->sock and thus it is possible to hit a window when client->keepalive is NULL while client->sock is not NULL. I was thinking client->sock == NULL was a better check for a closed connection but apparently we have to go with client->keepalive == NULL to actually fix the crash. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Peter Krempa 提交于
-
由 Eric Blake 提交于
On my Fedora 20 box with mingw cross-compiler, the build failed with: ../../src/rpc/virnetclient.c: In function 'virNetClientSetTLSSession': ../../src/rpc/virnetclient.c:745:14: error: unused variable 'oldmask' [-Werror=unused-variable] sigset_t oldmask, blockedsigs; ^ I traced it to the fact that mingw64-winpthreads installs a header that does #define pthread_sigmask(...) 0, which means any argument only ever passed to pthread_sigmask is reported as unused. This patch works around the compilation failure, with behavior no worse than what mingw already gives us regarding the function being a no-op. * configure.ac (pthread_sigmask): Probe for broken mingw macro. * src/util/virutil.h (pthread_sigmask): Rewrite to something that avoids unused variables. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 13 1月, 2014 2 次提交
-
-
由 Peter Krempa 提交于
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, the daemon's event loop delegates it to a worker thread. In case the event loop detects EOF on the connection and calls virNetServerClientClose before the worker thread starts to handle REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be disposed by the time virNetServerClientStartKeepAlive gets called from remoteDispatchConnectSupportsFeature. Because the flow is common for both authenticated and read-only connections, even unprivileged clients may cause the daemon to crash. To avoid the crash, virNetServerClientStartKeepAlive needs to check if the connection is still open before starting keep-alive protocol. Every libvirt release since 0.9.8 is affected by this bug.
-
- 11 1月, 2014 2 次提交
-
-
由 Daniel P. Berrange 提交于
Any test suite which involves a virDomainDefPtr should call virDomainDefCheckABIStability with itself just as a basic sanity check that the identity-comparison always succeeds. This would have caught the recent NULL pointer access crash. Make sure we cope with def->name being NULL since the VMWare config parser produces NULL names. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Eric Blake 提交于
When idmap was added to LXC, we forgot to cover it in the testsuite. The schema was missing an <element> layer, and as a result, virt-xml-validate was failing on valid dumpxml output. Reported by Eduard - Gabriel Munteanu on IRC. * docs/schemas/domaincommon.rng (idmap): Include <idmap> element, and support interleaves. * tests/lxcxml2xmldata/lxc-idmap.xml: New file. * tests/lxcxml2xmltest.c (mymain): Test it. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 10 1月, 2014 4 次提交
-
-
由 Peter Krempa 提交于
Include the name of the storage backend in the error message instead of just the number.
-
由 Peter Krempa 提交于
Change code ordering to avoid the need for a forward declaration.
-
由 Peter Krempa 提交于
The comment was talking about creating the pool while the function is deleting it. Fix the mismatch.
-
由 Claudio Bley 提交于
-