- 24 12月, 2015 20 次提交
-
-
由 Luyao Huang 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1270715 Commit id '9deb96f9' removed the code to fetch the nodeset from the CpusetMems cgroup for a running vm in favor of using the return from virDomainNumatuneFormatNodeset introduced by commit id '43b67f2e'. However, that API will return the value of the passed 'auto_nodeset' when placement is VIR_DOMAIN_NUMATUNE_PLACEMENT_AUTO, which happens to be NULL. Since commit id 'c74d58ad' started using priv->autoNodeset in order to manage the auto placement value during qemuProcessStart, it should be passed along in order to return the correct value if the domain requests the auto placement. Signed-off-by: NLuyao Huang <lhuang@redhat.com> (cherry picked from commit 4eac5523)
-
由 Shivaprasad G Bhat 提交于
Tunnelled migration can hang if the destination qemu exits despite all the ABI checks. This happens whenever the destination qemu exits before the complete transfer is noticed by source qemu. The savevm state checks at runtime can fail at destination and cause qemu to error out. The source qemu cant notice it as the EPIPE is not propogated to it. The qemuMigrationIOFunc() notices the stream being broken from virStreamSend() and it cleans up the stream alone. The qemuMigrationWaitForCompletion() would never get to 100% transfer completion. The qemuMigrationWaitForCompletion() never breaks out as well since the ssh connection to destination is healthy, and the source qemu also thinks the migration is ongoing as the Fd to which it transfers, is never closed or broken. So, the migration will hang forever. Even Ctrl-C on the virsh migrate wouldn't be honoured. Close the source side FD when there is an error in the stream. That way, the source qemu updates itself and qemuMigrationWaitForCompletion() notices the failure. Close the FD for all kinds of errors to be sure. The error message is not copied for EPIPE so that the destination error is copied instead later. Note: Reproducible with repeated migrations between Power hosts running in different subcores-per-core modes. Signed-off-by: NShivaprasad G Bhat <sbhat@linux.vnet.ibm.com> (cherry picked from commit b39a1fe1)
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1256999 After creating a copy of the 'authdef' in a pool -> disk translation, unconditionally clear the 'authType' in the resulting disk auth def structure since that's used for a storage pool and not a disk. This ensures virStorageAuthDefFormat will properly format the <auth> XML for a <disk> (e.g. it won't have a <auth type='%s'.../>). (cherry picked from commit 5275c0f4)
-
由 Daniel P. Berrange 提交于
Currently we just check that various devices are accessible. This leads to inaccurate errors reported for /dev/kvm and /dev/vhost-net if they exist but an unprivileged user lacks access. Switch existing checks to look for file existance, and add a separate check for accessibility of /dev/kvm since some distros don't grant users access by default. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit fd6d506c)
-
由 Cole Robinson 提交于
I'm hitting this little annoyance in fedora's package repo: $ fedpkg prep Downloading libvirt-1.2.20.tar.gz ... + /usr/bin/gzip -dc /home/crobinso/src/fedora/libvirt/libvirt-1.2.20.tar.gz $ git clean -xdf Removing libvirt-1.2.20.tar.gz Skipping repository libvirt-1.2.20/ We git-ify the libvirt directory as part of applying patches in the spec file, but 'git clean' will ignore subfolders that appear to be standalone git repos. Let's just delete the .git directory after we're done with it. (cherry picked from commit 62ff210e)
-
由 Cédric Bosdonnat 提交于
profile_status function was not making any difference between error cases and unconfined profiles. The problem with this approach is that dominfo was throwing an error on unconfined domains. (cherry picked from commit a1bdf04b)
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1247987 Calculation of the extended and logical partition values for the disk pool is complex. As the bz points out an extended partition should have it's allocation initialized to 0 (zero) and keep the capacity as the size dictated by the extents read. Then for each logical partition found, adjust the allocation of the extended partition. Finally, previous logic tried to avoid recalculating things if a logical partition was deleted; however, since we now have special logic to handle the allocation of the extended partition, just make life easier by reading the partition table again - rather than doing the reverse adjustment. (cherry picked from commit 1895b421)
-
由 Andrea Bolognani 提交于
qemu-kvm can be used to run ppc64 guests on ppc64le hosts and vice versa, since the hardware is actually the same and the endianness is chosen by the guest kernel. Up until now, however, libvirt didn't allow the use of qemu-kvm to run guests if their endianness didn't match the host's. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1267882 (cherry picked from commit 938368f8)
-
由 Peter Krempa 提交于
Commit 792f81a4 caused a regression in the libssh2 host key verification code by changing the variable type of 'i' to unsigned. Since one of the loops used -1 as a special value if the asking callback was found the conversion made a subsequent test always fail. The bug was stealth enough to pass review, compilers and coverity. Refactor the condition to avoid problems. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1047861 (cherry picked from commit 9869f24d)
-
由 Peter Krempa 提交于
(cherry picked from commit 387c316e)
-
由 Ján Tomko 提交于
Since commit e0139e30, we update the pool allocation with the user-provided allocation values. For qcow2, the allocation is ignored for volume building, but we still subtracted it from pool's allocation. This can result in interesting values if the user-provided allocation is large enough: Capacity: 104.71 GiB Allocation: 109.13 GiB Available: 16.00 EiB We already do a VolRefresh on volume creation. Also refresh the volume after creating and use the new value to update the pool. https://bugzilla.redhat.com/show_bug.cgi?id=1163091 (cherry picked from commit 56a4e9cb)
-
由 Guido Günther 提交于
otherwise messages end up in /var/log/kern.log if journald forwards to syslog. Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799633 (cherry picked from commit fd00f0e6)
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=871452 So, you want to create a domain from XML. The domain already exists in libvirt's database of domains. It's okay, because name and UUID matches. However, on domain startup, internal representation of the domain is overwritten with your XML even though we claim that the XML you've provided is a transient one. The bug is to be found across nearly all the drivers. Le sigh. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit c99b8cec)
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=871452 Okay, so we allow users to 'virsh create' an already existing domain, providing completely different XML than the one stored in Libvirt. Well, as long as name and UUID matches. However, in some drivers the code that handles errors unconditionally removes the domain that failed to start even though the domain might have been persistent. Fortunately, the domain is removed just from the internal list of domains and the config file is kept around. Steps to reproduce: 1) virsh dumpxml $dom > /tmp/dom.xml 2) change XML so that it is still parse-able but won't boot, e.g. change guest agent path to /foo/bar 3) virsh create /tmp/dom.xml 4) virsh dumpxml $dom 5) Observe "No such domain" error Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit 37405b91)
-
由 Peter Krempa 提交于
Qemu unfortunately doesn't update internal state right after migration and so the actual balloon size as returned by 'query-balloon' are invalid for a while after the CPUs are started after migration. If we'd refresh our internal state at this point we would report invalid current memory size until the next balloon event would arrive. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1242940 (cherry picked from commit d7a0386e)
-
由 Jiri Denemark 提交于
As of commit 69929941, we set graphics/@listen attribute according to the first listen child element even if that element is of type='network'. This was done for backward compatibility with applications which only support the original listen attribute. However, by doing so we broke migration to older libvirt which tried to check that the listen attribute matches one of the listen child elements but which did not take type='network' elements into account. We are not concerned about compatibility with old applications when formatting domain XML for migration for two reasons. The XML is consumed only by libvirtd and the IP address associated with type='network' listen address on the source host is just useless on the destination host. Thus, we can safely avoid propagating the type='network' IP address to graphics/@listen attribute when creating migratable XML. https://bugzilla.redhat.com/show_bug.cgi?id=1265111Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit c0806dc3)
-
由 Stefan Berger 提交于
This patch addresses BZ 1244895. Adapt the sysfs TPM command cancel path for the TPM driver that does not use a miscdevice anymore since Linux 4.0. Support old and new paths and check their availability. Add a mockup for the test cases to avoid the testing for availability of the cancel path. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> (cherry picked from commit 5ed7afa9)
-
由 Guido Günther 提交于
Since we can't know at service start how many VMs will be running we can't calculate an apropriate shutdown timeout. So instead of killing off the service just let it use it's own internal timeout mechanism. References: http://bugs.debian.org/803714 https://bugzilla.redhat.com/show_bug.cgi?id=1195544 (cherry picked from commit ba08d16d)
-
由 Martin Kletzander 提交于
Machine name escaping follows the same rules as serice name escape, except that '.' and '-' must not be escaped in machine names, due to a bug in systemd-machined. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 0e0149ce)
-
由 Martin Kletzander 提交于
According to the documentation, CreateMachine accepts only 7bit ASCII characters in the machinename parameter, so let's make sure we can start machines with unicode names with systemd. We already have a function for that, we just forgot to use it. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1062943 Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1282846Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit e24eda48)
-
- 13 12月, 2015 1 次提交
-
-
由 Eric Blake 提交于
The libvirt file system storage driver determines what file to act on by concatenating the pool location with the volume name. If a user is able to pick names like "../../../etc/passwd", then they can escape the bounds of the pool. For that matter, virStoragePoolListVolumes() doesn't descend into subdirectories, so a user really shouldn't use a name with a slash. Normally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML (so it is not an escalation of privilege). But in the case of fine-grained ACLs, it is feasible that a user can be granted storage_vol:create but not domain:write, and it violates assumptions if such a user can abuse libvirt to access files outside of the storage pool. Therefore, prevent all use of volume names that contain "/", whether or not such a name is actually attempting to escape the pool. This changes things from: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 Vol ../../../../../../etc/haha created $ rm /etc/haha to: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 error: Failed to create vol ../../../../../../etc/haha error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 034e47c3)
-
- 16 10月, 2015 1 次提交
-
-
由 Dominik Perpeet 提交于
Event implementations need to be registered before a connection to the Hypervisor is opened, otherwise event handling can be impaired (e.g. delayed messages). This fact is referenced in an e-mail [1], but should also be noted in the documentation of the registration functions. [1] https://www.redhat.com/archives/libvirt-users/2014-April/msg00011.html (cherry picked from commit 9bf1cef7)
-
- 07 10月, 2015 2 次提交
-
-
由 Cole Robinson 提交于
$ rpmbuild -ba libvirt.spec warning: Macro expanded in comment on line 5: # If neither fedora nor rhel was defined, try to guess them from %{dist} warning: Macro %enable_autotools defined but not used within scope warning: Macro %client_only defined but not used within scope ... (cherry picked from commit dae1250b)
-
由 Cole Robinson 提交于
Commit 307fb904 (Sep 10) added a 'privileged' variable when creating the DAC driver: @@ -153,6 +157,7 @@ virSecurityManagerNewDAC(const char *virtDriver, bool defaultConfined, bool requireConfined, bool dynamicOwnership, + bool privileged, virSecurityManagerDACChownCallback chownCallback) But argument order is mixed up at the caller, swapping dynamicOwnership and privileged values. This corrects the argument order https://bugzilla.redhat.com/show_bug.cgi?id=1266628 (cherry picked from commit 68572de8)
-
- 22 9月, 2015 16 次提交
-
-
由 Cole Robinson 提交于
-
由 David Mansfield 提交于
Invalid read of size 4 at 0x945CA30: __pthread_mutex_unlock_full (in /lib64/libpthread-2.20.so) by 0x4F0404B: virMutexUnlock (virthread.c:94) by 0x4F7161B: virStoragePoolObjUnlock (storage_conf.c:2603) by 0x4FE0476: testStoragePoolUndefine (test_driver.c:4328) by 0x4FCF086: virStoragePoolUndefine (libvirt-storage.c:656) by 0x15A7F5: cmdPoolUndefine (virsh-pool.c:1721) by 0x12F48D: vshCommandRun (vsh.c:1212) by 0x132AA7: main (virsh.c:943) Address 0xfda56a0 is 16 bytes inside a block of size 104 free'd at 0x4C2BA6C: free (vg_replace_malloc.c:473) by 0x4EA5C96: virFree (viralloc.c:582) by 0x4F70B69: virStoragePoolObjFree (storage_conf.c:412) by 0x4F7167B: virStoragePoolObjRemove (storage_conf.c:437) by 0x4FE0468: testStoragePoolUndefine (test_driver.c:4323) by 0x4FCF086: virStoragePoolUndefine (libvirt-storage.c:656) by 0x15A7F5: cmdPoolUndefine (virsh-pool.c:1721) by 0x12F48D: vshCommandRun (vsh.c:1212) by 0x132AA7: main (virsh.c:943) (cherry picked from commit 03cf57a3)
-
由 Chunyan Liu 提交于
After attach-device a <hostdev> with --config, new device doesn't show up in dumpxml and in guest. To fix that, set dev->data.hostdev = NULL after work so that the pointer is not freed, since vmdef has the pointer and still need it. Signed-off-by: NChunyan Liu <cyliu@suse.com> (cherry picked from commit 56945e13)
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1124841 If running in session mode it may happen that we fail to set correct SELinux label, but the image may still be readable to the qemu process. Take this into account. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit 00e5b967)
-
由 Guido Günther 提交于
Remove unused variable, tag unused parameter and adjust return type. introduced by 3f48345f CC security/libvirt_security_manager_la-security_selinux.lo security/security_selinux.c: In function 'virSecuritySELinuxDomainSetDirLabel': security/security_selinux.c:2520:5: error: return makes pointer from integer without a cast [-Werror] security/security_selinux.c:2514:9: error: unused variable 'ret' [-Werror=unused-variable] security/security_selinux.c:2509:59: error: unused parameter 'mgr' [-Werror=unused-parameter] (cherry picked from commit 4d4c90df)
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 3f48345f)
-
由 Martin Kletzander 提交于
That function can be used for setting security labels on arbitrary directories. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit f65a2a12)
-
由 Martin Kletzander 提交于
In virSecuritySELinuxSetSecurityChardevLabel() we are labelling unix socket path, but accessing another structure of the union. This does not pose a problem currently as both paths are at the same offset, but this should be fixed for the future. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 4ac6ce38)
-
由 Michal Privoznik 提交于
We have plenty of callbacks in the driver. Some of these callbacks require more than one argument to be passed. For that we currently have a data type (struct) per each callback. Well, so far for only one - SELinuxSCSICallbackData. But lets turn it into more general name so it can be reused in other callbacks too instead of each one introducing a new, duplicate data type. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit 276c4091)
-
由 Michal Privoznik 提交于
The check is done in virSecuritySELinuxSetFilecon itself. There's no need to check it again. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit 370461d1)
-
由 Michal Privoznik 提交于
We may want to do some decisions in drivers based on fact if we are running as privileged user or not. Propagate this info there. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit 307fb904)
-
由 Peter Krempa 提交于
Commit 8125113c added code that should remove the disk backend if the fronted hotplug failed for any reason. The code had a bug though as it used the disk string for unplug rather than the backend alias. Fix the code by pre-creating an alias string and using it instead of the disk string. In cases where qemu does not support QEMU_CAPS_DEVICE, we ignore the unplug of the backend since we can't really create an alias in that case. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1262399 (cherry picked from commit 64c6695f)
-
由 Daniel P. Berrange 提交于
The xenXMConfigCacheRefresh method scans /etc/xen and loads all config files it finds. It then scans its internal hash table and purges any (previously) loaded config files whose refresh timestamp does not match the timestamp recorded at the start of xenXMConfigCacheRefresh(). There is unfortunately a subtle flaw in this, because if loading the config files takes longer than 1 second, some of the config files will have a refresh timestamp that is 1 or more seconds different (newer) than is checked for. So we immediately purge a bunch of valid config files we just loaded. To avoid this flaw, we must pass the timestamp we record at the start of xenXMConfigCacheRefresh() into the xenXMConfigCacheAddFile() method, instead of letting the latter call time(NULL) again. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 427067f7)
-
由 Ian Campbell 提交于
commit 4b53d0d4 "libxl: don't remove persistent domain on start failure" cleans up the vm object and sets it to NULL if the vm is not persistent, however at end job vm (now NULL) is dereferenced via the call to libxlDomainObjEndJob. Avoid this by skipping "endjob" and going straight to "cleanup" in this case. Signed-off-by: NIan Campbell <ian.campbell@citrix.com> (cherry picked from commit ee7758f0)
-
由 Luyao Huang 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1260846 Introduced by 8fedbbdb, if we parse an unordered NUMA cell, will get a segfault. This is because of a check for overlapping @cpus sets we have there. However, since the array to hold guest NUMA cells is allocated upfront and therefore it contains all zeros, an out of order cell will break our assumption that cell IDs have increasing character. At this point we try to access yet NULL bitmap and therefore segfault. Signed-off-by: NLuyao Huang <lhuang@redhat.com> (cherry picked from commit 83ae3ee3)
-
由 John Ferlan 提交于
Commit id '2e7cea24' added a check for an error from Finish instead of 'unexpected error'; however, if for some reason there wasn't an error, then virGetLastError could return NULL resulting in the NULL pointer deref to err->domain. (cherry picked from commit ea3c5f25)
-