1. 22 3月, 2019 32 次提交
  2. 21 3月, 2019 2 次提交
    • E
      test: Avoid use-after-free on virDomainSnapshotDelete · 1db9d0ef
      Eric Blake 提交于
      The following virsh command was triggering a use-after-free:
      
      $ virsh -c test:///default '
        snapshot-create-as test s1
        snapshot-create-as test s2
        snapshot-delete --children-only test s1
        snapshot-current --name test'
      Domain snapshot s1 created
      Domain snapshot s2 created
      Domain snapshot s1 children deleted
      
      error: name in virGetDomainSnapshot must not be NULL
      
      I got lucky on that run - although the error message is quite
      unexpected.  On other runs, I was able to get a core dump, and
      valgrind confirms there is a definitive problem.
      
      The culprit? We were inconsistent about whether we set
      vm->current_snapshot, snap->def->current, or both when updating how
      the current snapshot was being tracked.  As a result, deletion did not
      see that snapshot s2 was previously current, and failed to update
      vm->current_snapshot, so that the next API using the current snapshot
      failed because it referenced stale memory for the now-gone s2 (instead
      of the intended s1).
      
      The test driver code was copied from the qemu code (which DOES track
      both pieces of state everywhere), but was purposefully simplified
      because the test driver does not have to write persistent snapshot
      state to the file system.  But when you realize that the only reason
      snap->def->current needs to exist is when writing out one file per
      snapshot for qemu, it's just as easy to state that the test driver
      never has to mess with the field (rather than chasing down which
      places forgot to set the field), and have vm->current_snapshot be the
      sole source of truth in the test driver.
      
      Ideally, I'd get rid of the 'current' member in virDomainSnapshotDef,
      as well as the 'current_snapshot' member in virDomainDef, and instead
      track the current member in virDomainSnapshotObjList, coupled with
      writing ALL snapshot state for qemu in a single file (where I can use
      <snapshots current='...'> as a wrapper, rather than
      VIR_DOMAIN_SNAPSHOT_FORMAT_INTERNAL to output <current>1</current> XML
      on a per-snapshot file basis).  But that's a bigger change, so for now
      I'm just patching things to avoid the test driver segfault.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      Reviewed-by: NJán Tomko <jtomko@redhat.com>
      1db9d0ef
    • D
      rpm: fix upgrades when RBD is disabled in a new version · fc65c22b
      Daniel P. Berrangé 提交于
      We previously had to disable RBD on 32-bit platforms since Ceph has
      dropped all support for 32-bit. Unfortunately anyone with the RPM
      libvirt-daemon-driver-storage-rbd installed on 32-bit now has a
      broken upgrade path.
      
      To fix this we must make libvirt-daemon-driver-storage-core
      have an Obsoletes: libvirt-daemon-driver-storage-rbd < $VER-$REL
      Reviewed-by: NErik Skultety <eskultet@redhat.com>
      Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
      fc65c22b
  3. 20 3月, 2019 6 次提交