1. 29 1月, 2013 3 次提交
    • C
      Prep for release 0.9.11.9 · 83c58870
      Cole Robinson 提交于
      83c58870
    • D
      Fix race condition when destroying guests · 0231e37a
      Daniel P. Berrange 提交于
      When running virDomainDestroy, we need to make sure that no other
      background thread cleans up the domain while we're doing our work.
      This can happen if we release the domain object while in the
      middle of work, because the monitor might detect EOF in this window.
      For this reason we have a 'beingDestroyed' flag to stop the monitor
      from doing its normal cleanup. Unfortunately this flag was only
      being used to protect qemuDomainBeginJob, and not qemuProcessKill
      
      This left open a race condition where either libvirtd could crash,
      or alternatively report bogus error messages about the domain already
      having been destroyed to the caller
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 81621f3e)
      
      Conflicts:
      	src/qemu/qemu_driver.c
      0231e37a
    • P
      rpc: Fix crash on error paths of message dispatching · d0e15015
      Peter Krempa 提交于
      This patch resolves CVE-2013-0170:
      https://bugzilla.redhat.com/show_bug.cgi?id=893450
      
      When reading and dispatching of a message failed the message was freed
      but wasn't removed from the message queue.
      
      After that when the connection was about to be closed the pointer for
      the message was still present in the queue and it was passed to
      virNetMessageFree which tried to call the callback function from an
      uninitialized pointer.
      
      This patch removes the message from the queue before it's freed.
      
      * rpc/virnetserverclient.c: virNetServerClientDispatchRead:
          - avoid use after free of RPC messages
      (cherry picked from commit 46532e3e)
      d0e15015
  2. 09 1月, 2013 3 次提交
    • L
      util: fix botched check for new netlink request filters · 6b3edda2
      Laine Stump 提交于
      This is an adjustment to the fix for
      
        https://bugzilla.redhat.com/show_bug.cgi?id=889319
      
      to account for two bonehead mistakes I made.
      
      commit ac2797cf attempted to fix a
      problem with netlink in newer kernels requiring an extra attribute
      with a filter flag set in order to receive an IFLA_VFINFO_LIST from
      netlink. Unfortunately, the #ifdef that protected against compiling it
      in on systems without the new flag went a bit too far, assuring that
      the new code would *never* be compiled, and even if it had, the code
      was incorrect.
      
      The first problem was that, while some IFLA_* enum values are also
      their existence at compile time, IFLA_EXT_MASK *isn't* #defined, so
      checking to see if it's #defined is not a valid method of determining
      whether or not to add the attribute. Fortunately, the flag that is
      being set (RTEXT_FILTER_VF) *is* #defined, and it is never present if
      IFLA_EXT_MASK isn't, so it's sufficient to just check for that flag.
      
      And to top it off, due to the code not actually compiling when I
      thought it did, I didn't realize that I'd been given the wrong arglist
      to nla_put() - you can't just send a const value to nla_put, you have
      to send it a pointer to memory containing what you want to add to the
      message, along with the length of that memory.
      
      This time I've actually sent the patch over to the other machine
      that's experiencing the problem, applied it to the branch being used
      (0.10.2) and verified that it works properly, i.e. it does fix the
      problem it's supposed to fix. :-/
      (cherry picked from commit 7c366506)
      6b3edda2
    • L
      util: add missing error log messages when failing to get netlink VFINFO · a5e743c3
      Laine Stump 提交于
      This patch fixes the lack of error messages when libvirt fails to find
      VFINFO in a returned netlinke response message.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=827519#c10 is an example
      of the error message that was previously logged when the
      IFLA_VFINFO_LIST object was missing from the netlink response. The
      reason for this failure is detailed in
      
         https://bugzilla.redhat.com/show_bug.cgi?id=889319
      
      Even though that root problem has been fixed, the experience of
      finding the root cause shows us how important it is to properly log an
      error message in these cases. This patch *seems* to replace the entire
      function, but really most of the changes are due to moving code that
      was previously inside an if() statement out to the top level of the
      function (the original if() was reversed and made to log an error and
      return).
      (cherry picked from commit 846770e5)
      
      Conflicts:
        src/util/virnetdev.c: virNetDevError was replaced with virReportError
                              post-0.9.11. Also memcpy of mac addr was replaced
                              with a call to virMacAddrSetRaw.
      a5e743c3
    • L
      util: fix functions that retrieve SRIOV VF info · b20b391f
      Laine Stump 提交于
      This patch resolves:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=889319
      
      When assigning an SRIOV virtual function to a guest using "intelligent
      PCI passthrough" (<interface type='hostdev'>, which sets the MAC
      address and vlan tag of the VF before passing its info to qemu),
      libvirt first learns the current MAC address and vlan tag by sending
      an NLM_F_REQUEST message for the VF's PF (physical function) to the
      kernel via a NETLINK_ROUTE socket (see virNetDevLinkDump()); the
      response message's IFLA_VFINFO_LIST section is examined to extract the
      info for the particular VF being assigned.
      
      This worked fine with kernels up until kernel commit
      115c9b81928360d769a76c632bae62d15206a94a (first appearing in upstream
      kernel 3.3) which changed the ABI to not return IFLA_VFINFO_LIST in
      the response until a newly introduced IFLA_EXT_MASK field was included
      in the request, with the (newly introduced, of course) RTEXT_FILTER_VF
      flag set.
      
      The justification for this ABI change was that new fields had been
      added to the VFINFO, causing NLM_F_REQUEST messages to fail on systems
      with large numbers of VFs if the requesting application didn't have a
      large enough buffer for all the info. The idea is that most
      applications doing an NLM_F_REQUEST don't care about VFINFO anyway, so
      eliminating it from the response would lower the requirements on
      buffer size. Apparently, the people who pushed this patch made the
      mistaken assumption that iproute2 (the "ip" command) was the only
      package that used IFLA_VFINFO_LIST, so it wouldn't break anything else
      (and they made sure that iproute2 was fixed.
      
      The logic of this "fix" is debatable at best (one could claim that the
      proper fix would be for the applications in question to be fixed so
      that they properly sized the buffer, which is what libvirt does
      (purely by virtue of using libnl), but it is what it is and we have to
      deal with it.
      
      In order for <interface type='hostdev'> to work properly on systems
      with a kernel 3.3 or later, libvirt needs to add the afore-mentioned
      IFLA_EXT_MASK field with RTEXT_FILTER_VF set.
      
      Of course we also need to continue working on systems with older
      kernels, so that one bit of code is compiled conditionally. The one
      time this could cause problems is if the libvirt binary was built on a
      system without IFLA_EXT_MASK which was subsequently updated to a
      kernel that *did* have it. That could be solved by manually providing
      the values of IFLA_EXT_MASK and RTEXT_FILTER_VF and adding it to the
      message anyway, but I'm uncertain what that might actually do on a
      system that didn't support the message, so for the time being we'll
      just fail in that case (which will very likely never happen anyway).
      (cherry picked from commit ac2797cf)
      
      Conflicts:
      
       src/util/virnetdev.c: parameters of virNetlinkCommand were changed
                             post 0.9.11.
      b20b391f
  3. 14 12月, 2012 1 次提交
    • L
      network: prevent dnsmasq from listening on localhost · 9eb2b573
      Laine Stump 提交于
      This patch resolves the problem reported in:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=886663
      
      The source of the problem was the fix for CVE 2011-3411:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=833033
      
      which was originally committed upstream in commit
      753ff83a. That commit improperly
      removed the "--except-interface lo" from dnsmasq commandlines when
      --bind-dynamic was used (based on comments in the latter bug).
      
      It turns out that the problem reported in the CVE could be eliminated
      without removing "--except-interface lo", and removing it actually
      caused each instance of dnsmasq to listen on localhost on port 53,
      which created a new problem:
      
      If another instance of dnsmasq using "bind-interfaces" (instead of
      "bind-dynamic") had already been started (or if another instance
      started later used "bind-dynamic"), this wouldn't have any immediately
      visible ill effects, but if you tried to start another dnsmasq
      instance using "bind-interfaces" *after* starting any libvirt
      networks, the new dnsmasq would fail to start, because there was
      already another process listening on port 53.
      
      This patch changes the network driver to *always* add
      "except-interface=lo" to dnsmasq conf files, regardless of whether we use
      bind-dynamic or bind-interfaces. This way no libvirt dnsmasq instances
      are listening on localhost (and the CVE is still fixed).
      
      The actual code change is miniscule, but must be propogated through all
      of the test files as well.
      
      (This is *not* a cherry-pick of the upstream commit that fixes the bug
      (commit d66eb786), because subsequent
      to the CVE fix, another patch changed the network driver to put
      dnsmasq options in a conf file rather than directly on the dnsmasq
      commandline preserving the same options), so a cherry-pick is just one
      very large conflict.)
      9eb2b573
  4. 10 12月, 2012 7 次提交
    • C
      Prep for release 0.9.11.8 · 35472c92
      Cole Robinson 提交于
      35472c92
    • V
      qemu: pass -usb and usb hubs earlier, so USB disks with static address are handled properly · 5c881f35
      Vladislav Bogdanov 提交于
      (cherry picked from commit 81af5336)
      
      Conflicts:
      	src/qemu/qemu_command.c
      	tests/qemuxml2argvdata/qemuxml2argv-bios.args
      	tests/qemuxml2argvdata/qemuxml2argv-blkiotune-device.args
      	tests/qemuxml2argvdata/qemuxml2argv-blkiotune.args
      	tests/qemuxml2argvdata/qemuxml2argv-boot-menu-disable-drive-bootindex.args
      	tests/qemuxml2argvdata/qemuxml2argv-console-virtio-s390.args
      	tests/qemuxml2argvdata/qemuxml2argv-cpu-eoi-disabled.args
      	tests/qemuxml2argvdata/qemuxml2argv-cpu-eoi-enabled.args
      	tests/qemuxml2argvdata/qemuxml2argv-cputune.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-blockio.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-copy_on_read.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-geometry.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-ide-drive-split.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-ide-wwn.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-ioeventfd.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-disk-split.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-scsi-disk-wwn.args
      	tests/qemuxml2argvdata/qemuxml2argv-disk-virtio-s390.args
      	tests/qemuxml2argvdata/qemuxml2argv-eoi-disabled.args
      	tests/qemuxml2argvdata/qemuxml2argv-eoi-enabled.args
      	tests/qemuxml2argvdata/qemuxml2argv-event_idx.args
      	tests/qemuxml2argvdata/qemuxml2argv-graphics-spice.args
      	tests/qemuxml2argvdata/qemuxml2argv-graphics-vnc.args
      	tests/qemuxml2argvdata/qemuxml2argv-hyperv.args
      	tests/qemuxml2argvdata/qemuxml2argv-kvmclock+eoi-disabled.args
      	tests/qemuxml2argvdata/qemuxml2argv-machine-core-off.args
      	tests/qemuxml2argvdata/qemuxml2argv-machine-core-on.args
      	tests/qemuxml2argvdata/qemuxml2argv-memtune.args
      	tests/qemuxml2argvdata/qemuxml2argv-metadata.args
      	tests/qemuxml2argvdata/qemuxml2argv-minimal-s390.args
      	tests/qemuxml2argvdata/qemuxml2argv-minimal.args
      	tests/qemuxml2argvdata/qemuxml2argv-misc-disable-s3.args
      	tests/qemuxml2argvdata/qemuxml2argv-misc-disable-suspends.args
      	tests/qemuxml2argvdata/qemuxml2argv-misc-enable-s4.args
      	tests/qemuxml2argvdata/qemuxml2argv-misc-uuid.args
      	tests/qemuxml2argvdata/qemuxml2argv-net-virtio-s390.args
      	tests/qemuxml2argvdata/qemuxml2argv-numad-auto-memory-vcpu-cpuset.args
      	tests/qemuxml2argvdata/qemuxml2argv-numad-auto-memory-vcpu-no-cpuset-and-placement.args
      	tests/qemuxml2argvdata/qemuxml2argv-numad-auto-vcpu-static-numatune.args
      	tests/qemuxml2argvdata/qemuxml2argv-numad-static-memory-auto-vcpu.args
      	tests/qemuxml2argvdata/qemuxml2argv-numad.args
      	tests/qemuxml2argvdata/qemuxml2argv-reboot-timeout-disabled.args
      	tests/qemuxml2argvdata/qemuxml2argv-reboot-timeout-enabled.args
      	tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-baselabel.args
      	tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic-override.args
      	tests/qemuxml2argvdata/qemuxml2argv-seclabel-dynamic.args
      	tests/qemuxml2argvdata/qemuxml2argv-seclabel-none.args
      	tests/qemuxml2argvdata/qemuxml2argv-seclabel-static-relabel.args
      	tests/qemuxml2argvdata/qemuxml2argv-seclabel-static.args
      	tests/qemuxml2argvdata/qemuxml2argv-smbios.args
      	tests/qemuxml2argvdata/qemuxml2argv-virtio-lun.args
      5c881f35
    • V
      qemu: Do not ignore address for USB disks · ff05b2c4
      Vladislav Bogdanov 提交于
      (cherry picked from commit 8f708761)
      ff05b2c4
    • S
      qemu: Fix name comparison in qemuMonitorJSONBlockIoThrottleInfo() · 6ca56496
      Stefan Hajnoczi 提交于
      The string comparison logic was inverted and matched the first drive
      that does *not* have the name we search for.
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      (cherry picked from commit 23d47b33)
      6ca56496
    • S
      qemu: Keep QEMU host drive prefix in BlkIoTune · 39a427e8
      Stefan Hajnoczi 提交于
      The QEMU -drive id= begins with libvirt's QEMU host drive prefix
      ("drive-"), which is stripped off in several places two convert between
      host ("-drive") and guest ("-device") device names.
      
      In the case of BlkIoTune it is unnecessary to strip the QEMU host drive
      prefix because we operate on "info block"/"query-block" output that uses
      host drive names.
      
      Stripping the prefix incorrectly caused string comparisons to fail since
      we were comparing the guest device name against the host device name.
      Signed-off-by: NStefan Hajnoczi <stefanha@redhat.com>
      (cherry picked from commit 04ee70bf)
      39a427e8
    • M
      dnsmasq: Fix parsing of the version number · ca1cebdb
      Michal Privoznik 提交于
      If debugging is enabled, the debug messages are sent to stderr.
      Moreover, if a command has catching of stderr set, the messages
      gets mixed with stdout output (assuming both outputs are stored
      in the same variable). The resulting string then doesn't
      necessarily have to start with desired prefix then. This bug
      exposes itself when parsing dnsmasq output:
      
      2012-12-06 11:18:11.445+0000: 18491: error :
      dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
      /usr/sbin/dnsmasq version number in '2012-12-06
      11:11:02.232+0000: 18492: debug : virFileClose:72 : Closed fd 22'
      
      We can clearly see that the output of dnsmasq --version doesn't
      start with expected "Dnsmasq version " string but a libvirt debug
      output.
      (cherry picked from commit ff33f807)
      ca1cebdb
    • M
      dnsmasq: Fix parsing of the version number · 1917cc05
      Michal Privoznik 提交于
      If the debugging is enabled, the virCommand subsystem catches debug
      messages in the command output as well. In that case, we can't assume
      the string corresponding to command's stdout will start with specific
      prefix. But the prefix can be moved deeper in the string. This bug
      shows itself when parsing dnsmasq output:
      
      2012-12-06 11:18:11.445+0000: 18491: error :
      dnsmasqCapsSetFromBuffer:664 : internal error cannot parse
      /usr/sbin/dnsmasq version number in '2012-12-06 11:11:02.232+0000:
      18492: debug : virFileClose:72 : Closed fd 22'
      
      We can clearly see that the output of dnsmasq --version
      doesn't start with expected "Dnsmasq version " string but a libvirt
      debug output.
      (cherry picked from commit 51144313)
      1917cc05
  5. 04 12月, 2012 1 次提交
    • L
      conf: fix virDomainNetGetActualDirect*() and BridgeName() · 35ca0db3
      Laine Stump 提交于
      This resolves:
      
         https://bugzilla.redhat.com/show_bug.cgi?id=881480
      
      These three functions:
      
        virDomainNetGetActualBridgeName
        virDomainNetGetActualDirectDev
        virDomainNetGetActualDirectMode
      
      return attributes that are in a union whose contents are interpreted
      differently depending on the actual->type and so they should only
      return non-0 when actual->type is 'bridge' (in the first case) or
      'direct' (in the other two cases, but I had neglected to do that, so
      ...DirectDev() was returning bridge.brname (which happens to share the
      same spot in the union with direct.linkdev) if actual->type was
      'bridge', and ...BridgeName was returning direct.linkdev when
      actual->type was 'direct'.
      
      How does this involve Bug 881480 (which was about the inability to
      switch between two networks that both have "<forward mode='bridge'/>
      <bridge name='xxx'/>"? Whenever the return value of
      virDomainNetGetActualDirectDev() for the new and old network
      definitions doesn't match, qemuDomainChangeNet() requires a "complete
      reconnect" of the device, which qemu currently doesn't
      support. ...DirectDev() *should* have been returning NULL for old and
      new, but was instead returning the old and new bridge names, which
      differ.
      
      (The other two functions weren't causing any behavioral problems in
      virDomainChangeNet(), but their problem and fix was identical, so I
      included them in this same patch).
      35ca0db3
  6. 30 11月, 2012 3 次提交
    • L
      network: use dnsmasq --bind-dynamic when available · 2abde0ac
      Laine Stump 提交于
      This bug resolves CVE-2012-3411, which is described in the following
      bugzilla report:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=833033
      
      The following report is specifically for libvirt on Fedora:
      
        https://bugzilla.redhat.com/show_bug.cgi?id=874702
      
      In short, a dnsmasq instance run with the intention of listening for
      DHCP/DNS requests only on a libvirt virtual network (which is
      constructed using a Linux host bridge) would also answer queries sent
      from outside the virtualization host.
      
      This patch takes advantage of a new dnsmasq option "--bind-dynamic",
      which will cause the listening socket to be setup such that it will
      only receive those requests that actually come in via the bridge
      interface. In order for this behavior to actually occur, not only must
      "--bind-interfaces" be replaced with "--bind-dynamic", but also all
      "--listen-address" options must be replaced with a single
      "--interface" option. Fully:
      
         --bind-interfaces --except-interface lo --listen-address x.x.x.x ...
      
      (with --listen-address possibly repeated) is replaced with:
      
         --bind-dynamic --interface virbrX
      
      Of course libvirt can't use this new option if the host's dnsmasq
      doesn't have it, but we still want libvirt to function (because the
      great majority of libvirt installations, which only have mode='nat'
      networks using RFC1918 private address ranges (e.g. 192.168.122.0/24),
      are immune to this vulnerability from anywhere beyond the local subnet
      of the host), so we use the new dnsmasqCaps API to check if dnsmasq
      supports the new option and, if not, we use the "old" option style
      instead. In order to assure that this permissiveness doesn't lead to a
      vulnerable system, we do check for non-private addresses in this case,
      and refuse to start the network if both a) we are using the old-style
      options, and b) the network has a publicly routable IP
      address. Hopefully this will provide the proper balance of not being
      disruptive to those not practically affected, and making sure that
      those who *are* affected get their dnsmasq upgraded.
      
      (--bind-dynamic was added to dnsmasq in upstream commit
      54dd393f3938fc0c19088fbd319b95e37d81a2b0, which was included in
      dnsmasq-2.63)
      
      (cherry picked from commit 753ff83a)
      Conflicts:
              src/network/bridge_driver.c
              * needed to change virReportError() to the older
                networkReportError()
      
      	tests/networkxml2argvdata/nat-network-dns-txt-record.argv
              * this test file has an example of an arg with embedded space,
                which gets sorrounded by '' in newer releases. Other
                items on the same line had been modified.
      
      	tests/networkxml2argvdata/routed-network.argv
              * in the newer releases, this test file had an --addn-hosts
                arg that didn't exist on this branch. Again, it was in the
                surrounding context of the changes that had been made on
                master.
      2abde0ac
    • L
      util: new virSocketAddrIsPrivate function · fe98b659
      Laine Stump 提交于
      This new function returns true if the given address is in the range of
      any "private" or "local" networks as defined in RFC1918 (IPv4) or
      RFC3484/RFC4193 (IPv6), otherwise they return false.
      
      These ranges are:
      
         192.168.0.0/16
         172.16.0.0/16
         10.0.0.0/24
         FC00::/7
         FEC0::/10
      
      (cherry picked from commit bf402e77)
      Conflicts:
          src/util/virsocketaddr.c
          src/util/virsocketaddr.h
           * both of these files had new functions that had been added
             at the same place virSocketAddrIsPrivate was being added,
             so the context on the branch didn't match.
      fe98b659
    • L
      util: capabilities detection for dnsmasq · db7159a1
      Laine Stump 提交于
      In order to optionally take advantage of new features in dnsmasq when
      the host's version of dnsmasq supports them, but still be able to run
      on hosts that don't support the new features, we need to be able to
      detect the version of dnsmasq running on the host, and possibly
      determine from the help output what options are in this dnsmasq.
      
      This patch implements a greatly simplified version of the capabilities
      code we already have for qemu. A dnsmasqCaps device can be created and
      populated either from running a program on disk, reading a file with
      the concatenated output of "dnsmasq --version; dnsmasq --help", or
      examining a buffer in memory that contains the concatenated output of
      those two commands. Simple functions to retrieve capabilities flags,
      the version number, and the path of the binary are also included.
      
      bridge_driver.c creates a single dnsmasqCaps object at driver startup,
      and disposes of it at driver shutdown. Any time it must be used, the
      dnsmasqCapsRefresh method is called - it checks the mtime of the
      binary, and re-runs the checks if the binary has changed.
      
      networkxml2argvtest.c creates 2 "artificial" dnsmasqCaps objects at
      startup - one "restricted" (doesn't support --bind-dynamic) and one
      "full" (does support --bind-dynamic). Some of the test cases use one
      and some the other, to make sure both code pathes are tested.
      
      (cherry picked from commit 719c2c76)
      
      Conflicts:
        src/network/bridge_driver.c
        * some new functions are missing in the backport, so they don't need
          to be modified.
        * Use dnsmasqCapsFree() instead of virObjectUnref()
        src/util/dnsmasq.c
        * eliminate use of virObject, since this version of libvirt
          doesn't yet have it
        * use networkReportError() instead of virReportError()
        * virBitmapAlloc() instead of virBitmapNew()
        src/util/dnsmasq.h
        * don't #include virobject.h
        * add prototype for dnsmasqCapsFree()
        src/libvirt_private.syms
        * export dnsmasqCapsFree
      db7159a1
  7. 06 11月, 2012 1 次提交
  8. 28 10月, 2012 8 次提交
  9. 17 10月, 2012 1 次提交
    • J
      qemu: Clear async job when p2p migration fails early · d325704a
      Jiri Denemark 提交于
      When p2p migration fails early because qemuMigrationIsAllowed or
      qemuMigrationIsSafe say migration should be cancelled, we fail to clear
      the migration-out async job. As a result of that, further APIs called
      for the same domain may fail with Timed out during operation: cannot
      acquire state change lock.
      
      Reported by Guido Winkelmann.
      d325704a
  10. 09 10月, 2012 1 次提交
  11. 08 10月, 2012 3 次提交
    • C
      Prep for release 0.9.11.6 · 7725e01c
      Cole Robinson 提交于
      7725e01c
    • G
      remove dnsmasq command line parameter "--filterwin2k" · 38e6d7b9
      Gene Czarcinski 提交于
      This patch removed the "--filterwin2k" dnsmasq command line
      parameter which was unnecessary for domain specification,
      possibly blocked some usage, and was command line clutter.
      
      Gene Czarcinski <gene@czarc.net>
      (cherry picked from commit f20b7dbe)
      
      Conflicts:
      	tests/networkxml2argvdata/nat-network-dns-txt-record.argv
      38e6d7b9
    • G
      dnsmasq: avoid forwarding queries without a domain · 3fcc9096
      Gene Czarcinski 提交于
      dnsmasq is forwarding a number of queries upstream that should not
      be done.  There still remains an MX query for a plain name with no
      domain specified that will be forwarded is dnsmasq has --domain=xxx
      --local=/xxx/ specified. This does not happen with no domain name
      and --local=// ... not a libvirt problem.
      
      BTW, thanks again to Claudio Bley!
      (cherry picked from commit f3868259)
      
      Conflicts:
      	AUTHORS
      3fcc9096
  12. 20 9月, 2012 1 次提交
    • M
      security: Fix libvirtd crash possibility · b2c5a911
      Martin Kletzander 提交于
      Fix for CVE-2012-4423.
      
      When generating RPC protocol messages, it's strictly needed to have a
      continuous line of numbers or RPC messages. However in case anyone
      tries backporting some functionality and will skip a number, there is
      a possibility to make the daemon segfault with newer virsh (version of
      the library, rpc call, etc.) even unintentionally.
      
      The problem is that the skipped numbers will get func filled with
      NULLs, but there is no check whether these are set before the daemon
      tries to run them. This patch very simply enhances one check and fixes
      that.
      (cherry picked from commit b7ff9e69)
      b2c5a911
  13. 14 8月, 2012 1 次提交
  14. 13 8月, 2012 6 次提交
    • E
      tests: avoid seclabeltest crash · 758a066a
      Eric Blake 提交于
      Commit a56c3470 introduced a use of random numbers into seclabel
      handling, but failed to initialize the random number generator
      in the testsuite.  Also, fail with usual status, not 255.
      
      * tests/seclabeltest.c (main): Initialize randomness.
      (cherry picked from commit a22a36e8)
      
      Conflicts:
      	tests/seclabeltest.c
      758a066a
    • D
      client rpc: Fix error checking after poll() · 086c3fba
      Daniel P. Berrange 提交于
      First 'poll' can't return EWOULDBLOCK, and second, we're checking errno
      so far away from the poll() call that we've probably already trashed the
      original errno value.
      (cherry picked from commit 5d490603)
      086c3fba
    • J
      client rpc: Send keepalive requests from IO event loop · e9c00cbc
      Jiri Denemark 提交于
      In addition to keepalive responses, we also need to send keepalive
      requests from client IO loop to properly detect dead connection in case
      a libvirt API is called from the main loop, which prevents any timers to
      be called.
      (cherry picked from commit 4d971dc7)
      e9c00cbc
    • J
      server rpc: Remove APIs for manipulating filters on locked client · f8e65111
      Jiri Denemark 提交于
      We don't need to add or remove filters when client object is already
      locked anymore. There's no reason to keep the *Locked variants of those
      APIs.
      (cherry picked from commit d9ad4166)
      f8e65111
    • J
      rpc: Remove unused parameter in virKeepAliveStopInternal · 6180670c
      Jiri Denemark 提交于
      The previous commit removed the only usage of ``all'' parameter in
      virKeepAliveStopInternal, which was actually the only reason for having
      virKeepAliveStopInternal. This effectively reverts most of commit
      6446a9e2.
      (cherry picked from commit 0ec514b3)
      6180670c
    • J
      rpc: Do not use timer for sending keepalive responses · 4d695acd
      Jiri Denemark 提交于
      When a libvirt API is called from the main event loop (which seems to be
      common in event-based glib apps), the client IO loop would properly
      handle keepalive requests sent by a server but will not actually send
      them because the main event loop is blocked with the API. This patch
      gets rid of response timer and the thread which is processing keepalive
      requests is also responsible for queueing responses for delivery.
      (cherry picked from commit bb85f229)
      4d695acd
新手
引导
客服 返回
顶部