1. 07 11月, 2013 3 次提交
    • C
      Prep for release 1.0.5.7 · 7fd01c6a
      Cole Robinson 提交于
      7fd01c6a
    • M
      qemuSetupMemoryCgroup: Handle hard_limit properly · 11253a09
      Michal Privoznik 提交于
      Since 16bcb3 we have a regression. The hard_limit is set
      unconditionally. By default the limit is zero. Hence, if user hasn't
      configured any, we set the zero in cgroup subsystem making the kernel
      kill the corresponding qemu process immediately. The proper fix is to
      set hard_limit iff user has configured any.
      
      (cherry picked from commit 94a24dd3)
      
      Conflicts:
      	src/qemu/qemu_cgroup.c
      11253a09
    • M
      qemu: Drop qemuDomainMemoryLimit · 9421fd00
      Michal Privoznik 提交于
      This function is to guess the correct limit for maximal memory
      usage by qemu for given domain. This can never be guessed
      correctly, not to mention all the pains and sleepless nights this
      code has caused. Once somebody discovers algorithm to solve the
      Halting Problem, we can compute the limit algorithmically. But
      till then, this code should never see the light of the release
      again.
      
      (cherry picked from commit 16bcb3b6)
      
      Conflicts:
      	src/qemu/qemu_cgroup.c
      	src/qemu/qemu_command.c
      	src/qemu/qemu_domain.c
      	src/qemu/qemu_domain.h
      	src/qemu/qemu_hotplug.c
      9421fd00
  2. 18 10月, 2013 2 次提交
    • Z
      remote: fix regression in event deregistration · 03ba101a
      Zhou Yimin 提交于
      Introduced by 7b87a3
      When I quit the process which only register VIR_DOMAIN_EVENT_ID_REBOOT,
      I got error like:
      "libvirt: XML-RPC error : internal error: domain event 0 not registered".
      Then I add the following code, it fixed.
      Signed-off-by: NZhou Yimin <zhouyimin@huawei.com>
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 9712c251)
      03ba101a
    • M
      virsh: Fix debugging · 99fa1ade
      Martin Kletzander 提交于
      Commit a0b6a36f "fixed" what abfff210 broke (URI precedence), but
      there was still one more thing missing to fix.  When using virsh
      parameters to setup debugging, those weren't honored, because at the
      time debugging was initializing, arguments weren't parsed yet.  To
      make ewerything work as expected, we need to initialize the debugging
      twice, once before debugging (so we can debug option parsing properly)
      and then again after these options are parsed.
      
      As a side effect, this patch also fixes a leak when virsh is ran with
      multiple '-l' parameters.
      Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
      (cherry picked from commit ac43da70)
      99fa1ade
  3. 15 10月, 2013 6 次提交
  4. 07 10月, 2013 7 次提交
  5. 03 10月, 2013 1 次提交
    • O
      virsh: Fix regression of vol-resize · 729bd0a3
      Osier Yang 提交于
      Introduced by commit 1daa4ba3. vshCommandOptStringReq returns
      0 on *success* or the option is not required && not present, both
      are right result. Error out when returning 0 is not correct.
      the caller, it doesn't have to check wether it
      (cherry picked from commit 2a3a725c)
      729bd0a3
  6. 21 9月, 2013 2 次提交
  7. 19 9月, 2013 3 次提交
    • D
      Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296) · 118d26dc
      Daniel P. Berrange 提交于
      The 'stats' variable was not initialized to NULL, so if some
      early validation of the RPC call fails, it is possible to jump
      to the 'cleanup' label and VIR_FREE an uninitialized pointer.
      This is a security flaw, since the API can be called from a
      readonly connection which can trigger the validation checks.
      
      This was introduced in release v0.9.1 onwards by
      
        commit 158ba873
        Author: Daniel P. Berrange <berrange@redhat.com>
        Date:   Wed Apr 13 16:21:35 2011 +0100
      
          Merge all returns paths from dispatcher into single path
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit e7f400a1)
      
      Conflicts:
      	daemon/remote.c - context
      118d26dc
    • D
      Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311) · 85ca4152
      Daniel P. Berrange 提交于
      With the existing pkcheck (pid, start time) tuple for identifying
      the process, there is a race condition, where a process can make
      a libvirt RPC call and in another thread exec a setuid application,
      causing it to change to effective UID 0. This in turn causes polkit
      to do its permission check based on the wrong UID.
      
      To address this, libvirt must get the UID the caller had at time
      of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
      triple to the pkcheck program.
      Signed-off-by: NColin Walters <walters@redhat.com>
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 922b7fda)
      
      Conflicts:
      	src/access/viraccessdriverpolkit.c
      
      Resolution:
        Dropped file that does not exist in this branch.
      85ca4152
    • D
      Include process start time when doing polkit checks · 4407b19b
      Daniel P. Berrange 提交于
      Since PIDs can be reused, polkit prefers to be given
      a (PID,start time) pair. If given a PID on its own,
      it will attempt to lookup the start time in /proc/pid/stat,
      though this is subject to races.
      
      It is safer if the client app resolves the PID start
      time itself, because as long as the app has the client
      socket open, the client PID won't be reused.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      (cherry picked from commit 979e9c56)
      Signed-off-by: NEric Blake <eblake@redhat.com>
      
      Conflicts:
      	src/rpc/virnetsocket.h - context
      	src/util/virprocess.c - needed #include "virstring.h"
      	src/util/virstring.c - context
      	src/util/virstring.h - context
      4407b19b
  8. 12 9月, 2013 1 次提交
    • M
      qemuDomainChangeGraphics: Check listen address change by listen type · 07381289
      Michal Privoznik 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=1006697
      
      Currently, we have a bug when updating a graphics device. A graphics device can
      have a listen address set. This address is either defined by user (in which case
      it's type is VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_ADDRESS) or it can be inherited
      from a network (in which case it's type is
      VIR_DOMAIN_GRAPHICS_LISTEN_TYPE_NETWORK). However, in both cases we have a
      listen address to process (e.g. during migration, as I've tried to fix in
      7f15ebc7).
      Later, when a user tries to update the graphics device (e.g. set a password),
      we check if listen addresses match the original as qemu doesn't know how to
      change listen address yet. Hence, users are required to not change the listen
      address. The implementation then just dumps listen addresses and compare them.
      Previously, while dumping the listen addresses, NULL was returned for NETWORK.
      After my patch, this is no longer true, and we get a listen address for olddev
      even if it is a type of NETWORK. So we have a real string on one side, the NULL
      from user's XML on the other side and hence we think user wants to change the
      listen address and we refuse it.
      
      Therefore, we must take the type of listen address into account as well.
      
      (cherry picked from commit 752596b5)
      07381289
  9. 29 8月, 2013 1 次提交
    • E
      security: provide supplemental groups even when parsing label (CVE-2013-4291) · 9a1145a9
      Eric Blake 提交于
      Commit 29fe5d74 (released in 1.1.1) introduced a latent problem
      for any caller of virSecurityManagerSetProcessLabel and where
      the domain already had a uid:gid label to be parsed.  Such a
      setup would collect the list of supplementary groups during
      virSecurityManagerPreFork, but then ignores that information,
      and thus fails to call setgroups() to adjust the supplementary
      groups of the process.
      
      Upstream does not use virSecurityManagerSetProcessLabel for
      qemu (it uses virSecurityManagerSetChildProcessLabel instead),
      so this problem remained latent until backporting the initial
      commit into v0.10.2-maint (commit c061ff5e, released in 0.10.2.7),
      where virSecurityManagerSetChildProcessLabel has not been
      backported.  As a result of using a different code path in the
      backport, attempts to start a qemu domain that runs as qemu:qemu
      will end up with supplementary groups unchanged from the libvirtd
      parent process, rather than the desired supplementary groups of
      the qemu user.  This can lead to failure to start a domain
      (typical Fedora setup assigns user 107 'qemu' to both group 107
      'qemu' and group 36 'kvm', so a disk image that is only readable
      under kvm group rights is locked out).  Worse, it is a security
      hole (the qemu process will inherit supplemental group rights
      from the parent libvirtd process, which means it has access
      rights to files owned by group 0 even when such files should
      not normally be visible to user qemu).
      
      LXC does not use the DAC security driver, so it is not vulnerable
      at this time.  Still, it is better to plug the latent hole on
      the master branch first, before cherry-picking it to the only
      vulnerable branch v0.10.2-maint.
      
      * src/security/security_dac.c (virSecurityDACGetIds): Always populate
      groups and ngroups, rather than only when no label is parsed.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 745aa55f)
      9a1145a9
  10. 21 8月, 2013 1 次提交
    • G
      python: return dictionary without value in case of no blockjob · c43e7e20
      Guannan Ren 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=999077
      
      Currently, when there is no blockjob, dom.blockJobInfo('vda')
      still reports error because it doesn't distinguish return value 0 from -1.
      libvirt.libvirtError: virDomainGetBlockJobInfo() failed
      
      virDomainGetBlockJobInfo() API return value:
       -1 in case of failure, 0 when nothing found, 1 found.
      
      And use PyDict_SetItemString instead of PyDict_SetItem when key is
      of string type. PyDict_SetItemString increments key/value reference
      count, so call Py_DECREF() for value. For key, we don't need to
      do this, because PyDict_SetItemString will handle it internally.
      
      (cherry picked from commit 0f9e67bf)
      c43e7e20
  11. 20 8月, 2013 1 次提交
    • P
      virbitmap: Refactor virBitmapParse to avoid access beyond bounds of array · 1ffdaced
      Peter Krempa 提交于
      The virBitmapParse function was calling virBitmapIsSet() function that
      requires the caller to check the bounds of the bitmap without checking
      them. This resulted into crashes when parsing a bitmap string that was
      exceeding the bounds used as argument.
      
      This patch refactors the function to use virBitmapSetBit without
      checking if the bit is set (this function does the checks internally)
      and then counts the bits in the bitmap afterwards (instead of keeping
      track while parsing the string).
      
      This patch also changes the "parse_error" label to a more common
      "error".
      
      The refactor should also get rid of the need to call sa_assert on the
      returned variable as the callpath should allow coverity to infer the
      possible return values.
      
      Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=997367
      
      Thanks to Alex Jia for tracking down the issue. This issue is introduced
      by commit 0fc89098.
      
      (cherry picked from commit 47b9127e)
      1ffdaced
  12. 02 8月, 2013 1 次提交
  13. 01 8月, 2013 4 次提交
    • J
      Set the number of elements 0 in virNetwork*Clear · f32ea993
      Ján Tomko 提交于
      Decrementing it when it was already 0 causes an invalid free
      in virNetworkDefUpdateDNSHost if virNetworkDNSHostDefParseXML
      fails and virNetworkDNSHostDefClear gets called twice.
      
      virNetworkForwardDefClear left the number untouched even if it
      freed all the elements.
      (cherry picked from commit c4e23388)
      f32ea993
    • J
      Don't check validity of missing attributes in DNS SRV XML · 80fffee9
      Ján Tomko 提交于
      This fixes a crash if one of them is missing.
      
      https://bugzilla.redhat.com/show_bug.cgi?id=988718
      (cherry picked from commit 461fd86a)
      80fffee9
    • J
      cgroup: reuse buffer for getline · 90688b14
      Ján Tomko 提交于
      Reuse the buffer for getline and track buffer allocation
      separately from the string length to prevent unlikely
      out-of-bounds memory access.
      
      This fixes the following leak that happened when zero bytes were read:
      
      ==404== 120 bytes in 1 blocks are definitely lost in loss record 1,344 of 1,671
      ==404==    at 0x4C2C71B: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
      ==404==    by 0x906F862: getdelim (iogetdelim.c:68)
      ==404==    by 0x52A48FB: virCgroupPartitionNeedsEscaping (vircgroup.c:1136)
      ==404==    by 0x52A0FB4: virCgroupPartitionEscape (vircgroup.c:1171)
      ==404==    by 0x52A0EA4: virCgroupNewDomainPartition (vircgroup.c:1450)
      (cherry picked from commit cc732931)
      90688b14
    • W
      rbd: Do not free the secret if it is not set · c636c41a
      Wido den Hollander 提交于
      Not all RBD (Ceph) storage pools have cephx authentication turned on,
      so "secret" might not be initialized.
      
      It could also be that the secret couldn't be located.
      
      Only call virSecretFree() if "secret" is initialized earlier.
      Signed-off-by: NWido den Hollander <wido@widodh.nl>
      (cherry picked from commit d58c8478)
      c636c41a
  14. 30 7月, 2013 7 次提交
    • G
      caps: use -device for primary video when qemu >=1.6 · 146d12c6
      Guannan Ren 提交于
      libvirt: https://bugzilla.redhat.com/show_bug.cgi?id=986384
      
      qemu: https://bugzilla.redhat.com/show_bug.cgi?id=981094
      The commit 0ad9025e introduce qemu flag QEMU_CAPS_DEVICE_VIDEO_PRIMARY
      for using -device VGA, -device cirrus-vga, -device vmware-svga and
      -device qxl-vga. In use, for -device qxl-vga, mouse doesn't display
      in guest window like the desciption in above bug.
      This patch try to use -device for primary video when qemu >=1.6 which
      contains the bug fix patch
      
      (cherry picked from commit e3f2686b)
      
      Conflicts:
      	src/qemu/qemu_capabilities.c - context with other new capabilities not backported
      146d12c6
    • E
      examples: fix mingw build vs. printf · ad4e7f90
      Eric Blake 提交于
      Mingw *printf is a moving target; newer mingw now provides a version
      of asprintf() that fails to understand %lld:
      
        CC       event_test-event-test.o
      ../../../../examples/domain-events/events-c/event-test.c: In function 'myDomainEventRTCChangeCallback':
      ../../../../examples/domain-events/events-c/event-test.c:270:18: error: unknown conversion type character 'l' in format [-Werror=format=]
                        virDomainGetID(dom), offset) < 0)
                        ^
      
      But since our examples already admitted that they were hacking around
      a mingw deficiency, it is easier to just use printf() directly, coupled
      with <inttypes.h> macros, for a more portable work-around.
      
      * examples/domain-events/events-c/event-test.c
      (myDomainEventRTCChangeCallback): Use PRIdMAX instead of asprintf.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 6f4458a0)
      ad4e7f90
    • E
      build: fix virutil build on mingw · ec15df4e
      Eric Blake 提交于
      https://bugzilla.redhat.com/show_bug.cgi?id=964358
      
      On platforms without decent group support, the build failed:
      
      Cannot export virGetGroupList: symbol not defined
      ./.libs/libvirt_security_manager.a(libvirt_security_manager_la-security_dac.o): In function `virSecurityDACPreFork':
      /home/eblake/libvirt-tmp/build/src/../../src/security/security_dac.c:248: undefined reference to `virGetGroupList'
      collect2: error: ld returned 1 exit status
      
      * src/util/virutil.c (virGetGroupList): Provide dummy implementation.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit cd725c7a)
      ec15df4e
    • E
      build: work around mingw header pollution · aa11d688
      Eric Blake 提交于
      On Fedora 18, when cross-compiling to mingw with the mingw*-dbus
      packages installed, compilation fails with:
      
        CC       libvirt_net_rpc_server_la-virnetserver.lo
      In file included from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-connection.h:32:0,
                       from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-bus.h:30,
                       from /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus.h:31,
                       from ../../src/util/virdbus.h:26,
                       from ../../src/rpc/virnetserver.c:39:
      /usr/i686-w64-mingw32/sys-root/mingw/include/dbus-1.0/dbus/dbus-message.h:74:58: error: expected ';', ',' or ')' before 'struct'
      
      I have reported this as a bug against two packages:
      - mingw-headers, for polluting the namespace
      https://bugzilla.redhat.com/show_bug.cgi?id=980270
      - dbus, for not dealing with the pollution
      https://bugzilla.redhat.com/show_bug.cgi?id=980278
      
      At least dbus has agreed that a future version of dbus headers will
      do s/interface/iface/, regardless of what happens in mingw. But it
      is also easy to workaround in libvirt in the meantime, without having
      to wait for either mingw or dbus to upgrade.
      
      * src/util/virdbus.h (includes): Undo mingw's pollution so that
      dbus doesn't fail.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 1528e8b2)
      aa11d688
    • E
      build: configure must not affect tarball contents · 543e5adf
      Eric Blake 提交于
      On mingw, configure sets the name of the lxc symfile to
      libvirt_lxc.defs rather than libvirt_lxc.syms.  But tarballs
      must be arch-independent, regardless of the configure options
      used for the tree where we ran 'make dist'.  This led to the
      following failure in autobuild.sh:
      
        CCLD     libvirt-lxc.la
        CCLD     libvirt-qemu.la
      /usr/lib64/gcc/i686-w64-mingw32/4.7.2/../../../../i686-w64-mingw32/bin/ld: cannot find libvirt_lxc.def: No such file or directory
      collect2: error: ld returned 1 exit status
      make[3]: *** [libvirt-lxc.la] Error 1
      make[3]: *** Waiting for unfinished jobs....
      
      We were already doing the right thing with libvirt_qemu.syms.
      
      * src/Makefile.am (EXTRA_DIST): Don't ship a built file which
      depends on configure for its final name.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit d79c9273)
      543e5adf
    • E
      build: avoid build failure without gnutls · ef10647e
      Eric Blake 提交于
      Found while trying to cross-compile to mingw:
      
        CC       libvirt_driver_remote_la-remote_driver.lo
      ../../src/remote/remote_driver.c: In function 'doRemoteOpen':
      ../../src/remote/remote_driver.c:487:23: error: variable 'verify' set but not used [-Werror=unused-but-set-variable]
      
      * src/remote/remote_driver.c (doRemoteOpen): Also ignore 'verify'.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      (cherry picked from commit 4e6a78e7)
      ef10647e
    • J
      Fix build with clang · 15bde978
      Ján Tomko 提交于
      Partially revert cdd703f4's revert of c1634100, as linking with clang
      with --param=ssp-buffer-size=4 still fails with:
      "argument unused during compilation".
      
      (cherry picked from commit 4b91dc24)
      15bde978
新手
引导
客服 返回
顶部