- 14 1月, 2014 3 次提交
-
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When writing commit 173c2914, I missed the fact virNetServerClientClose unlocks the client object before actually clearing client->sock and thus it is possible to hit a window when client->keepalive is NULL while client->sock is not NULL. I was thinking client->sock == NULL was a better check for a closed connection but apparently we have to go with client->keepalive == NULL to actually fix the crash. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Peter Krempa 提交于
-
由 Eric Blake 提交于
On my Fedora 20 box with mingw cross-compiler, the build failed with: ../../src/rpc/virnetclient.c: In function 'virNetClientSetTLSSession': ../../src/rpc/virnetclient.c:745:14: error: unused variable 'oldmask' [-Werror=unused-variable] sigset_t oldmask, blockedsigs; ^ I traced it to the fact that mingw64-winpthreads installs a header that does #define pthread_sigmask(...) 0, which means any argument only ever passed to pthread_sigmask is reported as unused. This patch works around the compilation failure, with behavior no worse than what mingw already gives us regarding the function being a no-op. * configure.ac (pthread_sigmask): Probe for broken mingw macro. * src/util/virutil.h (pthread_sigmask): Rewrite to something that avoids unused variables. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 13 1月, 2014 2 次提交
-
-
由 Peter Krempa 提交于
-
由 Jiri Denemark 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1047577 When a client closes its connection to libvirtd early during virConnectOpen, more specifically just after making REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call to check if VIR_DRV_FEATURE_PROGRAM_KEEPALIVE is supported without even waiting for the result, libvirtd may crash due to a race in keep-alive initialization. Once receiving the REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, the daemon's event loop delegates it to a worker thread. In case the event loop detects EOF on the connection and calls virNetServerClientClose before the worker thread starts to handle REMOTE_PROC_CONNECT_SUPPORTS_FEATURE call, client->keepalive will be disposed by the time virNetServerClientStartKeepAlive gets called from remoteDispatchConnectSupportsFeature. Because the flow is common for both authenticated and read-only connections, even unprivileged clients may cause the daemon to crash. To avoid the crash, virNetServerClientStartKeepAlive needs to check if the connection is still open before starting keep-alive protocol. Every libvirt release since 0.9.8 is affected by this bug.
-
- 11 1月, 2014 2 次提交
-
-
由 Daniel P. Berrange 提交于
Any test suite which involves a virDomainDefPtr should call virDomainDefCheckABIStability with itself just as a basic sanity check that the identity-comparison always succeeds. This would have caught the recent NULL pointer access crash. Make sure we cope with def->name being NULL since the VMWare config parser produces NULL names. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
-
由 Eric Blake 提交于
When idmap was added to LXC, we forgot to cover it in the testsuite. The schema was missing an <element> layer, and as a result, virt-xml-validate was failing on valid dumpxml output. Reported by Eduard - Gabriel Munteanu on IRC. * docs/schemas/domaincommon.rng (idmap): Include <idmap> element, and support interleaves. * tests/lxcxml2xmldata/lxc-idmap.xml: New file. * tests/lxcxml2xmltest.c (mymain): Test it. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 10 1月, 2014 11 次提交
-
-
由 Peter Krempa 提交于
Include the name of the storage backend in the error message instead of just the number.
-
由 Peter Krempa 提交于
Change code ordering to avoid the need for a forward declaration.
-
由 Peter Krempa 提交于
The comment was talking about creating the pool while the function is deleting it. Fix the mismatch.
-
由 Claudio Bley 提交于
-
由 Eric Blake 提交于
Ever since commit 61ac8ce0, Coverity complained about remoteNetworkBuildEventLifecycle not checking for NULL failure to build an event, compared to other calls in the code base. But the problem is latent from copy and paste; all 17 of our remote*BuildEvent* functions in remote_driver.c have the same issue - if an OOM causes an event to not be built, we happily pass NULL to remoteEventQueue(), but that function has marked event as a nonnull parameter. We were getting lucky (the event queue's first use of the event happened to be a call to virIsObjectClass(), which acts gracefully on NULL, so there was no way to crash); but this is a latent bug waiting to bite us due to the disregard for the nonnull attribute, as well as a waste of resources in the event queue. Better is to just refuse to queue NULL. The discard is silent, since the problem only happens on OOM, and since events are already best effort - if we fail to get an event, it's not like we have any memory left to report the issue, nor any idea of who would benefit from knowing we couldn't create or queue the event. * src/remote/remote_driver.c (remoteEventQueue): Ignore NULL event. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Our fixes for CVE-2013-4400 were so effective at "fixing" bugs in virt-login-shell that we ended up fixing it into a useless do-nothing program. Commit 3e2f27e1 picked the name LIBVIRT_SETUID_RPC_CLIENT for the witness macro when we are doing secure compilation. But commit 9cd6a57d checked whether the name IN_VIRT_LOGIN_SHELL, from an earlier version of the patch series, was defined; with the net result that virt-login-shell invariably detected that it was setuid and failed virInitialize. Commit b7fcc799 closed all fds larger than stderr, but in the wrong place. Looking at the larger context, we mistakenly did the close in between obtaining the set of namespace fds, then actually using those fds to switch namespace, which means that virt-login-shell will ALWAYS fail. This is the minimal patch to fix the regressions, although further patches are also worth having to clean up poor semantics of the resulting program (for example, it is rude to not pass on the exit status of the wrapped program back to the invoking shell). * tools/virt-login-shell.c (main): Don't close fds until after namespace swap. * src/libvirt.c (virGlobalInit): Use correct macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
The existing check of domain snapshots validated that they point to a domain, but did not validate that the domain points to a connection, even though any errors blindly assume the connection is valid. On the other hand, as mentioned in commit 6e130ddc, any valid domain is already tied to a valid connection, and VIR_IS_SNAPSHOT vs. VIR_IS_DOMAIN_SNAPSHOT makes no real difference; it's best to just validate the chain of all three. For consistency with previous patches, continue the trend of using a common macro. For now, we don't need virCheckDomainSnapshotGoto(). * src/datatypes.h (virCheckDomainSnapshotReturn): New macro. (VIR_IS_SNAPSHOT, VIR_IS_DOMAIN_SNAPSHOT): Drop unused macros. * src/libvirt.c: Use macro throughout. (virLibDomainSnapshotError): Drop unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
While all errors related to invalid nwfilters appeared to be consistent, we might as well continue the trend of using a common macro. As in commit 6e130ddc, the difference between VIR_IS_NWFILTER and VIR_IS_CONNECTED_NWFILTER is moot, since reference counting means any valid nwfilter is also tied to a valid connection. For now, we don't need virCheckNWFilterGoto(). * src/datatypes.h (virCheckNWFilterReturn): New macro. (VIR_IS_NWFILTER, VIR_IS_CONNECTED_NWFILTER): Drop unused macros. * src/libvirt.c: Use macro throughout. (virLibNWFilterError): Drop unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
For streams validation, we weren't consistent on whether to use VIR_FROM_NONE or VIR_FROM_STREAMS. Furthermore, in many API, we want to ensure that a stream is tied to the same connection as the other object we are operating on; while other API failed to validate the stream at all. And the difference between VIR_IS_STREAM and VIR_IS_CONNECTED_STREAM is moot; as in commit 6e130ddc, we know that reference counting means a valid stream will always be tied to a valid connection. Similar to previous patches, use a common macro to make it nicer. * src/datatypes.h (virCheckStreamReturn, virCheckStreamGoto): New macros. (VIR_IS_STREAM, VIR_IS_CONNECTED_STREAM): Drop unused macros. * src/libvirt.c: Use macro throughout. (virLibStreamError): Drop unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
While all errors related to invalid secrets appeared to be consistent, we might as well continue the trend of using a common macro. Just as in commit 6e130ddc, the difference between VIR_IS_SECRET and VIR_IS_CONNECTED_SECRET is moot (due to reference counting, any valid secret must be tied to a valid domain). For now, we don't need virCheckSecretGoto(). * src/datatypes.h (virCheckSecretReturn): New macro. (VIR_IS_SECRET, VIR_IS_CONNECTED_SECRET): Drop unused macros. * src/libvirt.c: Use macro throughout. (virLibSecretError): Drop unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
While all errors related to invalid node device appeared to be consistent, we might as well continue the trend of using a common macro. For now, we don't need virCheckNodeDeviceGoto(). * src/datatypes.h (virCheckNodeDeviceReturn): New macro. (VIR_IS_NODE_DEVICE, VIR_IS_CONNECTED_NODE_DEVICE): Drop unused macros. * src/libvirt.c: Use macro throughout. (virLibNodeDeviceError): Drop unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 09 1月, 2014 11 次提交
-
-
由 Martin Kletzander 提交于
The commit cad3cf9a introduced a crash due to wrong order of parameters being passed to the function. When deleting an element, the function decreased the iterator instead of count and if listing volumes after that (or undefining the pool, NULL was being dereferenced. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Michal Privoznik 提交于
Yet another advice appeared on the Multiqueue wiki page: http://www.linux-kvm.org/page/Multiqueue#Enable_MQ_feature We should add vectors=N onto the qemu command line, where N = 2 * (number of queues) + 1.
-
由 Eric Blake 提交于
For storage volume validation, we weren't consistent on whether to use VIR_FROM_NONE or VIR_FROM_STORAGE. Similar to previous patches, use a common macro to make it nicer. Furthermore, just as in commit 6e130ddc, the difference between VIR_IS_STORAGE_VOL and VIR_IS_CONNECTED_STORAGE_VOL is moot (due to reference counting, any valid volume must be tied to a valid connection). virStorageVolCreateXMLFrom allows cross-connection cloning, where the error is reported against the connection of the destination pool. * src/datatypes.h (virCheckStorageVolReturn) (virCheckStorageVolGoto): New macros. (VIR_IS_STORAGE_VOL, VIR_IS_CONNECTED_STORAGE_VOL): Drop unused macros. * src/libvirt.c: Use macro throughout. (virLibStorageVolError): Drop unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Guido Günther 提交于
We point to the manpages where available and redirect to libvirt's homepage as a last resort.
-
由 Stefan Bader 提交于
This basically reverts commit ba64b971 "libxl: Allow libxl to set NIC devid". However assigning devid's before calling libxlMakeNic does not work as that is calling libxl_device_nic_init which sets it back to -1. Right now auto-assignment only works in the hotplug case. But even if that would be fixed at some point (if that is possible at all), this would add a weird dependency between Xen and libvirt versions. The change here should accept any auto-assignment that makes it into libxl_device_nic_init. My understanding is that a caller always is allowed to make the devid choice itself. And assuming libxlMakeNicList is only used on domain creation, a sequential numbering should be ok. Signed-off-by: NStefan Bader <stefan.bader@canonical.com>
-
由 Eric Blake 提交于
virStoragePoolBuild reported an invalid pool as if it were an invalid network. Likewise, we weren't consistent on whether to use VIR_FROM_NONE or VIR_FROM_STORAGE. Similar to previous patches, use a common macro to make it nicer. Furthermore, just as in commit 6e130ddc, the difference between VIR_IS_STORAGE_POOL and VIR_IS_CONNECTED_STORAGE_POOL is moot (due to reference counting, any valid pool must be tied to a valid connection). For now, we don't need virCheckStoragePoolGoto(). * src/datatypes.h (virCheckStoragePoolReturn): New macro. (VIR_IS_STORAGE_POOL, VIR_IS_CONNECTED_STORAGE_POOL): Drop unused macros. * src/libvirt.c: Use macro throughout. (virLibStoragePoolError): Drop unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Richard W.M. Jones 提交于
There is no easy way to test authentication against libvirt. This commit modifies the test driver to allow simple username/password authentication. You modify the test XML by adding: <node> ... <auth> <user password="123456">rich</user> <user>jane</user> </auth> </node> If there are any /node/auth/user elements, then authentication is required by the test driver (if none are present, then the test driver will work as before and not require authentication). In the example above, two phony users are added: rich password: 123456 jane no password required The test driver will demand a username. If the password attribute is present (or if the username entered is wrong), then the password is also asked for and checked: $ virsh -c test://$(pwd)/testnode.xml list Enter username for localhost: rich Enter rich's password for localhost: *** Id Name State ---------------------------------------------------- 1 fv0 running 2 fc4 running Signed-off-by: NRichard W.M. Jones <rjones@redhat.com>
-
由 Eric Blake 提交于
When checking for a valid interface, we weren't consistent on whether we reported as VIR_FROM_NONE or VIR_FROM_INTERFACE. Similar to previous patches, use a common macro to make it nicer. Furthermore, just as in commit 6e130ddc, the difference between VIR_IS_INTERFACE and VIR_IS_CONNECTED_INTERFACE is moot (due to reference counting, any valid interface must be tied to a valid connection). For now, we don't need virCheckInterfaceGoto(). * src/datatypes.h (virCheckInterfaceReturn): New macro. (VIR_IS_INTERFACE, VIR_IS_CONNECTED_INTERFACE): Drop unused macros. * src/libvirt.c: Use macro throughout. (virLibInterfaceError): Drop unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
Commit cfd62c1f was incomplete; I found more cases where error messages were being overwritten, and where the code between the three registration/deregistration APIs was not consistent. Since it is fairly easy to trigger an attempt to deregister an unregistered object through public API, I also changed the error message from VIR_ERR_INTERNAL_ERROR to VIR_ERR_INVALID_ARG. * src/conf/object_event.c (virObjectEventCallbackListEventID): Inline... (virObjectEventStateEventID): ...into lone caller, and report error on failure. (virObjectEventCallbackListAddID, virObjectEventStateCallbackID) (virObjectEventCallbackListRemoveID) (virObjectEventCallbackListMarkDeleteID): Tweak error category. * src/remote/remote_driver.c (remoteConnectDomainEventRegister): Don't leak registration on failure. (remoteConnectDomainEventDeregisterAny) (remoteConnectNetworkEventDeregisterAny): Don't overwrite error. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Guido Günther 提交于
-
由 Eric Blake 提交于
When checking for a valid network, we weren't consistent on whether we reported an invalid network or a connection. Similar to previous patches such as commit 6e130ddc, the difference between VIR_IS_NETWORK and VIR_IS_CONNECTED_NETWORK is moot (due to reference counting, any valid network must be tied to a valid connection). Use a common macro to make the error reporting for invalid networks nicer. * src/datatypes.h (virCheckNetworkReturn, virCheckNetworkGoto): New macros. (VIR_IS_NETWORK, VIR_IS_CONNECTED_NETWORK): Drop unused macros. * src/libvirt.c: Use macro throughout. (virLibNetworkError): Drop unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 08 1月, 2014 11 次提交
-
-
由 Osier Yang 提交于
Like commit 94a26c7e from Eric Blake, the old fuzzy code should be replaced by the new array management macros now. And the type of scsi->count should be changed into "size_t", and thus virSCSIDeviceListCount should return size_t instead, similar for vir{PCI,USB}DeviceListCount.
-
由 Chen Hanxiao 提交于
Signed-off-by: NChen Hanxiao <chenhanxiao@cn.fujitsu.com>
-
由 Gao feng 提交于
the unix socket /var/run/libvirt/lxc/domain.sock is not created under the selinux context which configured by <seclabel>. If we try to connect the domain.sock under the selinux context of domain in virtLXCProcessConnectMonitor,selinux will deny this connect operation. type=AVC msg=audit(1387953696.067:662): avc: denied { connectto } for pid=21206 comm="libvirtd" path="/usr/local/var/run/libvirt/lxc/systemd.sock" scontext=unconfined_u:system_r:svirt_lxc_net_t:s0:c770,c848 tcontext=unconfined_u:system_r:unconfined_t:s0-s0:c0.c1023 tclass=unix_stream_socket fix this problem by creating socket under selinux context of domain. Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
-
由 Martin Kletzander 提交于
Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Peter Krempa 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1049529 The 'detach-disk' command in virsh used the active XML definition of a domain even when attempting to remove a disk from the config only. If the disk was only in the inactive definition the operation failed. Fix this by using the inactive XML in case that only the config is affected.
-
由 Peter Krempa 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1049529 The legacy virDomainAttachDevice and virDomainDetachDevice operate only on active domains. When a user specified --current flag with an inactive domain the old API was used and reported an error. Fix it by calling the new API if --current is specified explicitly.
-
由 Michal Privoznik 提交于
The function checks for @conn to be valid and locks its mutex. Then, it checks if callee is unregistering the same callback that he registered previously. If this fails an error is reported and the control jumps to 'error' label. Here, if @conn has some errors (and it certainly does - the one that's been just reported) the conn->mutex is locked again - without any previous unlock: Thread 1 (Thread 0x7fb500ef1800 (LWP 18982)): #0 __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135 #1 0x00007fb4fd99ce56 in _L_lock_918 () from /lib64/libpthread.so.0 #2 0x00007fb4fd99ccaa in __GI___pthread_mutex_lock (mutex=0x7fb50153b670) at pthread_mutex_lock.c:64 #3 0x00007fb5007e574d in virMutexLock (m=m@entry=0x7fb50153b670) at util/virthreadpthread.c:85 #4 0x00007fb5007b198e in virDispatchError (conn=conn@entry=0x7fb50153b5e0) at util/virerror.c:594 #5 0x00007fb5008a3735 in virConnectUnregisterCloseCallback (conn=0x7fb50153b5e0, cb=cb@entry=0x7fb500f588e0 <vshCatchDisconnect>) at libvirt.c:21025 #6 0x00007fb500f5d690 in vshReconnect (ctl=ctl@entry=0x7fffff60e710) at virsh.c:328 #7 0x00007fb500f5dc50 in vshCommandRun (ctl=ctl@entry=0x7fffff60e710, cmd=0x7fb50152ca80) at virsh.c:1755 #8 0x00007fb500f5861b in main (argc=<optimized out>, argv=<optimized out>) at virsh.c:3393 And since the conn's mutex is not recursive, the virDispatchError will never ever lock it successfully. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Eric Blake 提交于
Cleanup after a previous patch, commit 6e130ddc. In particular, note that xenDomainUsedCpus can only be reached from xenUnifiedDomainGetXMLDesc, which in turn is only reached from public API that already validated the domain. * src/xen/xen_driver.c (xenDomainUsedCpus): Drop redundant check. * src/datatypes.h (VIR_IS_DOMAIN, VIR_IS_CONNECTED_DOMAIN): Delete, and inline into all callers, since no other file uses it any more. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Guido Günther 提交于
Make it easy to install the shipped examples. The aim is to have reasonably working templates so that distros only need to minimally patch these and can feed things upstream more easily. This was prompted by http://bugs.debian.org/725144
-
由 Eric Blake 提交于
In datatype.c, virGetDomainSnapshot could result in the message: error: invalid domain pointer in bad domain Furthermore, while there are a few functions in libvirt.c that only care about a virDomainPtr without regards to the connection (such as virDomainGetName), most functions also require a valid connection. Yet several functions were blindly dereferencing the conn member without checking it for validity first (such as virDomainOpenConsole). Rather than try and correct all usage of VIR_IS_DOMAIN vs. VIR_IS_CONNECTED_DOMAIN, it is easier to just blindly require that a valid domain object always has a valid connection object (which should be true anyways, since every domain object holds a reference to its connection, so the connection will not be closed until all domain objects have also been closed to release their reference). After this patch, all places that validate a domain consistently report: error: invalid domain pointer in someFunc * src/datatypes.h (virCheckDomainReturn, virCheckDomainGoto): New macros. * src/datatypes.c (virGetDomainSnapshot): Use new macro. (virLibConnError): Delete unused macro. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Eric Blake 提交于
While comparing network and domain events, I noticed that the test driver had to do a cast in one place and not the other. For consistency, we should hide the necessary casting as low as possible in the stack, with everything else using saner types. * src/conf/network_event.h (virNetworkEventStateRegisterID): Alter type. * src/conf/network_event.c (virNetworkEventStateRegisterID): Hoist cast here. * src/test/test_driver.c (testConnectNetworkEventRegisterAny): Simplify callers. * src/remote/remote_driver.c (remoteConnectNetworkEventRegisterAny): Likewise. * src/network/bridge_driver.c (networkConnectNetworkEventRegisterAny): Likewise. Signed-off-by: NEric Blake <eblake@redhat.com>
-