- 30 6月, 2016 1 次提交
-
-
由 Jiri Denemark 提交于
CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit bb848fee)
-
- 16 12月, 2015 2 次提交
-
-
由 Eric Blake 提交于
The libvirt file system storage driver determines what file to act on by concatenating the pool location with the volume name. If a user is able to pick names like "../../../etc/passwd", then they can escape the bounds of the pool. For that matter, virStoragePoolListVolumes() doesn't descend into subdirectories, so a user really shouldn't use a name with a slash. Normally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML (so it is not an escalation of privilege). But in the case of fine-grained ACLs, it is feasible that a user can be granted storage_vol:create but not domain:write, and it violates assumptions if such a user can abuse libvirt to access files outside of the storage pool. Therefore, prevent all use of volume names that contain "/", whether or not such a name is actually attempting to escape the pool. This changes things from: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 Vol ../../../../../../etc/haha created $ rm /etc/haha to: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 error: Failed to create vol ../../../../../../etc/haha error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 034e47c3)
-
由 Daniel P. Berrange 提交于
In systemd >= 218, the udev_set_log_fn method has been marked deprecated and turned into a no-op. Nothing in the udev client library will print to stderr by default anymore, so we can just stop installing a logging hook for new enough udev. (cherry picked from commit a93a3b97)
-
- 03 9月, 2015 1 次提交
-
-
由 Michal Privoznik 提交于
Well, in 8ad126e6 we tried to fix a memory corruption problem. However, the fix was not as good as it could be. I mean, the commit has one line more than it should. I've noticed this output just recently: # ./run valgrind --leak-check=full --show-reachable=yes ./tools/virsh domblklist gentoo ==17019== Memcheck, a memory error detector ==17019== Copyright (C) 2002-2013, and GNU GPL'd, by Julian Seward et al. ==17019== Using Valgrind-3.10.1 and LibVEX; rerun with -h for copyright info ==17019== Command: /home/zippy/work/libvirt/libvirt.git/tools/.libs/virsh domblklist gentoo ==17019== Target Source ------------------------------------------------ fda /var/lib/libvirt/images/fd.img vda /var/lib/libvirt/images/gentoo.qcow2 hdc /home/zippy/tmp/install-amd64-minimal-20150402.iso ==17019== Thread 2: ==17019== Invalid read of size 4 ==17019== at 0x4EFF5B4: virObjectUnref (virobject.c:258) ==17019== by 0x5038CFF: remoteClientCloseFunc (remote_driver.c:552) ==17019== by 0x5069D57: virNetClientCloseLocked (virnetclient.c:685) ==17019== by 0x506C848: virNetClientIncomingEvent (virnetclient.c:1852) ==17019== by 0x5082136: virNetSocketEventHandle (virnetsocket.c:1913) ==17019== by 0x4ECD64E: virEventPollDispatchHandles (vireventpoll.c:509) ==17019== by 0x4ECDE02: virEventPollRunOnce (vireventpoll.c:658) ==17019== by 0x4ECBF00: virEventRunDefaultImpl (virevent.c:308) ==17019== by 0x130386: vshEventLoop (vsh.c:1864) ==17019== by 0x4F1EB07: virThreadHelper (virthread.c:206) ==17019== by 0xA8462D3: start_thread (in /lib64/libpthread-2.20.so) ==17019== by 0xAB441FC: clone (in /lib64/libc-2.20.so) ==17019== Address 0x139023f4 is 4 bytes inside a block of size 240 free'd ==17019== at 0x4C2B1F0: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==17019== by 0x4EA8949: virFree (viralloc.c:582) ==17019== by 0x4EFF6D0: virObjectUnref (virobject.c:273) ==17019== by 0x4FE74D6: virConnectClose (libvirt.c:1390) ==17019== by 0x13342A: virshDeinit (virsh.c:406) ==17019== by 0x134A37: main (virsh.c:950) The problem is, when registering remoteClientCloseFunc(), it's conn->closeCallback which is ref'd. But in the function itself it's conn->closeCallback->conn what is unref'd. This is causing imbalance in reference counting. Moreover, there's no need for the remote driver to increase/decrease conn refcount since it's not used anywhere. It's just merely passed to client registered callback. And for that purpose it's correctly ref'd in virConnectRegisterCloseCallback() and then unref'd in virConnectUnregisterCloseCallback(). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit e6893007) Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 29 8月, 2015 1 次提交
-
-
由 Jim Fehlig 提交于
This reverts commit 1ce7c1d2, which introduced a significant semantic change to the virDomainGetInfo() API. Additionally, the change was only made to 2 of the 15 virt drivers. Conflicts: src/qemu/qemu_driver.c Signed-off-by: NJim Fehlig <jfehlig@suse.com> (cherry picked from commit 60acb38a)
-
- 17 6月, 2015 1 次提交
-
-
由 Eric W. Biederman 提交于
Future kernels will mandate the use of nosuid+nodev+noexec flags when mounting the /proc/sys filesystem. Unconditionally add them now since they don't harm things regardless and could mitigate future security attacks. (cherry picked from commit 24710414)
-
- 22 5月, 2015 1 次提交
-
-
由 Thibaut Collet 提交于
The cpu xml copy is incorrect: the memAccess field is not copied. The lack of copy of this memAccess field can cause unexpected behaviour for live migration when vhost user is used. For example if guest has the following configuration: .... <cpu> <model>Westmere</model> <topology sockets="1" cores="4" threads="1"/> <numa> <cell id='0' cpus='0-3' memory='2097152' memAccess='shared'/> </numa> </cpu> .... The used configuration on the remote host in case of live migration is: .... <cpu mode='custom' match='exact'> <model fallback='allow'>Westmere</model> <topology sockets='1' cores='4' threads='1'/> <numa> <cell id='0' cpus='0-3' memory='2097152' unit='KiB'/> </numa> </cpu> .... On the remote host the lack of memAccess info can cause unexpected error on the qemu backend vhost user driver. Fixes: def6b359 ("docs, conf, schema: add support for shared memory mapping") This issue is present only for libvirt1.2.9 to libvirt1.2.12 With patch 181742d4 ("conf: Move all NUMA configuration to virDomainNuma") present since libvirt1.2.13 the problem does not exist anymore as NUMA information are no more in the CPU configuration. Signed-off-by: NThibaut Collet <thibaut.collet@6wind.com>
-
- 17 3月, 2015 1 次提交
-
-
由 Eric Blake 提交于
Commit 4f25146b (v1.2.8) managed to silence Coverity, but at the cost of a memory leak detected by valgrind: ==24129== 40 bytes in 5 blocks are definitely lost in loss record 355 of 637 ==24129== at 0x4A08B1C: realloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==24129== by 0x5084B8E: virReallocN (viralloc.c:245) ==24129== by 0x514D5AA: virDomainObjListExport (domain_conf.c:22200) ==24129== by 0x201227DB: qemuConnectListAllDomains (qemu_driver.c:18042) ==24129== by 0x51CC1B6: virConnectListAllDomains (libvirt-domain.c:6797) ==24129== by 0x14173D: remoteDispatchConnectListAllDomains (remote.c:1580) ==24129== by 0x121BE1: remoteDispatchConnectListAllDomainsHelper (remote_dispatch.h:1072) In short, every time a client calls a ListAll variant and asks for the resulting list, but there are 0 elements to return, we end up leaking the 1-entry array that holds the NULL terminator. What's worse, a read-only client can access these functions in a tight loop to cause libvirtd to eventually run out of memory; and this can be considered a denial of service attack against more privileged clients. Thankfully, the leak is so small (8 bytes per call) that you would already have some other denial of service with any guest calling the API that frequently, so an out-of-memory crash is unlikely enough that this did not warrant a CVE. * daemon/remote.c (remoteDispatchConnectListAllDomains) (remoteDispatchDomainListAllSnapshots) (remoteDispatchDomainSnapshotListAllChildren) (remoteDispatchConnectListAllStoragePools) (remoteDispatchStoragePoolListAllVolumes) (remoteDispatchConnectListAllNetworks) (remoteDispatchConnectListAllInterfaces) (remoteDispatchConnectListAllNodeDevices) (remoteDispatchConnectListAllNWFilters) (remoteDispatchConnectListAllSecrets) (remoteDispatchNetworkGetDHCPLeases): Plug leak. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 3c2ff502)
-
- 23 1月, 2015 2 次提交
-
-
由 Peter Krempa 提交于
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. Found via code inspection while fixing permissions for save images. (cherry picked from commit b347c0c2)
-
由 Peter Krempa 提交于
The ACL check didn't check the VIR_DOMAIN_XML_SECURE flag and the appropriate permission for it. (cherry picked from commit 03c3c0c8)
-
- 13 12月, 2014 2 次提交
-
-
由 Daniel Veillard 提交于
- docs/news.html.in libvirt.spec.in: update for release - po/*.po*: updated localization and regenerated
-
由 Cédric Bosdonnat 提交于
When calling virCgroupAllowAllDevices we get these invalid entries in the device cgroup config. b -1:-1 rw c -1:-1 rw Check for positive values before outputting the major and minor to avoid that.
-
- 12 12月, 2014 1 次提交
-
-
由 Luyao Huang 提交于
Output error when we try to set a too large max_sectors. Just like queues and cmd_per_lun here. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
- 11 12月, 2014 6 次提交
-
-
由 Ján Tomko 提交于
This fixes reverting to snapshots created by older libvirt and allows libvirt not to lose track of a domain that has this in its live status XML (such as a domain restored from managedsave) https://bugzilla.redhat.com/show_bug.cgi?id=1030793 https://bugzilla.redhat.com/show_bug.cgi?id=1151885
-
由 Ján Tomko 提交于
For host-passthrough CPU we don't honor the CPU features specified in the XML, but we allow outputting them via the UPDATE_CPU flag for dumpxml, this gives user a rough idea of what features the CPU might have. After restoring a managedsave'd domain, the features might end up in the live status XML (in /var/run) without the model. This XML cannot be parsed by the daemon after restart and the domain might disappear. This fix skips formatting the features for HOST_PASSTHROUGH when UPDATE_CPU is not specified, so the newly restored domains and newly created snapshots won't be affected. Note: this doesn't fix existing snapshots or already restored running domains. https://bugzilla.redhat.com/show_bug.cgi?id=1030793 https://bugzilla.redhat.com/show_bug.cgi?id=1151885
-
由 Ján Tomko 提交于
Add missing ATTRIBUTE_UNUSED markers.
-
由 Francesco Romani 提交于
A logic bug in qemuConnectGetAllDomainStats makes the code mark the monitor as available when qemuDomainObjBeginJob fails, instead of when it succeeds, as the correct flow requires. This patch fixes the check and updates the code documentation accordingly. Broken by commit 57023c0a. Signed-off-by: NFrancesco Romani <fromani@redhat.com>
-
由 Luyao Huang 提交于
When using qemuProcessAttach to attach a qemu process, the DAC label is not filled correctly. Introduce a new function to get the uid:gid from the system and fill the label. This fixes the daemon crash when 'virsh screenshot' is called: https://bugzilla.redhat.com/show_bug.cgi?id=1161831 It also fixes qemu-attach after the prerequisite of this patch (commit f8c1fb3d) was pushed out of order. Signed-off-by: NLuyao Huang <lhuang@redhat.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Matthew Rosato 提交于
Currently, MAC registration occurs during device creation, which is early enough that, during live migration, you end up with duplicate MAC addresses on still-running source and target devices, even though the target device isn't actually being used yet. This patch proposes to defer MAC registration until right before the guest can actually use the device -- In other words, right before starting guest CPUs. Signed-off-by: NMatthew Rosato <mjrosato@linux.vnet.ibm.com> Signed-off-by: NLaine Stump <laine@laine.org>
-
- 10 12月, 2014 21 次提交
-
-
由 John Ferlan 提交于
Commit id 'c9ffd3ea' updated the descriptions, but pointed at the wrong place for the pool-define-as (it should have been pool-create-as)
-
由 Cédric Bosdonnat 提交于
Some programs want to change some values for the network interfaces configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them allows wicked to work on openSUSE 13.2+. Reusing the lxcNeedNetworkNamespace function to tell lxcContainerMountBasicFS if the netns is disabled. When no netns is set up, then we don't mount the /proc/sys/net/ipv[46] folder RW as these would provide full access to the host NICs config.
-
由 John Ferlan 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1172015 The refactoring done as part of commit id '59446096' caused a regression for the multi initiator IQN commit '6aabcb5b' because the sendtargets was not done on/for the initiator IQN prior to login (or trying to disable autologin) Prior to that commit, the paths were essentially virStorageBackendISCSIStartPool virStorageBackendISCSILogin virStorageBackendISCSIConnection if initiatoriqn virStorageBackendCreateIfaceIQN Issue sendtargets Perform --login else Issue sendtargets Perform --login After that commit: virStorageBackendISCSIStartPool Issue sendtargets Call virStorageBackendISCSIConnection If initiatoriqn virStorageBackendCreateIfaceIQN Perform --login else Perform --login So for non initiator IQN paths, nothing changed. For the initiator path, the --login fails as does any attempts to change autologin via "--op update --name node.startup --value manual".
-
由 John Ferlan 提交于
-
由 Martin Kletzander 提交于
It make no sense at all to have it there. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Wang Rui 提交于
Signed-off-by: NWang Rui <moon.wangrui@huawei.com>
-
由 Hao Liu 提交于
Signed-off-by: NHao Liu <hliu@redhat.com>
-
由 Hao Liu 提交于
In old version of parted like parted-2.1-25, error message is shown in stdout when printing a disk info without disk label. Error: /dev/sda: unrecognised disk label This line has been moved to stderr in newer version of parted. So we should check both stdout and stderr when locating this message. This should fix bug: https://bugzilla.redhat.com/show_bug.cgi?id=1172468Signed-off-by: NHao Liu <hliu@redhat.com>
-
由 Martin Kletzander 提交于
When user doesn't have read access on one of the domains he requested, the for loop could exit abruptly or continue and override pointer which pointed to locked object. This patch fixed two issues at once. One is that domflags might have had QEMU_DOMAIN_STATS_HAVE_JOB even when there was no job started (this is fixed by doing domflags |= QEMU_DOMAIN_STATS_HAVE_JOB only when the job was acquired and cleaning domflags on every start of the loop. Second one is that the domain is kept locked when virConnectGetAllDomainStatsCheckACL() fails and continues the loop when it didn't end. Adding a simple virObjectUnlock() and clearing the pointer ought to do. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com>
-
由 Dmitry Guryanov 提交于
If we want to perform some operation and domain state is not suitable for that operation, we should report error VIR_ERR_OPERATION_INVALID. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Dmitry Guryanov 提交于
When PrlJob_GetRetCode sets second argument to error value it means sdk function failed and we must return error from getJobResultHelper. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Dmitry Guryanov 提交于
Return error code, returned by parallels SDK from waitJob and getJobResult, so that caller can handle different errors. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Dmitry Guryanov 提交于
Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Dmitry Guryanov 提交于
Get cdrom devices list from parallels server in prlsdkLoadDomains and add ability to define a domain with cdroms. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Alexander Burluka 提交于
domainCreateWithFlags function is used by OpenStack/Nova to boot an instance. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Alexander Burluka 提交于
That function is necessary for proper domain removal in openstack/nova. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Dmitry Guryanov 提交于
First, we don't need to call prlsdkApplyConfig after creating new VM or containers, because it's done in functions prlsdkCreateVm and prlsdkCreateCt. No need to check, if domain exists in the list after prlsdkAddDomain. Also organize code, so that we can call virObjectUnlock in one place. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Dmitry Guryanov 提交于
This patch replaces code, which creates domains by running prlctl command. prlsdkCreateVm/Ct will do prlsdkApplyConfig, because we send request to the server only once in this case. But prlsdkApplyConfig will be called also from parallelsDomainDefineXML function. There is no problem with it, parallelsDomainDefineXML will be refactored later. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Dmitry Guryanov 提交于
Rewrite code, which applies domain configuration given to virDomainDefineXML function to the VM of container registered in PCS. This code first check if there are unsupported parameters in domain XML and if yes - reports error. Some of such parameters are not supported by PCS, for some - it's not obvious, how to convert them into PCS's corresponding params, so let's put off it, and implement only basic params in this patch. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Dmitry Guryanov 提交于
Change domain state using parallels SDK functions instead of prlctl command. We don't need to send events from these functions now, becase events handler will send them. But we still need to update virDomainObj in privconn->domains. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-
由 Alexander Burluka 提交于
Subscribe to events from parallels server. It's needed for 2 things: to update cached domains list and to send corresponding libvirt events. Parallels server sends a lot of different events, in this patch we handle only some of them. In the future we can handle for example, changes in a host network configuration or devices states. Signed-off-by: NDmitry Guryanov <dguryanov@parallels.com>
-