- 24 6月, 2019 2 次提交
-
-
由 Ján Tomko 提交于
This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 8afa68ba) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit aed6a032) Signed-off-by: NJán Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 04 10月, 2016 1 次提交
-
-
由 Eric Blake 提交于
Yet again, selinux has been adding const-correctness; this change is ABI-compatible, but breaks API, which affects us when we try to override things in our testsuite: ../../tests/securityselinuxhelper.c:307:24: error: conflicting types for 'selabel_open' struct selabel_handle *selabel_open(unsigned int backend, ^~~~~~~~~~~~ In file included from ../../tests/securityselinuxhelper.c:32:0: /usr/include/selinux/label.h:73:24: note: previous declaration of 'selabel_open' was here The problem is a new 'const' prior to the second parameter. Fix it the same way we did in commit 292d3f2d: check for the new const at configure time. Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 5ea3a690)
-
- 03 10月, 2016 4 次提交
-
-
由 Pavel Hrdina 提交于
fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN || errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> (cherry picked from commit d713a6b1)
-
由 Michal Privoznik 提交于
While trying to build with -Os couple of compile errors showed up. conf/domain_conf.c: In function 'virDomainChrRemove': conf/domain_conf.c:13666:24: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized] virDomainChrDefPtr ret, **arrPtr = NULL; ^ Compiler fails to see that @ret is used only if set in the loop, but whatever, there's no harm in initializing the variable. In vboxAttachDrivesNew and _vboxAttachDrivesOld compiler thinks that @rc may be used uninitialized. Well, not directly, but maybe after some optimization. Yet again, no harm in initializing a variable. In file included from ./util/virthread.h:26:0, from ./datatypes.h:28, from vbox/vbox_tmpl.c:43, from vbox/vbox_V3_1.c:37: vbox/vbox_tmpl.c: In function '_vboxAttachDrivesOld': ./util/virerror.h:181:5: error: 'rc' may be used uninitialized in this function [-Werror=maybe-uninitialized] virReportErrorHelper(VIR_FROM_THIS, code, __FILE__, \ ^ In file included from vbox/vbox_V3_1.c:37:0: vbox/vbox_tmpl.c:1041:14: note: 'rc' was declared here nsresult rc; ^ Yet again, one uninitialized variable: qemu/qemu_driver.c: In function 'qemuDomainBlockCommit': qemu/qemu_driver.c:17194:9: error: 'baseSource' may be used uninitialized in this function [-Werror=maybe-uninitialized] qemuDomainPrepareDiskChainElement(driver, vm, baseSource, ^ And another one: storage/storage_backend_logical.c: In function 'virStorageBackendLogicalMatchPoolSource.isra.2': storage/storage_backend_logical.c:618:33: error: 'thisSource' may be used uninitialized in this function [-Werror=maybe-uninitialized] thisSource->devices[j].path)) ^ Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit bde6e002)
-
由 Martin Kletzander 提交于
When building using -Og, gcc sees that some variables can be used uninitialized It can be debatable whether it is possible with our codeflow, but functions should be self-contained and initializations are always good. The return instead of goto is due to actualType being used in the cleanup. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 3470cd86)
-
由 Martin Kletzander 提交于
If this reminds you of a commit message from around a year ago, it's 41c2aa72 and yes, we're dealing with "the same thing" again. Or f309db1f and it's similar. There is a logic in place that if there is no real need for memory-backend-file, qemuBuildMemoryBackendStr() returns 0. However that wasn't the case with hugepage backing. The reason for that was that we abused the 'pagesize' variable for storing that information, but we should rather have a separate one that specifies whether we really need the new object for hugepage backing. And that variable should be set only if this particular NUMA cell needs special treatment WRT hugepages. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372153Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 4372a7845acbc6974f6027ef68e7dd3eeb47f425)
-
- 30 6月, 2016 1 次提交
-
-
由 Jiri Denemark 提交于
CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit bb848fee)
-
- 05 1月, 2016 1 次提交
-
-
由 Ján Tomko 提交于
The refactoring in commit a26669d7 silently ignored the dxml parameter of virDomainMigrateToURI2. https://bugzilla.redhat.com/show_bug.cgi?id=1295405 (cherry picked from commit 48822280) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 13 12月, 2015 1 次提交
-
-
由 Eric Blake 提交于
The libvirt file system storage driver determines what file to act on by concatenating the pool location with the volume name. If a user is able to pick names like "../../../etc/passwd", then they can escape the bounds of the pool. For that matter, virStoragePoolListVolumes() doesn't descend into subdirectories, so a user really shouldn't use a name with a slash. Normally, only privileged users can coerce libvirt into creating or opening existing files using the virStorageVol APIs; and such users already have full privilege to create any domain XML (so it is not an escalation of privilege). But in the case of fine-grained ACLs, it is feasible that a user can be granted storage_vol:create but not domain:write, and it violates assumptions if such a user can abuse libvirt to access files outside of the storage pool. Therefore, prevent all use of volume names that contain "/", whether or not such a name is actually attempting to escape the pool. This changes things from: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 Vol ../../../../../../etc/haha created $ rm /etc/haha to: $ virsh vol-create-as default ../../../../../../etc/haha --capacity 128 error: Failed to create vol ../../../../../../etc/haha error: Requested operation is not valid: volume name '../../../../../../etc/haha' cannot contain '/' Signed-off-by: NEric Blake <eblake@redhat.com> (cherry picked from commit 034e47c3)
-
- 04 11月, 2015 1 次提交
-
-
由 Daniel Veillard 提交于
* docs/news.html.in libvirt.spec.in: Updated for the release * po/*.po*: regenerated
-
- 30 10月, 2015 2 次提交
-
-
由 Laine Stump 提交于
This was originally set to 5 seconds, but times of 5.5 to 7 seconds were experienced. Since it's an arbitrary number intended to prevent an infinite hang, having it a bit too high won't hurt anything, and 20 seconds looks to be adequate (i.e. I think/hope we don't need to make it tunable in libvirtd.conf)
-
由 Luyao Huang 提交于
If DAD not finished in 5 seconds, user will get an unknown error like this: # virsh net-start ipv6 error: Failed to start network ipv6 error: An error occurred, but the cause is unknown Call virReportError to set an error. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
- 29 10月, 2015 5 次提交
-
-
由 Michal Privoznik 提交于
There has been a report on the list [1] that we are not installing the wireshark dissector into the correct plugin directory. And in fact we are not. The problem is, the plugin directory path is constructed at compile time. However, it's dependent on the wireshark version, e.g. /usr/lib/wireshark/plugins/1.12.6 This is rather unfortunate, because if libvirt RPMs were built with one version, but installed on a system with newer one, the plugins are not really loaded. This problem lead fedora packagers to unify plugin path to: /usr/lib/wireshark/plugins/ Cool! But this was enabled just in wireshark-1.12.6-4. Therefore, we must require at least that version. And while at it, on some distributions, the wireshark.pc file already has a variable that defines where plugin dir is. Use that if possible. 1: https://www.redhat.com/archives/libvirt-users/2015-October/msg00063.htmlSigned-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Roman Bogorodskiy 提交于
Build on non-Linux fails because the virNetDevWaitDadFinish() stub has unused parameters. Fix by adding appropriate ATTRIBUTE_UNUSED for these parameters. Pushing under build-breaker rule.
-
由 Maxim Perevedentsev 提交于
commit db488c79 assumed that dnsmasq would complete IPv6 DAD before daemonizing, but in reality it doesn't wait, which creates problems when libvirt's bridge driver sets the matching "dummy tap device" to IFF_DOWN prior to DAD completing. This patch waits for DAD completion by periodically polling the kernel using netlink to check whether there are any IPv6 addresses assigned to bridge which have a 'tentative' state (if there are any in this state, then DAD hasn't yet finished). After DAD is finished, execution continues. To avoid an endless hang in case something was wrong with the kernel's DAD, we wait a maximum of 5 seconds.
-
由 Maxim Perevedentsev 提交于
Such messages do not have NLMSG_ERROR or NLMSG_DONE type but they are valid responses. We test 'multi-partness' by looking for NLM_F_MULTI flag.
-
由 Luyao Huang 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1270715 Commit id '9deb96f9' removed the code to fetch the nodeset from the CpusetMems cgroup for a running vm in favor of using the return from virDomainNumatuneFormatNodeset introduced by commit id '43b67f2e'. However, that API will return the value of the passed 'auto_nodeset' when placement is VIR_DOMAIN_NUMATUNE_PLACEMENT_AUTO, which happens to be NULL. Since commit id 'c74d58ad' started using priv->autoNodeset in order to manage the auto placement value during qemuProcessStart, it should be passed along in order to return the correct value if the domain requests the auto placement. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
- 28 10月, 2015 2 次提交
-
-
由 Wido den Hollander 提交于
When a RBD volume has snapshots it can not be removed. This patch introduces a new flag to force volume removal, VIR_STORAGE_VOL_DELETE_WITH_SNAPSHOTS. With this flag any existing snapshots will be removed prior to removing the volume. No existing mechanism in libvirt allowed us to pass such information, so that's why a new flag was introduced. Signed-off-by: NWido den Hollander <wido@widodh.nl>
-
由 Pino Toscano 提交于
Use the virProcessGetStartTime implementation also when only the kernel is FreeBSD, such as on GNU/kFreeBSD.
-
- 27 10月, 2015 7 次提交
-
-
由 Roman Bogorodskiy 提交于
-
由 Pavel Hrdina 提交于
While parsing device addresses we should use correct base and don't count on auto-detect. For example, PCI address uses hex numbers, but each number starting with 0 will be auto-detected as octal number and that's wrong. Another wrong use-case is for PCI address if for example bus is 10, than it's incorrectly parsed as decimal number. PCI and CCW addresses have all values as hex numbers, IDE and SCSI addresses are in decimal numbers. Signed-off-by: NPavel Hrdina <phrdina@redhat.com>
-
由 Luyao Huang 提交于
Remove the extra %s in error message when call virReportInvalidArg(). Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
由 Luyao Huang 提交于
After commit a26669d7, we only jump to error when virDomainMigrateUnmanagedParams return a value less than -1. this will make the migrate result always be success even we meet some problem. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
由 Luyao Huang 提交于
In commit f41be296, we moved vm->persistent check into qemuDomainRemoveInactive, but we didn't change the vm->persistent before call qemuDomainRemoveInactive in some place before and just call it to remove the inactive vm. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
由 Luyao Huang 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1273686 There is no ABI check for serial target type attribute, just add it. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
由 Michal Privoznik 提交于
Lets use wrapper functions virLockDaemonLock and virLockDaemonUnlock instead of virMutexLock and virMutexUnlock. This has no functional impact, but it's easier to read (at least for me). Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 26 10月, 2015 5 次提交
-
-
由 Andrea Bolognani 提交于
This calls the PCI-, USB- and SCSI-specific functions just like qemuHostdev{Prepare,ReAttach}DomainDevices() already do, and was the missing piece for the qemuHostdev API to nicely mirror the virHostdev API. Update qemuProcessReconnect() to use the new function.
-
由 Andrea Bolognani 提交于
Adopt the same names used for virHostdevUpdateActive*Devices() for consistency's sake and to make it easier to jump between the two. No functional changes.
-
由 Andrea Bolognani 提交于
Adopt the same names used for virHostdevReAttach*Devices() for consistency's sake and to make it easier to jump between the two. No functional changes.
-
由 Andrea Bolognani 提交于
Adopt the same names used for virHostdevPrepare*Devices() for consistency's sake and to make it easier to jump between the two. No functional changes.
-
由 Andrea Bolognani 提交于
The new name, virHostdevUpdateActiveDomainDevices(), follows the same naming conventions used by the rest of the module. No functional changes.
-
- 22 10月, 2015 6 次提交
-
-
由 Andrea Bolognani 提交于
A bunch of files that we don't currently parse, and are very unlikely to ever start parsing, made their way into the nodeinfo test data. Get rid of them.
-
由 Luyao Huang 提交于
The number of vCPUs for a guest must be between 1 and the maximum value configured in the domain XML. This commit introduces checks to make sure that passing count <= 0 results in an error. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1248277Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
由 John Ferlan 提交于
Fix a cut-n-paste error from commit id '35eecdde' where the previous check for max_sectors seems to have been copied, but the error message parameter not updated to be ioeventfd
-
由 Luyao Huang 提交于
Commit id '1c24cfe9' added error messages for virNumaSetPagePoolSize; however, virNumaGetHugePageInfo also uses virNumaGetHugePageInfoPath in order to build the path, but it never checked upon return if the built path exists which could lead to an error message as follows: $ virsh freepages 0 1 error: Failed to open file '/sys/devices/system/node/node0/hugepages/hugepages-1kB/free_hugepages': No such file or directory Rather than add the same message for the other two callers, adjust the virNumaGetHugePageInfoPath in order not only build the path, but also check if the built path exists. If the path does not exist, then generate the error message and return failure. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
由 Luyao Huang 提交于
Commit id '1c24cfe9' added new checks and error messaes for failure scenarios. Let's adjust those error messages to after the call to virNumaGetHugePageInfoPath in order to provide a more specific error message depending on node and page_size After this patch: # virsh allocpages --pagesize 2047 --pagecount 1 --cellno 0 error: operation failed: page size 2047 is not available on node 0 # virsh allocpages --pagesize 2047 --pagecount 1 error: operation failed: page size 2047 is not available Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
由 Luyao Huang 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1265114 Refactor helper virNumaGetHugePageInfoPath to handle returning a directory path when passed a page_size of 0 and suffix == NULL into a new helper virNumaGetHugePageInfoDir which will only be called when a directory path is expected to be returned. This solves the issue where the helper was called with page_size == 0 expecting a file path in return, but instead got a directory path and failed in virFileReadAll with: error : virFileReadAll:1358 : Failed to read file '/sys/devices/system/node/node0/hugepages/': Is a directory Since virNumaGetPages API expects to return a directory by passing page_size == 0 and suffix == NULL, it will now call the new helper. Callers to virNumaGetHugePageInfoPath expect to return a file path which could then be used in the call to virFileReadAll. Signed-off-by: NLuyao Huang <lhuang@redhat.com>
-
- 21 10月, 2015 1 次提交
-
-
由 Ishmanpreet Kaur Khera 提交于
We have macros for both positive and negative string matching. Therefore there is no need to use !STREQ or !STRNEQ. At the same time as we are dropping this, new syntax-check rule is introduced to make sure we won't introduce it again. Signed-off-by: NIshmanpreet Kaur Khera <khera.ishman@gmail.com> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 20 10月, 2015 1 次提交
-
-
由 Andrea Bolognani 提交于
This has been broken for a looong time - in fact, we've been shipping a mostly-empty NEWS file for at least the past two years. Including the html namespace and using it for matching elements, like hacking1.xsl and hacking2.xsl were already doing, makes the NEWS file useful again. Add a note explaining that the release list has been split up by year as well.
-