- 24 6月, 2019 2 次提交
-
-
由 Ján Tomko 提交于
This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 8afa68ba) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit aed6a032) Signed-off-by: NJán Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 04 10月, 2016 6 次提交
-
-
由 Pavel Hrdina 提交于
fdstream.c: In function 'virFDStreamWrite': fdstream.c:390:29: error: logical 'or' of equal expressions [-Werror=logical-op] if (errno == EAGAIN || errno == EWOULDBLOCK) { ^~ Fedora rawhide now uses gcc 6.0 and there is a bug with -Wlogical-op producing false warnings. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69602 Use GCC pragma push/pop and ignore -Wlogical-op for GCC that supports push/pop pragma and also has this bug. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> (cherry picked from commit d713a6b1)
-
由 Michal Privoznik 提交于
While trying to build with -Os couple of compile errors showed up. conf/domain_conf.c: In function 'virDomainChrRemove': conf/domain_conf.c:13666:24: error: 'ret' may be used uninitialized in this function [-Werror=maybe-uninitialized] virDomainChrDefPtr ret, **arrPtr = NULL; ^ Compiler fails to see that @ret is used only if set in the loop, but whatever, there's no harm in initializing the variable. In vboxAttachDrivesNew and _vboxAttachDrivesOld compiler thinks that @rc may be used uninitialized. Well, not directly, but maybe after some optimization. Yet again, no harm in initializing a variable. In file included from ./util/virthread.h:26:0, from ./datatypes.h:28, from vbox/vbox_tmpl.c:43, from vbox/vbox_V3_1.c:37: vbox/vbox_tmpl.c: In function '_vboxAttachDrivesOld': ./util/virerror.h:181:5: error: 'rc' may be used uninitialized in this function [-Werror=maybe-uninitialized] virReportErrorHelper(VIR_FROM_THIS, code, __FILE__, \ ^ In file included from vbox/vbox_V3_1.c:37:0: vbox/vbox_tmpl.c:1041:14: note: 'rc' was declared here nsresult rc; ^ Yet again, one uninitialized variable: qemu/qemu_driver.c: In function 'qemuDomainBlockCommit': qemu/qemu_driver.c:17194:9: error: 'baseSource' may be used uninitialized in this function [-Werror=maybe-uninitialized] qemuDomainPrepareDiskChainElement(driver, vm, baseSource, ^ And another one: storage/storage_backend_logical.c: In function 'virStorageBackendLogicalMatchPoolSource.isra.2': storage/storage_backend_logical.c:618:33: error: 'thisSource' may be used uninitialized in this function [-Werror=maybe-uninitialized] thisSource->devices[j].path)) ^ Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit bde6e002)
-
由 Pavel Hrdina 提交于
Fix the regex for excluding files for this syntax-rule. The rule "include/" will not work, because we are matching the whole line like this "^(...|include/|...)$ so we need to use "include/libvirt/libvirt.+". The second issue is that we are using only one '$' but there should be two of those at the end. The last small adjustment is to escape dots '.' so it match only dot. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> (cherry picked from commit a94efa50)
-
由 Marc Hartmayer 提交于
Before the variable 'bits' was initialized with 0 (commit 3470cd86), the following bug was possible. A function call with an empty bitmap leads to undefined behavior. Because if 'bitmap->map_len == 0' 'unusedBits' will be <= 0 and 'sz == 1'. So the non global and non static variable 'bits' would have never been set. Consequently the check 'bits == 0' results in undefined behavior. This patch clarifies the current version of the function by handling the empty bitmap explicitly. Also, for an empty bitmap there is obviously no bit set so we can just return -1 (indicating no bit set) right away. The explicit check for 'bits == 0' after the loop is unnecessary because we only get to this point if no set bit was found. Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: NSascha Silbe <silbe@linux.vnet.ibm.com> Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com> Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> (cherry picked from commit 7cd01a24)
-
由 Martin Kletzander 提交于
When building using -Og, gcc sees that some variables can be used uninitialized It can be debatable whether it is possible with our codeflow, but functions should be self-contained and initializations are always good. The return instead of goto is due to actualType being used in the cleanup. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 3470cd86)
-
由 Martin Kletzander 提交于
If this reminds you of a commit message from around a year ago, it's 41c2aa72 and yes, we're dealing with "the same thing" again. Or f309db1f and it's similar. There is a logic in place that if there is no real need for memory-backend-file, qemuBuildMemoryBackendStr() returns 0. However that wasn't the case with hugepage backing. The reason for that was that we abused the 'pagesize' variable for storing that information, but we should rather have a separate one that specifies whether we really need the new object for hugepage backing. And that variable should be set only if this particular NUMA cell needs special treatment WRT hugepages. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372153Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 4372a7845acbc6974f6027ef68e7dd3eeb47f425)
-
- 04 7月, 2016 1 次提交
-
-
由 Jiri Denemark 提交于
CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit bb848fee)
-
- 01 3月, 2016 1 次提交
-
-
由 Daniel Veillard 提交于
* docs/news.html.in libvirt.spec.in: update for release * po/*.po*: regenerated
-
- 27 2月, 2016 1 次提交
-
-
由 Roman Bogorodskiy 提交于
-
- 26 2月, 2016 15 次提交
-
-
由 John Ferlan 提交于
Found by inspection - after calling virStoragePoolObjAssignDef the pool is part of the driver->pools.objs list and the failure path for the virStoragePoolObjSaveDef will use virStoragePoolObjRemove to remove the pool from the objs list which will unlock and free the pool pointer (as pools->objs[i] during the loop). Since the call doesn't clear the pool address from the callee, we need to set it to NULL; otherwise, the virStoragePoolObjUnlock in the cleanup: code will fail miserably.
-
由 John Ferlan 提交于
While reviewing how storage driver used ObjListPtr's for reference in some recent secret driver patches to use the same mechanism, I came across an instance where the wrong API was called for error paths after successfully allocating the storage pool pointer and inserting into the driver pool list. The path is after virStoragePoolObjAssignDef succeeds - the 'def' passed in is assigned to pool->def (or newDef) so it shouldn't be the only thing deleted. The pool is now part of driver->pools.objs, so it would need to be removed (as happens in the storagePoolCreateXML error paths). Rather than calling virStoragePoolDefFree to free the def which is now assigned to the pool, call virStoragePoolObjRemove to ensure the pool element is removed from the driver list and that anything stored in pool is properly handled by virStoragePoolObjFree including the call to virStoragePoolDefFree for the pool->{def|newDef} element.
-
由 Richard W.M. Jones 提交于
Trivial documentation fix. Signed-off-by: NRichard W.M. Jones <rjones@redhat.com>
-
由 Nitesh Konkar 提交于
Signed-off-by: NNitesh Konkar <nitkon12@linux.vnet.ibm.com> Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
Commit f1a89a8b allowed parsing configs from /etc/libvirt without validating the emulator capabilities. Check for the presence of a machine type in the qemu driver's post parse function instead of crashing. https://bugzilla.redhat.com/show_bug.cgi?id=1267256
-
由 Ján Tomko 提交于
-
由 Ján Tomko 提交于
Check if we correctly parse the persistent config even with the VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS flag.
-
由 Ján Tomko 提交于
Revert commit 55e6d8cd. This fix for https://bugzilla.redhat.com/show_bug.cgi?id=1267256 unconditionally required a machine type for all machine types even though qemu is the only emulator using them. Revert it to fix persistent configs for drivers with no machine type: https://www.redhat.com/archives/libvir-list/2016-February/msg01228.html
-
由 Ján Tomko 提交于
Allow testing XML parsing with different flags.
-
由 Jim Fehlig 提交于
libxlMakeNic opens a virConnect object and takes a reference on a virNetwork object, but doesn't drop the references on all error paths. Rework the function to follow the standard libvirt pattern of using a local 'ret' variable to hold the function return value, performing all cleanup and returning 'ret' at a 'cleanup' label.
-
由 John Ferlan 提交于
Generates a false positive for Coverity, but it turns out there's no need to check ret == -1 since if VIR_APPEND_ELEMENT is successful, the local vol pointer is cleared anyway. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
Found by my Coverity checker - virCheckFlags call could return -1, but not virCommandFree(destroy_cmd). Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 John Ferlan 提交于
When parsing the barrier:limit values, use virStringSplitCount in order to split the pair and make the approriate checks to get the data. Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Andrea Bolognani 提交于
The virHostdevIsVirtualFunction() was called exactly twice, and in both cases the return value was saved to a temporary variable before being checked. This would be okay if it improved readability, but in this case is pretty pointless. Get rid of the temporary variable and check the return value directly; while at it, change the check from '<= 0' to '!= 1' to align it with the way other similar *IsVirtualFunction() functions are used thorough the code.
-
由 Andrea Bolognani 提交于
virNetDevIsVirtualFunction() returns 1 if the interface is a virtual function, 0 if it isn't and -1 on error. This means that, despite the name suggesting otherwise, using it as a predicate is not correct. Fix two callers that were doing so adding an explicit check on the return value.
-
- 25 2月, 2016 5 次提交
-
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Michal Privoznik 提交于
There's been a report on the upstream list [1] describing we access /sys/devices/system/cpu/present directly on the host from within our test suite. This may end up in unpredictable results as no all linux systems are required to have that file. Mock access to the file. libvirt.git/tests $ ../run strace vircgrouptest ... access("/sys/devices/system/cpu/present", F_OK) = 0 ... Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Osier Yang 提交于
RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1298070 The corresponding chardev must be attached first, otherwise the the qemu command line won't be complete (missing the host part),
-
由 Eric Blake 提交于
Yet again, selinux has been adding const-correctness; this change is ABI-compatible, but breaks API, which affects us when we try to override things in our testsuite: ../../tests/securityselinuxhelper.c:307:24: error: conflicting types for 'selabel_open' struct selabel_handle *selabel_open(unsigned int backend, ^~~~~~~~~~~~ In file included from ../../tests/securityselinuxhelper.c:32:0: /usr/include/selinux/label.h:73:24: note: previous declaration of 'selabel_open' was here The problem is a new 'const' prior to the second parameter. Fix it the same way we did in commit 292d3f2d: check for the new const at configure time. Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Joao Martins 提交于
Introduce support for domainInterfaceStats API call for querying network interface statistics. Consequently it also enables the use of `virsh domifstat <dom> <interface name>` command plus seeing the interfaces names instead of "-" when doing `virsh domiflist <dom>`. After successful guest creation we fill the network interfaces names based on domain, device id and append suffix if it's emulated in the following form: vif<domid>.<devid>[-emu]. We extract the network interfaces info from the libxl_domain_config object in libxlDomainCreateIfaceNames() to generate ifname. On domain cleanup we also clear ifname, in case it was set by libvirt (i.e. being prefixed with "vif"). We also skip these two steps in case the name of the interface was manually inserted by the administrator. Since the introduction of netprefix (commit a040ba9e), ifnames with a registered prefix will be freed on virDomain{Obj,Def}Format*, thus eliminating the migration issues observed with the reverted commit d2e5538b whereas source and destination would have the same ifname. For getting the interface statistics we resort to virNetInterfaceStats and let libvirt handle the platform specific nits. Note that the latter is not yet supported in FreeBSD. Signed-off-by: NJoao Martins <joao.m.martins@oracle.com>
-
- 24 2月, 2016 3 次提交
-
-
由 Chunyan Liu 提交于
Signed-off-by: NChunyan Liu <cyliu@suse.com>
-
由 Eric Blake 提交于
%zu is not always synonymous with uint64_t; on 32-bit machines, size_t is only 32 bits. Prefer "%lld"/'unsigned long long' when the variable is under our control, and "%"PRIu64 when we are stuck with 'uint64_t' from RBD. Fixes errors such as: ../../src/storage/storage_backend_rbd.c: In function 'virStorageBackendRBDVolWipe': ../../src/storage/storage_backend_rbd.c:1281:15: error: format '%zu' expects argument of type 'size_t', but argument 8 has type 'uint64_t {aka long long unsigned int}' [-Werror=format=] VIR_DEBUG("Need to wipe %zu bytes from RBD image %s/%s", ^ ../../src/util/virlog.h:90:73: note: in definition of macro 'VIR_DEBUG_INT' virLogMessage(src, VIR_LOG_DEBUG, filename, linenr, funcname, NULL, __VA_ARGS__) ^ ../../src/storage/storage_backend_rbd.c:1281:5: note: in expansion of macro 'VIR_DEBUG' VIR_DEBUG("Need to wipe %zu bytes from RBD image %s/%s", ^ Signed-off-by: NEric Blake <eblake@redhat.com>
-
由 Jim Fehlig 提交于
-
- 23 2月, 2016 6 次提交
-
-
由 Michal Privoznik 提交于
There's this check when building command line that whenever domain has no graphics card configured we put -nographics onto qemu command line. The check is 'if (!def->graphics)'. This makes coverity think that def->graphics can be NULL, which is true. But later in the code every access to def->graphics is guarded by check for def->ngraphics, so no crash occurs. But this is something that coverity fails to deduct. In order to shut coverity up lets change the condition to 'if (!def->ngraphics)'. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
After 6604a3dd in which new helper function has been introduced, the code calls virStringReplace and dereference the result immediately. The string function can, however, return NULL so this would SIGSEGV right away. Check for the return value of the string function. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
After 457ff97f there are two defects in our code. In both of them we use a signed variable to hold up a number of snapshots that domain has. We use a helper function to count the number. However, the helper function may fail in which case it returns a negative one and control jumps to cleanup label where an unsigned variable is used to iterate over array of snapshots. The loop condition thus compare signed and unsigned variables which in this specific case ends up badly for us. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Michal Privoznik 提交于
Imagine you have partially installed libvirt, or maybe you're just running 'make uninstall' from a different version than 'make install' has been ran. One way or another, we are doing plain 'rm' instead of 'rm -f' and thus not trying hard enough when uninstalling. In the rest of our code we stick with -f switch. Do that for docs too. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
由 Andrea Bolognani 提交于
No functional changes.
-
由 Jim Fehlig 提交于
xl/libxl already supports qemu's network-based block backends such as nbd and rbd. libvirt has supported configuring such <disk>s for long time too. This patch adds support for rbd disks in the libxl driver by generating a rbd device URL from the virDomainDiskDef object. The URL is passed to libxl via the pdev_path field of libxl_device_disk struct. libxl then passes the URL to qemu for cosumption by the rbd backend. Signed-off-by: NJim Fehlig <jfehlig@suse.com>
-