- 24 6月, 2019 2 次提交
-
-
由 Ján Tomko 提交于
This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 8afa68ba) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit aed6a032) Signed-off-by: NJán Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 11 5月, 2017 4 次提交
-
-
由 Cole Robinson 提交于
-
由 Andrea Bolognani 提交于
Commit 839a0608 tied the lifecycle of virtlogd more closely to that of libvirtd. Unfortunately, while starting virtlogd when libvirtd is started is definitely a good idea, restarting virtlogd or shutting it down at any time outside of system poweroff is not. Revert part of that commit by removing the PartOf= lines, meaning that only startup requests will be propagated from libvirtd to virtlogd. Resolves: https://bugzilla.redhat.com/1372576 (cherry picked from commit f496ce1d)
-
由 Andrea Bolognani 提交于
We already guarantee that virtlogd.socket is enabled/disabled along with libvirtd.service, but if libvirtd.service has just been installed and is started before rebooting, then virtlogd.socket will not be running and guest startup will fail. Add Requires=virtlogd.socket to libvirtd.service to make sure virtlogd.socket is always started along with libvirtd.service, and add Before=libvirtd.service to both virtlogd.socket and virtlogd.service so that virtlogd never disappears before libvirtd has exited. Also add PartOf=libvirtd.service to both virtlogd.socket and virtlogd.service, so that virtlogd can be shut down when not needed. Resolves: https://bugzilla.redhat.com/1372576 (cherry picked from commit 839a0608)
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1353296 On UNIX like systems there are no constraints on what characters can be in file/dir names (except for NULL, obviously). Moreover, some values that we think of as paths (e.g. disk source) are not necessarily paths at all. For instance, some hypervisors take that as an arbitrary identifier and corresponding file is then looked up by hypervisor in its table. Instead of trying to fix our regular expressions (and forgetting to include yet another character there), lets drop the validation completely. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit c4b92f1a)
-
- 04 10月, 2016 4 次提交
-
-
由 Pavel Hrdina 提交于
Fix the regex for excluding files for this syntax-rule. The rule "include/" will not work, because we are matching the whole line like this "^(...|include/|...)$ so we need to use "include/libvirt/libvirt.+". The second issue is that we are using only one '$' but there should be two of those at the end. The last small adjustment is to escape dots '.' so it match only dot. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> (cherry picked from commit a94efa50)
-
由 Marc Hartmayer 提交于
Before the variable 'bits' was initialized with 0 (commit 3470cd86), the following bug was possible. A function call with an empty bitmap leads to undefined behavior. Because if 'bitmap->map_len == 0' 'unusedBits' will be <= 0 and 'sz == 1'. So the non global and non static variable 'bits' would have never been set. Consequently the check 'bits == 0' results in undefined behavior. This patch clarifies the current version of the function by handling the empty bitmap explicitly. Also, for an empty bitmap there is obviously no bit set so we can just return -1 (indicating no bit set) right away. The explicit check for 'bits == 0' after the loop is unnecessary because we only get to this point if no set bit was found. Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: NSascha Silbe <silbe@linux.vnet.ibm.com> Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com> Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> (cherry picked from commit 7cd01a24)
-
由 Martin Kletzander 提交于
When building using -Og, gcc sees that some variables can be used uninitialized It can be debatable whether it is possible with our codeflow, but functions should be self-contained and initializations are always good. The return instead of goto is due to actualType being used in the cleanup. Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 3470cd86)
-
由 Martin Kletzander 提交于
If this reminds you of a commit message from around a year ago, it's 41c2aa72 and yes, we're dealing with "the same thing" again. Or f309db1f and it's similar. There is a logic in place that if there is no real need for memory-backend-file, qemuBuildMemoryBackendStr() returns 0. However that wasn't the case with hugepage backing. The reason for that was that we abused the 'pagesize' variable for storing that information, but we should rather have a separate one that specifies whether we really need the new object for hugepage backing. And that variable should be set only if this particular NUMA cell needs special treatment WRT hugepages. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1372153Signed-off-by: NMartin Kletzander <mkletzan@redhat.com> (cherry picked from commit 4372a7845acbc6974f6027ef68e7dd3eeb47f425)
-
- 19 7月, 2016 3 次提交
-
-
由 Cole Robinson 提交于
-
由 Andrea Bolognani 提交于
Commit ffc49e57 broke syntax-check: cppi: libvirt.spec.in: line 622: not properly indented cppi: libvirt.spec.in: line 624: not properly indented cppi: libvirt.spec.in: line 640: not properly indented cppi: libvirt.spec.in: line 642: not properly indented maint.mk: incorrect preprocessor indentation cfg.mk:697: recipe for target 'sc_spec_indentation' failed Indent the new conditionals properly. (cherry picked from commit 55d8daa0)
-
由 Peter Krempa 提交于
Disallowing them broke a use case of testing multipath configurations for storage. Originally this was added as it was impossible to use certain /dev/disk-by... links but the disks worked properly. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1349895 (cherry picked from commit 5da28cc3)
-
- 14 7月, 2016 1 次提交
-
-
由 Daniel P. Berrange 提交于
The systemd-machined tools libvirt uses were split into a systemd-container RPM. Without depending on this, libvirt may silently fallback to the non-systemd cgroup impl which is not desirable. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit ffc49e57)
-
- 30 6月, 2016 3 次提交
-
-
由 Marc Hartmayer 提交于
Ensure that the given controller and all controllers with a smaller index exist; there must not be any missing index in between. Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com> Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> (cherry picked from commit 12ec22b6) Conflicts: src/qemu/qemu_hotplug.c: - context of the first hunk changed
-
由 Marc Hartmayer 提交于
The commit "qemu: hot-plug: Assume support for -device in qemuDomainAttachSCSIDisk" dropped the code for the automatic SCSI controller creation used in SCSI disk hot-plugging. If we are hot-plugging a SCSI disk to a domain and there is no proper SCSI controller defined, it results in an "error: internal error: Could not find scsi controller with index X required for device" error. For that reason reverting a hunk of the commit d4d32005. This patch also adds an extra comment to the code to clarify the loop. Reviewed-by: NBoris Fiuczynski <fiuczy@linux.vnet.ibm.com> Reviewed-by: NBjoern Walk <bwalk@linux.vnet.ibm.com> Signed-off-by: NMarc Hartmayer <mhartmay@linux.vnet.ibm.com> (cherry picked from commit 58d07db9)
-
由 Jiri Denemark 提交于
CVE-2016-5008 Setting an empty graphics password is documented as a way to disable VNC/SPICE access, but QEMU does not always behaves like that. VNC would happily accept the empty password. Let's enforce the behavior by setting password expiration to "now". https://bugzilla.redhat.com/show_bug.cgi?id=1180092Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit bb848fee)
-
- 28 6月, 2016 1 次提交
-
-
由 Michal Privoznik 提交于
Fron c3bd0019 on instead of creating the following path for cgroups: /sys/fs/cgroupX/$name.libvirt-$driver we generate rather more verbose one: /sys/fs/cgroupX/$driver-$id-$name.libvirt-$driver where $name is optional and included iff contains allowed chars. See original commit for more reasoning. Now, problem with the original commit is that we are unable to start any LXC domain after it. Because when starting LXC container, the CGroup layout is created by our lxc_controller process and then detected and validated by libvirtd. The validation is done by trying to match detected layout against all the possible patterns for cgroup paths that we've ever had. And the commit in question forgot to update this part of the code. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit fb377701)
-
- 24 6月, 2016 15 次提交
-
-
由 Cole Robinson 提交于
Fedora now ships edk2 firmware in its official repos, so adapt the nvram path list to match. Eventually we can remove the nightly links as well once some integration kinks have been worked out, and documentation updated. Move the macro building into the %build target, which lets us build up a shell variable and make things a bit more readable https://bugzilla.redhat.com/show_bug.cgi?id=1335395 (cherry picked from commit e9ef4dfa)
-
由 Peter Krempa 提交于
Use the detected tray presence flag to trigger the tray waiting code only if the given storage device in qemu reports to have a tray. This is necessary as the floppy device lost it's tray as of qemu commit: commit abb3e55b5b718d6392441f56ba0729a62105ac56 Author: Max Reitz <mreitz@redhat.com> Date: Fri Jan 29 20:49:12 2016 +0100 Revert "hw/block/fdc: Implement tray status" (cherry picked from commit 72a7ff6b)
-
由 Peter Krempa 提交于
Commit 1fad65d4 used a really big hammer and overwrote the error message that might be reported by qemu if the tray is locked. Fix it by reporting the error only if no error is currently set. Error after commit mentioned above: error: internal error: timed out waiting for disk tray status update New error: error: internal error: unable to execute QEMU command 'eject': Tray of device 'drive-ide0-0-0' is not open (cherry picked from commit 2e75da42)
-
由 Peter Krempa 提交于
The code grew rather convoluted. Extract it to a separate function. (cherry picked from commit 0aa19f35)
-
由 Cole Robinson 提交于
If we exceed the timeout waiting for the tray status to change, we don't report an error. Fix it (cherry picked from commit 1fad65d4)
-
由 Peter Krempa 提交于
If qemu doesn't support DEVICE_TRAY_MOVED event the code that attempts to change media would attempt to re-eject the tray even if it wouldn't be notified when the tray opened. Add a capability bit and skip retrying for old qemus. (cherry picked from commit 833ae6b4)
-
由 Peter Krempa 提交于
Extract information for all disks and update tray state and source only for removable drives. Additionally store whether a drive is removable and whether it has a tray. (cherry picked from commit 894dc85f)
-
由 Peter Krempa 提交于
Move it to a more sane place since it's refreshing data about disks. (cherry picked from commit d9bee413)
-
由 Peter Krempa 提交于
Extract whether a given drive has a tray and whether there is no image inserted. Negative logic for the image insertion is chosen so that the flag is set only if we are certain of the fact. (cherry picked from commit f1690dc3)
-
由 Peter Krempa 提交于
(cherry picked from commit 5f963d89)
-
由 Peter Krempa 提交于
Empty floppy drives start with tray in "open" state and libvirt did not refresh it after startup. The code that inserts media into the tray then waited until the tray was open before inserting the media and thus floppies could not be inserted. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1326660 (cherry picked from commit a34faf33)
-
由 John Ferlan 提交于
No longer necessary to have it, so remove it. (cherry picked from commit 027986f5)
-
由 Fritz Elfert 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1331552 Instead of disabling auto-login of all scsi targets (even those that do not "belong" to libvirt), use iscsiadm's "--op nonpersistent" during discovery of iSCSI targets (e.g. "iscsiadm --mode discovery --type sendtargets") in order to avoid the node database being altered which led to the need for the "large hammer" approach taken by commit id '3c12b654'. This commit removes the virISCSITargetAutologin adjustment (eg. the setting of node.startup to "manual"). The iscsiadm command has supported this mode of operation as of commit id 'ad873767' to open-iscsi. (cherry picked from commit 56057900)
-
由 John Ferlan 提交于
Utilize the exit status parameter for virCommandRunRegex in order to check the return error from the 'iscsiadm --mode session' command. Without this enabled, if there are no sessions running then virCommandRun would have displayed an error such as: 2016-05-13 15:17:15.165+0000: 10920: error : virCommandWait:2553 : internal error: Child process (iscsiadm --mode session) unexpected exit status 21: iscsiadm: No active sessions. It is possible that for certain paths (when probe is true) we only care whether it's running or not to make certain decisions. Spitting out the error for those paths is unnecessary. If we do have a situation where probe = false and there's an error, then display the error from iscsiadm if it's there. (cherry picked from commit 8f54e0d6)
-
由 John Ferlan 提交于
Rather than have virCommandRun just spit out the error, allow callers to decide to pass the exitstatus so the caller can make intelligent decisions based on the error. (cherry picked from commit 8b104947)
-
- 16 5月, 2016 7 次提交
-
-
由 Jim Fehlig 提交于
Some of the test configuration files in tests/xlconfigdata use the old qemu-dm as the emulator. Many of the configuration features tested (spice, rbd, multi-usb) are not even usable with the old qemu. Change these files to use the new qemu-xen (also known as qemu upstream) emulator. Note: This change fixes xlconfigtest failures when the old qemu is actually installed on the system. During device post parse, the libxl driver attempts to invoke the emulator to determine if it is the old or new qemu so it can properly set video RAM defaults. With the old qemu installed, the default video RAM was set differently than the expected value. Changing all the test data files to use qemu-xen ensures predictable results wrt default video RAM size. Signed-off-by: NJim Fehlig <jfehlig@suse.com> (cherry picked from commit b90c4b5f)
-
由 Jim Fehlig 提交于
When probing the <emulator> with '-help' to determine if it is the old qemu, errors are reported if the emulator doesn't exist libvirt: error : internal error: Child process (/usr/lib/xen/bin/qemu-dm -help) unexpected exit status 127: libvirt: error : cannot execute binary /usr/lib/xen/bin/qemu-dm: No such file or directory Avoid the probe if the specified emulator doesn't exist, squelching the error. There is no behavior change since libxlDomainGetEmulatorType() would return LIBXL_DEVICE_MODEL_VERSION_QEMU_XEN if the probe failed via virCommandRun(). Signed-off-by: NJim Fehlig <jfehlig@suse.com> (cherry picked from commit 400e716d)
-
由 Ján Tomko 提交于
Move filling out the default video (v)ram to DeviceDefPostParse. This means it can be removed from virDomainVideoDefParseXML and qemuParseCommandLine. Also, we no longer need to special case VIR_DOMAIN_VIRT_XEN, since the per-driver callback gets called before the generic one. (cherry picked from commit 538012c8)
-
由 Ján Tomko 提交于
Commit 6879be48 moved adding of an implicit video device after XML parsing. As a result, libxlDomainDeviceDefPostParse() is no longer called to set the default vram when adding an implicit device. Commit 6879be48 assumes virDomainVideoDefaultRAM() will set the default vram, but it returns 0 if the domain virtType is VIR_DOMAIN_VIRT_XEN. Attempting to start an HVM domain with vram=0 results in error: unsupported configuration: videoram must be at least 4MB for CIRRUS The default vram setting for Xen HVM domains depends on the device model used (qemu-xen vs qemu-traditional), hence setting the default is deferred to libxlDomainDeviceDefPostParse(). Call the device post-parse callback even for implicit video, to fill out the default vram even for VIR_DOMAIN_VIRT_XEN. https://bugzilla.redhat.com/show_bug.cgi?id=1334557Most-of-commit-message-by: NJim Fehlig <jfehlig@suse.com> (cherry picked from commit 3e428670)
-