- 24 6月, 2019 2 次提交
-
-
由 Ján Tomko 提交于
This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 8afa68ba) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit aed6a032) Signed-off-by: NJán Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 06 2月, 2018 1 次提交
-
-
由 Laine Stump 提交于
commit 77a12987 changed the "virDomainChrSourceDef source" inside virDomainChrDef to "virDomainChrSourceDefPtr source", and started allocating source inside virDomainChrDefNew(), but vboxDumpSerial() was allocating a virDomainChrDef with a simple VIR_ALLOC() (i.e. never calling virDomainChrDefNew()), so source was never initialized, leading to a SEGV any time a serial port was present. The same problem was created in vboxDumpParallel(). This patch changes vboxDumpSerial() and vboxDumpParallel() to use virDomainChrDefNew() instead of VIR_ALLOC(), and changes both of those functions to return an error if virDomainChrDef() (or any other allocation) fails. This resolves: https://bugzilla.redhat.com/1536649 (cherry picked from commit 9c27e464)
-
- 16 10月, 2017 1 次提交
-
-
由 Daniel P. Berrange 提交于
The default_tls_x509_verify (and related) parameters in qemu.conf control whether the QEMU TLS servers request & verify certificates from clients. This works as a simple access control system for servers by requiring the CA to issue certs to permitted clients. This use of client certificates is disabled by default, since it requires extra work to issue client certificates. Unfortunately the code was using this configuration parameter when setting up both TLS clients and servers in QEMU. The result was that TLS clients for character devices and disk devices had verification turned off, meaning they would ignore errors while validating the server certificate. This allows for trivial MITM attacks between client and server, as any certificate returned by the attacker will be accepted by the client. This is assigned CVE-2017-1000256 / LSN-2017-0002 Reviewed-by: NEric Blake <eblake@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 441d3eb6)
-
- 16 9月, 2017 2 次提交
-
-
由 Stefan Berger 提交于
TPM 2 does not implement sysfs files for cancellation of commands. We therefore use /dev/null for the cancel path passed to QEMU. Signed-off-by: NStefan Berger <stefanb@linux.vnet.ibm.com> Tested-by: NJavier Martinez Canillas <javierm@redhat.com> Reviewed-by: NMarc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit dfbb15b7)
-
由 Michal Privoznik 提交于
When setting up mount namespace for a qemu domain the following steps are executed: 1) get list of mountpoints under /dev/ 2) move them to /var/run/libvirt/qemu/$domName.ext 3) start constructing new device tree under /var/run/libvirt/qemu/$domName.dev 4) move the mountpoint of the new device tree to /dev 5) restore original mountpoints from step 2) Note the problem with this approach is that if some device in step 3) requires access to a mountpoint from step 2) it will fail as the mountpoint is not there anymore. For instance consider the following domain disk configuration: <disk type='file' device='disk'> <driver name='qemu' type='raw'/> <source file='/dev/shm/vhostmd0'/> <target dev='vdb' bus='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x0a' function='0x0'/> </disk> In this case operation fails as we are unable to create vhostmd0 in the new device tree because after step 2) there is no /dev/shm anymore. Leave aside fact that we shouldn't try to create devices living in other mountpoints. That's a separate bug that will be addressed later. Currently, the order described above is rearranged to: 1) get list of mountpoints under /dev/ 2) start constructing new device tree under /var/run/libvirt/qemu/$domName.dev 3) move them to /var/run/libvirt/qemu/$domName.ext 4) move the mountpoint of the new device tree to /dev 5) restore original mountpoints from step 3) Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NCedric Bosdonnat <cbosdonnat@suse.com> (cherry picked from commit a7cc039d)
-
- 04 8月, 2017 2 次提交
-
-
由 Jim Fehlig 提交于
/domain/devices/disk/driver/@name is not a required or mandatory attribute according to formatdomain, and indeed it was agreed on IRC that the attribute is "optional for input, recommended (but not required) for output". Currently the schema requires the attribute, causing virt-xml-validate to fail on disk config where the driver name is not explicitly specified. E.g. # cat test.xml | grep -A 5 cdrom <disk type='file' device='cdrom'> <driver type='raw'/> <target dev='hdb' bus='ide'/> <readonly/> <address type='drive' controller='0' bus='0' target='0' unit='1'/> </disk> # virt-xml-validate test.xml Relax-NG validity error : Extra element devices in interleave test.xml:21: element devices: Relax-NG validity error : Element domain failed to validate content test.xml fails to validate Relaxing the name attribute to be optional fixes the validation # virt-xml-validate test.xml test.xml validates (cherry picked from commit b494e09d)
-
由 Juan Hernandez 提交于
Currently the scan of the /proc/mounts file used to find cgroup mount points doesn't take into account that mount points may hidden by other mount points. For, example in certain Kubernetes environments the /proc/mounts contains the following lines: cgroup /sys/fs/cgroup/net_prio,net_cls cgroup ... tmpfs /sys/fs/cgroup tmpfs ... cgroup /sys/fs/cgroup/net_cls,net_prio cgroup ... In this particular environment the first mount point is hidden by the second one. The correct mount point is the third one, but libvirt will never process it because it only checks the first mount point for each controller (net_cls in this case). So libvirt will try to use the first mount point, which doesn't actually exist, and the complete detection process will fail. To avoid that issue this patch changes the virCgroupDetectMountsFromFile function so that when there are duplicates it takes the information from the last line in /proc/mounts. This requires removing the previous explicit condition to skip duplicates, and adding code to free the memory used by the processing of duplicated lines. Related-To: https://bugzilla.redhat.com/1468214 Related-To: https://github.com/kubevirt/libvirt/issues/4Signed-off-by: NJuan Hernandez <jhernand@redhat.com> (cherry picked from commit dacd160d)
-
- 07 7月, 2017 2 次提交
-
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1447618 Currently, any attempt to change MTU on an interface that is plugged to a running domain is silently ignored. We should either do what's asked or error out. Well, we can update the host side of the interface, but we cannot change 'host_mtu' attribute for the virtio-net device. Therefore we have to error out. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NLaine Stump <laine@laine.org> (cherry picked from commit 5f44d7e3)
-
由 Michal Privoznik 提交于
https://bugzilla.redhat.com/show_bug.cgi?id=1408701 While implementing MTU (572eda12 and friends), I've forgotten to actually set MTU on the host NIC in case of hotplug. We correctly tell qemu on the monitor what the MTU should be, but we are not actually setting it on the host NIC. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> Reviewed-by: NLaine Stump <laine@laine.org> (cherry picked from commit f00e6f8b)
-
- 31 5月, 2017 2 次提交
-
-
由 Laine Stump 提交于
This reverts commit 2841e675. It turns out that adding the host_mtu field to the PCI capabilities in the guest bumps the length of PCI capabilities beyond the 32 byte boundary, so the virtio-net device gets 64 bytes of ioport space instead of 32, which offsets the address of all the other following devices. Migration doesn't work very well when the location and length of PCI capabilities of devices is changed between source and destination. This means that we need to make sure that the absence/presence of host_mtu on the qemu commandline always matches between source and destination, which means that we need to make setting of host_mtu an opt-in thing (it can't happen automatically when the bridge being used has a non-default MTU, which is what commit 2841e675 implemented). I do want to re-implement this feature with an <mtu auto='on'/> setting, but probably won't backport that to any stable branches, so I'm first reverting the original commit, and that revert can be pushed to the few releases that have been made since the original (3.1.0 - 3.3.0) Resolves: https://bugzilla.redhat.com/1449346 (cherry picked from commit 77780a29)
-
由 Ján Tomko 提交于
Only set releaseaddr to true after the address has been reserved successfully. https://bugzilla.redhat.com/show_bug.cgi?id=1452581Reviewed-by: NJohn Ferlan <jferlan@redhat.com> (cherry picked from commit f25f30af)
-
- 11 5月, 2017 28 次提交
-
-
由 Cole Robinson 提交于
-
由 Cole Robinson 提交于
New maint release version numbers of just A.B.C format, not the old A.B.C.D format. Adjust the check that dynamically changes the Source URL for maint releases Signed-off-by: NCole Robinson <crobinso@redhat.com> Acked-by: NAndrea Bolognani <abologna@redhat.com> (cherry picked from commit 1d07a5bf)
-
由 Erik Skultety 提交于
So, because mingw is somehow OK with dereferencing a pointer within a VIR_DEBUG macro, compared to outside of it to which it complained with a "potential NULL pointer dereference" error (still a false positive), we can make the code a tiny bit cleaner. Sighed-by: NErik Skultety <eskultet@redhat.com> Signed-off-by: NErik Skultety <eskultet@redhat.com> (cherry picked from commit 8fc72e1c)
-
由 Daniel P. Berrange 提交于
A previous commit changed the spec to use librbd1-devel on RHEL-7, since this replaces ceph-devel from RHEL-6: commit 6cfc8834 Author: Peter Krempa <pkrempa@redhat.com> Date: Thu Mar 5 11:40:54 2015 +0100 spec: Enable RBD storage driver in RHEL-7 Use correct package names too as they differ. RHEL-7 inherited this rename from Fedora though, so it should have also made Fedora use the new names. This was missed, because Fedora still provides a (deprecated) back-compat RPM for ceph-devel that just pulls in librbd1-devel (and others). Fixing this stops libvirt pulling Java into the build root in Fedora. Reviewed-by: NPavel Hrdina <phrdina@redhat.com> Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 47275940)
-
由 Erik Skultety 提交于
This patch fixes the following MinGW error (although actually being a false positive): ../../src/util/virmdev.c: In function 'virMediatedDeviceListMarkDevices': ../../src/util/virmdev.c:453:21: error: potential null pointer dereference [-Werror=null-dereference] const char *mdev_path = mdev->path; ^~~~~~~~~ Signed-off-by: NErik Skultety <eskultet@redhat.com> (cherry picked from commit 574718d3)
-
由 Jiri Denemark 提交于
When we get a POLLHUP or VIR_EVENT_HANDLE_HANGUP event for a client, we still want to read from the socket to process any accumulated data. But doing so inevitably results in an error and a call to virNetClientMarkClose before we get to processing the hangup event (and another call to virNetClientMarkClose). However the close reason passed to the second virNetClientMarkClose call is ignored because another one was already set. We need to pass the correct close reason when marking the socket to be closed for the first time. https://bugzilla.redhat.com/show_bug.cgi?id=1373859Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit 42faf316)
-
由 Jiri Denemark 提交于
While fixing a bug with incorrectly freed memory in commit v3.1.0-399-g5498aa29, I accidentally broke persistent migration of transient domains. Before adding qemuDomainDefCopy in the path, the code just took NULL from vm->newDef and used it as the persistent def, which resulted in no persistent XML being sent in the migration cookie. This scenario is perfectly valid and the destination correctly handles it by using the incoming live definition and storing it as the persistent one. After the mentioned commit libvirtd would just segfault in the described scenario. https://bugzilla.redhat.com/show_bug.cgi?id=1446205Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit 59307fad)
-
由 Daniel P. Berrange 提交于
If we are encoding a block of data that is 16 bytes in length, we cannot leave it as 16 bytes, we must pad it out to the next block boundary, 32 bytes. Without this padding, the decoder will incorrectly treat the last byte of plain text as the padding length, as it can't distinguish padded from non-padded data. The problem exhibited itself when using a 16 byte passphrase for a LUKS volume $ virsh secret-set-value 55806c7d-8e93-456f-829b-607d8c198367 \ $(echo -n 1234567812345678 | base64) Secret value set $ virsh start demo error: Failed to start domain demo error: internal error: process exited while connecting to monitor: >>>>>>>>>>Len 16 2017-05-02T10:35:40.016390Z qemu-system-x86_64: -object \ secret,id=virtio-disk1-luks-secret0,data=SEtNi5vDUeyseMKHwc1c1Q==,\ keyid=masterKey0,iv=zm7apUB1A6dPcH53VW960Q==,format=base64: \ Incorrect number of padding bytes (56) found on decrypted data Notice how the padding '56' corresponds to the ordinal value of the character '8'. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 71890992)
-
由 Laine Stump 提交于
If the network isn't active during networkNotifyActualDevice(), we would log an error message stating that the bridge device didn't exist. This patch adds a check to see if the network is active, making the logs more useful in the case that it isn't. Partially resolves: https://bugzilla.redhat.com/1442700 (cherry picked from commit 7949de96)
-
由 Laine Stump 提交于
Nothing that could happen during networkNotifyActualDevice() could justify unceremoniously killing the qemu process, but that's what we were doing. In particular, new code added in commit 85bcc022 (first appearred in libvirt-3.2.0) attempts to reattach tap devices to their assigned bridge devices when libvirtd restarts (to make it easier to recover from a restart of a libvirt network). But if the network has been stopped and *not* restarted, the bridge device won't exist and networkNotifyActualDevice() will fail. This patch changes networkNotifyActualDevice() and qemuProcessNotifyNets() to return void, so that qemuProcessReconnect() will soldier on regardless of what happens (any errors will still be logged though). Partially resolves: https://bugzilla.redhat.com/1442700 (cherry picked from commit cb182eb1)
-
由 Pavel Hrdina 提交于
This patch changes following output: ... <graphics type='vnc' port='-1' autoport='yes'> <listen type='none'/> </graphics> ... into this output: ... <graphics type='vnc'> <listen type='none'/> </graphics> ... Signed-off-by: NPavel Hrdina <phrdina@redhat.com> (cherry picked from commit 2b7d5164)
-
由 Peter Krempa 提交于
Rather than freeing the list before starting a new VM clear it after stopping the old instance when the data becomes invalid. (cherry picked from commit 44f8e00b)
-
由 Peter Krempa 提交于
The alias would be leaked, since it's not freed on the vm stop path. (cherry picked from commit 8c1fee5f)
-
由 Peter Krempa 提交于
Since the private data structure is not freed upon stopping a VM, the usbaddrs pointer would be leaked: ==15388== 136 (16 direct, 120 indirect) bytes in 1 blocks are definitely lost in loss record 893 of 1,019 ==15388== at 0x4C2CF55: calloc (vg_replace_malloc.c:711) ==15388== by 0x54BF64A: virAlloc (viralloc.c:144) ==15388== by 0x5547588: virDomainUSBAddressSetCreate (domain_addr.c:1608) ==15388== by 0x144D38A2: qemuDomainAssignUSBAddresses (qemu_domain_address.c:2458) ==15388== by 0x144D38A2: qemuDomainAssignAddresses (qemu_domain_address.c:2515) ==15388== by 0x144ED1E3: qemuProcessPrepareDomain (qemu_process.c:5398) ==15388== by 0x144F51FF: qemuProcessStart (qemu_process.c:5979) [...] (cherry picked from commit 3ab802d6)
-
由 Peter Krempa 提交于
Clean the stale data after shutting down the VM. Otherwise the data would be leaked on next VM start. This happens due to the fact that the private data object is not freed on destroy of the VM. (cherry picked from commit 1730cdc6)
-
由 Eric Farman 提交于
As with virtio-scsi, the "internal error" messages after preparing a vhost-scsi hostdev overwrites more meaningful error messages deeper in the callchain. Remove it too. Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com> (cherry picked from commit 6ff38cee)
-
由 Eric Farman 提交于
I tried to attach a SCSI LUN to two different guests, and forgot to specify "shareable" in the hostdev XML. Attaching the device to the second guest failed, but the message was not helpful in telling me what I was doing wrong: $ cat scsi_scratch_disk.xml <hostdev mode='subsystem' type='scsi'> <source> <adapter name='scsi_host3'/> <address bus='0' target='15' unit='1074151456'/> </source> </hostdev> $ virsh attach-device dasd_sles_d99c scsi_scratch_disk.xml Device attached successfully $ virsh attach-device dasd_fedora_0e1e scsi_scratch_disk.xml error: Failed to attach device from scsi_scratch_disk.xml error: internal error: Unable to prepare scsi hostdev: scsi_host3:0:15:1074151456 I eventually discovered my error, but thought it was weird that Libvirt doesn't provide something more helpful in this case. Looking over the code we had just gone through, I commented out the "internal error" message, and got something more useful: $ virsh attach-device dasd_fedora_0e1e scsi_scratch_disk.xml error: Failed to attach device from scsi_scratch_disk.xml error: Requested operation is not valid: SCSI device 3:0:15:1074151456 is already in use by other domain(s) as 'non-shareable' Looking over the error paths here, we seem to issue better messages deeper in the callchain so these "internal error" messages overwrite any of them. Remove them, so that the more detailed errors are seen. Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com> (cherry picked from commit 33c1fc43)
-
由 Eric Farman 提交于
Signed-off-by: NEric Farman <farman@linux.vnet.ibm.com> (cherry picked from commit 2dc94c3c)
-
由 Peter Krempa 提交于
qemuDomainGetNumaParameters would return the automatic nodeset even for the persistent config if the domain was running. This is incorrect since the automatic nodeset will be re-queried upon starting the vm. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1445325 (cherry picked from commit 135c56e2)
-
由 Jiri Denemark 提交于
Migration with old QEMU which does not support query-migrate-parameters would fail because the QMP command is called unconditionally since the introduction of TLS migration. Previously it was only called if the user explicitly requested a feature which uses QEMU migration parameters. And even then the situation was not ideal, instead of reporting an unsupported feature we'd just complain about missing QMP command. Trivially no migration parameters are supported when query-migrate-parameters QMP command is missing. There's no need to report an error if it is missing, the callers will report better error if needed. https://bugzilla.redhat.com/show_bug.cgi?id=1441934Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit ac58c036)
-
由 ZhiPeng Lu 提交于
it should be a comparison of modes between new and old devices. So the argument of the second virDomainNetGetActualDirectMode should be newdev. Signed-off-by: NZhiPeng Lu <lu.zhipeng@zte.com.cn> (cherry picked from commit c77bc47f)
-
由 Yi Wang 提交于
ka maybe have been freeed in virObjectUnref, application using virKeepAliveTimer will segfault when unlock ka. We should keep ka's refs positive before using it. #0 0x00007fd8f79970e8 in virClassIsDerivedFrom (klass=0xdeadbeef, parent=0x7fd8e8001b80) at util/virobject.c:169 #1 0x00007fd8f799742e in virObjectIsClass (anyobj=anyobj entry=0x7fd8e800b9c0, klass=<optimized out>) at util/virobject.c:365 #2 0x00007fd8f79974e4 in virObjectUnlock (anyobj=0x7fd8e800b9c0) at util/virobject.c:338 #3 0x00007fd8f7ac477e in virKeepAliveTimer (timer=<optimized out>, opaque=0x7fd8e800b9c0) at rpc/virkeepalive.c:177 #4 0x00007fd8f7e5c9cf in libvirt_virEventInvokeTimeoutCallback () from /usr/lib64/python2.7/site-packages/libvirtmod.so #5 0x00007fd8ff64db94 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0 #6 0x00007fd8ff64f1ad in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0 #7 0x00007fd8ff64d85f in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0 #8 0x00007fd8ff64d950 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0 #9 0x00007fd8ff64d950 in PyEval_EvalFrameEx () from /lib64/libpython2.7.so.1.0 #10 0x00007fd8ff64f1ad in PyEval_EvalCodeEx () from /lib64/libpython2.7.so.1.0 #11 0x00007fd8ff5dc098 in function_call () from /lib64/libpython2.7.so.1.0 #12 0x00007fd8ff5b7073 in PyObject_Call () from /lib64/libpython2.7.so.1.0 #13 0x00007fd8ff5c6085 in instancemethod_call () from /lib64/libpython2.7.so.1.0 #14 0x00007fd8ff5b7073 in PyObject_Call () from /lib64/libpython2.7.so.1.0 #15 0x00007fd8ff648ff7 in PyEval_CallObjectWithKeywords () from /lib64/libpython2.7.so.1.0 #16 0x00007fd8ff67d7e2 in t_bootstrap () from /lib64/libpython2.7.so.1.0 #17 0x00007fd8ff358df3 in start_thread () from /lib64/libpthread.so.0 #18 0x00007fd8fe97d3ed in clone () from /lib64/libc.so.6 Signed-off-by: NYi Wang <wang.yi59@zte.com.cn> Signed-off-by: NMichal Privoznik <mprivozn@redhat.com> (cherry picked from commit ab5bb6f3)
-
由 Laine Stump 提交于
Commit f4ef3a71 made a variation of virNetDevSetMAC that would return without logging an error message if errno was set to EADDRNOTAVAIL. This errno is set by some SRIOV VF drivers (in particular igbvf) when they fail to set the device's MAC address due to the PF driver refusing the request. This is useful if we want to try a different method of setting the VF MAC address before giving up (Commit 86556e16 actually does this, setting the desired MAC address to the "admin MAC in the PF, then detaching and reattaching the VF netdev driver to force a reinit of the MAC address). During testing of Bug 1442040 t was discovered that the ixgbe driver returns EPERM in this situation, so this patch changes the exception case for silent+non-terminal failure to account for this difference. Completes resolution to: https://bugzilla.redhat.com/1415609 (RHEL 7.4) https://bugzilla.redhat.com/1442040 (RHEL 7.3.z) (cherry picked from commit 997134fb)
-
由 Pavel Hrdina 提交于
Reported by Rafał Wojciechowski <it@rafalwojciechowski.pl>. Thread 1 (Thread 0x7f194b99d700 (LWP 5631)): 0 virNetDevGetifaddrsAddress (addr=0x7f194b99c7c0, ifname=0x7f193400e2b0 "ovirtmgmt") at util/virnetdevip.c:738 1 virNetDevIPAddrGet (ifname=0x7f193400e2b0 "ovirtmgmt", addr=addr@entry=0x7f194b99c7c0) at util/virnetdevip.c:795 2 0x00007f19467800d6 in networkGetNetworkAddress (netname=<optimized out>, netaddr=netaddr@entry=0x7f1924013f18) at network/bridge_driver.c:4780 3 0x00007f193e43a33c in qemuProcessGraphicsSetupNetworkAddress (listenAddr=0x7f19340f7650 "127.0.0.1", glisten=0x7f1924013f10) at qemu/qemu_process.c:4062 4 qemuProcessGraphicsSetupListen (vm=<optimized out>, graphics=0x7f1924014f10, cfg=0x7f1934119f00) at qemu/qemu_process.c:4133 5 qemuProcessSetupGraphics (flags=17, vm=0x7f19240155d0, driver=0x7f193411f1d0) at qemu/qemu_process.c:4196 6 qemuProcessPrepareDomain (conn=conn@entry=0x7f192c00ab50, driver=driver@entry=0x7f193411f1d0, vm=vm@entry=0x7f19240155d0, flags=flags@entry=17) at qemu/qemu_process.c:4969 7 0x00007f193e4417c0 in qemuProcessStart (conn=conn@entry=0x7f192c00ab50, driver=driver@entry=0x7f193411f1d0, vm=0x7f19240155d0,asyncJob=asyncJob@entry=QEMU_ASYNC_JOB_START, migrateFrom=migrateFrom@entry=0x0, migrateFd=migrateFd@entry=-1, migratePath=migratePath@entry=0x0,snapshot=snapshot@entry=0x0, vmop=vmop@entry=VIR_NETDEV_VPORT_PROFILE_OP_CREATE, flags=17, flags@entry=1) at qemu/qemu_process.c:5553 Man page for getifaddrs also states that the "ifa_addr" may contain a null pointer which happens if there is an existing network interface on the host without IP address. Signed-off-by: NPavel Hrdina <phrdina@redhat.com> (cherry picked from commit 42000bf7)
-
由 Jim Fehlig 提交于
libvirtd can spawn threads/tasks when creating new domains for some hypervisors such as Xen's libxl driver, quickly reaching the cgroups pids controller default TasksMax setting of 512. When the limit is reached, attempting to create additional domains results in an error from the cgroups pids controller, e.g. kernel: [71282.213347] cgroup: fork rejected by pids controller in /system.slice/libvirtd.service Depending on domain type and configuration, anywhere from 4-7 threads/tasks may be created by libxl when starting a domain. In order to support 4096 domains, similar to commit 27cd7635, increase the TasksMax setting in libvirtd.service to 4096 * 8 = 32768 tasks. (cherry picked from commit 6b3fb86b)
-
由 Daniel P. Berrange 提交于
In the RPC client event loop code, if poll() returns only a POLLHUP or POLLERR status, then we end up reporting a bogus error message: error: failed to connect to the hypervisor error: An error occurred, but the cause is unknown We do actually report an error, but we virNetClientMarkClose method has already captured the error status before we report it, so the real error gets thrown away. The key fix is to report the error before calling virNetClientMarkClose(). In changing this, we also split out reporting of POLLHUP vs POLLERR to make any future bugs easier to diagnose. Signed-off-by: NDaniel P. Berrange <berrange@redhat.com> (cherry picked from commit 234ac4e1)
-
由 Jiri Denemark 提交于
/etc/libvirt/nwfilter/*.xml files are installed with no UUID, which means libvirtd will automatically alter all of them once it starts. Thus RPM verification will always fail on them. Let's use a trick similar to the default network XML and store nwfilter XMLs in /usr/share. They will be copied into /etc in %post. Additionally the /etc files are marked as %ghost so that they are uninstalled if the RPM package is removed. Note that the %post script overwrites existing files with new ones on upgrade, which is what has always been happening. https://bugzilla.redhat.com/show_bug.cgi?id=1431581 https://bugzilla.redhat.com/show_bug.cgi?id=1378774Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit 1d3963db)
-