- 24 6月, 2019 4 次提交
-
-
由 Ján Tomko 提交于
These APIs can be used to execute arbitrary emulators. Forbid them on read-only connections. Fixes: CVE-2019-10168 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit bf6c2830) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
This API can be used to execute arbitrary emulators. Forbid it on read-only connections. Fixes: CVE-2019-10167 Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 8afa68ba) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The virDomainManagedSaveDefineXML can be used to alter the domain's config used for managedsave or even execute arbitrary emulator binaries. Forbid it on read-only connections. Fixes: CVE-2019-10166 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit db0b7845) Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Ján Tomko 提交于
The virDomainSaveImageGetXMLDesc API is taking a path parameter, which can point to any path on the system. This file will then be read and parsed by libvirtd running with root privileges. Forbid it on read-only connections. Fixes: CVE-2019-10161 Reported-by: NMatthias Gerstner <mgerstner@suse.de> Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit aed6a032) Signed-off-by: NJán Tomko <jtomko@redhat.com> Conflicts: src/libvirt-domain.c src/remote/remote_protocol.x Upstream commit 12a51f37 which introduced the VIR_DOMAIN_SAVE_IMAGE_XML_SECURE alias for VIR_DOMAIN_XML_SECURE is not backported. Just skip the commit since we now disallow the whole API on read-only connections, regardless of the flag. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
- 21 5月, 2019 3 次提交
-
-
由 Daniel P. Berrangé 提交于
The virtlogd daemon's only intended client is the libvirtd daemon. As such it should never allow clients from other user accounts to connect. The code already enforces this and drops clients from other UIDs, but we can get earlier (and thus stronger) protection against DoS by setting the socket permissions to 0600 Fixes CVE-2019-10132 Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit e37bd65f)
-
由 Daniel P. Berrangé 提交于
The virtlockd daemon's only intended client is the libvirtd daemon. As such it should never allow clients from other user accounts to connect. The code already enforces this and drops clients from other UIDs, but we can get earlier (and thus stronger) protection against DoS by setting the socket permissions to 0600 Fixes CVE-2019-10132 Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit f111e094)
-
由 Daniel P. Berrangé 提交于
The admin protocol RPC messages are only intended for use by the user running the daemon. As such they should not be allowed for any client UID that does not match the server UID. Fixes CVE-2019-10132 Reviewed-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 96f41cd7)
-
- 15 5月, 2019 2 次提交
-
-
由 Jiri Denemark 提交于
CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 The bit is set when microcode provides the mechanism to invoke a flush of various exploitable CPU buffers by invoking the VERW instruction. Signed-off-by: NPaolo Bonzini <pbonzini@redhat.com> Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NDaniel P. Berrangé <berrange@redhat.com> (cherry picked from commit 538d8735) Conflicts: src/cpu_map/x86_features.xml - missing pconfig feature tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-guest.xml tests/cputestdata/x86_64-cpuid-Xeon-Platinum-8268-host.xml - test data missing downstream tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml - intel-pt feature is missing - stibp feature is missing Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Jiri Denemark 提交于
Signed-off-by: NJiri Denemark <jdenemar@redhat.com> (cherry picked from commit 5cd9db3a) CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Conflicts: tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-guest.xml tests/cputestdata/x86_64-cpuid-Xeon-E3-1225-v5-host.xml - intel-pt feature is missing - stibp feature is missing Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
- 14 5月, 2019 2 次提交
-
-
由 Jiri Denemark 提交于
My earlier commit be46f613 was incomplete. It removed caching of microcode version in the CPU driver, which means the capabilities XML will see the correct microcode version. But it is also cached in the QEMU capabilities cache where it is used to detect whether we need to reprobe QEMU. By missing the second place, the original commit be46f613 made the situation even worse since libvirt would report correct microcode version while still using the old host CPU model (visible in domain capabilities XML). Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> (cherry picked from commit 673c62a3) Conflicts: src/qemu/qemu_capabilities.c - virQEMUCapsCacheLookupByArch refactoring (commits 7948ad41 and 1a3de670) are missing Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Jiri Denemark 提交于
The microcode version checks are used to invalidate cached CPU data we get from QEMU. To minimize /proc/cpuinfo parsing the microcode version was only read when libvirtd started and cached for the daemon's lifetime. However, the CPU microcode can change anytime (updating the microcode package can automatically upload it to the CPU) and we need to stop caching it to avoid using stale CPU model data. Signed-off-by: NJiri Denemark <jdenemar@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com> (cherry picked from commit be46f613)
-
- 04 9月, 2018 1 次提交
-
-
由 Daniel Veillard 提交于
* docs/news.xml: updated for release Signed-off-by: NDaniel Veillard <veillard@redhat.com>
-
- 03 9月, 2018 1 次提交
-
-
由 Andrea Bolognani 提交于
Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NMartin Kletzander <mkletzan@redhat.com>
-
- 01 9月, 2018 1 次提交
-
-
由 Eric Blake 提交于
The helper function virshSnapshotCreate (formerly vshSnapshotCreate) has had dead variables since commit a00c37f2 (Sep 2011). Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 31 8月, 2018 1 次提交
-
-
由 Farhan Ali 提交于
S390 is aware of both vfio-pci and vfio-ccw devices, so on S390 the capability QEMU_CAPS_VFIO_PCI_DISPLAY will be available. Add an extra check to make sure we only set the display to off for vfio-pci mediated devices. Otherwise we add display for vfio-ccw device and this breaks vfio-ccw device qemu command line. Fixes: d54e45b6 conf: Introduce new <hostdev> attribute 'display' Signed-off-by: NFarhan Ali <alifm@linux.ibm.com> Reviewed-by: NMarc Hartmayer <mhartmay@linux.ibm.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
- 30 8月, 2018 1 次提交
-
-
由 Eric Blake 提交于
The default disk storage pool type in XML is 'dos', not 'msdos'. But tweak wording to keep the term 'msdos' in the text for the sake of grep searches. Signed-off-by: NEric Blake <eblake@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
- 29 8月, 2018 4 次提交
-
-
由 Luyao Huang 提交于
Commit 6534b3c4 tried to raise an error when there is no numa nodes by setting access='shared' in the domain config, but added a helper called from qemuDomainDeviceDefValidate instead of a helper called from qemuDomainDefValidate for XML: <memoryBacking> <hugepages/> <access mode='shared'/> </memoryBacking> Since there are no memory devices in the test XML, there would be no validation failure, but the test added was still failing. Investigating that it turns out that unnecessary XML elements were causing the failure (no need for <video>, <graphics>, <pm>, usb controller model "piix3-uhci", disk attribute for "discard='unmap'", <serial>, <console>, <channel> and a memballoon model). Removing all those before moving the method caused the test to succeed. So this patch moves the validation to the right place and removes all the unnecessary XML pieces that were causing a false validation failure. https://bugzilla.redhat.com/show_bug.cgi?id=1448149#c14Signed-off-by: NLuyao Huang <lhuang@redhat.com> Reviewed-by: NJohn Ferlan <jferlan@redhat.com>
-
由 Simon Kobyda 提交于
The reason of broken build was that centos and rhel use older version of glibc. These versions of glibc on these platforms cannot work with newer unicodes, thus causing functions iswprint() and wcwidth() return unexpected values causing the vshtabletest to fail. Therefore, let's replace the new unicode characters causing issues with some older ones to fix the test suite, as the issue would still persist during runtime. Signed-off-by: NSimon Kobyda <skobyda@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Marc Hartmayer 提交于
If @vm has flagged as "to be removed" virDomainObjListFindByNameLocked returns NULL (although the definition actually exists). Therefore, the possibility exits that "virHashAddEntry" will raise the error "Duplicate key" => virDomainObjListAddObjLocked fails => virDomainObjEndAPI(&vm) is called and this leads to a freeing of @def since @def is already assigned to vm->def. But actually this leads to a double free since the common usage pattern is that the caller of virDomainObjListAdd(Locked) is responsible for freeing @def in case of an error. Let's fix this by setting vm->def to NULL in case of an error. Backtrace: ➤ bt #0 virFree (ptrptr=0x7575757575757575) #1 0x000003ffb5b25b3e in virDomainResourceDefFree #2 0x000003ffb5b37c34 in virDomainDefFree #3 0x000003ff9123f734 in qemuDomainDefineXMLFlags #4 0x000003ff9123f7f4 in qemuDomainDefineXML #5 0x000003ffb5cd2c84 in virDomainDefineXML #6 0x000000011745aa82 in remoteDispatchDomainDefineXML ... Reviewed-by: NBjoern Walk <bwalk@linux.ibm.com> Signed-off-by: NMarc Hartmayer <mhartmay@linux.ibm.com>
-
由 Andrea Bolognani 提交于
We would have used virtio for networking anyway, but it's better to be explicit; for graphics, none of the existing models work right now but virtio is the only one which has a non-PCI variant, so it's as good a default as any Spotted-by: NJán Tomko <jtomko@redhat.com> Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
- 28 8月, 2018 20 次提交
-
-
由 Andrea Bolognani 提交于
None of the existing models is suitable for use with RISC-V virt guests, and we don't want information about the serial console to be missing from the XML. The name is based on comments in qemu/hw/riscv/virt.c: RISC-V machine with 16550a UART and VirtIO MMIO and in qemu/hw/char/serial.c: QEMU 16550A UART emulation along with the output of dmesg in the guest: Serial: 8250/16550 driver, 4 ports, IRQ sharing disabled 10000000.uart: ttyS0 at MMIO 0x10000000 (irq = 13, base_baud= 230400) is a 16550A Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Andrea Bolognani 提交于
The architecture is new enough that we don't need to concern ourselves with backwards compatibility in any capacity. Signed-off-by: NAndrea Bolognani <abologna@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Lubomir Rintel 提交于
Signed-off-by: NLubomir Rintel <lkundrak@v3.sk> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Peter Krempa 提交于
Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Add the generated testcase to test the generated command against the QMP schema. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Many of the parameters are omitted for NULL/0 situations. Change the values for these cases so all the arguments are schema-checked. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Peter Krempa 提交于
Test the generated command against the schema. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NJán Tomko <jtomko@redhat.com>
-
由 Jiri Denemark 提交于
Broken by v4.7.0-rc1-9-g6700062f. Signed-off-by: NJiri Denemark <jdenemar@redhat.com>
-
由 Peter Krempa 提交于
Add a new modifier letter for virJSONValueObjectAddVArgs which will add a boolean value with our tristate semantics. The value is omitted when the _ABSENT value is used. Signed-off-by: NPeter Krempa <pkrempa@redhat.com> Reviewed-by: NErik Skultety <eskultet@redhat.com>
-
由 Daniel P. Berrangé 提交于
A generic "failed to parse xml document" message without telling us which XML file failed is quite unhelpful. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
In preparation for splitting up the CPU map data file, move it into a dedicated directory of its own. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Get rid of the separate 'error:' label, so all code paths jump straight to the 'cleanup:' label. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
The x86 and ppc impls both duplicate some logic when parsing CPU features. Change the callback signature so that this duplication can be pushed up a level to common code. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Two pieces of code accidentally jumped to the wrong label when they failed causing incorrect cleanup, returning a partially initialized CPU model struct. Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Daniel P. Berrangé 提交于
Allow for syntax <include filename="subdir/fooo.xml"/> to reference other files in the CPU database directory Reviewed-by: NJiri Denemark <jdenemar@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-
由 Ján Tomko 提交于
Commit deb057fd added a switch without a default case. Add it and call virReportEnumRangeError for _LAST too. Signed-off-by: NJán Tomko <jtomko@redhat.com> Reviewed-by: NAndrea Bolognani <abologna@redhat.com>
-
由 Ján Tomko 提交于
Commit 6700062f introduced a jump to error which skipped the initialization of def: qemu/qemu_parse_command.c:1870:9: error: variable 'def' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized] if (!(qemuCaps = virQEMUCapsCacheLookup(capsCache, progargv[0]))) Initialize def to fix this warning and qemuCaps, to prevent a future error like this. Signed-off-by: NJán Tomko <jtomko@redhat.com>
-
由 Daniel P. Berrangé 提交于
Historically the argv -> xml convertor wanted the same default machine as we'd set when parsing xml. The latter has now changed, however, to use a default defined by libvirt. The former needs fixing to again honour the default QEMU machine. This exposed a bug in handling for the aarch64 target, as QEMU does not define any default machine. Thus we should not having been accepting argv without a -machine provided. Reviewed-by: NJohn Ferlan <jferlan@redhat.com> Signed-off-by: NDaniel P. Berrangé <berrange@redhat.com>
-