June 2010 - Devel - libvirt List Archives

[libvirt] [PATCH] qemu: Fix crash on failed VM startup
by Cole Robinson 02 Jun '10

02 Jun '10

If VM startup fails early enough (can't find a referenced USB device), libvirtd will crash trying to clear the VNC port bit, since port = 0, which overflows us out of the bitmap bounds. Fix this by being more defensive in the bitmap operations, and only clearing a previously set VNC port. Signed-off-by: Cole Robinson <crobinso(a)redhat.com> --- src/qemu/qemu_driver.c | 2 +- src/util/bitmap.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c8cd50a..f5a1310 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3741,7 +3741,7 @@ retry: if ((vm->def->ngraphics == 1) && vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && vm->def->graphics[0]->data.vnc.autoport && - vm->def->graphics[0]->data.vnc.port != -1) { + vm->def->graphics[0]->data.vnc.port >= QEMU_VNC_PORT_MIN) { if (virBitmapClearBit(driver->reservedVNCPorts, vm->def->graphics[0]->data.vnc.port - \ QEMU_VNC_PORT_MIN) < 0) { diff --git a/src/util/bitmap.c b/src/util/bitmap.c index 69094a5..98e65f8 100644 --- a/src/util/bitmap.c +++ b/src/util/bitmap.c @@ -118,7 +118,7 @@ int virBitmapSetBit(virBitmapPtr bitmap, size_t b) */ int virBitmapClearBit(virBitmapPtr bitmap, size_t b) { - if (b > bitmap->size - 1) + if (bitmap->size != 0 && b > bitmap->size - 1) return -1; bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] &= ~(1 << VIR_BITMAP_BIT_OFFSET(b)); -- 1.6.6.1

4 8

[libvirt] [PATCH] hostusb: Properly handle 'usbX' sysfs files
by Cole Robinson 02 Jun '10

02 Jun '10

Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=598272 Some files under /sys/bus/usb/devices/ have the format 'usbX', where X is the USB bus number. Use STRPREFIX to correctly parse the bus numbers. Signed-off-by: Cole Robinson <crobinso(a)redhat.com> --- src/util/hostusb.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/util/hostusb.c b/src/util/hostusb.c index 78b601f..2d6e414 100644 --- a/src/util/hostusb.c +++ b/src/util/hostusb.c @@ -121,7 +121,7 @@ static int usbFindBusByVendor(unsigned vendor, unsigned product, char *tmpstr = de->d_name; unsigned found_bus, found_addr; - if (STREQ(de->d_name, "usb")) + if (STRPREFIX(de->d_name, "usb")) tmpstr += 3; if (virStrToLong_ui(tmpstr, &ignore, 10, &found_bus) < 0) { -- 1.6.6.1

2 2

[libvirt] [PATCH 2/2] Add --source-format argument to virsh pool-define-as and pool-create-as
by Justin Clift 02 Jun '10

02 Jun '10

This is the corresponding patch for the virsh man page (virsh.pod). It's diff-d against present git master. Regards and best wishes, Justin Clift -- Salasaga - Open Source eLearning IDE http://www.salasaga.org

3 3

[libvirt] [PATCH] Trivial virsh.pod additions --all for "list" command and similar
by Justin Clift 02 Jun '10

02 Jun '10

Hi all, This is just a trivial patch to virsh.pod (from git master). It adds the following pieces to the virsh man page: + Shows the --inactive and --all optional parameters for the list command. Closes Bugzilla #575512, reported by Renich Bon Ciric (CC'd) https://bugzilla.redhat.com/show_bug.cgi?id=575512 + Corrects the existing description of the list command, to now say that only running domains are listed if no domains are specified. The man page up until this point has said all domains are listed if no domains are specified, which is incorrect. + Adds the "shut off" state to the list of states for the list command. + Adds a missing =back around line 755, that pod2man was complaining was missing. Regards and best wishes, Justin Clift -- Salasaga - Open Source eLearning IDE http://www.salasaga.org

3 3

[libvirt] another AUTHORS update
by Eric Blake 01 Jun '10

01 Jun '10

Eduardo Otubo contacted me off-list, noticing that his name was not yet in AUTHORS even though he has had commits in the past. I've rectified this situation with an obvious commit; not worth posting the diff to the list (to avoid unnecessary exposure of all the email addresses...). -- Eric Blake eblake(a)redhat.com +1-801-349-2682 Libvirt virtualization library http://libvirt.org

2 5

[libvirt] A few small libvirt build issues
by Cole Robinson 01 Jun '10

01 Jun '10

I've hit a few small build issues that I don't know how to fix. daemon/libvirtd.init isn't regenerated if ./configure is re-run. If I do: ./configure --prefix=/foo && make && ./configure --prefix=/bar && make daemon/libvirtd.init will reference /foo and not /bar. The logrotate files are affected as well. Second issue involves root squash homedir which I use regularly for development. If I ./configure && make -j4 && sudo make install, I get the following error: Making install in python make[1]: Entering directory `/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python' Making install in . make[2]: Entering directory `/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python' make[3]: Entering directory `/mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python' test -z "/usr/lib64/python2.6/site-packages" || /bin/mkdir -p "/usr/lib64/python2.6/site-packages" /bin/sh ../libtool --mode=install /usr/bin/install -c libvirtmod.la '/usr/lib64/python2.6/site-packages' libtool: install: warning: relinking `libvirtmod.la' libtool: install: (cd /mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/python; /bin/sh /mnt/storage.bos/boston/crobinso/sandbox/upstream/libvirt/libvirt.git/libtool --silent --tag CC --mode=relink gcc -Wno-redundant-decls -g -O2 -module -avoid-version -shared -L../src/.libs -o libvirtmod.la -rpath /usr/lib64/python2.6/site-packages libvirtmod_la-libvirt-override.lo libvirtmod_la-typewrappers.lo libvirtmod_la-libvirt.lo ../src/libvirt.la -ldl ) mv: cannot move `libvirtmod.so' to `libvirtmod.soU': Permission denied libtool: install: error: relink `libvirtmod.la' with the above command before installing it My automake-fu is weak so I haven't had much luck decoding any of this. 'make install' seems to want to run that relink command every time, running it by hand doesn't help any. Anyone have any thoughts? Jim, Eric, I figure you guys would know best, so any input appreciated. Thanks, Cole

3 4

[libvirt] [PATCH 1/2] qemu: Fix crash on failed VM startup
by Cole Robinson 01 Jun '10

01 Jun '10

If VM startup fails early enough (can't find a referenced USB device), libvirtd will crash trying to clear the VNC port bit, since port = 0, which overflows us out of the bitmap bounds. Fix this by being more defensive in the bitmap operations, and only clearing a previously set VNC port. --- src/qemu/qemu_driver.c | 2 +- src/util/bitmap.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index c8cd50a..f5a1310 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3741,7 +3741,7 @@ retry: if ((vm->def->ngraphics == 1) && vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC && vm->def->graphics[0]->data.vnc.autoport && - vm->def->graphics[0]->data.vnc.port != -1) { + vm->def->graphics[0]->data.vnc.port >= QEMU_VNC_PORT_MIN) { if (virBitmapClearBit(driver->reservedVNCPorts, vm->def->graphics[0]->data.vnc.port - \ QEMU_VNC_PORT_MIN) < 0) { diff --git a/src/util/bitmap.c b/src/util/bitmap.c index 69094a5..98e65f8 100644 --- a/src/util/bitmap.c +++ b/src/util/bitmap.c @@ -118,7 +118,7 @@ int virBitmapSetBit(virBitmapPtr bitmap, size_t b) */ int virBitmapClearBit(virBitmapPtr bitmap, size_t b) { - if (b > bitmap->size - 1) + if (bitmap->size != 0 && b > bitmap->size - 1) return -1; bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] &= ~(1 << VIR_BITMAP_BIT_OFFSET(b)); -- 1.6.6.1

1 1

[libvirt] [PATCH 2/2] hostusb: Properly handle 'usbX' sysfs files
by Cole Robinson 01 Jun '10

01 Jun '10

Fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=598272 Some files under /sys/bus/usb/devices/ have the format 'usbX', where X is the USB bus number. Use STRPREFIX to correctly parse the bus numbers. --- src/util/hostusb.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/util/hostusb.c b/src/util/hostusb.c index 78b601f..2d6e414 100644 --- a/src/util/hostusb.c +++ b/src/util/hostusb.c @@ -121,7 +121,7 @@ static int usbFindBusByVendor(unsigned vendor, unsigned product, char *tmpstr = de->d_name; unsigned found_bus, found_addr; - if (STREQ(de->d_name, "usb")) + if (STRPREFIX(de->d_name, "usb")) tmpstr += 3; if (virStrToLong_ui(tmpstr, &ignore, 10, &found_bus) < 0) { -- 1.6.6.1

1 0

[libvirt] [PATCH v2] qemu: Add a qemu.conf option for clearing capabilities
by Cole Robinson 01 Jun '10

01 Jun '10

Currently there is no way to opt out of libvirt dropping POSIX capabilities for qemu. This at least is a useful debugging tool, but is also wanted by users (and distributors): https://bugzilla.redhat.com/show_bug.cgi?id=559154 https://bugzilla.redhat.com/show_bug.cgi?id=573850 v2: Clarify qemu.conf comment, warn about security implications Signed-off-by: Cole Robinson <crobinso(a)redhat.com> --- src/qemu/qemu.conf | 9 +++++++++ src/qemu/qemu_conf.c | 5 +++++ src/qemu/qemu_conf.h | 2 +- src/qemu/qemu_driver.c | 11 +++++++++-- 4 files changed, 24 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf index 98a1176..93934f3 100644 --- a/src/qemu/qemu.conf +++ b/src/qemu/qemu.conf @@ -178,3 +178,12 @@ # QEMU_AUDIO_DRV environment variable when using VNC. # # vnc_allow_host_audio = 0 + +# If clear_emulator_capabilities is enabled, libvirt will drop all +# privileged capabilities of the QEmu/KVM emulator. This is enabled by +# default. +# +# Warning: Disabling this option means that a compromised guest can +# exploit the privileges and possibly do damage to the host. +# +# clear_emulator_capabilities = 1 diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c index 66a949e..d7e61d2 100644 --- a/src/qemu/qemu_conf.c +++ b/src/qemu/qemu_conf.c @@ -104,6 +104,7 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, /* Setup critical defaults */ driver->dynamicOwnership = 1; + driver->clearEmulatorCapabilities = 1; if (!(driver->vncListen = strdup("127.0.0.1"))) { virReportOOMError(); @@ -355,6 +356,10 @@ int qemudLoadDriverConfig(struct qemud_driver *driver, CHECK_TYPE ("vnc_allow_host_audio", VIR_CONF_LONG); if (p) driver->vncAllowHostAudio = p->l; + p = virConfGetValue (conf, "clear_emulator_capabilities"); + CHECK_TYPE ("clear_emulator_capabilities", VIR_CONF_LONG); + if (p) driver->clearEmulatorCapabilities = p->l; + virConfFree (conf); return 0; } diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h index 7616d15..0f8a1b3 100644 --- a/src/qemu/qemu_conf.h +++ b/src/qemu/qemu_conf.h @@ -138,8 +138,8 @@ struct qemud_driver { ebtablesContext *ebtables; unsigned int relaxedACS : 1; - unsigned int vncAllowHostAudio : 1; + unsigned int clearEmulatorCapabilities : 1; virCapsPtr caps; diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index ad7fb54..3faf31e 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -3287,7 +3287,7 @@ static int qemudStartVMDaemon(virConnectPtr conn, int stdin_fd) { const char **argv = NULL, **tmp; const char **progenv = NULL; - int i, ret; + int i, ret, runflags; struct stat sb; int *vmfds = NULL; int nvmfds = 0; @@ -3501,9 +3501,16 @@ static int qemudStartVMDaemon(virConnectPtr conn, for (i = 0 ; i < nvmfds ; i++) FD_SET(vmfds[i], &keepfd); + VIR_DEBUG("Clear emulator capabilities: %d", + driver->clearEmulatorCapabilities); + runflags = VIR_EXEC_NONBLOCK; + if (driver->clearEmulatorCapabilities) { + runflags |= VIR_EXEC_CLEAR_CAPS; + } + ret = virExecDaemonize(argv, progenv, &keepfd, &child, stdin_fd, &logfile, &logfile, - VIR_EXEC_NONBLOCK | VIR_EXEC_CLEAR_CAPS, + runflags, qemudSecurityHook, &hookData, pidfile); VIR_FREE(pidfile); -- 1.6.6.1

4 5

[libvirt] [patch] libvirt documentation - disk cache description
by Марк Коренберг 01 Jun '10

01 Jun '10

The description was got from qemu manual. Please review, edit, apply adn update the website :) -- Segmentation fault

2 1