[libvirt] [PATCH 0/2] Fix numeric overflow in qemu block job handling
by Peter Krempa
The JSON generator and qemu QMP protocol limit numeric values to LLONG_MAX even
for unsigned values. A bug in the code caused numeric overflow when passing
through speed parameters to qemu block job commands.
Background: https://bugzilla.redhat.com/show_bug.cgi?id=927156
Peter Krempa (2):
qemu-JSON: Error out if number is out of range instead of overflowing
to negative
qemu-blockjob: Fix limit of bandwidth for block jobs to supported
value
src/qemu/qemu_monitor.c | 21 ++++++++++++---------
src/qemu/qemu_monitor_json.c | 10 ++++++++--
2 files changed, 20 insertions(+), 11 deletions(-)
--
1.8.1.5
11 years, 7 months
[libvirt] [PATCH 0/2] Improve security hardening of binaries
by Daniel P. Berrange
Fedora has a "hardened build" option in RPM specfiles:
https://fedoraproject.org/wiki/Packaging:Guidelines#PIE
While we could enable that in the RPM, this would only
apply to Fedora. Thus these patches directly integrate
it in libvirt's configure.ac / Makefile.am files.
With these 2 patches all executables gain -fPIE and
-z relro -z now.
Using the checksec.sh script from
http://www.trapkit.de/tools/checksec.html
We can see the difference, before:
$ ~/checksec.sh --file /usr/sbin/libvirtd
'RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
Partial RELRO Canary found NX enabled No PIE No RPATH No RUNPATH /usr/sbin/libvirtd
After
$ ~/checksec.sh --file /usr/sbin/libvirtd
'RELRO STACK CANARY NX PIE RPATH RUNPATH FILE
Full RELRO Canary found NX enabled PIE enabled No RPATH No RUNPATH /usr/sbin/libvirtd
11 years, 7 months
[libvirt] [PATCH 1/1] Fix the crash when seclable is freed
by Li Zhang
From: Li Zhang <zhlcindy(a)linux.vnet.ibm.com>
When seclabel's type is VIR_DOMAIN_SECLABEL_NONE,
virSecurityLabelDefPtr's members are not allocated.
So it will cause crash when calling VIR_FREE.
This problem is found when running autotest on PPC.
Failed to remove cgroup for virt-tests-vm1
*** glibc detected *** /usr/sbin/libvirtd: free(): invalid pointer: 0x00003fff9c187510 ***
======= Backtrace: =========
/lib64/libc.so.6(+0xb89c4)[0x3fffa9bc89c4]
/lib64/libvirt.so.0(virFree-0x3e2320)[0x3fffaa82e9c0]
/lib64/libvirt.so.0(virSecurityLabelDefFree-0x378984)[0x3fffaa89d69c]
/lib64/libvirt.so.0(virDomainDefFree-0x367c98)[0x3fffaa8ae968]
/usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so(qemuProcessStop-0xc85f8)[0x3fffa2899d58]
/usr/lib64/libvirt/connection-driver/libvirt_driver_qemu.so(+0xc3668)[0x3fffa28e3668]
/lib64/libvirt.so.0(virDomainDestroy-0x309bd0)[0x3fffaa90f6f0]
/usr/sbin/libvirtd[0x10035230]
/lib64/libvirt.so.0(virNetServerProgramDispatch-0x289b50)[0x3fffaa995930]
/lib64/libvirt.so.0(+0x20db18)[0x3fffaa98db18]
/lib64/libvirt.so.0(+0xfbd24)[0x3fffaa87bd24]
/lib64/libvirt.so.0(+0xfaec8)[0x3fffaa87aec8]
/lib64/libpthread.so.0(+0xc604)[0x3fffa9d7c604]
/lib64/libc.so.6(clone-0xb8fe4)[0x3fffa9c3f094]
Signed-off-by: Li Zhang <zhlcindy(a)linux.vnet.ibm.com>
---
src/conf/domain_conf.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index f3fca7f..2856660 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1006,6 +1006,8 @@ virSecurityLabelDefFree(virSecurityLabelDefPtr def)
{
if (!def)
return;
+ if (def->type == VIR_DOMAIN_SECLABEL_NONE)
+ return;
VIR_FREE(def->model);
VIR_FREE(def->label);
VIR_FREE(def->imagelabel);
--
1.7.5.4
11 years, 7 months
[libvirt] Networking options in libvirt_lxc
by Purcareata Bogdan-B43198
Hello,
I am doing some research on [subject] and I would like to find out some information regarding various scenarios. I've studied the official documentation at [1] and some of the mailing list archives. The configurations I have in mind are somewhat inspired by what the sf LXC package offers in terms of networking.
What I've tested so far and works:
- Shared networking - all host interfaces are present in the container if no <interface> tag has been specified in the domain configuration. I'm assuming this is because the container is started in the same network namespace like the host. Is it possible to make only a subset of these interfaces visible inside the container?
- Bridge to LAN - connecting a domain interface to a host bridge;
- Direct attachment through a Macvtap device - all 3 modes (vepa, bridge and private) work as expected, "passthrough" requires some capabilities in the physical device (SRIOV), which I don't have - assuming I have a device with this capability, is this configuration supported by (implemented in) the libvirt_lxc driver?
What other scenarios I would be interested in:
- host network interface private to the container - much like what lxc.network.phys is offering: "dedicated NIC from host passed through". I've read some documentation about <hostdev> and how to assign PCI devices to virtual machine, but I understand this is only possible with KVM - it's assigned from the kernel, it makes more sense, etc. However, I've also read a thread on the mailing list regarding <hostdev mode="capabilities">, which offers access from a container to a device, but it's currenly only applicable to block and character devices. Is there currently any way to make a host interface private to a container?
Thank you very much!
Best regards,
Bogdan P.
[1] http://libvirt.org
11 years, 7 months
[libvirt] [PATCH] virsh: Fix typo in docs
by Peter Krempa
s/persitent/persistent/
---
Pushed under trivial rule.
tools/virsh.pod | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tools/virsh.pod b/tools/virsh.pod
index 9ca4435..1c8f9ee 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -2152,7 +2152,7 @@ Returns basic information about the I<network> object.
Returns the list of active networks, if I<--all> is specified this will also
include defined but inactive networks, if I<--inactive> is specified only the
inactive ones will be listed. You may also want to filter the returned networks
-by I<--persistent> to list the persitent ones, I<--transient> to list the
+by I<--persistent> to list the persistent ones, I<--transient> to list the
transient ones, I<--autostart> to list the ones with autostart enabled, and
I<--no-autostart> to list the ones with autostart disabled.
--
1.8.1.5
11 years, 7 months
[libvirt] [PATCH] sec_manager: Refuse to start domain with unsupported seclabel
by Michal Privoznik
https://bugzilla.redhat.com/show_bug.cgi?id=947387
If a user configures a domain to use a seclabel of a specific type,
but the appropriate driver is not accessible, we should refuse to
start the domain. For instance, if user requires selinux, but it is
either non present in the system, or is just disabled, we should not
start the domain. Moreover, since we are touching only those labels we
have a security driver for, the other labels may confuse libvirt when
reconnecting to a domain on libvirtd restart. In our selinux example,
when starting up a domain, missing security label is okay, as we
auto-generate one. But later, when libvirt is re-connecting to a live
qemu instance, we parse a state XML, where security label is required
and it is an error if missing:
error : virSecurityLabelDefParseXML:3228 : XML error: security label
is missing
This results in a qemu process left behind without any libvirt control.
---
src/security/security_manager.c | 15 ++++++++++++++-
1 file changed, 14 insertions(+), 1 deletion(-)
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index b671a91..757fe28 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -425,7 +425,7 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm)
{
int ret = -1;
- size_t i;
+ size_t i, j;
virSecurityManagerPtr* sec_managers = NULL;
virSecurityLabelDefPtr seclabel;
bool generated = false;
@@ -437,6 +437,19 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
return ret;
virObjectLock(mgr);
+ for (i = 0; vm->nseclabels; i++) {
+ for (j = 0; sec_managers[j]; j++)
+ if (STREQ(vm->seclabels[i]->model, sec_managers[j]->drv->name))
+ break;
+
+ if (!sec_managers[j]) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
+ _("Unable to find security driver for label %s"),
+ vm->seclabels[i]->model);
+ goto cleanup;
+ }
+ }
+
for (i = 0; sec_managers[i]; i++) {
generated = false;
seclabel = virDomainDefGetSecurityLabelDef(vm, sec_managers[i]->drv->name);
--
1.8.1.5
11 years, 7 months
[libvirt] [PATCH v2] Allow multiple parameters for schedinfo
by Martin Kletzander
virsh schedinfo was able to set only one parameter at a time (not
counting the deprecated options), but it is useful to set more at
once, so this patch adds the possibility to do stuff like this:
virsh schedinfo <domain> cpu_shares=0 vcpu_period=0 vcpu_quota=0 \
emulator_period=0 emulator_quota=0
Invalid scheduler options are reported as well. These were previously
reported only if the command hadn't updated any values (when
cmdSchedInfoUpdate returned 0).
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=810078
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919372
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=919375
Signed-off-by: Martin Kletzander <mkletzan(a)redhat.com>
---
v2:
- correctly report unsupported options
- man page updated
tests/virsh-schedinfo | 4 +-
tools/virsh-domain.c | 119 ++++++++++++++++++++++++++++----------------------
tools/virsh.pod | 4 +-
3 files changed, 72 insertions(+), 55 deletions(-)
diff --git a/tests/virsh-schedinfo b/tests/virsh-schedinfo
index 4f462f8..37f7bd3 100755
--- a/tests/virsh-schedinfo
+++ b/tests/virsh-schedinfo
@@ -1,7 +1,7 @@
#!/bin/sh
# Ensure that virsh schedinfo --set invalid=val fails
-# Copyright (C) 2010-2011 Red Hat, Inc.
+# Copyright (C) 2010-2011, 2013 Red Hat, Inc.
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
@@ -37,7 +37,7 @@ fi
. "$srcdir/test-lib.sh"
printf 'Scheduler : fair\n\n' > exp-out || framework_failure
-printf 'error: invalid scheduler option: j=k\n' > exp-err || framework_failure
+printf 'error: invalid scheduler option: j\n' > exp-err || framework_failure
fail=0
diff --git a/tools/virsh-domain.c b/tools/virsh-domain.c
index 128e516..cc2eddc 100644
--- a/tools/virsh-domain.c
+++ b/tools/virsh-domain.c
@@ -3918,16 +3918,14 @@ static const vshCmdOptDef opts_schedinfo[] = {
.flags = VSH_OFLAG_REQ,
.help = N_("domain name, id or uuid")
},
- {.name = "set",
- .type = VSH_OT_STRING,
- .help = N_("parameter=value")
- },
{.name = "weight",
.type = VSH_OT_INT,
+ .flags = VSH_OFLAG_REQ_OPT,
.help = N_("weight for XEN_CREDIT")
},
{.name = "cap",
.type = VSH_OT_INT,
+ .flags = VSH_OFLAG_REQ_OPT,
.help = N_("cap for XEN_CREDIT")
},
{.name = "current",
@@ -3942,72 +3940,100 @@ static const vshCmdOptDef opts_schedinfo[] = {
.type = VSH_OT_BOOL,
.help = N_("get/set value from running domain")
},
+ {.name = "set",
+ .type = VSH_OT_ARGV,
+ .flags = VSH_OFLAG_NONE,
+ .help = N_("parameter=value")
+ },
{.name = NULL}
};
static int
+cmdSchedInfoUpdateOne(vshControl *ctl,
+ virTypedParameterPtr src_params, int nsrc_params,
+ virTypedParameterPtr *params,
+ int *nparams, int *maxparams,
+ const char *field, const char *value)
+{
+ virTypedParameterPtr param;
+ int ret = -1;
+ int i;
+
+ for (i = 0; i < nsrc_params; i++) {
+ param = &(src_params[i]);
+
+ if (STRNEQ(field, param->field))
+ continue;
+
+ if (virTypedParamsAddFromString(params, nparams, maxparams,
+ field, param->type,
+ value) < 0) {
+ vshSaveLibvirtError();
+ goto cleanup;
+ }
+ ret = 0;
+ break;
+ }
+
+ if (ret < 0)
+ vshError(ctl, _("invalid scheduler option: %s"), field);
+
+ cleanup:
+ return ret;
+}
+
+static int
cmdSchedInfoUpdate(vshControl *ctl, const vshCmd *cmd,
virTypedParameterPtr src_params, int nsrc_params,
virTypedParameterPtr *update_params)
{
- const char *set_arg;
char *set_field = NULL;
char *set_val = NULL;
- virTypedParameterPtr param;
+ const char *val = NULL;
+ const vshCmdOpt *opt = NULL;
virTypedParameterPtr params = NULL;
int nparams = 0;
int maxparams = 0;
int ret = -1;
int rv;
- int val;
- int i;
- if (vshCommandOptString(cmd, "set", &set_arg) > 0) {
- set_field = vshStrdup(ctl, set_arg);
+ while ((opt = vshCommandOptArgv(cmd, opt))) {
+ set_field = vshStrdup(ctl, opt->data);
if (!(set_val = strchr(set_field, '='))) {
- vshError(ctl, "%s", _("Invalid syntax for --set, expecting name=value"));
+ vshError(ctl, "%s", _("Invalid syntax for --set, "
+ "expecting name=value"));
goto cleanup;
}
*set_val = '\0';
set_val++;
- }
- for (i = 0; i < nsrc_params; i++) {
- param = &(src_params[i]);
-
- /* Legacy 'weight' and 'cap' parameter */
- if (param->type == VIR_TYPED_PARAM_UINT &&
- (STREQ(param->field, "weight") || STREQ(param->field, "cap")) &&
- (rv = vshCommandOptInt(cmd, param->field, &val)) != 0) {
- if (rv < 0) {
- vshError(ctl, _("Invalid value of %s"), param->field);
- goto cleanup;
- }
-
- if (virTypedParamsAddUInt(¶ms, &nparams, &maxparams,
- param->field, val) < 0) {
- vshSaveLibvirtError();
- goto cleanup;
- }
+ if (cmdSchedInfoUpdateOne(ctl, src_params, nsrc_params,
+ ¶ms, &nparams, &maxparams,
+ set_field, set_val) < 0)
+ goto cleanup;
- continue;
- }
+ VIR_FREE(set_field);
+ }
- if (set_field && STREQ(set_field, param->field)) {
- if (virTypedParamsAddFromString(¶ms, &nparams, &maxparams,
- set_field, param->type,
- set_val) < 0) {
- vshSaveLibvirtError();
- goto cleanup;
- }
+ rv = vshCommandOptStringReq(ctl, cmd, "cap", &val);
+ if (rv < 0 ||
+ (val &&
+ cmdSchedInfoUpdateOne(ctl, src_params, nsrc_params,
+ ¶ms, &nparams, &maxparams,
+ "cap", val) < 0))
+ goto cleanup;
- continue;
- }
- }
+ rv = vshCommandOptStringReq(ctl, cmd, "weight", &val);
+ if (rv < 0 ||
+ (val &&
+ cmdSchedInfoUpdateOne(ctl, src_params, nsrc_params,
+ ¶ms, &nparams, &maxparams,
+ "weight", val) < 0))
+ goto cleanup;
- *update_params = params;
ret = nparams;
+ *update_params = params;
params = NULL;
cleanup:
@@ -4102,15 +4128,6 @@ cmdSchedinfo(vshControl *ctl, const vshCmd *cmd)
if (ret == -1)
goto cleanup;
} else {
- /* See if we've tried to --set var=val. If so, the fact that
- we reach this point (with update == 0) means that "var" did
- not match any of the settable parameters. Report the error. */
- const char *var_value_pair = NULL;
- if (vshCommandOptString(cmd, "set", &var_value_pair) > 0) {
- vshError(ctl, _("invalid scheduler option: %s"),
- var_value_pair);
- goto cleanup;
- }
/* When not doing --set, --live and --config do not mix. */
if (live && config) {
vshError(ctl, "%s",
diff --git a/tools/virsh.pod b/tools/virsh.pod
index b5e632e..6111e58 100644
--- a/tools/virsh.pod
+++ b/tools/virsh.pod
@@ -1281,8 +1281,8 @@ except that it does some error checking.
The editor used can be supplied by the C<$VISUAL> or C<$EDITOR> environment
variables, and defaults to C<vi>.
-=item B<schedinfo> [I<--set> B<parameter=value>] I<domain> [[I<--config>]
-[I<--live>] | [I<--current>]]
+=item B<schedinfo> I<domain> [[I<--config>] [I<--live>] | [I<--current>]]
+[[I<--set>] B<parameter=value>]...
=item B<schedinfo> [I<--weight> B<number>] [I<--cap> B<number>]
I<domain>
--
1.8.1.5
11 years, 7 months
[libvirt] [PATCH v5 0/3] Keep original file label
by Michal Privoznik
Yet another rework of $subj. I am still not solving atomicity
problem for now. See diff to the patches if you want to know
what's changed.
Michal Privoznik (3):
virFile: Add APIs for extended attributes handling
virfile: Introduce internal API for managing ACL
security_dac: Favour ACLs over chown()
configure.ac | 2 +
libvirt.spec.in | 1 +
m4/virt-acl.m4 | 9 ++
src/Makefile.am | 4 +-
src/libvirt_private.syms | 6 +
src/security/security_dac.c | 309 +++++++++++++++++++++++++++++++++++++++-----
src/util/virfile.c | 295 ++++++++++++++++++++++++++++++++++++++++++
src/util/virfile.h | 28 ++++
8 files changed, 623 insertions(+), 31 deletions(-)
create mode 100644 m4/virt-acl.m4
--
1.8.1.5
11 years, 7 months
