August 2013 - Devel - libvirt List Archives

[libvirt] [PATCHv2 0/2] Fix error reporting of virBitmapParse
by Peter Krempa 21 Aug '13

21 Aug '13

Please see notes in individual patches. Peter Krempa (2): virBitmapParse: Fix behavior in case of error virBitmapParse: Don't shadow errors po/POTFILES.in | 1 + src/conf/domain_conf.c | 5 +---- src/conf/network_conf.c | 3 --- src/nodeinfo.c | 5 +---- src/qemu/qemu_driver.c | 2 -- src/util/virbitmap.c | 18 +++++++++--------- src/xenxs/xen_sxpr.c | 5 +---- tests/cpuset | 2 +- 8 files changed, 14 insertions(+), 27 deletions(-) -- 1.8.3.2

2 4

[libvirt] [PATCH v4 2/3] Check for --no-copy-dt-needed linker flag
by Guido Günther 21 Aug '13

21 Aug '13

and use it when available --- configure.ac | 1 + daemon/Makefile.am | 1 + m4/virt-linker-no-indirect.m4 | 32 ++++++++++++++++++++++++++++++++ src/Makefile.am | 1 + tests/Makefile.am | 1 + tools/Makefile.am | 1 + 6 files changed, 37 insertions(+) create mode 100644 m4/virt-linker-no-indirect.m4 diff --git a/configure.ac b/configure.ac index ac8cfa1..25d91ce 100644 --- a/configure.ac +++ b/configure.ac @@ -160,6 +160,7 @@ AC_MSG_RESULT([$VERSION_SCRIPT_FLAGS]) LIBVIRT_COMPILE_WARNINGS LIBVIRT_COMPILE_PIE LIBVIRT_LINKER_RELRO +LIBVIRT_LINKER_NO_INDIRECT LIBVIRT_CHECK_APPARMOR LIBVIRT_CHECK_ATTR diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 5cd95aa..e34868b 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -129,6 +129,7 @@ libvirtd_LDFLAGS = \ $(PIE_LDFLAGS) \ $(RELRO_LDFLAGS) \ $(COVERAGE_LDFLAGS) \ + $(NO_INDIRECT_LDFLAGS) \ $(NULL) libvirtd_LDADD = \ diff --git a/m4/virt-linker-no-indirect.m4 b/m4/virt-linker-no-indirect.m4 new file mode 100644 index 0000000..b344f70 --- /dev/null +++ b/m4/virt-linker-no-indirect.m4 @@ -0,0 +1,32 @@ +dnl +dnl Check for --no-copy-dt-needed-entries +dnl +dnl Copyright (C) 2013 Guido Günther <agx(a)sigxcpu.org> +dnl +dnl This library is free software; you can redistribute it and/or +dnl modify it under the terms of the GNU Lesser General Public +dnl License as published by the Free Software Foundation; either +dnl version 2.1 of the License, or (at your option) any later version. +dnl +dnl This library is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl Lesser General Public License for more details. +dnl +dnl You should have received a copy of the GNU Lesser General Public +dnl License along with this library. If not, see +dnl <http://www.gnu.org/licenses/>. +dnl + +AC_DEFUN([LIBVIRT_LINKER_NO_INDIRECT],[ + AC_MSG_CHECKING([for how to avoid indirect lib deps]) + + NO_INDIRECT_LDFLAGS= + case `$LD --help 2>&1` in + *"--no-copy-dt-needed-entries"*) + NO_INDIRECT_LDFLAGS="-Wl,--no-copy-dt-needed-entries" ;; + esac + AC_SUBST([NO_INDIRECT_LDFLAGS]) + + AC_MSG_RESULT([$NO_INDIRECT_LDFLAGS]) +]) diff --git a/src/Makefile.am b/src/Makefile.am index 7c3d8a1..faa2cd6 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -35,6 +35,7 @@ AM_CFLAGS = $(LIBXML_CFLAGS) \ AM_LDFLAGS = $(DRIVER_MODULE_LDFLAGS) \ $(COVERAGE_LDFLAGS) \ $(RELRO_LDFLAGS) \ + $(NO_INDIRECT_LDFLAGS) \ $(NULL) EXTRA_DIST = $(conf_DATA) util/keymaps.csv diff --git a/tests/Makefile.am b/tests/Makefile.am index 9098dec..86c3e11 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -50,6 +50,7 @@ endif LDADDS = \ $(WARN_CFLAGS) \ + $(NO_INDIRECT_LDFLAGS) \ $(PROBES_O) \ ../src/libvirt.la \ ../gnulib/lib/libgnu.la diff --git a/tools/Makefile.am b/tools/Makefile.am index be7ed23..c5bd5bb 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -24,6 +24,7 @@ INCLUDES = \ AM_LDFLAGS = \ $(RELRO_LDFLAGS) \ + $(NO_INDIRECT_LDFLAGS) \ $(NULL) POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)" -- 1.8.4.rc3

2 1

[libvirt] [PATCH v4 1/3] Simplify RELRO_LDFLAGS
by Guido Günther 21 Aug '13

21 Aug '13

by adding it to AM_LDFLAGS instead of every linking rule and by avoiding a forked grep. --- daemon/Makefile.am | 4 +++- m4/virt-linker-relro.m4 | 11 +++++++---- src/Makefile.am | 13 +++---------- tools/Makefile.am | 18 +++++++++++++----- 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index ad7544c..5cd95aa 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -125,9 +125,11 @@ libvirtd_CFLAGS = \ -DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\"" libvirtd_LDFLAGS = \ + $(RELRO_LDFLAGS) \ $(PIE_LDFLAGS) \ $(RELRO_LDFLAGS) \ - $(COVERAGE_LDFLAGS) + $(COVERAGE_LDFLAGS) \ + $(NULL) libvirtd_LDADD = \ $(LIBXML_LIBS) \ diff --git a/m4/virt-linker-relro.m4 b/m4/virt-linker-relro.m4 index 9bca90e..079a095 100644 --- a/m4/virt-linker-relro.m4 +++ b/m4/virt-linker-relro.m4 @@ -22,10 +22,13 @@ AC_DEFUN([LIBVIRT_LINKER_RELRO],[ AC_MSG_CHECKING([for how to force completely read-only GOT table]) RELRO_LDFLAGS= - `$LD --help 2>&1 | grep -- "-z relro" >/dev/null` && \ - RELRO_LDFLAGS="-Wl,-z -Wl,relro" - `$LD --help 2>&1 | grep -- "-z now" >/dev/null` && \ - RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" + ld_help=`$LD --help 2>&1` + case $ld_help in + *"-z relro"*) RELRO_LDFLAGS="-Wl,-z -Wl,relro" ;; + esac + case $ld_help in + *"-z now"*) RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" ;; + esac AC_SUBST([RELRO_LDFLAGS]) AC_MSG_RESULT([$RELRO_LDFLAGS]) diff --git a/src/Makefile.am b/src/Makefile.am index 4702cde..7c3d8a1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -33,7 +33,9 @@ AM_CFLAGS = $(LIBXML_CFLAGS) \ $(WIN32_EXTRA_CFLAGS) \ $(COVERAGE_CFLAGS) AM_LDFLAGS = $(DRIVER_MODULE_LDFLAGS) \ - $(COVERAGE_LDFLAGS) + $(COVERAGE_LDFLAGS) \ + $(RELRO_LDFLAGS) \ + $(NULL) EXTRA_DIST = $(conf_DATA) util/keymaps.csv @@ -1812,7 +1814,6 @@ libvirt_la_LDFLAGS = \ -version-info $(LIBVIRT_VERSION_INFO) \ $(LIBVIRT_NODELETE) \ $(AM_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -1896,7 +1897,6 @@ libvirt_qemu_la_LDFLAGS = \ $(VERSION_SCRIPT_FLAGS)$(LIBVIRT_QEMU_SYMBOL_FILE) \ -version-info $(LIBVIRT_VERSION_INFO) \ $(AM_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -1908,7 +1908,6 @@ libvirt_lxc_la_LDFLAGS = \ $(VERSION_SCRIPT_FLAGS)$(LIBVIRT_LXC_SYMBOL_FILE) \ -version-info $(LIBVIRT_VERSION_INFO) \ $(AM_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -1964,7 +1963,6 @@ virtlockd_CFLAGS = \ virtlockd_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -2243,7 +2241,6 @@ libvirt_iohelper_SOURCES = $(UTIL_IO_HELPER_SOURCES) libvirt_iohelper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_iohelper_LDADD = \ libvirt_util.la \ @@ -2266,7 +2263,6 @@ libvirt_parthelper_SOURCES = $(STORAGE_HELPER_DISK_SOURCES) libvirt_parthelper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_parthelper_LDADD = \ $(LIBPARTED_LIBS) \ @@ -2298,7 +2294,6 @@ libvirt_sanlock_helper_CFLAGS = \ libvirt_sanlock_helper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_sanlock_helper_LDADD = libvirt.la endif @@ -2314,7 +2309,6 @@ libvirt_lxc_SOURCES = \ libvirt_lxc_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_lxc_LDADD = \ $(FUSE_LIBS) \ @@ -2358,7 +2352,6 @@ virt_aa_helper_SOURCES = $(SECURITY_DRIVER_APPARMOR_HELPER_SOURCES) virt_aa_helper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) virt_aa_helper_LDADD = \ libvirt_conf.la \ diff --git a/tools/Makefile.am b/tools/Makefile.am index f85c35c..be7ed23 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -22,6 +22,10 @@ INCLUDES = \ -I$(top_srcdir) \ $(GETTEXT_CPPFLAGS) +AM_LDFLAGS = \ + $(RELRO_LDFLAGS) \ + $(NULL) + POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)" ICON_FILES = \ @@ -118,8 +122,8 @@ virt_host_validate_SOURCES = \ $(NULL) virt_host_validate_LDFLAGS = \ + $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(COVERAGE_LDFLAGS) \ $(NULL) @@ -137,11 +141,13 @@ virt_host_validate_CFLAGS = \ virt_login_shell_SOURCES = \ virt-login-shell.c -virt_login_shell_LDFLAGS = $(COVERAGE_LDFLAGS) +virt_login_shell_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(COVERAGE_LDFLAGS) \ + $(NULL) virt_login_shell_LDADD = \ $(STATIC_BINARIES) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ ../src/libvirt.la \ ../src/libvirt-lxc.la \ ../gnulib/lib/libgnu.la @@ -167,11 +173,13 @@ virsh_SOURCES = \ virsh-volume.c virsh-volume.h \ $(NULL) -virsh_LDFLAGS = $(COVERAGE_LDFLAGS) +virsh_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(COVERAGE_LDFLAGS) \ + $(NULL) virsh_LDADD = \ $(STATIC_BINARIES) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ ../src/libvirt.la \ ../src/libvirt-lxc.la \ ../src/libvirt-qemu.la \ -- 1.8.4.rc3

2 1

[libvirt] [PATCH] Test handling of non-existant x509 certs
by Daniel P. Berrange 21 Aug '13

21 Aug '13

From: "Daniel P. Berrange" <berrange(a)redhat.com> In commit f905cc998449c89339d0e2894a71d9a9e45293e5 a use of uninitialized data was fixed based on a coverity report. It turns out it was possible to trigger this issue by pointing libvirt at non-existant certificate files, typically causing a crash. This adds a test case for that scenario. With the above commit reverted, this new test case will crash with a SEGV. With the fix applied, it passes, reporting a normal libvirt error to the caller. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com> --- tests/virnettlscontexttest.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/virnettlscontexttest.c b/tests/virnettlscontexttest.c index 2c7d400..33f239c 100644 --- a/tests/virnettlscontexttest.c +++ b/tests/virnettlscontexttest.c @@ -563,6 +563,8 @@ mymain(void) DO_CTX_TEST(true, "cacertchain-ctx.pem", servercertlevel3areq.filename, false); DO_CTX_TEST(false, "cacertchain-ctx.pem", clientcertlevel2breq.filename, false); + DO_CTX_TEST(false, "cacertdoesnotexist.pem", "servercertdoesnotexist.pem", true); + testTLSDiscardCert(&cacertreq); testTLSDiscardCert(&cacert1req); testTLSDiscardCert(&cacert2req); -- 1.8.3.1

2 1

[libvirt] SIGSEGV using virConnect.newStream with Python
by Claudio Bley 21 Aug '13

21 Aug '13

Hi. I tried this on Fedora 19, using libvirt 1.0.5 and also tested with git v1.1.1-maint as well as git master on Ubuntu 12.04. How to reproduce: ---- python ----- import libvirt as l c = l.virConnect("test:///default") v = c.virStream() ----------------- Here's my GDB session with git master: $ gdb python GNU gdb (Ubuntu/Linaro 7.4-2012.04-0ubuntu2.1) 7.4-2012.04 Copyright (C) 2012 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-linux-gnu". For bug reporting instructions, please see: <http://bugs.launchpad.net/gdb-linaro/>... Reading symbols from /usr/bin/python...(no debugging symbols found)...done. (gdb) run Starting program: /usr/bin/python [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Python 2.7.3 (default, Apr 10 2013, 06:20:15) [GCC 4.6.3] on linux2 Type "help", "copyright", "credits" or "license" for more information. >>> import libvirt as l 2013-08-20 09:21:39.437+0000: 12678: info : libvirt version: 1.1.1 2013-08-20 09:21:39.437+0000: 12678: debug : virGlobalInit:438 : register drivers 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:764 : driver=0x7ffff5dc6760 name=Test 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:776 : registering Test as driver 0 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNetworkDriver:611 : registering Test as network driver 0 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterInterfaceDriver:638 : registering Test as interface driver 0 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterStorageDriver:665 : registering Test as storage driver 0 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNodeDeviceDriver:692 : registering Test as device driver 0 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterSecretDriver:719 : registering Test as secret driver 0 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNWFilterDriver:746 : registering Test as network filter driver 0 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterSecretDriver:719 : registering Test as secret driver 0 [19/1965] 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNWFilterDriver:746 : registering Test as network filter driver 0 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:764 : driver=0x7ffff5dc7ec0 name=OPENVZ 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:776 : registering OPENVZ as driver 1 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:764 : driver=0x7ffff5dc84e0 name=VMWARE 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:776 : registering VMWARE as driver 2 2013-08-20 09:21:39.437+0000: 12678: debug : parallelsRegister:2423 : Can't find prlctl command in the PATH env 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:764 : driver=0x7ffff5dc71a0 name=remote 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterDriver:776 : registering remote as driver 3 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNetworkDriver:611 : registering remote as network driver 1 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterInterfaceDriver:638 : registering remote as interface driver 1 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterStorageDriver:665 : registering remote as storage driver 1 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNodeDeviceDriver:692 : registering remote as device driver 1 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterSecretDriver:719 : registering remote as secret driver 1 2013-08-20 09:21:39.437+0000: 12678: debug : virRegisterNWFilterDriver:746 : registering remote as network filter driver 1 >>> c = l.virConnect("test:///default") >>> v = c.newStream() 2013-08-20 09:22:08.120+0000: 12678: debug : virStreamNew:16922 : conn=0xf, flags=0 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff59be0e9 in virObjectIsClass (anyobj=<optimized out>, klass=0x0) at util/virobject.c:362 362 return virClassIsDerivedFrom(obj->klass, klass); (gdb) bt full #0 0x00007ffff59be0e9 in virObjectIsClass (anyobj=<optimized out>, klass=0x0) at util/virobject.c:362 obj = 0xf #1 0x00007ffff5a7fca8 in virStreamNew (conn=0xf, flags=0) at libvirt.c:16926 st = <optimized out> __func__ = "virStreamNew" __FUNCTION__ = "virStreamNew" #2 0x00007ffff5df7f72 in libvirt_virStreamNew (self=<optimized out>, args=<optimized out>) at libvirt.c:2617 _save = 0x0 c_retval = <optimized out> conn = 0xf pyobj_conn = 0x7ffff7edd5a8 flags = 0 #3 0x0000000000466254 in PyEval_EvalFrameEx () No symbol table info available. #4 0x000000000057bd02 in PyEval_EvalCodeEx () No symbol table info available. #5 0x00000000004667f8 in PyEval_EvalFrameEx () No symbol table info available. #6 0x000000000057bd02 in PyEval_EvalCodeEx () No symbol table info available. #7 0x000000000057d991 in PyRun_InteractiveOneFlags () No symbol table info available. #8 0x000000000057dbfa in PyRun_InteractiveLoopFlags () No symbol table info available. #9 0x000000000057e8e3 in PyRun_AnyFileExFlags () No symbol table info available. #10 0x0000000000512cfd in Py_Main () No symbol table info available. #11 0x00007ffff68cc76d in __libc_start_main (main=0x41ba20 <main>, argc=1, ubp_av=0x7fffffffe5f8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffe5e8) at libc-start.c:226 result = <optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -4474691967429585002, 4307496, 140737488348656, 0, 0, 4474691967066888086, 4474711353541580694}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x57e930, 0x7fffffffe5f8}, data = { ---Type <return> to continue, or q <return> to quit--- prev = 0x0, cleanup = 0x0, canceltype = 5761328}}} not_first_call = <optimized out> #12 0x000000000041ba51 in _start () No symbol table info available. Can anybody make any sense out of this already? What else can I do helping to solve this? / Claudio -- AV-Test GmbH, Henricistraße 20, 04155 Leipzig, Germany Phone: +49 341 265 310 19 Web:<http://www.av-test.org> Eingetragen am / Registered at: Amtsgericht Stendal (HRB 114076) Geschaeftsfuehrer (CEO): Andreas Marx, Guido Habicht, Maik Morgenstern

2 2

[libvirt] [PATCH 1/2] Simplify RELRO_LDFLAGS
by Guido Günther 21 Aug '13

21 Aug '13

by adding it to AM_LDFLAGS instead of every linking rule and by avoiding a forked grep. --- Daniel kind of nacked the AM_LDFLAGS part already but I think it's a reasonable cleanup. We should rather use AM_LDFLAGS everywhere which (we currently don't and which would be another cleanup). Or are there any reasons to not have a read only GOT? daemon/Makefile.am | 4 +++- m4/virt-linker-relro.m4 | 8 ++++---- src/Makefile.am | 13 +++---------- tools/Makefile.am | 18 +++++++++++++----- 4 files changed, 23 insertions(+), 20 deletions(-) diff --git a/daemon/Makefile.am b/daemon/Makefile.am index ad7544c..5cd95aa 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -125,9 +125,11 @@ libvirtd_CFLAGS = \ -DQEMUD_PID_FILE="\"$(QEMUD_PID_FILE)\"" libvirtd_LDFLAGS = \ + $(RELRO_LDFLAGS) \ $(PIE_LDFLAGS) \ $(RELRO_LDFLAGS) \ - $(COVERAGE_LDFLAGS) + $(COVERAGE_LDFLAGS) \ + $(NULL) libvirtd_LDADD = \ $(LIBXML_LIBS) \ diff --git a/m4/virt-linker-relro.m4 b/m4/virt-linker-relro.m4 index 9bca90e..d287cbc 100644 --- a/m4/virt-linker-relro.m4 +++ b/m4/virt-linker-relro.m4 @@ -22,10 +22,10 @@ AC_DEFUN([LIBVIRT_LINKER_RELRO],[ AC_MSG_CHECKING([for how to force completely read-only GOT table]) RELRO_LDFLAGS= - `$LD --help 2>&1 | grep -- "-z relro" >/dev/null` && \ - RELRO_LDFLAGS="-Wl,-z -Wl,relro" - `$LD --help 2>&1 | grep -- "-z now" >/dev/null` && \ - RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" + case `$LD --help 2>&1` in + *"-z relro"*) RELRO_LDFLAGS="-Wl,-z -Wl,relro" ;& + *"-z now"*) RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" ;; + esac AC_SUBST([RELRO_LDFLAGS]) AC_MSG_RESULT([$RELRO_LDFLAGS]) diff --git a/src/Makefile.am b/src/Makefile.am index 4702cde..7c3d8a1 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -33,7 +33,9 @@ AM_CFLAGS = $(LIBXML_CFLAGS) \ $(WIN32_EXTRA_CFLAGS) \ $(COVERAGE_CFLAGS) AM_LDFLAGS = $(DRIVER_MODULE_LDFLAGS) \ - $(COVERAGE_LDFLAGS) + $(COVERAGE_LDFLAGS) \ + $(RELRO_LDFLAGS) \ + $(NULL) EXTRA_DIST = $(conf_DATA) util/keymaps.csv @@ -1812,7 +1814,6 @@ libvirt_la_LDFLAGS = \ -version-info $(LIBVIRT_VERSION_INFO) \ $(LIBVIRT_NODELETE) \ $(AM_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -1896,7 +1897,6 @@ libvirt_qemu_la_LDFLAGS = \ $(VERSION_SCRIPT_FLAGS)$(LIBVIRT_QEMU_SYMBOL_FILE) \ -version-info $(LIBVIRT_VERSION_INFO) \ $(AM_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -1908,7 +1908,6 @@ libvirt_lxc_la_LDFLAGS = \ $(VERSION_SCRIPT_FLAGS)$(LIBVIRT_LXC_SYMBOL_FILE) \ -version-info $(LIBVIRT_VERSION_INFO) \ $(AM_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -1964,7 +1963,6 @@ virtlockd_CFLAGS = \ virtlockd_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(CYGWIN_EXTRA_LDFLAGS) \ $(MINGW_EXTRA_LDFLAGS) \ $(NULL) @@ -2243,7 +2241,6 @@ libvirt_iohelper_SOURCES = $(UTIL_IO_HELPER_SOURCES) libvirt_iohelper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_iohelper_LDADD = \ libvirt_util.la \ @@ -2266,7 +2263,6 @@ libvirt_parthelper_SOURCES = $(STORAGE_HELPER_DISK_SOURCES) libvirt_parthelper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_parthelper_LDADD = \ $(LIBPARTED_LIBS) \ @@ -2298,7 +2294,6 @@ libvirt_sanlock_helper_CFLAGS = \ libvirt_sanlock_helper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_sanlock_helper_LDADD = libvirt.la endif @@ -2314,7 +2309,6 @@ libvirt_lxc_SOURCES = \ libvirt_lxc_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) libvirt_lxc_LDADD = \ $(FUSE_LIBS) \ @@ -2358,7 +2352,6 @@ virt_aa_helper_SOURCES = $(SECURITY_DRIVER_APPARMOR_HELPER_SOURCES) virt_aa_helper_LDFLAGS = \ $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(NULL) virt_aa_helper_LDADD = \ libvirt_conf.la \ diff --git a/tools/Makefile.am b/tools/Makefile.am index f85c35c..be7ed23 100644 --- a/tools/Makefile.am +++ b/tools/Makefile.am @@ -22,6 +22,10 @@ INCLUDES = \ -I$(top_srcdir) \ $(GETTEXT_CPPFLAGS) +AM_LDFLAGS = \ + $(RELRO_LDFLAGS) \ + $(NULL) + POD2MAN = pod2man -c "Virtualization Support" -r "$(PACKAGE)-$(VERSION)" ICON_FILES = \ @@ -118,8 +122,8 @@ virt_host_validate_SOURCES = \ $(NULL) virt_host_validate_LDFLAGS = \ + $(AM_LDFLAGS) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ $(COVERAGE_LDFLAGS) \ $(NULL) @@ -137,11 +141,13 @@ virt_host_validate_CFLAGS = \ virt_login_shell_SOURCES = \ virt-login-shell.c -virt_login_shell_LDFLAGS = $(COVERAGE_LDFLAGS) +virt_login_shell_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(COVERAGE_LDFLAGS) \ + $(NULL) virt_login_shell_LDADD = \ $(STATIC_BINARIES) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ ../src/libvirt.la \ ../src/libvirt-lxc.la \ ../gnulib/lib/libgnu.la @@ -167,11 +173,13 @@ virsh_SOURCES = \ virsh-volume.c virsh-volume.h \ $(NULL) -virsh_LDFLAGS = $(COVERAGE_LDFLAGS) +virsh_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(COVERAGE_LDFLAGS) \ + $(NULL) virsh_LDADD = \ $(STATIC_BINARIES) \ $(PIE_LDFLAGS) \ - $(RELRO_LDFLAGS) \ ../src/libvirt.la \ ../src/libvirt-lxc.la \ ../src/libvirt-qemu.la \ -- 1.8.4.rc3

2 2

[libvirt] [PATCH v2]LXC: Helper function for checking ownership of dir when userns enabled
by Chen Hanxiao 21 Aug '13

21 Aug '13

From: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com> If we enable userns, the ownership of dir we provided for containers should match the uid/gid in idmap. Currently, the debug log is very implicit or misleading sometimes. This patch will help clarify this for us when using debug log or virsh. v2: syntax-check clean Signed-off-by: Chen Hanxiao <chenhanxiao(a)cn.fujitsu.com> --- src/lxc/lxc_container.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 files changed, 46 insertions(+), 0 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index b910b10..2ccdc61 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -1815,6 +1815,49 @@ lxcNeedNetworkNamespace(virDomainDefPtr def) return false; } +/* + * Helper function for helping check + * whether we have enough privilege + * to operate the source dir when userns enabled + * @vmDef: pointer to vm definition structure + * Returns 0 on success or -1 in case of error + */ +static int +lxcContainerUsernsSrcOwnershipCheck(virDomainDefPtr vmDef) +{ + struct stat buf; + size_t i; + uid_t uid; + gid_t gid; + + VIR_DEBUG("vmDef->nfss %d", (int)vmDef->nfss); + for (i = 0; i < vmDef->nfss; i++) { + VIR_DEBUG("dst is %s, src is %s", + vmDef->fss[i]->dst, + vmDef->fss[i]->src); + + uid = vmDef->idmap.uidmap[0].target; + gid = vmDef->idmap.gidmap[0].target; + + if (lstat(vmDef->fss[i]->src, &buf) < 0) { + virReportSystemError(errno, _("Cannot access '%s'"), + vmDef->fss[i]->src); + return -1; + } else if (uid != buf.st_uid || gid != buf.st_gid) { + VIR_DEBUG("In userns uid is %d, gid is %d\n", + uid, gid); + errno = EINVAL; + + virReportSystemError(errno, + _("[userns] Src dir '%s' does not belong to uid/gid: %d/%d"), + vmDef->fss[i]->src, uid, gid); + return -1; + } + } + + return 0; +} + /** * lxcContainerStart: * @def: pointer to virtual machine structure @@ -1866,6 +1909,9 @@ int lxcContainerStart(virDomainDefPtr def, if (userns_supported()) { VIR_DEBUG("Enable user namespace"); cflags |= CLONE_NEWUSER; + if (lxcContainerUsernsSrcOwnershipCheck(def) < 0) { + return -1; + } } else { virReportSystemError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Kernel doesn't support user namespace")); -- 1.7.1

3 3

[libvirt] [PATCH 0/2] Follow up patches for the storage fix.
by Osier Yang 21 Aug '13

21 Aug '13

Osier Yang (2): storage: Fix coverity warning storage: Fix the use-after-free memory bug src/storage/storage_driver.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) -- 1.8.1.4

3 7

[libvirt] [libvirt-IEEE-plan][PATCH] delete regression test of bug 990061 since it is moved to rhel6.6
by Xuesong Zhang 21 Aug '13

21 Aug '13

--- 6-5/markdown/10-Test_design/22-Node_devices.txt | 6 ------ 1 file changed, 6 deletions(-) diff --git a/6-5/markdown/10-Test_design/22-Node_devices.txt b/6-5/markdown/10-Test_design/22-Node_devices.txt index bf86615..dea4850 100644 --- a/6-5/markdown/10-Test_design/22-Node_devices.txt +++ b/6-5/markdown/10-Test_design/22-Node_devices.txt @@ -88,12 +88,6 @@ Action for the node device: Create, destroy, detach, dumpxml, list, retach, rese Verify the driver of the device should be updated timely in the nodedev-dumpxml. -**Regression tests:** - -1. **The virt_function should not be appear in the nodedev-dumpxml of VF** - BZ\#990061 - - Verify there is no virt_function in the nodedev-dumpxml of one VF. - [ References ] -- 1.7.11.7

1 0

[libvirt] [PATCH] blkio: change the minimum weight from 100 to 10
by Gao feng 21 Aug '13

21 Aug '13

kernel had changed the minimum weight of device blkio from 100 to 10 in commit df457f845e5449be2e7d96668791f789b3770ac7. commit df457f845e5449be2e7d96668791f789b3770ac7 Author: Justin TerAvest <teravest(a)google.com> Date: Tue Mar 8 19:45:00 2011 +0100 blk-cgroup: Lower minimum weight from 100 to 10. We've found that we still get good, useful isolation at weights this low. I'd like to adjust the minimum so that any other changes can take these values into account. Signed-off-by: Justin TerAvest <teravest(a)google.com> Acked-by: Vivek Goyal <vgoyal(a)redhat.com> Signed-off-by: Jens Axboe <jaxboe(a)fusionio.com> libvirt should comport with kernel. Signed-off-by: Gao feng <gaofeng(a)cn.fujitsu.com> --- docs/formatdomain.html.in | 4 ++-- src/util/vircgroup.c | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/docs/formatdomain.html.in b/docs/formatdomain.html.in index 83d551a..541acb3 100644 --- a/docs/formatdomain.html.in +++ b/docs/formatdomain.html.in @@ -766,7 +766,7 @@ defaults. <span class="since">Since 0.8.8</span></dd> <dt><code>weight</code></dt> <dd> The optional <code>weight</code> element is the overall I/O - weight of the guest. The value should be in the range [100, + weight of the guest. The value should be in the range [10, 1000].</dd> <dt><code>device</code></dt> <dd>The domain may have multiple <code>device</code> elements @@ -783,7 +783,7 @@ Each <code>device</code> element has two mandatory sub-elements, <code>path</code> describing the absolute path of the device, and <code>weight</code> giving - the relative weight of that device, in the range [100, + the relative weight of that device, in the range [10, 1000]. <span class="since">Since 0.9.8</span></dd> </dl> diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c index 16458a3..6e1fe6c 100644 --- a/src/util/vircgroup.c +++ b/src/util/vircgroup.c @@ -1784,9 +1784,9 @@ virCgroupPathOfController(virCgroupPtr group, int virCgroupSetBlkioWeight(virCgroupPtr group, unsigned int weight) { - if (weight > 1000 || weight < 100) { + if (weight > 1000 || weight < 10) { virReportError(VIR_ERR_INVALID_ARG, - _("weight '%u' must be in range (100, 1000)"), + _("weight '%u' must be in range (10, 1000)"), weight); return -1; } @@ -1825,7 +1825,7 @@ virCgroupGetBlkioWeight(virCgroupPtr group, unsigned int *weight) * * @group: The cgroup to change io device weight device for * @path: The device with a weight to alter - * @weight: The new device weight (100-1000), or 0 to clear + * @weight: The new device weight (10-1000), or 0 to clear * * device_weight is treated as a write-only parameter, so * there isn't a getter counterpart. @@ -1841,9 +1841,9 @@ virCgroupSetBlkioDeviceWeight(virCgroupPtr group, struct stat sb; int ret; - if (weight && (weight > 1000 || weight < 100)) { + if (weight && (weight > 1000 || weight < 10)) { virReportError(VIR_ERR_INVALID_ARG, - _("weight '%u' must be in range (100, 1000)"), + _("weight '%u' must be in range (10, 1000)"), weight); return -1; } -- 1.8.3.1

2 2