[libvirt] [PATCH 0/2] qemumonitorjsontest improvements
by Michal Privoznik
Just a couple of tests.
Michal Privoznik (2):
qemumonitorjsontest: Test CPU state handling code
qemumonitorjsontest: Introduce DO_TEST_SIMPLE
tests/qemumonitorjsontest.c | 103 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 103 insertions(+)
--
1.8.1.5
11 years, 9 months
[libvirt] [PATCH] Add checking of dbus_message_iter_append_basic return value
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
Coverity complains that the test suite did not check the
return value of dbus_message_iter_append_basic() as we did
in most other places.
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
tests/virsystemdmock.c | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/tests/virsystemdmock.c b/tests/virsystemdmock.c
index 59b312d..b8fc031 100644
--- a/tests/virsystemdmock.c
+++ b/tests/virsystemdmock.c
@@ -82,10 +82,8 @@ DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection *connectio
dbus_message_iter_init_append(reply, &iter);
if (!dbus_message_iter_append_basic(&iter,
DBUS_TYPE_STRING,
- &error_message)) {
- dbus_message_unref(reply);
- return NULL;
- }
+ &error_message))
+ goto error;
} else {
reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN);
}
@@ -98,19 +96,25 @@ DBusMessage *dbus_connection_send_with_reply_and_block(DBusConnection *connectio
dbus_message_iter_open_container(&iter, DBUS_TYPE_ARRAY,
"s", &sub);
- dbus_message_iter_append_basic(&sub,
+ if (!dbus_message_iter_append_basic(&sub,
DBUS_TYPE_STRING,
- &svc1);
- if (!getenv("FAIL_NO_SERVICE"))
- dbus_message_iter_append_basic(&sub,
- DBUS_TYPE_STRING,
- &svc2);
+ &svc1))
+ goto error;
+ if (!getenv("FAIL_NO_SERVICE") &&
+ !dbus_message_iter_append_basic(&sub,
+ DBUS_TYPE_STRING,
+ &svc2))
+ goto error;
dbus_message_iter_close_container(&iter, &sub);
} else {
reply = dbus_message_new(DBUS_MESSAGE_TYPE_METHOD_RETURN);
}
return reply;
+
+ error:
+ dbus_message_unref(reply);
+ return NULL;
}
#else
--
1.8.3.1
11 years, 9 months
[libvirt] [PATCH 0/3] VMware: Driver updates for future work
by Doug Goldstein
While some of these patches seem unncessary (e.g. vmrun lookup/caching)
my end goal is to add VMware Fusion support to libvirt.
Rationale for patch 1: In libvirt we prefer enums and using some of the
standardized APIs for enum/str handling.
Rationale for patch 2: VMware Fusion command line utilities will never be
in PATH on a Mac OS X machine and nor is it correct to tell the user to
have it in your path. The tools live in /Applications/VMware Fusion.app/
or /Library/Application Support/VMware Fusion.app/ and app bundles should
not appear in your path. In the future it will allow us to add these
pathes in the list of paths to search for. We can also improve the Windows
user experience and populate the Windows path in here as well since
most users don't have the VMware install dir in their PATH.
Rationale for patch 3: Testing is good. VMware Fusion has a slightly
different string format for the version so the code will need to change
this allows us to add tests.
I personally don't own a copy of VMware Workstation or VMware Fusion,
so if anyone does please send me (or submit patches) of additional
version numbers so that we can improve our test coverage.
Doug Goldstein (3):
VMware: Convert driver type defines to enum
VMware: Store vmrun binary's path in the driver
VMware: Make version parsing testable and add tests
.gitignore | 1 +
src/Makefile.am | 6 ++
src/libvirt_vmware.syms | 12 ++++
src/vmware/vmware_conf.c | 61 ++++++++++++-----
src/vmware/vmware_conf.h | 15 ++++-
src/vmware/vmware_driver.c | 63 +++++++++++-------
tests/Makefile.am | 14 ++++
tests/vmwareverdata/workstation-7.0.0.txt | 1 +
tests/vmwarevertest.c | 105 ++++++++++++++++++++++++++++++
9 files changed, 233 insertions(+), 45 deletions(-)
create mode 100644 src/libvirt_vmware.syms
create mode 100644 tests/vmwareverdata/workstation-7.0.0.txt
create mode 100644 tests/vmwarevertest.c
--
1.8.1.5
11 years, 9 months
[libvirt] [PATCH] daemon: Avoid dead code in polkit auth
by Jiri Denemark
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
daemon/remote.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 3ac528c..2ff2288 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -2738,12 +2738,13 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
int status = -1;
char *ident = NULL;
bool authdismissed = 0;
- bool supportsuid = false;
char *pkout = NULL;
struct daemonClientPrivate *priv =
virNetServerClientGetPrivateData(client);
virCommandPtr cmd = NULL;
+# ifndef PKCHECK_SUPPORTS_UID
static bool polkitInsecureWarned;
+# endif
virMutexLock(&priv->lock);
action = virNetServerClientGetReadonly(client) ?
@@ -2775,19 +2776,21 @@ remoteDispatchAuthPolkit(virNetServerPtr server ATTRIBUTE_UNUSED,
(long long) callerPid, callerUid);
virCommandAddArg(cmd, "--process");
+
# ifdef PKCHECK_SUPPORTS_UID
- supportsuid = true;
-# endif
- if (supportsuid) {
- virCommandAddArgFormat(cmd, "%lld,%llu,%lu",
- (long long) callerPid, timestamp, (unsigned long) callerUid);
- } else {
- if (!polkitInsecureWarned) {
- VIR_WARN("No support for caller UID with pkcheck. This deployment is known to be insecure.");
- polkitInsecureWarned = true;
- }
- virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+ virCommandAddArgFormat(cmd, "%lld,%llu,%lu",
+ (long long) callerPid,
+ timestamp,
+ (unsigned long) callerUid);
+# else
+ if (!polkitInsecureWarned) {
+ VIR_WARN("No support for caller UID with pkcheck. "
+ "This deployment is known to be insecure.");
+ polkitInsecureWarned = true;
}
+ virCommandAddArgFormat(cmd, "%lld,%llu", (long long) callerPid, timestamp);
+# endif
+
virCommandAddArg(cmd, "--allow-user-interaction");
if (virAsprintf(&ident, "pid:%lld,uid:%d",
--
1.8.3.2
11 years, 9 months
[libvirt] About 'virsh update-device' for floppy and cdrom
by liyang
Hi experts:
When I did some test, I was puzzled by one thing: When I use "virsh
update-device" to update
floppy device, always got an error message, "error: internal error
unable to execute QEMU command
'change': Could not open'***file':Permission denied".But when I execute
command "setenforce 0"
befroe "udpate-device", floppy device can be updated.
Steps like this:
---------------------------------------------------------------Start
# virsh start virt-tests-vm1
Domain virt-tests-vm1 started
# cat
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml
<disk type='file' device='floppy'>
<driver name='qemu' type='raw'/>
<source
file='/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso'/>
<target dev='fda'/>
<readonly/>
</disk>
# ll
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso
-rw-r--r--. 1 qemu qemu 1404928 Sep 20 10:48
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso
# virsh update-device virt-tests-vm1
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml
--force
error: Failed to update device from
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml
error: internal error unable to execute QEMU command 'change': Could not
open
'/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso':
Permission denied
# cat /selinux/enforce
1
# setenforce 0
# virsh update-device virt-tests-vm1
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml
--force
Device updated successfully
---------------------------------------------------------------End
But with same command, about cdrom device it worked though
"/selinux/enforce" is 1.
Steps like this:
---------------------------------------------------------------Start
# virsh start virt-tests-vm1
Domain virt-tests-vm1 started
# cat
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<source
file='/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso'/>
<target dev='hdc'/>
<readonly/>
</disk>
# ll
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso
-rw-r--r--. 1 qemu qemu 1404928 Sep 20 10:58
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/change_media_old.iso
# cat /selinux/enforce
1
# virsh update-device virt-tests-vm1
/add_storage/liyang/github-autotest_new/client/tests/virt/tmp/tmp/update_iso.xml
--force
Device updated successfully
---------------------------------------------------------------End
So I want to know why it's different between 'floppy' and 'cdrom', and
what's the difference?
Also why floppy needs 'permissive' mode but cdrom doesn't?
Wish your help!
--
Regards,
--------------------------------------------------
Li Yang
TEL:+86+25-86630566-8529
EMail:liyang.fnst(a)cn.fujitsu.com
--------------------------------------------------
11 years, 9 months
[libvirt] Schedule for next release
by Daniel Veillard
If we want to stick to the end of the month schedule we need to
enter freeze for 1.1.3 next week, I suggest to do this early on Wed 25
so that we can plan on pushing 1.1.3 on the Tue 1st Oct
So unless there is a serious issue, let's plan to freeze next Wed,
Daniel
--
Daniel Veillard | Open Source and Standards, Red Hat
veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | virtualization library http://libvirt.org/
11 years, 9 months
[libvirt] [v0.9.12-maint 0/9] CVE fixes
by Eric Blake
I've completed and pushed my backport work for both CVEs that
were patched today, into all branches v0.10.2-maint and newer
(basically, we have 0.10.2, then all releases since 1.0.2). One
last branch in active use (hello Debian) remains to be patched;
but here, the backport work had enough conflict resolutions that
I decided to post my work for review first.
Daniel P. Berrange (9):
Introduce APIs for splitting/joining strings
Rename virKillProcess to virProcessKill
Rename virPid{Abort, Wait} to virProcess{Abort, Wait}
Rename virCommandTranslateStatus to virProcessTranslateStatus
Move virProcessKill into virprocess.{h, c}
Move virProcess{Kill, Abort, TranslateStatus} into virprocess.{c, h}
Include process start time when doing polkit checks
Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
.gitignore | 1 +
configure.ac | 8 +
daemon/libvirtd.c | 3 +-
daemon/remote.c | 33 +++-
libvirt.spec.in | 3 +-
po/POTFILES.in | 1 +
src/Makefile.am | 2 +
src/libvirt_private.syms | 16 +-
src/lxc/lxc_container.c | 3 +-
src/lxc/lxc_controller.c | 3 +-
src/qemu/qemu_agent.c | 3 +-
src/qemu/qemu_monitor.c | 3 +-
src/qemu/qemu_process.c | 3 +-
src/rpc/virnetserverclient.c | 8 +-
src/rpc/virnetserverclient.h | 3 +-
src/rpc/virnetsocket.c | 22 ++-
src/rpc/virnetsocket.h | 3 +-
src/uml/uml_driver.c | 3 +-
src/util/command.c | 167 ++------------------
src/util/command.h | 8 -
src/util/util.c | 64 +-------
src/util/util.h | 1 -
src/util/virprocess.c | 359 +++++++++++++++++++++++++++++++++++++++++++
src/util/virprocess.h | 45 ++++++
src/util/virstring.c | 179 +++++++++++++++++++++
src/util/virstring.h | 40 +++++
tests/Makefile.am | 9 +-
tests/testutils.c | 5 +-
tests/virstringtest.c | 161 +++++++++++++++++++
29 files changed, 908 insertions(+), 251 deletions(-)
create mode 100644 src/util/virprocess.c
create mode 100644 src/util/virprocess.h
create mode 100644 src/util/virstring.c
create mode 100644 src/util/virstring.h
create mode 100644 tests/virstringtest.c
--
1.8.3.1
11 years, 9 months
[libvirt] [PATCH 0/3] Fix for polkit race condition
by Daniel P. Berrange
From: "Daniel P. Berrange" <berrange(a)redhat.com>
The following 3 patches have been reviewed on the libvirt-security
list as the libvirt side of the fix for polkit CVE-2013-4288.
Given that it was already reviewed, I have pushed this.
Daniel P. Berrange (3):
Also store user & group ID values in virIdentity
Ensure system identity includes process start time
Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
configure.ac | 8 ++++++++
daemon/remote.c | 22 ++++++++++++++++++---
libvirt.spec.in | 3 +--
src/access/viraccessdriverpolkit.c | 40 +++++++++++++++++++++++++++++++++-----
src/rpc/virnetserverclient.c | 18 +++++++++++++++++
src/util/viridentity.c | 39 +++++++++++++++++++++++++++++++++----
src/util/viridentity.h | 2 ++
7 files changed, 118 insertions(+), 14 deletions(-)
--
1.8.3.1
11 years, 9 months
[libvirt] memory pinning problem
by David Weber
Hi,
we try to use vcpu pinning on a 2 socket server with Intel Xeon E5620 cpus, HT
enabled and 2*6*16GiB Ram but experience problems if we try to start a guest
on the second socket:
error: Failed to start domain test
error: internal error: process exited while connecting to monitor:
kvm_init_vcpu failed: Cannot allocate memory
Libvirt version 1.1.1
Linux 3.11-rc7
Because I coudn't find any other service which allowed a 7M file upload, I put
the log file and everything else which could perhabs be relevant into a github
repository:
https://github.com/David-Weber/vcpu-pinning
When we try to start a guest on the first node it runs fine:
<vcpu placement='static' cpuset='0-3,8-11'>4</vcpu>
<numatune>
<memory mode='strict' nodeset='0'/>
</numatune>
Starting it on the second node fails
<vcpu placement='static' cpuset='4-7,12-15'>4</vcpu>
<numatune>
<memory mode='strict' nodeset='1'/>
</numatune>
Even more strange, starting it with the CPUs of the second node and the memory
of the first node works:
<vcpu placement='static' cpuset='4-7,12-15'>4</vcpu>
<numatune>
<memory mode='strict' nodeset='0'/>
</numatune>
The log file contains these three cases.
Using the placement='auto' parameter leads to the same problem. If numad
return the second node, the guest won't start.
Is this a configuration, a libvirt or a cgroup problem? :)
Cheers,
David
11 years, 9 months
