[libvirt] [PATCH] maint: add sanitizers to the build process
by claudioandre.br@gmail.com
From: Claudio André <claudioandre.br(a)gmail.com>
Sanitizers are based on compile-time instrumentation. They are available in gcc and clang for a range of supported operation systems and platforms. More info at: https://github.com/google/sanitizers
The address sanitizer finds bugs related to addressing memory: use after free, heap buffer overflow, stack buffer overflow, memory leaks, ...
The undefined behavior sanitizer detects situations not prescribed by the language specification: bound violations, data overflows, ...
The llvm.org states that Sanitizers have found thousands of bugs everywhere.
Sanitizers running during CI can prevent bugs from taking up residence. A helper tool to keep bugs out.
---
- I mean CI (in general) not only Travis;
- The functionality is not tied to CI; it is useful for local testing;
- A way to think about this (including the ongoing GSOC):
- Phase 1: test with Sanitizers to achieve basic code sanity;
- Phase 2: use fuzzing for stronger security & reliability;
- MISSING: should I add the flag to which Makefile.am? Or, what do you guys think about this?
configure.ac | 2 ++
m4/virt-compile-sanitizer.m4 | 51 ++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 53 insertions(+)
create mode 100644 m4/virt-compile-sanitizer.m4
diff --git a/configure.ac b/configure.ac
index 246f4e0..4334614 100644
--- a/configure.ac
+++ b/configure.ac
@@ -237,6 +237,7 @@ LIBVIRT_COMPILE_WARNINGS
LIBVIRT_COMPILE_PIE
LIBVIRT_LINKER_RELRO
LIBVIRT_LINKER_NO_INDIRECT
+LIBVIRT_COMPILE_SANITIZER
LIBVIRT_ARG_APPARMOR
LIBVIRT_ARG_ATTR
@@ -1011,6 +1012,7 @@ AC_MSG_NOTICE([])
AC_MSG_NOTICE([Miscellaneous])
AC_MSG_NOTICE([])
LIBVIRT_RESULT_DEBUG
+LIBVIRT_RESULT_SANITIZER
AC_MSG_NOTICE([ Use -Werror: $enable_werror])
AC_MSG_NOTICE([ Warning Flags: $WARN_CFLAGS])
LIBVIRT_RESULT_DTRACE
diff --git a/m4/virt-compile-sanitizer.m4 b/m4/virt-compile-sanitizer.m4
new file mode 100644
index 0000000..a7cac31
--- /dev/null
+++ b/m4/virt-compile-sanitizer.m4
@@ -0,0 +1,51 @@
+dnl
+dnl Check for support for Sanitizers
+dnl Check for -fsanitize=address and -fsanitize=undefined support
+dnl
+dnl This library is free software; you can redistribute it and/or
+dnl modify it under the terms of the GNU Lesser General Public
+dnl License as published by the Free Software Foundation; either
+dnl version 2.1 of the License, or (at your option) any later version.
+dnl
+dnl This library is distributed in the hope that it will be useful,
+dnl but WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl Lesser General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU Lesser General Public
+dnl License along with this library. If not, see
+dnl <http://www.gnu.org/licenses/>.
+dnl
+
+AC_DEFUN([LIBVIRT_COMPILE_SANITIZER],[
+ LIBVIRT_ARG_ENABLE([ASAN], [Build with address sanitizer support], [no])
+ LIBVIRT_ARG_ENABLE([UBSAN], [Build with undefined behavior sanitizer support], [no])
+
+ SAN_CFLAGS=
+ SAN_LDFLAGS=
+
+ AS_IF([test "x$enable_asan" = "xyes"], [
+ gl_COMPILER_OPTION_IF([-fsanitize=address -fno-omit-frame-pointer], [
+ SAN_CFLAGS="-fsanitize=address -fno-omit-frame-pointer"
+ SAN_LDFLAGS="-fsanitize=address"
+ ])
+
+ AC_SUBST([SAN_CFLAGS])
+ AC_SUBST([SAN_LDFLAGS])
+ ])
+
+ AS_IF([test "x$enable_ubsan" = "xyes"], [
+ gl_COMPILER_OPTION_IF([-fsanitize=undefined -fno-omit-frame-pointer], [
+ SAN_CFLAGS="$SAN_CFLAGS -fsanitize=undefined -fno-omit-frame-pointer"
+ SAN_LDFLAGS="$SAN_LDFLAGS -fsanitize=undefined"
+ ])
+
+ AC_SUBST([SAN_CFLAGS])
+ AC_SUBST([SAN_LDFLAGS])
+ ])
+])
+
+AC_DEFUN([LIBVIRT_RESULT_SANITIZER], [
+ AC_MSG_NOTICE([ ASan: $enable_asan])
+ AC_MSG_NOTICE([ UBSan: $enable_ubsan])
+])
--
2.11.0
7 years, 5 months
[libvirt] [PATCH 0/9] virObject adjustments for common object
by John Ferlan
Originally posted in part as an RFC:
https://www.redhat.com/archives/libvir-list/2017-April/msg00321.html
Obviously not a 3.4.0 discussion, but I'm trying to get ahead of the curve
for 3.5.0 and posting this now as I'm "close enough" to at least convert
secrets, nwfilters, nodedevs, and interfaces to use a more common object
methodolgy to add/store, fetch/find, search, list, etc. the objects in
something other than a linear forward linked list. Converting the storage
pool, storage volume, and network is taking longer than hoped since there
are so many patches to get from pointA to pointB. So I'll focus on the
4 and work through getting the complete model published/adopted as those
have been in my branches for a while now.
Still these patches get as far as the creation of the common object which
is a start. The first 4 patches are essentially setup. Patch 5 is new
and covers the need for nwfilters (at least temporarily until self locking
list mgmt is possible). Patches 6-7 were more or less what patch 7-8 were
in the RFC. Patches 8-9 are essentially the driver/common object extension.
Patches 5-6 from the RFC still exist in my branches and would be the next
logical step. It was a conscious decision to just use the "default" string
comparison for hash table key. That key could be a UUID, but since the
UUID can easily be converted from unsigned to signed - I believe it would
be far simpler to keep that mechanism rather than complexity introduced
by having "different" key search algorithms when the key isn't a char *.
John Ferlan (9):
util: Formatting cleanups to virobject API
util: Introduce virObjectGetLockableObj
util: Generate a common internal only error print
util: Add magic_marker for all virObjects
util: Introduce virObjectLockableRecursiveNew
util: Introduce virObjectPoolableHashElement
util: Add virObjectPoolableHashElementGet*Key
util: Introduce virObjectPoolableDef
util: Add virObjectPoolableDef* accessor API's
src/libvirt_private.syms | 12 ++
src/util/virobject.c | 492 +++++++++++++++++++++++++++++++++++++++++++----
src/util/virobject.h | 130 +++++++++++--
3 files changed, 580 insertions(+), 54 deletions(-)
--
2.9.4
7 years, 5 months
[libvirt] [PATCH v3 0/3] Loadparm support
by Farhan Ali
This patch series introduces the support for new s390x 'loadparm'
feature. The 'loadparm' can be used to select the boot entry to
boot from, for a boot device.
Here is a link to the QEMU patches:
https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg00192.html
ChangeLog
---------
v2 -> v3:
- Updated news.xml and formatdomain.html.in with a more architectural
description of loadparm (patch 1)
v1 -> v2:
- Rebased the patch series on the latest master, commit
2f69dd3 virfiletest: include linux/falloc.h
Thanks
Farhan Ali
Farhan Ali (3):
conf : Add loadparm boot option for a boot device
qemu : Add loadparm to qemu command line string
tests : Testcases for loadparm
docs/formatdomain.html.in | 9 ++-
docs/news.xml | 11 ++++
docs/schemas/domaincommon.rng | 7 +++
src/conf/device_conf.h | 1 +
src/conf/domain_conf.c | 69 +++++++++++++++++++++-
src/qemu/qemu_capabilities.c | 2 +
src/qemu/qemu_capabilities.h | 1 +
src/qemu/qemu_command.c | 37 ++++++++++++
...-machine-loadparm-multiple-disks-nets-s390.args | 28 +++++++++
...v-machine-loadparm-multiple-disks-nets-s390.xml | 43 ++++++++++++++
.../qemuxml2argv-machine-loadparm-net-s390.args | 20 +++++++
.../qemuxml2argv-machine-loadparm-net-s390.xml | 26 ++++++++
...xml2argv-machine-loadparm-s390-char-invalid.xml | 26 ++++++++
...uxml2argv-machine-loadparm-s390-len-invalid.xml | 26 ++++++++
.../qemuxml2argv-machine-loadparm-s390.args | 20 +++++++
.../qemuxml2argv-machine-loadparm-s390.xml | 26 ++++++++
tests/qemuxml2argvtest.c | 19 ++++++
17 files changed, 367 insertions(+), 4 deletions(-)
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-loadparm-multiple-disks-nets-s390.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-loadparm-multiple-disks-nets-s390.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-loadparm-net-s390.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-loadparm-net-s390.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-loadparm-s390-char-invalid.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-loadparm-s390-len-invalid.xml
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-loadparm-s390.args
create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-machine-loadparm-s390.xml
--
1.9.1
7 years, 5 months
[libvirt] [PATCH] qemu: Don't error out if allocation info can't be queried
by Peter Krempa
qemuDomainGetBlockInfo would error out if qemu did not report
'wr_highest_offset'. This usually does not happen, but can happen
briefly during active layer block commit. There's no need to report the
error, we can simply report that the disk is fully alocated at that
point.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1452045
---
src/qemu/qemu_driver.c | 8 --------
1 file changed, 8 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 67f54282a..f6b352b56 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -11541,14 +11541,6 @@ qemuDomainGetBlockInfo(virDomainPtr dom,
}
if (!entry->wr_highest_offset_valid) {
- if (virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_BLOCK &&
- disk->src->format != VIR_STORAGE_FILE_RAW) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("failed to query the maximum written offset of "
- "block device '%s'"), disk->dst);
- goto endjob;
- }
-
info->allocation = entry->physical;
} else {
if (virStorageSourceGetActualType(disk->src) == VIR_STORAGE_TYPE_FILE &&
--
2.12.2
7 years, 5 months
[libvirt] [libvirt-sandbox PATCH] Drop library/ from template name and image path
by Guido Günther
If one pastes from the output of virt-sansbox-image
$ virt-sandbox-image list
docker:/library/ubuntu?tag=17.04
docker:/library/debian?tag=latest
verbatim
$ virt-sandbox-image run -c qemu:///session docker:/library/debian?tag=latest
This fails like
/home/<usr>/.local/share/libvirt/images/library/debian:qbeilwxard.qcow2: Could not create file: No such file or directory
Unable to start sandbox: Failed to create domain: XML error: name library/debian:qbeilwxard cannot contain '/'
/usr/bin/virt-sandbox-image: [Errno 2] No such file or directory: '/home/<user>/.local/share/libvirt/images/library/debian:qbeilwxard.qcow2'
so strip of any leading components.
---
This might not be the correct fix but I hope you get the idea.
libvirt-sandbox/image/cli.py | 2 +-
libvirt-sandbox/image/sources/docker.py | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/libvirt-sandbox/image/cli.py b/libvirt-sandbox/image/cli.py
index 3a5ccfa..0f27a16 100644
--- a/libvirt-sandbox/image/cli.py
+++ b/libvirt-sandbox/image/cli.py
@@ -96,7 +96,7 @@ def run(args):
name = args.name
if name is None:
randomid = ''.join(random.choice(string.lowercase) for i in range(10))
- name = tmpl.path[1:] + ":" + randomid
+ name = tmpl.path[1:].split('/')[-1] + ":" + randomid
diskfile = source.get_disk(template=tmpl,
templatedir=template_dir,
diff --git a/libvirt-sandbox/image/sources/docker.py b/libvirt-sandbox/image/sources/docker.py
index aa5675e..6ca086c 100755
--- a/libvirt-sandbox/image/sources/docker.py
+++ b/libvirt-sandbox/image/sources/docker.py
@@ -655,7 +655,7 @@ class DockerSource(base.Source):
def get_disk(self, template, templatedir, imagedir, sandboxname):
image = DockerImage.from_template(template)
configfile, diskfile = self._get_template_data(image, templatedir)
- tempfile = imagedir + "/" + sandboxname + ".qcow2"
+ tempfile = imagedir + "/" + sandboxname.split('/')[-1] + ".qcow2"
if not os.path.exists(imagedir):
os.makedirs(imagedir)
cmd = ["qemu-img","create","-q","-f","qcow2"]
--
2.11.0
7 years, 5 months
[libvirt] [PATCH v2] nodedev: Increase the netlink socket buffer size to the one used by udev
by Erik Skultety
From: "ning.bo" <ning.bo9(a)zte.com.cn>
When a number of SRIOV VFs (up to 128 on Intel XL710) is created:
for i in `seq 0 1`; do
echo 63 > /sys/class/net/<interface>/device/sriov_numvfs
done
libvirtd will then report "udev_monitor_receive_device returned NULL"
error because the netlink socket buffer is not big enough (using GDB on
libudev confirmed this with ENOBUFFS) and thus some udev events were
dropped. This results in some devices being missing in the nodedev-list
output. This patch overrides the system's rmem_max limit but for that,
we need to make sure we've got root privileges.
https://bugzilla.redhat.com/show_bug.cgi?id=1450960
Signed-off-by: ning.bo <ning.bo9(a)zte.com.cn>
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
Additionally, we might want to check for the errno, providing a specific
message if such issue occurs again in a further non-specified point in time and
return the generic, yet cryptic one for all other cases.
src/node_device/node_device_udev.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
index 4ecb0b18f..0b3717397 100644
--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
@@ -1728,6 +1728,13 @@ static int nodeStateInitialize(bool privileged,
udev_monitor_enable_receiving(priv->udev_monitor);
+ /* mimic udevd's behaviour and override the systems rmem_max limit in case
+ * there's a significant number of device 'add' events
+ */
+ if (geteuid() == 0)
+ udev_monitor_set_receive_buffer_size(priv->udev_monitor,
+ 128 * 1024 * 1024);
+
/* We register the monitor with the event callback so we are
* notified by udev of device changes before we enumerate existing
* devices because libvirt will simply recreate the device if we
--
2.13.0
7 years, 5 months
[libvirt] [PATCH] qemu:json: Fix daemon crash on handling domain shutdown event
by Erik Skultety
commit a8eba5036 added further checking of the guest shutdown cause, but
this enhancement is available since qemu 2.10, causing a crash because
of a NULL pointer dereference on older qemus.
Thread 1 "libvirtd" received signal SIGSEGV, Segmentation fault.
0x00007ffff72441af in virJSONValueObjectGet (object=0x0,
key=0x7fffd5ef11bf "guest")
at util/virjson.c:769
769 if (object->type != VIR_JSON_TYPE_OBJECT)
(gdb) bt
0 in virJSONValueObjectGet
1 in virJSONValueObjectGetBoolean
2 in qemuMonitorJSONHandleShutdown
3 in qemuMonitorJSONIOProcessEvent
4 in qemuMonitorJSONIOProcessLine
5 in qemuMonitorJSONIOProcess
6 in qemuMonitorIOProcess
7 in qemuMonitorIO
8 in virEventPollDispatchHandles
9 in virEventPollRunOnce
10 in virEventRunDefaultImpl
11 in virNetDaemonRun
12 in main
Signed-off-by: Erik Skultety <eskultet(a)redhat.com>
---
src/qemu/qemu_monitor_json.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 757595dd7..f208dd05a 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -528,7 +528,7 @@ static void qemuMonitorJSONHandleShutdown(qemuMonitorPtr mon, virJSONValuePtr da
bool guest = false;
virTristateBool guest_initiated = VIR_TRISTATE_BOOL_ABSENT;
- if (virJSONValueObjectGetBoolean(data, "guest", &guest) == 0)
+ if (data && virJSONValueObjectGetBoolean(data, "guest", &guest) == 0)
guest_initiated = guest ? VIR_TRISTATE_BOOL_YES : VIR_TRISTATE_BOOL_NO;
qemuMonitorEmitShutdown(mon, guest_initiated);
--
2.13.0
7 years, 5 months
[libvirt] [PATCH v3] Regression: Report correct CPUs present on executing virsh nodecpumap
by Nitesh Konkar
On executing the virsh nodecpumap command, the number
of CPUs present was shown as (last cpu online id + 1). This
patch fixes the issue by reporting the current number of
CPUs present.
Signed-off-by: Nitesh Konkar <nitkon12(a)linux.vnet.ibm.com>
---
src/util/virhostcpu.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/util/virhostcpu.c b/src/util/virhostcpu.c
index aa9cfeac2..c485a9721 100644
--- a/src/util/virhostcpu.c
+++ b/src/util/virhostcpu.c
@@ -1093,7 +1093,7 @@ virHostCPUGetMap(unsigned char **cpumap,
if (online)
*online = virBitmapCountBits(cpus);
- ret = virBitmapSize(cpus);
+ ret = virHostCPUGetCount();
cleanup:
if (ret < 0 && cpumap)
--
2.11.0
7 years, 5 months
[libvirt] [libvirt-sandbox PATCH] mkinitrd: Add missing fscrypto module
by Guido Günther
---
libvirt-sandbox/libvirt-sandbox-builder-machine.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/libvirt-sandbox/libvirt-sandbox-builder-machine.c b/libvirt-sandbox/libvirt-sandbox-builder-machine.c
index bdec490..7204f71 100644
--- a/libvirt-sandbox/libvirt-sandbox-builder-machine.c
+++ b/libvirt-sandbox/libvirt-sandbox-builder-machine.c
@@ -186,6 +186,7 @@ static gchar *gvir_sandbox_builder_machine_mkinitrd(GVirSandboxConfig *config,
/* In case ext4 is built as a module, include it and its deps
* for the root mount */
+ gvir_sandbox_config_initrd_add_module(initrd, "fscrypto.ko");
gvir_sandbox_config_initrd_add_module(initrd, "mbcache.ko");
gvir_sandbox_config_initrd_add_module(initrd, "jbd2.ko");
gvir_sandbox_config_initrd_add_module(initrd, "crc16.ko");
--
2.11.0
7 years, 5 months
