October 2020 - Devel - libvirt List Archives

[libvirt PATCH] API: virDomainLookupByID: s/UUId/UUID/
by Ján Tomko 05 Oct '20

05 Oct '20

Signed-off-by: Ján Tomko <jtomko(a)redhat.com> --- src/libvirt-domain.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c index 415482a526..a7266ccd88 100644 --- a/src/libvirt-domain.c +++ b/src/libvirt-domain.c @@ -284,7 +284,7 @@ virDomainCreateLinux(virConnectPtr conn, const char *xmlDesc, * * Try to find a domain based on the hypervisor ID number * Note that this won't work for inactive domains which have an ID of -1, - * in that case a lookup based on the Name or UUId need to be done instead. + * in that case a lookup based on the Name or UUID need to be done instead. * * virDomainFree should be used to free the resources after the * domain object is no longer needed. -- 2.26.2

2 1

[PATCH 0/8] hyperv: implement new APIs & more
by mcoleman＠datto.com 05 Oct '20

05 Oct '20

From: Matt Coleman <matt(a)datto.com> These patches fix a couple bugs, consolidate duplicate code, and implement several APIs. Currently, some interactions with Hyper-V systems fail when the system is not configured for the "en-US" locale. Additionally, some CPU names also contain the clock frequency, making it too long for _virNodeInfo.model. The first two patches fix these bugs. The second two patches clean up the code a little: one moves repeated operations into new helper functions; the other replaces the generic "get WMI class list" functions with a macro. The last four patches implement the following APIs in the Hyper-V driver: * virConnectGetCapabilities() * virConnectGetMaxVcpus() * virConnectGetVersion() * virDomainGetAutostart() Matt Coleman (8): hyperv: make Msvm_ComputerSystem WQL queries locale agnostic hyperv: fix nodeGetInfo failures caused by long CPU names hyperv: break out common lookups into separate functions hyperv: replace generic WMI class list helpers with a macro hyperv: implement connectGetCapabilities hyperv: implement connectGetMaxVcpus hyperv: implement connectGetVersion hyperv: implement domainGetAutostart NEWS.rst | 10 + src/hyperv/hyperv_driver.c | 691 ++++++++++++++++++-------- src/hyperv/hyperv_private.h | 2 + src/hyperv/hyperv_wmi.c | 87 +--- src/hyperv/hyperv_wmi.h | 34 +- src/hyperv/hyperv_wmi_classes.h | 4 +- src/hyperv/hyperv_wmi_generator.input | 2 +- 7 files changed, 524 insertions(+), 306 deletions(-) -- 2.27.0

4 20

[PATCH 0/4] docs: formatdomain: misc fixes
by Cole Robinson 05 Oct '20

05 Oct '20

A collection of formatdomain fixes that I've noticed over the past few months Cole Robinson (4): docs: formatdomain: remove doubled filesystem <driver> docs: formatdomain: fix incorrect 'Vsock' heading indent docs: formatdomain: fix net downscript 'since' docs: formatdomain: add spicevmc <redirdev> example docs/formatdomain.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) -- 2.28.0

2 8

[libvirt PATCH] tests: fix incorrect free of GVariant in our GLib mock functions
by Pavel Hrdina 05 Oct '20

05 Oct '20

GLib implementation of g_dbus_connection_call_sync() calls g_variant_ref_sink() on the passed @parameters to make sure they have proper reference. If the original reference is floating the g_dbus_connection_call_sync() consumes it, but if it's normal reference it will just add another one. Our mock functions were only freeing the @parameters which is incorrect and doesn't reflect how the real implementation works. Reported-by: Cole Robinson <crobinso(a)redhat.com> Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com> --- tests/networkxml2firewalltest.c | 4 +++- tests/virfirewalltest.c | 3 +++ tests/virpolkittest.c | 3 +++ tests/virsystemdtest.c | 4 +++- 4 files changed, 12 insertions(+), 2 deletions(-) diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c index e0244f508e..3496445f0d 100644 --- a/tests/networkxml2firewalltest.c +++ b/tests/networkxml2firewalltest.c @@ -60,8 +60,10 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync, GCancellable *, cancellable, GError **, error) { - if (parameters) + if (parameters) { + g_variant_ref_sink(parameters); g_variant_unref(parameters); + } VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync); diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c index 607638e9d0..646b999d96 100644 --- a/tests/virfirewalltest.c +++ b/tests/virfirewalltest.c @@ -79,6 +79,9 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync, GVariant *reply = NULL; g_autoptr(GVariant) params = parameters; + if (params) + g_variant_ref_sink(params); + VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync); if (STREQ(bus_name, "org.freedesktop.DBus") && diff --git a/tests/virpolkittest.c b/tests/virpolkittest.c index 011d83a506..b7cbe28466 100644 --- a/tests/virpolkittest.c +++ b/tests/virpolkittest.c @@ -52,6 +52,9 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync, GVariant *reply = NULL; g_autoptr(GVariant) params = parameters; + if (params) + g_variant_ref_sink(params); + VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync); if (STREQ(bus_name, "org.freedesktop.PolicyKit1") && diff --git a/tests/virsystemdtest.c b/tests/virsystemdtest.c index c1411d7c05..bd0ca51140 100644 --- a/tests/virsystemdtest.c +++ b/tests/virsystemdtest.c @@ -54,8 +54,10 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync, { GVariant *reply = NULL; - if (parameters) + if (parameters) { + g_variant_ref_sink(parameters); g_variant_unref(parameters); + } VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync); -- 2.26.2

3 2

[PATCH 1/1] vircommand.c: write child pidfile before process tuning in virExec()
by Daniel Henrique Barboza 03 Oct '20

03 Oct '20

When VIR_EXEC_DAEMON is true and cmd->pidfile exists, the parent will expect the pidfile to be written before exiting, sitting tight in a saferead() call waiting. The child then does process tuning (via virProcessSet* functions) before writing the pidfile. Problem is that these tunings can fail, and trigger a 'fork_error' jump, before cmd->pidfile is written. The result is that the process was aborted in the child, but the parent is still hang in the saferead() call. This behavior can be reproduced by trying to create and execute a QEMU guest in user mode (e.g. using qemu:///session as non-root). virProcessSetMaxMemLock() will fail if the spawned libvirtd user process does not have CAP_SYS_RESOURCE capability. setrlimit() will fail, and a 'fork_error' jump is triggered before cmd->pidfile is written. The parent will hung in saferead() indefinitely. From the user perspective, 'virsh start <guest>' will hang up indefinitely. CTRL+C can be used to retrieve the terminal, but any subsequent 'virsh' call will also hang because the previous libvirtd user process is still there. We can fix this by moving all virProcessSet*() tuning functions to be executed after cmd->pidfile is taken care of. In the case mentioned above, this would be the result of 'virsh start' after this patch: error: Failed to start domain vm1 error: internal error: Process exited prior to exec: libvirt: error : cannot limit locked memory to 79691776: Operation not permitted Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1882093 Signed-off-by: Daniel Henrique Barboza <danielhb413(a)gmail.com> --- src/util/vircommand.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/util/vircommand.c b/src/util/vircommand.c index 76f7eb9a3d..0475e22db6 100644 --- a/src/util/vircommand.c +++ b/src/util/vircommand.c @@ -787,15 +787,6 @@ virExec(virCommandPtr cmd) } } - if (virProcessSetMaxMemLock(0, cmd->maxMemLock) < 0) - goto fork_error; - if (virProcessSetMaxProcesses(0, cmd->maxProcesses) < 0) - goto fork_error; - if (virProcessSetMaxFiles(0, cmd->maxFiles) < 0) - goto fork_error; - if (cmd->setMaxCore && - virProcessSetMaxCoreSize(0, cmd->maxCore) < 0) - goto fork_error; if (cmd->pidfile) { int pidfilefd = -1; char c; @@ -820,6 +811,16 @@ virExec(virCommandPtr cmd) /* pidfilefd is intentionally leaked. */ } + if (virProcessSetMaxMemLock(0, cmd->maxMemLock) < 0) + goto fork_error; + if (virProcessSetMaxProcesses(0, cmd->maxProcesses) < 0) + goto fork_error; + if (virProcessSetMaxFiles(0, cmd->maxFiles) < 0) + goto fork_error; + if (cmd->setMaxCore && + virProcessSetMaxCoreSize(0, cmd->maxCore) < 0) + goto fork_error; + if (cmd->hook) { VIR_DEBUG("Run hook %p %p", cmd->hook, cmd->opaque); ret = cmd->hook(cmd->opaque); -- 2.26.2

3 5

[libvirt PATCH 0/5] misc spelling errors reported by codespell
by Daniel P. Berrangé 02 Oct '20

02 Oct '20

2 8

[PATCH] NEWS: mention CVE-2020-25637 in v6.8.0 release notes
by Mauro Matteo Cascella 02 Oct '20

02 Oct '20

--- NEWS.rst | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/NEWS.rst b/NEWS.rst index de46cac8c5..f6074d9fe8 100644 --- a/NEWS.rst +++ b/NEWS.rst @@ -27,6 +27,14 @@ v6.9.0 (unreleased) v6.8.0 (2020-10-01) =================== +* **Security** + + * qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c + + Clients connecting to the read-write socket with limited ACL permissions + may be able to crash the libvirt daemon, resulting in a denial of service, + or potentially escalate their privileges on the system. CVE-2020-25637. + * **New features** * xen: Add ``writeFiltering`` attribute for PCI devices -- 2.26.2

2 2

[PATCH 0/6] virBitmapCopy: Refactor to prevent failures
by Peter Krempa 02 Oct '20

02 Oct '20

Note that this applies on top of my previous series dealing with bitmaps. Peter Krempa (6): virBitmapNewCopy: Reimplement bitmap copying to prevent failure Don't check return value of virBitmapNewCopy Use 'virBitmapNewCopy' instead of 'virBitmapCopy' util: virbitmap: Remove virBitmapCopy virDomainResctrlNew: Refactor allocation to remove 'cleanup' label qemuDomainFilterHotplugVcpuEntities: Refactor memory freeing to remove 'cleanup' label src/conf/capabilities.c | 6 ++---- src/conf/domain_conf.c | 19 ++++-------------- src/conf/numa_conf.c | 4 ++-- src/libvirt_private.syms | 1 - src/qemu/qemu_capabilities.c | 3 ++- src/qemu/qemu_driver.c | 13 +++---------- src/qemu/qemu_hotplug.c | 20 ++++++------------- src/qemu/qemu_migration_cookie.c | 3 --- src/qemu/qemu_process.c | 3 +-- src/test/test_driver.c | 5 +---- src/util/virbitmap.c | 33 ++------------------------------ src/util/virbitmap.h | 6 ------ src/util/virresctrl.c | 4 ++-- src/util/virstoragefile.c | 5 ++--- 14 files changed, 27 insertions(+), 98 deletions(-) -- 2.26.2

2 12

[PATCH 00/20] qemu: migration_cookie: Refactor and modernize
by Peter Krempa 02 Oct '20

02 Oct '20

Note that this applies on top of the recent bitmap refactors Peter Krempa (20): qemu: migration_cookie: Extract parsing/validation of mandatory features qemuMigrationCookieXMLParse: Switch to single-purpose temporary variables qemuMigrationCookieXMLParse: Check domain element count more defensively qemuMigrationCookieXMLParse: Decrease scope of 'nodes' and use automatic freeing qemuMigrationCookieXMLParse: Remove comment mentioning that error was already set qemuMigrationCookieXMLParse: Remove 'error' label qemuMigrationCookieGraphicsXMLFormat: Use 'virXMLFormatElement' qemuMigrationCookieNetworkXMLFormat: Refactor XML formatting qemuMigrationCookieXMLFormat: Extract formatting of NBD qemuDomainExtractTLSSubject: Refactor memory handling qemu: migration_cookie: Register 'autoptr' functions for internal types qemuMigrationCookieGraphicsSpiceAlloc: Refactor memory handling qemuMigrationCookieNetworkAlloc: Refactor memory handling qemuMigrationCookieXMLFormat: Refactor memory handling qemuMigrationCookieNetworkXMLParse: Refactor memory handling qemuMigrationCookieNBDXMLParse: Refactor memory handling qemuMigrationCookieCapsXMLParse: Refactor memory handling qemuMigrationCookieAddCaps: Use 'g_new0' instead of VIR_ALLOC qemuMigrationCookieXMLParse: Avoid VIR_FREE when parsing lockstate qemu: migration_cookie: s/VIR_FREE/g_free/ src/qemu/qemu_migration_cookie.c | 493 ++++++++++++++----------------- 1 file changed, 214 insertions(+), 279 deletions(-) -- 2.26.2

2 21

virsystemdtest segfault on ppc64
by Cole Robinson 02 Oct '20

02 Oct '20

I'm seeing failures building libvirt 6.8.0 rpm on fedora 32, 33, and rawhide. virsystemdtest is segfaulting on ppc64. https://kojipkgs.fedoraproject.org//work/tasks/5494/52595494/build.log The output from the failed tests: 74/160 libvirt / virsystemdtest FAIL 0.44s (killed by signal 11 SIGSEGV) --- command --- 17:14:09 abs_srcdir='/builddir/build/BUILD/libvirt-6.8.0/tests' abs_top_srcdir='/builddir/build/BUILD/libvirt-6.8.0' VIR_TEST_EXPENSIVE='1' LIBVIRT_AUTOSTART='0' abs_top_builddir='/builddir/build/BUILD/libvirt-6.8.0/ppc64le-redhat-linux-gnu' LC_ALL='C' abs_builddir='/builddir/build/BUILD/libvirt-6.8.0/ppc64le-redhat-linux-gnu/tests' /builddir/build/BUILD/libvirt-6.8.0/ppc64le-redhat-linux-gnu/tests/virsystemdtest --- stderr --- TEST: virsystemdtest (process:3397099): GLib-CRITICAL **: 17:14:09.137: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.137: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.137: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.137: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.137: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.137: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.137: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.137: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed ..... (process:3397099): GLib-CRITICAL **: 17:14:09.138: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.138: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.138: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . (process:3397099): GLib-CRITICAL **: 17:14:09.138: g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed . ------- Full log written to /builddir/build/BUILD/libvirt-6.8.0/ppc64le-redhat-linux-gnu/meson-logs/testlog.txt RPM build errors: error: Bad exit status from /var/tmp/rpm-tmp.Yh8pF5 (%check) Bad exit status from /var/tmp/rpm-tmp.Yh8pF5 (%check) Child return code was: 1 Thanks, Cole

4 4