[libvirt] LSN-2014-0009: CVE-2014-8135 crash when using virStorageVolUpload
by Eric Blake
Libvirt Security Notice: LSN-2014-0009
======================================
Summary: crash when using virStorageVolUpload
Reported on: 20141202
Published on: 20141203
Fixed on: 20141203
Reported by: Pei Zhang <pzhang(a)redhat.com>
Patched by: Luyao Huang <lhuang(a)redhat.com>
See also: CVE-2014-8135
Description
-----------
Incorrect parameter validation of the virStorageVolUpload command
could cause libvirtd to attempt to dereference NULL.
Impact
------
When using fine-grained ACLs, a user that is permitted to modify
storage volumes but not create arbitrary domains can use bogus
parameters to cause a denial of service attack against more
privileged users.
Workaround
----------
Passing valid parameters to virStorageVolUpload will not trigger a
problem. It is also possible to prevent the denial of service by
stopping the use of the fine grained access control mechanism, or by
not granting users the storage_vol:data_write permission if they do
not also have the domain:write permission; doing this will not
prevent the crash for invalid parameters, but such a crash is no
longer a security attack.
Affected product
----------------
Name: libvirt
Repository: git://libvirt.org/git/libvirt.git
http://libvirt.org/git/?p=libvirt.git
Branch: master
Broken in: v1.2.8
Broken in: v1.2.9
Broken in: v1.2.10
Fixed in: v1.2.11
Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
Fixed by: 87b9437f8951f9d24f9a85c6bbfff0e54df8c984
Branch: v1.2.8-maint
Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
Fixed by: 05ba8c50b15f7078ba7981f550fc59c3dc74c469
Branch: v1.2.9-maint
Broken in: v1.2.9.1
Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
Fixed by: 584e876ba2057b472074dbf177d2397392d70363
Branch: v1.2.10-maint
Broken by: 4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7
Fixed by: c89df3695b397d155ca15ac174c983ae9a77387e
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
9 years, 10 months
[libvirt] LSN-2014-0008: CVE-2014-8131 deadlock or segfault in virConnectGetAllDomainStats
by Eric Blake
Libvirt Security Notice: LSN-2014-0008
======================================
Summary: deadlock or segfault in virConnectGetAllDomainStats
Reported on: 20141127
Published on: 20141205
Fixed on: 20141211
Reported by: Martin Kletzander <mkletzan(a)redhat.com>
Patched by: Martin Kletzander <mkletzan(a)redhat.com>,
Francesco Romani <fromani(a)redhat.com>
See also: CVE-2014-8131
Description
-----------
When using fine-grained ACLs to restrict users from accessing all
domains, a logic bug in the qemu implementation of
virConnectGetAllDomainStats could result in incorrect lock
management of the next domain inspected after a domain that was
skipped due to ACL restrictions.
Impact
------
A restricted client can trigger a denial of service against a more
privileged user when libvirtd goes into deadlock when trying to lock
an incorrectly locked domain, or crashes when trying to unlock a
domain that was not locked.
Workaround
----------
Stop use of the fine grained access control mechanism, or stop
trying to use access control to restrict the set of domains that an
authorized client can see.
Affected product
----------------
Name: libvirt
Repository: git://libvirt.org/git/libvirt.git
http://libvirt.org/git/?p=libvirt.git
Branch: master
Broken in: v1.2.8
Broken in: v1.2.9
Broken in: v1.2.10
Fixed in: v1.2.11
Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
Fixed by: 57023c0a3af4af1c547189c1f6712ed5edeb0c0b
Fixed by: cb104ef734dfea12cb8826dba7e2c98912c4b7e1
Branch: v1.2.8-maint
Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
Fixed by: 27431ec96e617f186bd3f5900aeb7d622770533a
Branch: v1.2.9-maint
Broken in: v1.2.9.1
Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
Fixed by: 5d8bee6d57cddf462912ad2fc544c8a57b1c2841
Fixed by: dfbdea7ea8fa36d9f27942c5b2882acfd86a3c3b
Branch: v1.2.10-maint
Broken by: d1bde8eda3b4027b38c7c1d5942a6388b0458803
Broken by: 1f4831ee6ecc17d0f2008d7db15bfd9bc3b1d685
Fixed by: a20e818cb3f46d2dce586327dcc49ffcd82d94cb
Fixed by: a9638ae975a1c784d958e3fb2f0aab36b3ebddeb
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
9 years, 10 months
[libvirt] [PATCH] parallels: report, that cdrom image is raw
by Dmitry Guryanov
VIR_STORAGE_FILE_AUTO should be used only in xml provided to
libvirt by user, if I understood correctly. Driver should
set storage source format to specific disk format in
*DomainGetXMLDesc.
CDROMs in PCS use raw image format.
Signed-off-by: Dmitry Guryanov <dguryanov(a)parallels.com>
---
src/parallels/parallels_sdk.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/parallels/parallels_sdk.c b/src/parallels/parallels_sdk.c
index 05b1049..7aa50ee 100644
--- a/src/parallels/parallels_sdk.c
+++ b/src/parallels/parallels_sdk.c
@@ -471,7 +471,7 @@ prlsdkGetDiskInfo(PRL_HANDLE prldisk,
if (emulatedType == PDT_USE_IMAGE_FILE) {
virDomainDiskSetType(disk, VIR_STORAGE_TYPE_FILE);
if (isCdrom)
- virDomainDiskSetFormat(disk, VIR_STORAGE_FILE_AUTO);
+ virDomainDiskSetFormat(disk, VIR_STORAGE_FILE_RAW);
else
virDomainDiskSetFormat(disk, VIR_STORAGE_FILE_PLOOP);
} else {
--
2.1.0
9 years, 10 months
[libvirt] [PATCH 0/6] qemu: Fix hotplugging cpus with strict memory pinning
by Martin Kletzander
Deatils are in the patches themselves, but the basic idea is this:
Setup:
$ grep DMA32 /proc/zoneinfo
Node 0, zone DMA32
$ virsh dumpxml domain | grep -C1 strict
<numatune>
<memory mode='strict' nodeset='1'/>
</numatune>
$ virsh start domain
Domain domain started
Before:
$ virsh setvcpus domain 2
error: Unable to read from monitor: Connection reset by peer
# Domain died
After:
$ virsh setvcpus domain 2
# hotplug successful
Martin
Martin Kletzander (6):
util: Add function virCgroupHasEmptyTasks
util: Add virNumaGetHostNodeset
qemu: Remove unnecessary qemuSetupCgroupPostInit function
qemu: Save numad advice into qemuDomainObjPrivate
qemu: Leave cpuset.mems in parent cgroup alone
qemu: Fix hotplugging cpus with strict memory pinning
src/libvirt_private.syms | 2 ++
src/qemu/qemu_cgroup.c | 94 +++++++++++++++++++++++++++++++++++++-----------
src/qemu/qemu_cgroup.h | 9 ++---
src/qemu/qemu_domain.c | 1 +
src/qemu/qemu_domain.h | 1 +
src/qemu/qemu_driver.c | 88 +++++++++++++++++++++++++--------------------
src/qemu/qemu_process.c | 21 ++++++-----
src/util/vircgroup.c | 23 ++++++++++++
src/util/vircgroup.h | 4 ++-
src/util/virnuma.c | 28 +++++++++++++++
src/util/virnuma.h | 1 +
11 files changed, 194 insertions(+), 78 deletions(-)
--
2.2.0
9 years, 10 months
[libvirt] [PATCH v2 0/2] Rework reference counting in QEMU
by Martin Kletzander
Our reference locking for objects is great and powerful thing. The
problem is that it was either not followed through completely or the
design was not complete, but it doesn't matter now. There are few
bugs in the code due to the reference counting and the daemon is
lacking some performance in specific scenarios.
This "series" tried to fix that using the following idea:
- Each API working with a domain object that has to get it from the
list will have its *own* reference, not borrowed one from the list.
- When adding a domain into the list, the reference counter is
increased (this is the reference that is there just for being in
the list) and when being removed, it is decreased. No
special-casing of "if this is was the last reference" and other
funny stuff.
- When job is created, there is no need to increase the reference
counter as there are at least two references for the domain:
1) The API that created the job has one, so if it's not async it
will be kept until the API ends and at that point the job won't
exist any more.
2) The domain list has one and even though I said nobody needs to
rely on that, async APIs probably will do that, but there's an
excuse for that. In order to remove the domain from the list,
you need a job and that won't succeed unless the async one
ended. So we're good in this case as well.
After searching through the code for all things that needed to be
removed and fixing everything I could possibly think of, I tried a few
things on my setup and it looks like it works. However, I haven't
tried *every single API*, but I hope that's understandable. On the
other hand, I asked Pavel to try running virt-test with these patches
applied, hopefully we'll get an idea about how reliable this "series"
is.
I used "series" (with quotes) on purpose, because first patch just
adds two new wrappers for slightly modified function and the second
one changes the whole qemu driver at once. Unfortunately the second
patch couldn't be broken up to more parts due to the nature of the
fix.
Martin Kletzander (2):
conf: Rework virDomainObjListFindByUUID to allow more concurrent APIs
qemu: completely rework reference counting
src/conf/domain_conf.c | 29 +-
src/conf/domain_conf.h | 2 +
src/libvirt_private.syms | 1 +
src/qemu/THREADS.txt | 40 ++-
src/qemu/qemu_domain.c | 49 ++--
src/qemu/qemu_domain.h | 12 +-
src/qemu/qemu_driver.c | 708 ++++++++++++++++------------------------------
src/qemu/qemu_migration.c | 111 +++-----
src/qemu/qemu_migration.h | 10 +-
src/qemu/qemu_process.c | 77 ++---
10 files changed, 400 insertions(+), 639 deletions(-)
--
2.2.0
9 years, 10 months
Re: [libvirt] [openstack-dev] [nova] - 'nova reboot' causes console-log truncated
by Surojit Pathak
On 11/14/14 2:02 AM, Daniel P. Berrange wrote:
> On Thu, Nov 13, 2014 at 01:55:06PM -0800, Surojit Pathak wrote:
>> Hi all,
>>
>> [Issue observed]
>> If we issue 'nova reboot <server>', we get to have the console output of the
>> latest bootup of the server only. The console output of the previous boot
>> for the same server vanishes due to truncation[1]. If we do reboot from
>> within the VM instance [ #sudo reboot ], or reboot the instance with 'virsh
>> reboot <instance>' the behavior is not the same, where the console.log keeps
>> increasing, with the new output being appended.
>> This loss of history makes some debugging scenario difficult due to lack of
>> information being available.
>>
>> Please point me to any solution/blueprint for this issue, if already
>> planned. Otherwise, please comment on my analysis and proposals as solution,
>> below -
>>
>> [Analysis]
>> Nova's libvirt driver on compute node tries to do a graceful restart of the
>> server instance, by attempting a soft_reboot first. If soft_reboot fails, it
>> attempts a hard_reboot. As part of soft_reboot, it brings down the instance
>> by calling shutdown(), and then calls createWithFlags() to bring this up.
>> Because of this, qemu-kvm process for the instance gets terminated and new
>> process is launched. In QEMU, the chardev file is opened with O_TRUNC, and
>> thus we lose the previous content of the console.log file.
>> On the other-hand, during 'virsh reboot <instance>', the same qemu-kvm
>> process continues, and libvirt actually does a qemuDomainSetFakeReboot().
>> Thus the same file continues capturing the new console output as a
>> continuation into the same file.
> Nova and libvirt have support for issuing a graceful reboot via the QEMU
> guest agent. So if you make sure that is installed, and tell Nova to use
> it, then Nova won't have to stop & recreate the QEMU process and thus
> won't have the problem of overwriting the logs.
Hi Daniel,
Having GA to do graceful restart is nice option. But if it were to just
preserve the same console file, even 'virsh reboot' achieves the
purpose. As I explained in my original analysis, Nova seems to have not
taken the path, as it does not want to have a false positive, where the
GA does not respond or 'virDomain.reboot' fails later and the domain is
not really restarted. [ CC-ed vish, author of nova
<http://tripsgrips.corp.gq1.yahoo.com:8080/source/xref/nova/nova/>/virt
<http://tripsgrips.corp.gq1.yahoo.com:8080/source/xref/nova/nova/virt/>/libvirt
<http://tripsgrips.corp.gq1.yahoo.com:8080/source/xref/nova/nova/virt/libv...>/driver.py
<http://tripsgrips.corp.gq1.yahoo.com:8080/source/xref/nova/nova/virt/libv...>
]
IMHO, QEMU should preserve the console-log file for a given domain, if
it exists, by not opening with O_TRUNC option, instead opening with
O_APPEND. I would like to draw a comparison of a real computer to which
we might be connected over serial console, and the box gets powered down
and up with external button press, and we do not lose the console
history, if connected. And that's what is the experience console-log
intends to provide. If you think, this is agreeable, please let me know,
I will send the patch to qemu-devel@.
--
Regards,
SURO
9 years, 10 months
Re: [libvirt] [PATCH 2/2] Add tests to xmconfigtest
by Jim Fehlig
Chun Yan Liu wrote:
>
>>>> On 12/23/2014 at 09:42 AM, in message <5498C888.6000903(a)suse.com>, Jim Fehlig
>>>>
> <jfehlig(a)suse.com> wrote:
>
>> Chunyan Liu wrote:
>>
>> Hi Chunyan,
>>
>> Thanks for the fix, and the test! But I have a few questions regarding
>> the latter...
>>
>>
>>> Add tests to testing HVM default features (pae, acpi, apic)
>>> conversion from xm config to libvirt xml and from libvirt
>>> xml to xm config.
>>>
>>> Signed-off-by: Chunyan Liu <cyliu(a)suse.com>
>>> ---
>>> .../xmconfigdata/test-fullvirt-default-feature.cfg | 23 +++++++++++
>>> .../test-fullvirt-default-feature.cfg.out | 26 ++++++++++++
>>> .../xmconfigdata/test-fullvirt-default-feature.xml | 48
>>>
>> ++++++++++++++++++++++
>>
>>> tests/xmconfigtest.c | 9 +++-
>>> 4 files changed, 105 insertions(+), 1 deletion(-)
>>> create mode 100644 tests/xmconfigdata/test-fullvirt-default-feature.cfg
>>> create mode 100644 tests/xmconfigdata/test-fullvirt-default-feature.cfg.out
>>> create mode 100644 tests/xmconfigdata/test-fullvirt-default-feature.xml
>>>
>>> diff --git a/tests/xmconfigdata/test-fullvirt-default-feature.cfg
>>>
>> b/tests/xmconfigdata/test-fullvirt-default-feature.cfg
>>
>>> new file mode 100644
>>> index 0000000..5ce234f
>>> --- /dev/null
>>> +++ b/tests/xmconfigdata/test-fullvirt-default-feature.cfg
>>>
>>>
>>
>> Why is this file needed?
>>
> "
> Here we are testing default value conversion. That is:
> if there is no apci/pae/apic specified in xm config, after conversion,
> libvirt xml should include:
> <features>
> <apic/>
> <acpi/>
> <pae/>
> </features>
>
Ah, ok. Agreed that this test is missing.
> So, from xm config -> xml, the cfg file should be like this.
>
>>
>>
>>> @@ -0,0 +1,23 @@
>>> +name = "XenGuest2"
>>> +uuid = "c7a5fdb2-cdaf-9455-926a-d65c16db1809
>>> +maxmem = 579
>>> +memory = 394
>>> +vcpus = 1
>>> +builder = "hvm"
>>> +kernel = "/usr/lib/xen/boot/hvmloader"
>>> +boot = "d"
>>> +hpet = 1
>>> +localtime = 0
>>> +on_poweroff = "destroy"
>>> +on_reboot = "restart"
>>> +on_crash = "restart"
>>> +device_model = "/usr/lib/xen/bin/qemu-dm"
>>> +sdl = 0
>>> +vnc = 1
>>> +vncunused = 1
>>> +vnclisten = "127.0.0.1"
>>> +vncpasswd = "123poi"
>>> +vif = [
>>>
>> "mac=00:16:3e:66:92:9c,bridge=xenbr1,script=vif-bridge,model=e1000,type=ioem
>> u" ]
>>
>>> +parallel = "none"
>>> +serial = "none"
>>> +disk = [ "phy:/dev/HostVG/XenGuest2,hda,w",
>>>
>> "file:/root/boot.iso,hdc:cdrom,r" ]
>>
>>> diff --git a/tests/xmconfigdata/test-fullvirt-default-feature.cfg.out
>>>
>> b/tests/xmconfigdata/test-fullvirt-default-feature.cfg.out
>>
>>> new file mode 100644
>>> index 0000000..97a9827
>>> --- /dev/null
>>> +++ b/tests/xmconfigdata/test-fullvirt-default-feature.cfg.out
>>>
>>>
>>
>> IMO, this file should be renamed to 'test-fullvirt-default-feature.cfg'.
>>
>
> And from xml -> xm config, if in xml there is:
> <features>
> <apic/>
> <acpi/>
> <pae/>
> </features>
> Then after conversion, in xm config out file there will be explicitly:
> acpi=1
> apic=1
> pae=1
>
> So, thlis is a little different from test-fullvirt-default-feature.cfg.
>
This is actually tested in all of the other test-fullvirt-* tests. I
don't think we need an explicit test for it.
>
>>
>>
>>> @@ -0,0 +1,26 @@
>>> +name = "XenGuest2"
>>> +uuid = "c7a5fdb2-cdaf-9455-926a-d65c16db1809"
>>> +maxmem = 579
>>> +memory = 394
>>> +vcpus = 1
>>> +builder = "hvm"
>>> +kernel = "/usr/lib/xen/boot/hvmloader"
>>> +boot = "d"
>>> +pae = 1
>>> +acpi = 1
>>> +apic = 1
>>> +hpet = 1
>>> +localtime = 0
>>> +on_poweroff = "destroy"
>>> +on_reboot = "restart"
>>> +on_crash = "restart"
>>> +device_model = "/usr/lib/xen/bin/qemu-dm"
>>> +sdl = 0
>>> +vnc = 1
>>> +vncunused = 1
>>> +vnclisten = "127.0.0.1"
>>> +vncpasswd = "123poi"
>>> +vif = [
>>>
>> "mac=00:16:3e:66:92:9c,bridge=xenbr1,script=vif-bridge,model=e1000,type=ioem
>> u" ]
>>
>>> +parallel = "none"
>>> +serial = "none"
>>> +disk = [ "phy:/dev/HostVG/XenGuest2,hda,w",
>>>
>> "file:/root/boot.iso,hdc:cdrom,r" ]
>>
>>> diff --git a/tests/xmconfigdata/test-fullvirt-default-feature.xml
>>>
>> b/tests/xmconfigdata/test-fullvirt-default-feature.xml
>>
>>> new file mode 100644
>>> index 0000000..57a6531
>>> --- /dev/null
>>> +++ b/tests/xmconfigdata/test-fullvirt-default-feature.xml
>>> @@ -0,0 +1,48 @@
>>> +<domain type='xen'>
>>> + <name>XenGuest2</name>
>>> + <uuid>c7a5fdb2-cdaf-9455-926a-d65c16db1809</uuid>
>>> + <memory unit='KiB'>592896</memory>
>>> + <currentMemory unit='KiB'>403456</currentMemory>
>>> + <vcpu placement='static'>1</vcpu>
>>> + <os>
>>> + <type arch='i686' machine='xenfv'>hvm</type>
>>> + <loader type='rom'>/usr/lib/xen/boot/hvmloader</loader>
>>> + <boot dev='cdrom'/>
>>> + </os>
>>> + <features>
>>> + <acpi/>
>>> + <apic/>
>>> + <pae/>
>>> + </features>
>>> + <clock offset='utc' adjustment='reset'>
>>> + <timer name='hpet' present='yes'/>
>>> + </clock>
>>> + <on_poweroff>destroy</on_poweroff>
>>> + <on_reboot>restart</on_reboot>
>>> + <on_crash>restart</on_crash>
>>> + <devices>
>>> + <emulator>/usr/lib/xen/bin/qemu-dm</emulator>
>>> + <disk type='block' device='disk'>
>>> + <driver name='phy'/>
>>> + <source dev='/dev/HostVG/XenGuest2'/>
>>> + <target dev='hda' bus='ide'/>
>>> + </disk>
>>> + <disk type='file' device='cdrom'>
>>> + <driver name='file'/>
>>> + <source file='/root/boot.iso'/>
>>> + <target dev='hdc' bus='ide'/>
>>> + <readonly/>
>>> + </disk>
>>> + <interface type='bridge'>
>>> + <mac address='00:16:3e:66:92:9c'/>
>>> + <source bridge='xenbr1'/>
>>> + <script path='vif-bridge'/>
>>> + <model type='e1000'/>
>>> + </interface>
>>> + <input type='mouse' bus='ps2'/>
>>> + <input type='keyboard' bus='ps2'/>
>>> + <graphics type='vnc' port='-1' autoport='yes' listen='127.0.0.1'
>>>
>> passwd='123poi'>
>>
>>> + <listen type='address' address='127.0.0.1'/>
>>> + </graphics>
>>> + </devices>
>>> +</domain>
>>> diff --git a/tests/xmconfigtest.c b/tests/xmconfigtest.c
>>> index 0c6f803..b0b7b30 100644
>>> --- a/tests/xmconfigtest.c
>>> +++ b/tests/xmconfigtest.c
>>> @@ -176,21 +176,26 @@ testCompareHelper(const void *data)
>>> const struct testInfo *info = data;
>>> char *xml = NULL;
>>> char *cfg = NULL;
>>> + char *cfgout = NULL;
>>>
>>> if (virAsprintf(&xml, "%s/xmconfigdata/test-%s.xml",
>>> abs_srcdir, info->name) < 0 ||
>>> virAsprintf(&cfg, "%s/xmconfigdata/test-%s.cfg",
>>> + abs_srcdir, info->name) < 0 ||
>>> + virAsprintf(&cfgout, "%s/xmconfigdata/test-%s.cfg.out",
>>> abs_srcdir, info->name) < 0)
>>> goto cleanup;
>>>
>>> if (info->mode == 0)
>>> - result = testCompareParseXML(cfg, xml, info->version);
>>> + result = testCompareParseXML(virFileExists(cfgout) ? cfgout : cfg,
>>> + xml, info->version);
>>> else
>>> result = testCompareFormatXML(cfg, xml, info->version);
>>>
>>> cleanup:
>>> VIR_FREE(xml);
>>> VIR_FREE(cfg);
>>> + VIR_FREE(cfgout);
>>>
>>>
>>
>> With the change suggested above, this hunk can be removed from
>> xmconfigtest.c. 'make check' passes for me with these changes.
>>
>
> 'make check' could pass, since it explicitly specify acpi|pae|apic=1 in
> xm config, and explicitly include those features in xml. But our interested
> case is not tested, what we are trying to test is: if user doesn't specify
> acpi|pae|apic, xml should by default include those features.
>
Yep, understood. Unlike the existing tests, in this case we only want
to test xm -> xml conversion. I think a better solution would be to
introduce DO_TEST_PARSE and DO_TEST_FORMAT macros, calling those in
DO_TEST and individually when only needing to test one conversion.
Regards,
Jim
9 years, 10 months
[libvirt] [PATCH 0/2] fix xen HVM pae|apic|acpi features parser
by Chunyan Liu
According to xm.config manual, HVM pae|apic|acpi feature default
is 1 (enabled). But in conversion from xm config to libvirt xml,
if xm config doesn't contain pae|apic|acpi, it sets default value
to 0, this causes some problems in HVM guest.
Update parser codes to set HVM pae|apic|acpi default value to 1
to match xm config convension.
Add tests data to test it.
Chunyan Liu (2):
xenconfig: set HVM pae/apic/acpi/ default to 1
Add tests to xmconfigtest
src/xenconfig/xen_common.c | 6 +--
.../xmconfigdata/test-fullvirt-default-feature.cfg | 23 +++++++++++
.../test-fullvirt-default-feature.cfg.out | 26 ++++++++++++
.../xmconfigdata/test-fullvirt-default-feature.xml | 48 ++++++++++++++++++++++
tests/xmconfigtest.c | 9 +++-
5 files changed, 108 insertions(+), 4 deletions(-)
create mode 100644 tests/xmconfigdata/test-fullvirt-default-feature.cfg
create mode 100644 tests/xmconfigdata/test-fullvirt-default-feature.cfg.out
create mode 100644 tests/xmconfigdata/test-fullvirt-default-feature.xml
--
1.8.4.5
9 years, 10 months
[libvirt] [PATCH v2] test: fix nwfilter tests following changes in virfirewall.c
by Stefan Berger
Some of the nwfilter tests are now failing since --concurrent shows
up in the ebtables command. To avoid this, implement a function
preventing the probing for lock support in the eb/iptables tools
and use it in the tests.
Signed-off-by: Stefan Berger <stefanb(a)linux.vnet.ibm.com>
---
src/libvirt_private.syms | 1 +
src/util/virfirewall.c | 9 +++++++++
src/util/virfirewall.h | 2 ++
tests/nwfilterebiptablestest.c | 3 +++
tests/nwfilterxml2firewalltest.c | 2 ++
5 files changed, 17 insertions(+)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index 2647d36..22d9116 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -1362,6 +1362,7 @@ virFirewallRuleAddArgList;
virFirewallRuleAddArgSet;
virFirewallRuleGetArgCount;
virFirewallSetBackend;
+virFirewallSetLockOverride;
virFirewallStartRollback;
virFirewallStartTransaction;
diff --git a/src/util/virfirewall.c b/src/util/virfirewall.c
index 8496062..b536912 100644
--- a/src/util/virfirewall.c
+++ b/src/util/virfirewall.c
@@ -107,6 +107,13 @@ VIR_ONCE_GLOBAL_INIT(virFirewall)
static bool iptablesUseLock;
static bool ip6tablesUseLock;
static bool ebtablesUseLock;
+static bool lockOverride; /* true to avoid lock probes */
+
+void
+virFirewallSetLockOverride(bool avoid)
+{
+ lockOverride = avoid;
+}
static void
virFirewallCheckUpdateLock(bool *lockflag,
@@ -135,6 +142,8 @@ virFirewallCheckUpdateLocking(void)
const char *ebtablesArgs[] = {
EBTABLES_PATH, "--concurrent", "-L", NULL,
};
+ if (lockOverride)
+ return;
virFirewallCheckUpdateLock(&iptablesUseLock,
iptablesArgs);
virFirewallCheckUpdateLock(&ip6tablesUseLock,
diff --git a/src/util/virfirewall.h b/src/util/virfirewall.h
index 1129219..dbf3975 100644
--- a/src/util/virfirewall.h
+++ b/src/util/virfirewall.h
@@ -106,4 +106,6 @@ void virFirewallStartRollback(virFirewallPtr firewall,
int virFirewallApply(virFirewallPtr firewall);
+void virFirewallSetLockOverride(bool avoid);
+
#endif /* __VIR_FIREWALL_H__ */
diff --git a/tests/nwfilterebiptablestest.c b/tests/nwfilterebiptablestest.c
index e04bc21..e1330ef 100644
--- a/tests/nwfilterebiptablestest.c
+++ b/tests/nwfilterebiptablestest.c
@@ -24,6 +24,7 @@
#include "testutils.h"
#include "nwfilter/nwfilter_ebiptables_driver.h"
#include "virbuffer.h"
+#include "virfirewall.h"
#define __VIR_FIREWALL_PRIV_H_ALLOW__
#include "virfirewallpriv.h"
@@ -522,6 +523,8 @@ mymain(void)
{
int ret = 0;
+ virFirewallSetLockOverride(true);
+
if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
ret = -1;
goto cleanup;
diff --git a/tests/nwfilterxml2firewalltest.c b/tests/nwfilterxml2firewalltest.c
index 01527f4..167ad42 100644
--- a/tests/nwfilterxml2firewalltest.c
+++ b/tests/nwfilterxml2firewalltest.c
@@ -474,6 +474,8 @@ mymain(void)
ret = -1; \
} while (0)
+ virFirewallSetLockOverride(true);
+
if (virFirewallSetBackend(VIR_FIREWALL_BACKEND_DIRECT) < 0) {
ret = -1;
goto cleanup;
--
1.9.3
9 years, 10 months
[libvirt] Zanata xml config
by Carlos Munoz
Hi,
The migration of the libvirt project translations to Zanata is now
complete. Translators can start working now at
https://fedora.zanata.org/project/view/libvirt
To use Zanata, you need to
1. Register in https://fedora.zanata.org
2. If you are not the maintainer of your project yet, contact the admin
to add you as maintainer.
3. Follow the instruction http://zanata.org/help/cli/cli-configuration/
4. Place the attached zanata.xml in the root directory of repository
5. (Optional) integrate "zanata push" and "zanata pull" to your build
scripts.
If you have any questions , feel free to contact the Zanata dev team.
Regards,
--
Carlos A. Munoz
Software Engineering Supervisor
Engineering - Internationalization
Red Hat
9 years, 10 months
