April 2014 - Devel - libvirt List Archives

[libvirt] [BUG] xenInotify/keep-alive double-free
by Philipp Hahn 02 Apr '14

02 Apr '14

Hello, There seems to be a double-free bug in libvirt; I've checked libvirt 0.9.12 and 1.2.3: With 0.9.12 xenUnifiedOpen() passes a pointer of "conn" to xenInotifyOpen(), which passes it to virEventAddHandle(...opaque=conn...). After successfully defining a new domain inotify picks up the newly created directory and generates an event, which is processes when virsh already dropped its last public reference to the domain and subsequently already freed the connection. Since *conn is not zero-filled, the data is still valid and usable, but virsh the terminates on double-freeing some internal data. I can reproduce by it doing: virsh undefine $DOM virsh -c xen:// define $DOM.xml For 1.2.3 something similar seems to happen with the keep-alive: $ grep unref ~/BUG/31032_virsh-define-segv.log virUnrefDomain:276 : unref domain 0x7f4ec4003fe0 ucs32-64-segv 1 virReleaseDomain:246 : unref connection 0x917650 2 virUnrefDomain:276 : unref domain 0x934460 ucs32-64-segv 1 virReleaseDomain:246 : unref connection 0x917650 2 virUnrefConnect:145 : unref connection 0x917650 1 virUnrefDomain:276 : unref domain 0x7f4ec4004060 ucs32-64-segv 1 virReleaseDomain:246 : unref connection 0x917650 1 Notice that there are two lines for "unref connection ... 1"! My gut feeling is that libvirt should also increment the reference counter for internal references to delay freeing still used data and add a second counter to track external references, which is used to start closing down things. Comments and ideas welcomed. We're tracking this as <https://forge.univention.org/bugzilla/show_bug.cgi?id=31032> Sincerely Philipp -- Philipp Hahn Open Source Software Engineer Univention GmbH be open. Mary-Somerville-Str. 1 D-28359 Bremen Tel.: +49 421 22232-0 Fax : +49 421 22232-99 hahn(a)univention.de http://www.univention.de/ Geschäftsführer: Peter H. Ganten HRB 20755 Amtsgericht Bremen Steuer-Nr.: 71-597-02876

1 0

[libvirt] [bug?] unix sockets opened via chardev devices not being closed on shutdown
by Chris Friesen 02 Apr '14

02 Apr '14

I have a case where I'm creating a virtio channel between the host and guest using something like this: <channel type="unix"> <source mode="bind" path="/path/in/host/instance_name"/> <target type="virtio" name="name_in_guest"/> </channel> When qemu is started up this gets created as expected, but when qemu is shut down the unix socket is left in the filesystem. It seems to me that libvirt should be deleting this unix socket the same way that it deletes the monitor socket in qemuProcessStop(). Anyone else trying to delete it is going to be subject to race conditions since they can't know whether or not a virtual machine has been (re)created that wants to use the same socket path. Chris

1 0

[libvirt] [PATCH] maint: fix spelling errors in disk pools
by Eric Blake 02 Apr '14

02 Apr '14

Noticed during my work on storage struct cleanups. * src/storage/storage_backend_disk.c (virStorageBackendDiskPartBoundaries): Fix spelling errors. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- Pushing under the trivial rule. Particularly odd that we managed too different ways of mis-spelling partition in the same file! src/storage/storage_backend_disk.c | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/src/storage/storage_backend_disk.c b/src/storage/storage_backend_disk.c index 8d09500..fb7a2a4 100644 --- a/src/storage/storage_backend_disk.c +++ b/src/storage/storage_backend_disk.c @@ -1,7 +1,7 @@ /* * storage_backend_disk.c: storage backend for disk handling * - * Copyright (C) 2007-2008, 2010-2013 Red Hat, Inc. + * Copyright (C) 2007-2014 Red Hat, Inc. * Copyright (C) 2007-2008 Daniel P. Berrange * * This library is free software; you can redistribute it and/or @@ -440,7 +440,7 @@ static int virStorageBackendDiskPartTypeToCreate(virStoragePoolObjPtr pool) { if (pool->def->source.format == VIR_STORAGE_POOL_DISK_DOS) { - /* count primary and extended paritions, + /* count primary and extended partitions, can't be more than 3 to create a new primary partition */ size_t i; int count = 0; @@ -532,10 +532,10 @@ virStorageBackendDiskPartFormat(virStoragePoolObjPtr pool, * partitions */ static int -virStorageBackendDiskPartBoundries(virStoragePoolObjPtr pool, - unsigned long long *start, - unsigned long long *end, - unsigned long long allocation) +virStorageBackendDiskPartBoundaries(virStoragePoolObjPtr pool, + unsigned long long *start, + unsigned long long *end, + unsigned long long allocation) { size_t i; int smallestExtent = -1; @@ -568,7 +568,7 @@ virStorageBackendDiskPartBoundries(virStoragePoolObjPtr pool, the extra bytes we have */ neededSize += cylinderSize; } - /* if we are creating a logical patition, we need one extra + /* if we are creating a logical partition, we need one extra block between partitions (or actually move start one block) */ if (partType == VIR_STORAGE_VOL_DISK_TYPE_LOGICAL) { size -= SECTOR_SIZE; @@ -647,9 +647,9 @@ virStorageBackendDiskCreateVol(virConnectPtr conn ATTRIBUTE_UNUSED, } virCommandAddArg(cmd, partFormat); - if (virStorageBackendDiskPartBoundries(pool, &startOffset, - &endOffset, - vol->capacity) != 0) { + if (virStorageBackendDiskPartBoundaries(pool, &startOffset, + &endOffset, + vol->capacity) != 0) { goto cleanup; } -- 1.9.0

1 0

[libvirt] [PATCH] maint: ensure src/ directory includes are clean
by Eric Blake 01 Apr '14

01 Apr '14

In 'make syntax-check', we have a rule that prevents layering violations between the various files in src. However, we forgot to treat conf/ and the more recently-added access/ as lower-level directories, and were not detecting cases where they might have used a driver file. Also, it's not nice that qemu can use storage/ but none of the other drivers could do so. * cfg.mk (sc_prohibit_cross_inclusion): Tighten rules for conf/ and access/, let all other drivers use storage/. Signed-off-by: Eric Blake <eblake(a)redhat.com> --- I noticed this because of my work on domain_conf.h: I want to share a struct between util/virstoragefile and conf/domain_conf, and ran into a syntax check when I tried to make util/ depend on conf/. I fixed things to obey layering with conf/ depending on util/, but in the process noticed that some layering violations went undetected. cfg.mk | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/cfg.mk b/cfg.mk index a4ae978..19537cf 100644 --- a/cfg.mk +++ b/cfg.mk @@ -760,17 +760,17 @@ sc_prohibit_gettext_markup: # lower-level code must not include higher-level headers. cross_dirs=$(patsubst $(srcdir)/src/%.,%,$(wildcard $(srcdir)/src/*/.)) cross_dirs_re=($(subst / ,/|,$(cross_dirs))) +mid_dirs=access|conf|cpu|locking|network|node_device|rpc|security|storage sc_prohibit_cross_inclusion: @for dir in $(cross_dirs); do \ case $$dir in \ util/) safe="util";; \ - locking/) \ - safe="($$dir|util|conf|rpc)";; \ - cpu/ | locking/ | network/ | rpc/ | security/) \ + access/ | conf/) safe="($$dir|conf|util)";; \ + locking/) safe="($$dir|util|conf|rpc)";; \ + cpu/| network/| node_device/| rpc/| security/| storage/) \ safe="($$dir|util|conf)";; \ xenapi/ | xenxs/ ) safe="($$dir|util|conf|xen)";; \ - qemu/ ) safe="($$dir|util|conf|cpu|network|locking|rpc|security|storage)";; \ - *) safe="($$dir|util|conf|cpu|network|locking|rpc|security)";; \ + *) safe="($$dir|$(mid_dirs)|util)";; \ esac; \ in_vc_files="^src/$$dir" \ prohibit='^# *include .$(cross_dirs_re)' \ -- 1.8.5.3

1 1

[libvirt] [PATCH 0/n] round 2 of storage chain refactoring
by Eric Blake 01 Apr '14

01 Apr '14

In round 1, I split out a new struct in domain_conf.h. This starts round 2: moving the struct into util/virstoragefile.h, so it can be shared by domain, snapshot, and existing virstoragefile backing chain operations. It's turned out to be a bigger process than I first thought, so I've tried splitting it into smaller patches to ease review. I also want to get review started on the parts I have compiling, while still working on the rest of the series, since I know that at least Peter will be heavily impacted by some of the changes in this series. Eric Blake (2): conf: split security label structs to util/ conf: split network host structs to util/ src/Makefile.am | 1 + src/conf/domain_conf.c | 139 +++------------------------------- src/conf/domain_conf.h | 71 +---------------- src/conf/snapshot_conf.c | 5 +- src/conf/snapshot_conf.h | 4 +- src/libvirt_private.syms | 21 ++--- src/qemu/qemu_command.c | 38 +++++----- src/qemu/qemu_command.h | 6 +- src/qemu/qemu_conf.c | 4 +- src/qemu/qemu_driver.c | 24 +++--- src/qemu/qemu_process.c | 2 +- src/security/security_manager.c | 2 +- src/security/security_selinux.c | 2 +- src/storage/storage_backend_gluster.c | 8 +- src/storage/storage_driver.c | 8 +- src/storage/storage_driver.h | 2 +- src/util/virseclabel.c | 82 ++++++++++++++++++++ src/util/virseclabel.h | 67 ++++++++++++++++ src/util/virstoragefile.c | 71 ++++++++++++++++- src/util/virstoragefile.h | 30 +++++++- 20 files changed, 328 insertions(+), 259 deletions(-) create mode 100644 src/util/virseclabel.c create mode 100644 src/util/virseclabel.h -- 1.8.5.3

2 37

[libvirt] [PATCH v2] Introduce --without-pm-utils to get rid of pm-is-supported dependency
by Cédric Bosdonnat 01 Apr '14

01 Apr '14

This uses the dbus api of systemd to check the power management capabilities of the node. --- This replaces the previous pm-utils dropping patch attempt to implement Cole's idea. configure.ac | 11 ++++++++ libvirt.spec.in | 9 +++++++ src/libvirt_private.syms | 3 +++ src/util/virnodesuspend.c | 32 ++++++++++++++++++++++ src/util/virsystemd.c | 68 +++++++++++++++++++++++++++++++++++++++++++++++ src/util/virsystemd.h | 6 +++++ 6 files changed, 129 insertions(+) diff --git a/configure.ac b/configure.ac index 73efffa..807cf0f 100644 --- a/configure.ac +++ b/configure.ac @@ -563,6 +563,10 @@ AC_ARG_WITH([chrdev-lock-files], [location for UUCP style lock files for character devices (use auto for default paths on some platforms) @<:@default=auto@:>@])]) m4_divert_text([DEFAULTS], [with_chrdev_lock_files=auto]) +AC_ARG_WITH([pm-utils], + [AS_HELP_STRING([--with-pm-utils], + [use pm-utils for power management @<:@default=yes@:>@])]) +m4_divert_text([DEFAULTS], [with_pm_utils=yes]) dnl dnl in case someone want to build static binaries @@ -1621,6 +1625,12 @@ fi AM_CONDITIONAL([WITH_PHYP],[test "$with_phyp" = "yes"]) +dnl Should we build with pm-utils support? +if test "$with_pm_utils" = "yes"; then + AC_DEFINE_UNQUOTED([WITH_PM_UTILS], 1, [whether to use pm-utils]) +fi +AM_CONDITIONAL([WITH_PM_UTILS], [test "$with_pm_utils" = "yes"]) + dnl virsh libraries VIRSH_LIBS="$VIRSH_LIBS $READLINE_LIBS" AC_SUBST([VIRSH_LIBS]) @@ -2845,6 +2855,7 @@ AC_MSG_NOTICE([ rbd: $LIBRBD_LIBS]) else AC_MSG_NOTICE([ rbd: no]) fi +AC_MSG_NOTICE([pm-utils: $with_pm_utils]) AC_MSG_NOTICE([]) AC_MSG_NOTICE([Test suite]) diff --git a/libvirt.spec.in b/libvirt.spec.in index eab9b23..5c20955 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -132,6 +132,7 @@ %define with_libssh2 0%{!?_without_libssh2:0} %define with_wireshark 0%{!?_without_wireshark:0} %define with_systemd_daemon 0%{!?_without_systemd_daemon:0} +%define with_pm_utils 1 # Non-server/HV driver defaults which are always enabled %define with_sasl 0%{!?_without_sasl:1} @@ -182,6 +183,7 @@ %if 0%{?fedora} >= 17 || 0%{?rhel} >= 7 %define with_systemd 1 %define with_systemd_daemon 1 + %define with_pm_utils 0 %endif # Fedora 18 / RHEL-7 are first where firewalld support is enabled @@ -1138,8 +1140,10 @@ Requires: nc Requires: gettext # Needed by virt-pki-validate script. Requires: gnutls-utils +%if %{with_pm_utils} # Needed for probing the power management features of the host. Requires: pm-utils +%{endif} %if %{with_sasl} Requires: cyrus-sasl # Not technically required, but makes 'out-of-box' config @@ -1395,6 +1399,10 @@ driver %define _without_systemd_daemon --without-systemd-daemon %endif +%if ! %{with_pm_utils} + %define _without_pm_utils --without-pm-utils +%endif + %define when %(date +"%%F-%%T") %define where %(hostname) %define who %{?packager}%{!?packager:Unknown} @@ -1471,6 +1479,7 @@ rm -f po/stamp-po %{?_with_firewalld} \ %{?_without_wireshark} \ %{?_without_systemd_daemon} \ + %{?_without_pm_utils} \ %{with_packager} \ %{with_packager_version} \ --with-qemu-user=%{qemu_user} \ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 38fbf63..ce51bdf 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1879,6 +1879,9 @@ virSysinfoSetup; # util/virsystemd.h +virSystemdCanHibernate; +virSystemdCanHybridSleep; +virSystemdCanSuspend; virSystemdCreateMachine; virSystemdMakeMachineName; virSystemdMakeScopeName; diff --git a/src/util/virnodesuspend.c b/src/util/virnodesuspend.c index 8088931..ba4a338 100644 --- a/src/util/virnodesuspend.c +++ b/src/util/virnodesuspend.c @@ -22,6 +22,9 @@ #include <config.h> #include "virnodesuspend.h" +#ifndef WITH_PM_UTILS +# include "virsystemd.h" +#endif #include "vircommand.h" #include "virthread.h" #include "datatypes.h" @@ -260,6 +263,7 @@ int nodeSuspendForDuration(unsigned int target, * * Returns 0 if the query was successful, -1 on failure. */ +#ifdef WITH_PM_UTILS static int virNodeSuspendSupportsTarget(unsigned int target, bool *supported) { @@ -300,6 +304,34 @@ virNodeSuspendSupportsTarget(unsigned int target, bool *supported) virCommandFree(cmd); return ret; } +#else /* ! WITH_PM_UTILS */ +static int +virNodeSuspendSupportsTarget(unsigned int target, bool *supported) +{ + int ret = -1; + + if (virNodeSuspendInitialize() < 0) + return -1; + + *supported = false; + + switch (target) { + case VIR_NODE_SUSPEND_TARGET_MEM: + ret = virSystemdCanSuspend(supported); + break; + case VIR_NODE_SUSPEND_TARGET_DISK: + ret = virSystemdCanHibernate(supported); + break; + case VIR_NODE_SUSPEND_TARGET_HYBRID: + ret = virSystemdCanHybridSleep(supported); + break; + default: + return ret; + } + + return ret; +} +#endif /* WITH_PM_UTILS */ /** * virNodeSuspendGetTargetMask: diff --git a/src/util/virsystemd.c b/src/util/virsystemd.c index 93b3f9c..d4c1dd3 100644 --- a/src/util/virsystemd.c +++ b/src/util/virsystemd.c @@ -325,3 +325,71 @@ virSystemdNotifyStartup(void) sd_notify(0, "READY=1"); #endif } + +static int +virSystemdPMSupportTarget(const char *methodName, bool *result) +{ + int ret; + DBusConnection *conn; + DBusMessage *message; + char *response; + + ret = virDBusIsServiceEnabled("org.freedesktop.login1"); + if (ret < 0) + return ret; + + if ((ret = virDBusIsServiceRegistered("org.freedesktop.login1")) < 0) + return ret; + + if (!(conn = virDBusGetSystemBus())) + return -1; + + ret = -1; + + /* + * The systemd DBus API we're invoking has the + * following signature + * + * CanSuspend(out s value); + * + * @value one of 'na', 'yes', 'no' or 'challenge' + */ + + if (virDBusCallMethod(conn, + &message, + NULL, + "org.freedesktop.login1", + "/org/freedesktop/login1", + "org.freedesktop.login1.Manager", + methodName, + "") < 0) + goto cleanup; + + if ((ret = virDBusMessageRead(message, "s", &response)) < 0) + goto cleanup; + + *result = STRNEQ("no", response); + + ret = 0; + + cleanup: + dbus_message_unref(message); + VIR_FREE(response); + + return ret; +} + +int virSystemdCanSuspend(bool *result) +{ + return virSystemdPMSupportTarget("CanSuspend", result); +} + +int virSystemdCanHibernate(bool *result) +{ + return virSystemdPMSupportTarget("CanHibernate", result); +} + +int virSystemdCanHybridSleep(bool *result) +{ + return virSystemdPMSupportTarget("CanHybridSleep", result); +} diff --git a/src/util/virsystemd.h b/src/util/virsystemd.h index 7fed456..491c9b7 100644 --- a/src/util/virsystemd.h +++ b/src/util/virsystemd.h @@ -48,4 +48,10 @@ int virSystemdTerminateMachine(const char *name, void virSystemdNotifyStartup(void); +int virSystemdCanSuspend(bool *result); + +int virSystemdCanHibernate(bool *result); + +int virSystemdCanHybridSleep(bool *result); + #endif /* __VIR_SYSTEMD_H__ */ -- 1.8.4.5

2 1

[libvirt] [PATCH v2 0/4] Fix VolOpen error reporting
by Cole Robinson 01 Apr '14

01 Apr '14

In https://bugzilla.redhat.com/show_bug.cgi?id=1080613 , something is causing StorageVolGetXML to fail, but it's not raising any error message. Code inspection found that most users of VolOpen are susceptible to error reporting issues. The first 3 patches are some code reorganization and cleanups that make it easier to identify the VolOpen callers. Patch 4 fixes up the reporting issue. v2: Jan's suggestion to only report an error if caller passed in VOL_OPEN_ERROR Cole Robinson (4): storage: Rename UpdateVolInfoFlags to UpdateVolInfo storage: move block format lookup to shared UpdateVolInfo storage: Rename VolOpenCheckMode to VolOpen storage: Report error from VolOpen if proper flag is passed src/storage/storage_backend.c | 260 ++++++++++++++++++---------------- src/storage/storage_backend.h | 18 +-- src/storage/storage_backend_disk.c | 3 +- src/storage/storage_backend_fs.c | 25 ++-- src/storage/storage_backend_logical.c | 11 +- src/storage/storage_backend_mpath.c | 36 +---- src/storage/storage_backend_scsi.c | 43 +----- 7 files changed, 175 insertions(+), 221 deletions(-) -- 1.8.5.3

4 13

[libvirt] [PATCH 0/6] Gluster pool lookup and few gluster related fixes
by Peter Krempa 01 Apr '14

01 Apr '14

Peter Krempa (6): storage: pool: Fix XML indentation in pool source lookup storage: netfs: Split up and tidy up NFS storage pool source function storage: netfs: Support lookup of glusterfs pool sources storage: gluster: Implement storage pool lookup storage: gluster: Fix crash when initialization of storage backend fails util: storagefile: Don't pursue backing chain of NULL image configure.ac | 6 +++ src/conf/storage_conf.c | 2 + src/storage/storage_backend.c | 86 +++++++++++++++++++++++++++++++++++ src/storage/storage_backend.h | 4 ++ src/storage/storage_backend_fs.c | 54 ++++++++++++++-------- src/storage/storage_backend_gluster.c | 56 ++++++++++++++++++++++- src/util/virstoragefile.c | 2 +- 7 files changed, 187 insertions(+), 23 deletions(-) -- 1.9.1

3 19

[libvirt] Release of libvirt-1.2.3
by Daniel Veillard 01 Apr '14

01 Apr '14

So as scheduled, libvirt-1.2.3 release is ready, it is tagged in git and the tarball and rpms are available at the usual place: ftp://libvirt.org/libvirt/ This release is rather large in the number of commits (more than 400) but includes a lot of changes made to clean up the code base. there is still a fair amount of improvements and a few notable features, and as usual a number of bug fixes :) . To be noted the large improvements on the Xen driver and the bhyve driver for BSD ! Features: - add new virDomainCoreDumpWithFormat API (Qiao Nuohan) - conf: Introduce virDomainDeviceGetInfo API (Jiri Denemark) - more features and fixes on bhyve driver (Roman Bogorodskiy) - lot of cleanups and improvement on the Xen driver (Chunyan Liu, Jim Fehlig) Documentation: - virsh: man: Fix spelling of parameters for --memspec in snapshot-create-as (Shanzhi Yu) - util: fix a typo in virprocess.c and d (Hongwei Bi) - cgroups: fix typo about LXC cgroups (Jean-Baptiste Rouault) - daemon: Enhance documentation for changing NOFILE limit (Jiri Denemark) - domiftune: Reword bandwidth clearing paragraph (Michal Privoznik) - conf: consistent comments about disk enum usage (Eric Blake) - qemu.conf: Mention virtlockd in @lock_manager description (Michal Privoznik) - add VMmanager to web apps (Martin Kletzander) - storage: Explicitly state that it's possible to have non-unique key (Peter Krempa) - typo fix (Roman Bogorodskiy) Portability: - Prohibit Windows special chars in filenames (Matthias Bolte) - tests: Fix SCSI test data filenames for Windows (Matthias Bolte) - apparmor: Fix build after split of disk source metadata (Peter Krempa) - Fix build on mingw32 (Ján Tomko) - build: Fix build with old automake (Jiri Denemark) - Fix build with qemu driver disabled (Roman Bogorodskiy) - Fix type mismatch of virNetDev*NetConfig on non-Linux (Ján Tomko) - virIdentityGetSystem: don't fail if SELinux is disabled (Michael Chapman) Bug Fixes: - build: fix syntax-check for storage_backend (Martin Kletzander) - gluster: Fix "key" attribute for gluster volumes (Peter Krempa) - Fix Memory Leak in testMessageArrayRef() (Nehal J Wani) - virsh: fix 'help event' (Eric Blake) - bhyve: don't leak tap devices on failures (Roman Bogorodskiy) - storage: gluster: Fix crash when initialization of storage backend fails (Peter Krempa) - Fix virNodeDeviceListCaps always returns empty (Jincheng Miao) - Create hostdevmgr in UserRuntimeDirectory for session libvirt (Ján Tomko) - Remove double free in virHostdevManagerDispose (Ján Tomko) - Fix apparmor profile to make vfio pci passthrough work (Cédric Bosdonnat) - Fixed regression in apparmor profiles for qemu brought by 43c030f (Cédric Bosdonnat) - Fix Memory Leak in virQEMUCapsInitGuestFromBinary() (Nehal J Wani) - Fix memory leak in testGetCaps() (Nehal J Wani) - network: fix problems with SRV records (Laine Stump) - Free groups in case of a partial match (Ján Tomko) - qemuDomainAttachDeviceFlags: Parse device xml as inactive (Michal Privoznik) - Coverity: Resolve a RESOURCE_LEAK (John Ferlan) - Coverity: Resolve a FORWARD_NULL (John Ferlan) - Coverity: Resolve a CHECKED_RETURN message (John Ferlan) - bhyve: don't fail on busy tap devices (Roman Bogorodskiy) - libxl: Create log directory earlier (Stefan Bader) - sanlock: Forbid VIR_DOMAIN_LOCK_FAILURE_RESTART (Jiri Denemark) - sanlock: Forbid VIR_DOMAIN_LOCK_FAILURE_IGNORE (Jiri Denemark) - vmware: fix parse of disk source (Eric Blake) - qemuDomainGetImageIds: Skip <seclabel/> without label (Michal Privoznik) - cgroup: Fix start VMs coincidently failed (Wang Yufei) - Remove bogus call to dbus_set_error_from_message (Daniel P. Berrange) - Remove bogus unref in virDBusMessageRead (Daniel P. Berrange) - Check boot order on device attach (Jiri Denemark) - qemu: Return meaningful error when qemu dies early (Jiri Denemark) - Ignore missing files on pool refresh (Ján Tomko) - Ignore char devices in storage pools by default (Ján Tomko) - is_selinux_enabled() returns -1 on error, account for this. (Scott Sullivan) - Fix unitialized data in virSocketAddrMask (Daniel P. Berrange) - Fix virQEMUCapsLoadCache leaks (Ján Tomko) - virNetClientSetTLSSession: Restore original signal mask (Michal Privoznik) - nwfilter: Fix double free of pointer (Stefan Berger) - build: Make sure src/util/virprobe.h is distributed (Jiri Denemark) - qemuhotplugtest: Fix mem-leaking testcases (Nehal J Wani) - build: Fix make distcheck (Martin Kletzander) - virNetServerNewPostExecRestart: Initialize @max_anonymous_clients (Michal Privoznik) - Fix memory leak in virDomainChrSourceDefClear() (Nehal J Wani) - Fix memory leak in virDomainSnapshotDiskDefClear() (Nehal J Wani) - bhyve: allow to destroy only active domains (Roman Bogorodskiy) - Fix leak on OOM when creating nwfilter rule instances (Daniel P. Berrange) - Avoid warning message from libxl driver on non-Xen kernels (Daniel P. Berrange) - Fix mistakes in checking return values (Daniel P. Berrange) - Fix issue found by coverity and cleanup (Pavel Hrdina) - XMLToNative: Parse XML as INACTIVE (Cole Robinson) - qemu: XMLToNative: Don't open vhostfd (Cole Robinson) - qemu: XMLToNative: Don't show -S (Cole Robinson) - qemu: cleanup tap devices on FreeBSD (Roman Bogorodskiy) - openvzRegister: Check for error return (John Ferlan) - nwfilter: Fix rule priority problem (Stefan Berger) - hotplug:Fix log mistake in qemuMonitorAddNetdev (Wang Rui) - libxl: Check for control_d string to decide about dom0 (Stefan Bader) - vircrypto: fix Invalid write in virCryptoHashString() (Nehal J Wani) - Load CPU map from builddir when run uninstalled (Jiri Denemark) - nwfilter: Add missing goto err_exit in error path (Stefan Berger) - Fix sec label setup when attaching to QEMU processes (Daniel P. Berrange) - storage: Fix bugs in VIR_APPEND_ELEMENT series (John Ferlan) - Remove broken error reporting in QEMU mac filtering (Daniel P. Berrange) - BZ1072677: Avoid freeing of 0 file descriptor (Stefan Berger) - Add a mutex to serialize updates to firewall (Daniel P. Berrange) - Fix locking in virsh console (Roman Bogorodskiy) - qemu: Reject unsupported tuning in session mode (Martin Kletzander) - virt-login-shell: silence coverity warning (Eric Blake) - Fix missing char dev lock path case in configure (Roman Bogorodskiy) - storage: Error out when attempting to vol-upload into a remote pool (Peter Krempa) - build: fix cppi warning (Eric Blake) - nwfilter: Increase buffer size for libpcap (Stefan Berger) Improvements: - storage: Rename VolOpenCheckMode to VolOpen (Cole Robinson) - storage: move block format lookup to shared UpdateVolInfo (Cole Robinson) - storage: Rename UpdateVolInfoFlags to UpdateVolInfo (Cole Robinson) - util: storagefile: Don't pursue backing chain of NULL image (Peter Krempa) - storage: pool: Fix XML indentation in pool source lookup (Peter Krempa) - ESX: Add support for virtualHW version 10 (Dawid Zamirski) - Modify help information of virsh list command (Li Yang) - bhyve: add domainLookupByID (Wojciech Macek) - bhyve: add xml2args unittest (Roman Bogorodskiy) - Move virBhyveTapGetRealDeviceName to virnetdevtap (Roman Bogorodskiy) - Shift the for loop over matched vars by one (Ján Tomko) - Use VIR_STRNDUP instead of modifying the matched string (Ján Tomko) - Simplify the loop in virCommandRunRegex (Ján Tomko) - Remove useless 'maxReg' variable (Ján Tomko) - qemu: add unit tests for the capabilities xml (Francesco Romani) - qemu: extract guest capabilities initialization (Francesco Romani) - qemu: export disk snapshot support in capabilities (Francesco Romani) - Show the real cpu shares value in live XML (Ján Tomko) - Treat zero cpu shares as a valid value (Ján Tomko) - qemu: remove redundant virQEMUDriverGetConfig (Tomoki Sekiyama) - Add a rule for indenting labels (Ján Tomko) - Indent top-level labels by one space in tools/ (Ján Tomko) - Indent top-level labels by one space in tests/ (Ján Tomko) - Indent top-level labels by one space in the rest of src/ (Ján Tomko) - Indent top-level labels by one space in src/xen/ (Ján Tomko) - Indent top-level labels by one space in src/vbox/ (Ján Tomko) - Indent top-level labels by one space in src/util/ (Ján Tomko) - Indent top-level labels by one space in src/test/ (Ján Tomko) - Indent top-level labels by one space in src/storage/ (Ján Tomko) - Indent top-level labels by one space in src/rpc/ (Ján Tomko) - Indent top-level labels by one space in src/remote/ (Ján Tomko) - Indent top-level labels by one space in src/qemu/ (Ján Tomko) - Indent top-level labels by one space in src/parallels/ (Ján Tomko) - Indent top-level labels by one space in src/nwfilter/ (Ján Tomko) - Indent top-level labels by one space in src/network/ (Ján Tomko) - Indent top-level labels by one space in src/lxc/ (Ján Tomko) - Indent top-level labels by one space in src/locking/ (Ján Tomko) - Indent top-level labels by one space in libvirt.c (Ján Tomko) - Indent top-level labels by one space in src/libxl/ (Ján Tomko) - Indent top-level labels by one space in src/esx/ (Ján Tomko) - Indent top-level labels by one space in src/cpu/ (Ján Tomko) - Indent top-level labels by one space in src/conf/ (Ján Tomko) - Indent top-level labels by one space in examples/ (Ján Tomko) - Indent top-level labels by one space in daemon/ (Ján Tomko) - util: Sanitize ATTRIBUTE_NONNULL use in viriscsi.h (Peter Krempa) - maint: update to latest gnulib (Eric Blake) - allow "virsh dump --memory-only" specify dump format (Qiao Nuohan) - qemu: add support for virDomainCoreDumpWithFormat API (Qiao Nuohan) - qemu: add qemuMonitorGetDumpGuestMemoryCapability (Qiao Nuohan) - conf: prepare to track multiple host source files per <disk> (Eric Blake) - conf: use disk source accessors in xenxs/ (Eric Blake) - conf: use disk source accessors in xen/ (Eric Blake) - conf: use disk source accessors in vmx/ (Eric Blake) - conf: use disk source accessors in vmware/ (Eric Blake) - conf: use disk source accessors in vbox/ (Eric Blake) - conf: use disk source accessors in uml/ (Eric Blake) - conf: use disk source accessors in security/ (Eric Blake) - conf: use disk source accessors in qemu/ (Eric Blake) - conf: use disk source accessors in phyp/ (Eric Blake) - conf: use disk source accessors in parallels/ (Eric Blake) - conf: use disk source accessors in lxc/ (Eric Blake) - conf: use disk source accessors in locking/ (Eric Blake) - conf: use disk source accessors in libxl/ (Eric Blake) - conf: use disk source accessors in esx/ (Eric Blake) - conf: use disk source accessors in bhyve/ (Eric Blake) - conf: use disk source accessors in conf/ (Eric Blake) - conf: accessors for common source information (Eric Blake) - bhyve: add domainCreateWithFlags support (Roman Bogorodskiy) - bhyve: MAC address configuration (Wojciech Macek) - libxl_driver.c: cleanup code (Chunyan Liu) - Introduce virFDStreamOpenPTY (Roman Bogorodskiy) - Add stubs for virDBusCreateReply{,V} (Ján Tomko) - libvirt support to force convergence of live guest migration (Chegu Vinod) - Allow caller to handle DBus error messages (Daniel P. Berrange) - Introduce alternate way to encode/decode arrays in DBus messages (Daniel P. Berrange) - Add DBus helper methods for creating reply messages (Daniel P. Berrange) - Refactor dbus helper methods for method calls (Daniel P. Berrange) - virlog: Modify virLogParseDefaultPriority's comment of return value (Zhou Yimin) - Fix typo in configure.ac (Ján Tomko) - Define ISCSIADM unconditionally (Ján Tomko) - Pass action to virDomainDefCompatibleDevice (Jiri Denemark) - Fix usage of virDomainDefCompatibleDevice (Jiri Denemark) - tests: Set abs_*dir in a consistent way (Jiri Denemark) - qemu: allow filtering events by regex (Eric Blake) - qemu: enable monitor event filtering by name (Eric Blake) - qemu: enable monitor event reporting (Eric Blake) - qemu: wire up RPC for qemu monitor events (Eric Blake) - qemu: create object for qemu monitor events (Eric Blake) - qemu: virsh wrapper for qemu events (Eric Blake) - qemu: new API for tracking arbitrary monitor events (Eric Blake) - Fix indentation in iscsi storage backend (Ján Tomko) - Add test for virISCSIScanTargets (Ján Tomko) - Add test for virISCSIGetSession (Ján Tomko) - Move functions using iscsiadm to viriscsi.c (Ján Tomko) - Remove storage pool from the arguments of a few functions (Ján Tomko) - Don't create iscsiadm command line in ISCSIPool{Start,Stop} (Ján Tomko) - Switch virCommandRunRegex to use virStringSplit (Ján Tomko) - Move virStorageBackendRun to vircommand (Ján Tomko) - Sort includes in storage_backend_iscsi.c (Ján Tomko) - Require K&R styled curly braces around function bodies (Martin Kletzander) - Use K&R style for curly braces in remaining files (Martin Kletzander) - Use K&R style for curly braces in src/vbox/ (Martin Kletzander) - Use K&R style for curly braces in src/network/bridge_driver.c (Martin Kletzander) - Use K&R style for curly braces in src/lxc/lxc_driver.c (Martin Kletzander) - Use K&R style for curly braces in src/uml/ (Martin Kletzander) - Use K&R style for curly braces in src/test/test_driver.c (Martin Kletzander) - Use K&R style for curly braces in src/nwfilter/ (Martin Kletzander) - Use K&R style for curly braces in src/openvz/ (Martin Kletzander) - Use K&R style for curly braces in src/storage/ (Martin Kletzander) - Use K&R style for curly braces in src/qemu/ (Martin Kletzander) - Use K&R style for curly braces in src/conf/ (Martin Kletzander) - Use K&R style for curly braces in src/rpc/ (Martin Kletzander) - Use K&R style for curly braces in src/util/ (Martin Kletzander) - Use K&R style for curly braces in src/xen*/ (Martin Kletzander) - Use K&R style for curly braces in tests/ (Martin Kletzander) - bhyve: host API support (Wojciech Macek) - libxl: move domain event handler to libxl_domain (Jim Fehlig) - libxl: include a pointer to the driver in libxlDomainObjPrivate (Jim Fehlig) - libxl: move libxlVmStart to libxl_domain (Jim Fehlig) - libxl: move libxlFreeMem to libxl_domain (Jim Fehlig) - libxl: move libxlDomainSetVcpuAffinities to libxl_domain (Jim Fehlig) - libxl: move libxlDoNodeGetInfo to libxl_conf (Jim Fehlig) - libxl: move libxlDomainAutoCoreDump to libxl_domain (Jim Fehlig) - libxl: move libxlDomEventsRegister to libxl_domain (Jim Fehlig) - libxl: move libxlVmCleanup{,Job} to libxl_domain (Jim Fehlig) - libxl: move libxlSaveImageOpen to libxl_domain (Jim Fehlig) - libxl: move libxlDomainManagedSavePath to libxl_domain (Jim Fehlig) - libxl: move libxlDomainEventQueue to libxl_domain (Jim Fehlig) - Add ability to register callback for virCommand dry run (Daniel P. Berrange) - Change CMD_STOPONERR(1) to use true (Daniel P. Berrange) - Change 'int isTempChain' to bool in nwfilter (Daniel P. Berrange) - Remove pointless return values in nwfilter methods (Daniel P. Berrange) - Remove 'int stopOnError' parameters in nwfilter methods (Daniel P. Berrange) - Remove pointless brackets around boolean (Daniel P. Berrange) - Change 'int incoming' to 'bool incoming' in nwfilter code (Daniel P. Berrange) - virhostdev.h: remove ATTRIBUTE_NONNULL from oldStateDir (Chunyan Liu) - libxl: fix framebuffer port setting for HVM domains (Jim Fehlig) - maint: avoid unbalanced {} across vbox #ifdef (Eric Blake) - Remove global log buffer feature entirely (Daniel P. Berrange) - Switch to filtering based on log source name instead of filename (Daniel P. Berrange) - Add virLogSource variables to all source files (Daniel P. Berrange) - Turn virLogSource into a struct instead of an enum (Daniel P. Berrange) - Move dtrace probe macros into separate header file (Daniel P. Berrange) - Refactor code that skips logging of error messages (Daniel P. Berrange) - Reduce performance overhead of the global log buffer (Daniel P. Berrange) - qemuDomainSetInterfaceParameters: Allow bandwidth clear out (Michal Privoznik) - cfg.mk: Fix whitespaces (Martin Kletzander) - Remove double space in file name comment check (Ján Tomko) - Explicitly cast some switch parameters to enum (Martin Kletzander) - Require spaces around equality comparisons (Martin Kletzander) - Remove duplicate network model characters (Martin Kletzander) - tests: cleanup object-locking test (Martin Kletzander) - qemu: agent availability cleanup (Martin Kletzander) - virsh: Prohibit virConnectOpen* functions in virsh (Martin Kletzander) - virsh: Add keepalive in new vshConnect function (Martin Kletzander) - virt-aa-helper: handle 9pfs (Felix Geyer) - Give virNWFilterVarCombIterNext saner semantics (Daniel P. Berrange) - bhyve: fix hostbridge device command generation (Roman Bogorodskiy) - bhyve: add support for virtio block devices (Roman Bogorodskiy) - Enforce attribute check of the virRegister functions (Pavel Hrdina) - daemon: Introduce max_anonymous_clients (Michal Privoznik) - virNetServer: Introduce unauth clients counter (Michal Privoznik) - datatypes: Fix comments (Michael Chapman) - bhyve: implement nodeGetInfo() (Roman Bogorodskiy) - Add parameter to wait for lock in file locking APIs (Nehal J Wani) - spec: move some dirs into appropriate subpackages (Michael Chapman) - build: detect/prohibit hardcoded XML indent in syntax-check (Laine Stump) - conf: eliminate hardcoded indentation in all remaining xml (Laine Stump) - qemu: elminate hardcoded indent in capabilities cache XML (Laine Stump) - util: eliminate hardcoded indent in virConnectSysInfo formatting (Laine Stump) - qemu: eliminate hardcoded indent from migration cookie xml (Laine Stump) - virsh: eliminate hardcoded indentation in xml generated for commands (Laine Stump) - conf: eliminate hardcoded indent in volume/pool xml (Laine Stump) - conf: eliminate hardcoded indentation in node device xml (Laine Stump) - conf: eliminate hardcoded indentation in capabilities xml (Laine Stump) - conf: eliminate hardcoded indentation in nwfilter xml (Laine Stump) - conf: eliminate outmoded/odd indent method from interface xml (Laine Stump) - conf: eliminate hardcoded indent from network xml (Laine Stump) - conf: eliminate hardcoded indent from domain snapshot xml (Laine Stump) - conf: eliminate hardcoded indent from domain xml (Laine Stump) - nwfilter: Add ARP src/dst IP mask for ebtables ARP (Stefan Berger) - hostdev: add virObject field to virHostdevManager struct (Jim Fehlig) - Make ABI stability issue easier to debug (Jiri Denemark) - qemu: Forbid "sgio" support for SCSI generic host device (Osier Yang) - add pci passthrough to libxl driver (Chunyan Liu) - add hostdev pci backend type for xen (Chunyan Liu) - change lxc_hostdev.c to use virhostdev common library APIs (Chunyan Liu) - add unit test for new virhostdev common library (Chunyan Liu) - Add parameter checks/annotations to hostdev APIs (Chunyan Liu) - add 3 wrapper functions for prepare/reattach/update domain hostdevs (Chunyan Liu) - improve virHostdevUpdate* parameters to make it more widely used (Chunyan Liu) - Capitalize USB, PCI and SCSI in hostdev variables (Daniel P. Berrange) - Remove redundant duplicated 'Hostdev' string method names (Daniel P. Berrange) - Capitalize USB, PCI and SCSI in hostdev methods (Chunyan Liu) - Fixed const-ness of parameters in netdev/hostdev code (Daniel P. Berrange) - improve parameter name to let it more meaningful (Chunyan Liu) - move virHostdevNodeDevice* to virhostdev.c (Chunyan Liu) - extract general code of NodeDeviceReset (Chunyan Liu) - extract general code of NodeDeviceReAttach (Chunyan Liu) - extract general code of NodeDeviceDetach (Chunyan Liu) - move virHostdevReAttachHostScsiDevices to virhostdev.c (Chunyan Liu) - pass driver name as parameter to virHostdevReAttachScciHostdevs (Chunyan Liu) - extract general code from qemuDomainReAttachHostScsiDevices (Chunyan Liu) - move virHostdevReAttachUsbHostdevs to virhostdev.c (Chunyan Liu) - pass driver name as paramter to virHostdevReAttachUsbHostdevs (Chunyan Liu) - extract general code from qemuDomainReAttachHostUsbDevices (Chunyan Liu) - move virHostdevPrepareHostSCSIDevices to virhostdev.c (Chunyan Liu) - pass driver name as parameter to virHostdevPrepareSCSIDevices (Chunyan Liu) - extract general code from qemuPrepareHostSCSIDevices (Chunyan Liu) - move virHostdevPrepareHostUSBDevices to virhostdev.c (Chunyan Liu) - pass driver name to virHostdevPrepareUSBDevices (Chunyan Liu) - rename qemu*USBDevices to virHostdev*USBDevices (Chunyan Liu) - extract general code from qemuPrepareHostUSBDevices (Chunyan Liu) - move virHostdevUpdate* functions to virhostdev.c (Chunyan Liu) - pass driver_name as parameter of virHostdevUpdate*Hostdevs functions (Chunyan Liu) - extract general code from qemuUpdateActiveScsiHostdevs (Chunyan Liu) - extract general code from qemuUpdateActiveUsbHostdevs (Chunyan Liu) - extract general code from qemuUpdateActivePciHostdevs (Chunyan Liu) - move virHostdevPrepare(ReAttach)PCIDevices to virhostdev.c (Chunyan Liu) - rename qemuReAttachPciDevice to virHostdevReAttachPciDevice (Daniel P. Berrange) - Conditionally wait for kvm_assigned_device cleanup (Chunyan Liu) - pass driver name as a parameter to virHostdevReAttachPCIDevices (Chunyan Liu) - extract general code from qemuDomainReAttachHostdevDevices (Chunyan Liu) - pass driver name as a parameter to virHostdevPrepareHostdevPCIDevices (Chunyan Liu) - rename qemuGet*PciHostDeviceList to virHostdevGet*PciHostDeviceList (Chunyan Liu) - rename qemu*NetConfigRestore/Replace to virHostdevNetConfigRestore/Replace (Chunyan Liu) - extract general code from qemuPrepareHostdevPCIDevices (Chunyan Liu) - qemu_hostdev: move netconfig file location to virhostdev stateDir (Chunyan Liu) - qemu_hostdev: move ColdBoot as a flag (Chunyan Liu) - qemu_hostdev: move cfg->relaxedACS as a flag (Chunyan Liu) - lxc: use general virhostdev lists instead of its own (Chunyan Liu) - qemu: use general virhostdev lists instead of its own (Chunyan Liu) - qemu: remove functions used internally only from qemu_hostdev.h (Chunyan Liu) - qemu: reuse hostdev interfaces to avoid duplicate (Chunyan Liu) - update qemuPrepareHostUSBDevices parameters to keep consistency (Chunyan Liu) - virhostdev: use virObject to virHostdevManager to keep reference (Chunyan Liu) - Introduce vircommandpriv.h for functions used by tests (Ján Tomko) - Use size_t for ndevice in pool source definition (Ján Tomko) - Introduce virStoragePoolSourceDeviceClear (Ján Tomko) - Change virStorageBackendISCSISession 'probe' arg to bool (Ján Tomko) - qemu: don't munge user input during block commit (Eric Blake) - iptables: don't log command probe failures (Eric Blake) - libxl: support sexpr in native to XML conversion (Jim Fehlig) - Remove unused ebtablesRemoveForwardPolicyReject method (Daniel P. Berrange) - Remove worthless ebtRules data structure (Daniel P. Berrange) - Remove data structure holding list of ebtables rules (Daniel P. Berrange) - Remove unused variables from ebtablesContext (Daniel P. Berrange) - Make ebtablesForwardPolicyReject static (Daniel P. Berrange) - Remove decl of method which doesn't exist in virebtables.h (Daniel P. Berrange) - Remove many decls from bridge driver platform header (Daniel P. Berrange) - Cache result of QEMU capabilities extraction (Daniel P. Berrange) - Change QEMU capabilities cache to check ctime instead of mtime (Daniel P. Berrange) - Add helper APIs to track if libvirtd or loadable modules have changed (Daniel P. Berrange) - virSecurityDACSetSecurityImageLabel: Unmark @def as unused (Michal Privoznik) - tests: Distribute securityselinuxhelperdata (Jiri Denemark) - Convert lock driver plugins to use new crypto APIs (Daniel P. Berrange) - Add helper APIs for generating cryptographic hashes (Daniel P. Berrange) - Change file names in comments to match the files they are in (Ján Tomko) - Wildcard ignore tests/*test instead of listing every one (Daniel P. Berrange) - src/xenxs: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/xen: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/util: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/test: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/storage: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/rpc: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/qemu: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/phyp: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/parallels: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/openvz: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/nwfilter: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - src/lxc/: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - conf: Utilize more of VIR_(APPEND|INSERT|DELETE)_ELEMENT (Michal Privoznik) - virsh: Sort options alphabetically (Martin Kletzander) - tests: Fix SELinux tests in VPATH build (Jiri Denemark) - virscsi: Introduce virSCSIDeviceUsedByInfoFree (John Ferlan) - tests: Test virIdentityGetSystem (Michael Chapman) - tests: SELinux tests do not need to be skipped (Michael Chapman) - tests: Flesh out securityselinuxhelper (Michael Chapman) - spec: Let translations be properly updated (Jiri Denemark) - datatypes: update comments of Dispose functions (Michael Chapman) - qemu: monitor: Provide more information in generic block job error (Peter Krempa) - storage: Don't lie about path used to look up in error message (Peter Krempa) - storage: Avoid mangling paths of non-local filesystems when looking up (Peter Krempa) - storage: Use cleanup label instead of out (Peter Krempa) - virsh: volume: Fix lookup of volumes to provide better error messages (Peter Krempa) - add virhostdev files to maintain global state of host devices (Chunyan Liu) - add 'driver' info to used_by (Chunyan Liu) - apparmor: handle "none" type (Cédric Bosdonnat) - add support for apparmor in lxc-enter-namespace (Cédric Bosdonnat) - apparmor: add debug traces when changing profile. (Cédric Bosdonnat) - Make sure apparmor is started before libvirtd (Cédric Bosdonnat) - LXC driver: generate apparmor profiles for guests (Cédric Bosdonnat) - qemu: monitor: Fix error message and comment when getting cpu info (Peter Krempa) - qemu: snapshot: Use better check when reverting external snapshots (Peter Krempa) - qemuBuildNicDevStr: Adapt to new advisory on multiqueue (Michal Privoznik) - Check if systemd is running before creating machines (Ján Tomko) - Split out most of virDBusIsServiceEnabled (Ján Tomko) - Don't always skip virportallocatortest (Ján Tomko) - tests: Create privileged driver config in qemuxml2argvtest (Martin Kletzander) - build: Include sys/wait.h in commandtest.c (Ján Tomko) - nwfilter: Display the pcap errror message (Stefan Berger) - nwfilter: Cap the poll timeout in the DHCP Snooping code (Stefan Berger) - virsh: report exit status of failed lxc-enter-namespace (Eric Blake) - virt-login-shell: saner exit value (Eric Blake) - virt-login-shell: use single instead of double fork (Eric Blake) - virFork: simplify semantics (Eric Blake) - util: make it easier to grab only regular command exit (Eric Blake) - util: make it easier to grab only regular process exit (Eric Blake) - util: preserve exit status from mount namespace callback (Eric Blake) - util: make it easier to reflect child exit status (Eric Blake) - virFork: give specific status on failure prior to exec (Eric Blake) - nwfilter: make ignoring non-zero status easier to follow (Eric Blake) - qemu: Implement a stub cpuArchDriver.baseline() handler for arm (Oleg Strikov) - Fix indentation in virsystemdmock (Ján Tomko) - Replace space with a tab in the Makefile (Ján Tomko) - Add a test for virUSBDeviceList functions (Ján Tomko) - Add tests for virUSBDeviceFind functions (Ján Tomko) - Generate a unique journald log for QEMU capabilities failure (Daniel P. Berrange) - Bump version to 1.2.3 for new dev cycle (Michal Privoznik) Cleanups: - util: remove useless comment for virCgroupMoveTask in vircgroup.c (Hongwei Bi) - Don't leave empty first line in C source files (Martin Kletzander) Thanks everybody for contributing to this release, be it with bug reports, patches, ideas, code reviews and help on localization ! Enjoy ! Daniel P.S.: for those looking for the April Fool part, don't worry that corner of the internet is still sane even today :) -- Daniel Veillard | Open Source and Standards, Red Hat veillard(a)redhat.com | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | virtualization library http://libvirt.org/

1 0

[libvirt] [PATCH] Introduce virConnectCrashDaemon API
by Ján Tomko 01 Apr '14

01 Apr '14

This reduces the affect of an unexpected DoS vulnerablity in libvirtd. --- include/libvirt/libvirt.h.in | 13 +++++++++++++ src/driver.h | 5 +++++ src/libvirt.c | 32 +++++++++++++++++++++++++++++++ src/libvirt_private.syms | 1 + src/libvirt_public.syms | 4 ++++ src/qemu/qemu_driver.c | 16 ++++++++++++++++ src/remote/remote_driver.c | 1 + src/remote/remote_protocol.x | 15 ++++++++++++++- src/util/virutil.c | 23 ++++++++++++++++++++++ src/util/virutil.h | 1 + tools/virsh-host.c | 45 ++++++++++++++++++++++++++++++++++++++++++++ 11 files changed, 155 insertions(+), 1 deletion(-) diff --git a/include/libvirt/libvirt.h.in b/include/libvirt/libvirt.h.in index 930b7e8..d0db483 100644 --- a/include/libvirt/libvirt.h.in +++ b/include/libvirt/libvirt.h.in @@ -1540,6 +1540,19 @@ char * virConnectGetURI (virConnectPtr conn); char * virConnectGetSysinfo (virConnectPtr conn, unsigned int flags); +typedef enum { + VIR_CONNECT_CRASH_RANDOM = 0, /* Randomly choose one crash method */ + VIR_CONNECT_CRASH_NULL_PTR = 1, /* Null pointer access */ + VIR_CONNECT_CRASH_DOUBLE_FREE = 2, /* Double free */ + +# ifdef VIR_ENUM_SENTINELS + VIR_CONNECT_CRASH_LAST +# endif +} virConnectCrashFlags; + +int virConnectCrashDaemon (virConnectPtr conn, + unsigned int flags); + int virConnectSetKeepAlive(virConnectPtr conn, int interval, unsigned int count); diff --git a/src/driver.h b/src/driver.h index e66fc7a..b899a4f 100644 --- a/src/driver.h +++ b/src/driver.h @@ -1149,6 +1149,10 @@ typedef int unsigned int flags, int cancelled); +typedef int +(*virDrvConnectCrashDaemon)(virConnectPtr conn, + unsigned int flags); + typedef struct _virDriver virDriver; typedef virDriver *virDriverPtr; @@ -1363,6 +1367,7 @@ struct _virDriver { virDrvDomainMigrateFinish3Params domainMigrateFinish3Params; virDrvDomainMigrateConfirm3Params domainMigrateConfirm3Params; virDrvConnectGetCPUModelNames connectGetCPUModelNames; + virDrvConnectCrashDaemon connectCrashDaemon; }; diff --git a/src/libvirt.c b/src/libvirt.c index 4454829..739c747 100644 --- a/src/libvirt.c +++ b/src/libvirt.c @@ -1717,6 +1717,38 @@ virConnectGetSysinfo(virConnectPtr conn, unsigned int flags) /** + * virConnectCrashDaemon: + * @conn: pointer to a hypervisor connection + * @flags: one of virConnectCrashDaemonFlags + * + * Crashes the daemon by the method selected via @flags. + * + * Returns -1 on error or doesn't return at all in case of success. + */ +int +virConnectCrashDaemon(virConnectPtr conn, unsigned int flags) +{ + VIR_DEBUG("conn=%p, flags=%x", conn, flags); + + virResetLastError(); + + virCheckConnectReturn(conn, -1); + + if (conn->driver->connectCrashDaemon) { + if (conn->driver->connectCrashDaemon(conn, flags) < 0) + goto error; + return 0; + } + + virReportUnsupportedError(); + +error: + virDispatchError(conn); + return -1; +} + + +/** * virConnectGetMaxVcpus: * @conn: pointer to the hypervisor connection * @type: value of the 'type' attribute in the <domain> element diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index 38fbf63..18f91b2 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1983,6 +1983,7 @@ virUSBDeviceSetUsedBy; # util/virutil.h virCompareLimitUlong; +virCrashDaemon; virDoubleToStr; virEnumFromString; virEnumToString; diff --git a/src/libvirt_public.syms b/src/libvirt_public.syms index 9ab0c92..378d256 100644 --- a/src/libvirt_public.syms +++ b/src/libvirt_public.syms @@ -650,5 +650,9 @@ LIBVIRT_1.2.3 { virDomainCoreDumpWithFormat; } LIBVIRT_1.2.1; +LIBVIRT_1.2.4 { + global: + virConnectCrashDaemon; +} LIBVIRT_1.2.3; # .... define new API here using predicted next version number .... diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index b032441..cd258b7 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -16661,6 +16661,21 @@ qemuConnectGetCPUModelNames(virConnectPtr conn, } +static int +qemuConnectCrashDaemon(virConnectPtr conn ATTRIBUTE_UNUSED, + unsigned int flags) +{ + if (flags >= VIR_CONNECT_CRASH_LAST) { + virReportError(VIR_ERR_INVALID_ARG, + _("Unsupported crash method %u"), + flags); + return -1; + } + + return virCrashDaemon(flags); +} + + static virDriver qemuDriver = { .no = VIR_DRV_QEMU, .name = QEMU_DRIVER_NAME, @@ -16851,6 +16866,7 @@ static virDriver qemuDriver = { .domainMigrateFinish3Params = qemuDomainMigrateFinish3Params, /* 1.1.0 */ .domainMigrateConfirm3Params = qemuDomainMigrateConfirm3Params, /* 1.1.0 */ .connectGetCPUModelNames = qemuConnectGetCPUModelNames, /* 1.1.3 */ + .connectCrashDaemon = qemuConnectCrashDaemon, /* 1.2.4 */ }; diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c index ed7dde6..b01dd5b 100644 --- a/src/remote/remote_driver.c +++ b/src/remote/remote_driver.c @@ -7800,6 +7800,7 @@ static virDriver remote_driver = { .domainMigrateFinish3Params = remoteDomainMigrateFinish3Params, /* 1.1.0 */ .domainMigrateConfirm3Params = remoteDomainMigrateConfirm3Params, /* 1.1.0 */ .connectGetCPUModelNames = remoteConnectGetCPUModelNames, /* 1.1.3 */ + .connectCrashDaemon = remoteConnectCrashDaemon, /* 1.2.4 */ }; static virNetworkDriver network_driver = { diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x index 6c445cc..7eb7f83 100644 --- a/src/remote/remote_protocol.x +++ b/src/remote/remote_protocol.x @@ -442,6 +442,13 @@ struct remote_connect_get_sysinfo_ret { remote_nonnull_string sysinfo; }; +struct remote_connect_crash_daemon_args { + unsigned int flags; +}; + +struct remote_connect_crash_daemon_ret { + int retval; +}; struct remote_connect_get_uri_ret { remote_nonnull_string uri; }; @@ -5275,5 +5282,11 @@ enum remote_procedure { * @generate: both * @acl: domain:core_dump */ - REMOTE_PROC_DOMAIN_CORE_DUMP_WITH_FORMAT = 334 + REMOTE_PROC_DOMAIN_CORE_DUMP_WITH_FORMAT = 334, + + /** + * @generate: both + * @acl: none + */ + REMOTE_PROC_CONNECT_CRASH_DAEMON = 335 }; diff --git a/src/util/virutil.c b/src/util/virutil.c index 9be1590..97215d0 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -78,6 +78,7 @@ #include "vircommand.h" #include "nonblocking.h" #include "virprocess.h" +#include "virrandom.h" #include "virstring.h" #include "virutil.h" @@ -2204,3 +2205,25 @@ void virUpdateSelfLastChanged(const char *path) selfLastChanged = sb.st_ctime; } } + +int virCrashDaemon(unsigned int flags) +{ + char **bla = NULL; + char **tmp; + + if (flags == VIR_CONNECT_CRASH_RANDOM) + flags = virRandomInt(VIR_CONNECT_CRASH_LAST) + 1; + + switch (flags) { + case VIR_CONNECT_CRASH_NULL_PTR: + bla[1] = bla[0]; + /* fallthrough */ + case VIR_CONNECT_CRASH_DOUBLE_FREE: + if (VIR_ALLOC_N(bla, 2) < 0) + return -1; + tmp = bla; + VIR_FREE(tmp); + VIR_FREE(bla); + } + return -1; +} diff --git a/src/util/virutil.h b/src/util/virutil.h index 1f2efd5..aaf1bef 100644 --- a/src/util/virutil.h +++ b/src/util/virutil.h @@ -202,4 +202,5 @@ bool virIsSUID(void); time_t virGetSelfLastChanged(void); void virUpdateSelfLastChanged(const char *path); +int virCrashDaemon(unsigned int flags); #endif /* __VIR_UTIL_H__ */ diff --git a/tools/virsh-host.c b/tools/virsh-host.c index cac6086..28e5e3b 100644 --- a/tools/virsh-host.c +++ b/tools/virsh-host.c @@ -939,6 +939,45 @@ cmdNodeMemoryTune(vshControl *ctl, const vshCmd *cmd) goto cleanup; } +/* + * "crash" command + */ +static const vshCmdInfo info_crash[] = { + {.name = "help", + .data = N_("crash the daemon") + }, + {.name = "desc", + .data = N_("Crash the libvirt daemon using the selected method.") + }, + {.name = NULL} +}; + +static const vshCmdOptDef opts_crash[] = { + {.name = "null", + .type = VSH_OT_BOOL, + .help = N_("Crash by null pointer access") + }, + {.name = "doublefree", + .type = VSH_OT_BOOL, + .help = N_("Crash by double free") + }, + {.name = NULL} +}; + +static bool +cmdCrash(vshControl *ctl, const vshCmd *cmd ATTRIBUTE_UNUSED) +{ + unsigned int flags = VIR_CONNECT_CRASH_RANDOM; + + if (vshCommandOptBool(cmd, "null")) + flags = VIR_CONNECT_CRASH_NULL_PTR; + if (vshCommandOptBool(cmd, "doublefree")) + flags = VIR_CONNECT_CRASH_DOUBLE_FREE; + + virConnectCrashDaemon(ctl->conn, flags); + return true; +} + const vshCmdDef hostAndHypervisorCmds[] = { {.name = "capabilities", .handler = cmdCapabilities, @@ -1024,5 +1063,11 @@ const vshCmdDef hostAndHypervisorCmds[] = { .info = info_version, .flags = 0 }, + {.name = "crash", + .handler = cmdCrash, + .opts = opts_crash, + .info = info_crash, + .flags = 0 + }, {.name = NULL} }; -- 1.8.3.2

3 2