[libvirt] [PATCH 0/2] qemu: Remove memory backing files on failed memory hotplug
by Peter Krempa
see 2/2
Peter Krempa (2):
REPRODUCER -- DO NOT PUSH
qemu: hotplug: Clean up memory backing files after failed memory
hotplug
dom.xml | 110 ++++++++++++++++++++++++++++++++++++++++++++++++
mem.xml | 6 +++
src/qemu/qemu_hotplug.c | 7 +++
3 files changed, 123 insertions(+)
create mode 100644 dom.xml
create mode 100644 mem.xml
--
2.16.2
6 years, 9 months
[libvirt] [PATCH] m4: use pkgconfig to detect xenstore
by Olaf Hering
Since Xen 4.9 a pkgconfig file exists to gather info about building
against libxenstore.so. Use it if available.
Signed-off-by: Olaf Hering <olaf(a)aepfle.de>
---
m4/virt-driver-xen.m4 | 41 +++++++++++++++++++++++++++++------------
1 file changed, 29 insertions(+), 12 deletions(-)
diff --git a/m4/virt-driver-xen.m4 b/m4/virt-driver-xen.m4
index 2a26863ca..52d4f5162 100644
--- a/m4/virt-driver-xen.m4
+++ b/m4/virt-driver-xen.m4
@@ -27,25 +27,42 @@ AC_DEFUN([LIBVIRT_DRIVER_CHECK_XEN], [
old_CFLAGS="$CFLAGS"
XEN_LIBS=""
XEN_CFLAGS=""
+ fail=0
dnl search for the Xen store library
+ dnl Either use the provided path, or make use of pkgconfig
+ dnl Xen versions prior 4.9 had no pkgconfig file
if test "$with_xen" != "no" ; then
+ xen_path_provided="no"
if test "$with_xen" != "yes" && test "$with_xen" != "check" ; then
XEN_CFLAGS="-I$with_xen/include"
XEN_LIBS="-L$with_xen/lib64 -L$with_xen/lib"
+ xen_path_provided="yes"
+ fi
+
+ if test "$xen_path_provided" = "no" ; then
+ PKG_CHECK_MODULES([XEN], [xenstore], [
+ fail=0
+ with_xen=yes
+ ], [
+ fail=1
+ ])
+ fi
+ dnl manual check if either path was provided or pkgconfig does not exist
+ if test "$xen_path_provided" = "yes" || test "$fail" = 1 ; then
+ CFLAGS="$CFLAGS $XEN_CFLAGS"
+ LIBS="$LIBS $XEN_LIBS"
+ AC_CHECK_LIB([xenstore], [xs_read], [
+ fail=0
+ with_xen=yes
+ XEN_LIBS="$XEN_LIBS -lxenstore"
+ ],[
+ if test "$with_xen" = "yes"; then
+ fail=1
+ fi
+ with_xen=no
+ ])
fi
- fail=0
- CFLAGS="$CFLAGS $XEN_CFLAGS"
- LIBS="$LIBS $XEN_LIBS"
- AC_CHECK_LIB([xenstore], [xs_read], [
- with_xen=yes
- XEN_LIBS="$XEN_LIBS -lxenstore"
- ],[
- if test "$with_xen" = "yes"; then
- fail=1
- fi
- with_xen=no
- ])
fi
if test "$with_xen" != "no" ; then
6 years, 9 months
[libvirt] [PATCH] bugfix: add lock in ClientClose to avoid data race
by xinhua.Cao
From: l00425170 <liujunjie23(a)huawei.com>
When libvirt client registers callback function,
remoteDispatchConnectDomainEventCallbackRegisterAny is called, then virInsertElementsN
will be called to add new callback for struct daemonClientPrivate *priv.
But at the same time, if the corresponding socket is closed (one way is to kill the
client process), the close callback remoteClientCloseFunc is called, then
remoteFreePrivCallbacks(priv) is called to free priv. So there exists data race to
cause libvirtd coredump.
More details, in add callback, when memset for ptrptr (that is priv) is done in
virExpandN at the process of virInsertElementsN. At this time point, priv can be
free to be 0x0 when close client.
So when the procedure goes to memcpy in virInsertElementsN, the libvirtd will coredump.
And the stack are as follows:
Thread 1 (Thread 0x7feadf7fe700 (LWP 8978)):
#0 0x00007feb7b77f314 in __memcpy_ssse3_back() from /usr/lib64/libc.so.6
#1 0x00007feb7e769a82 in memcpy
(__len=8, __src=0x7feadf7fdb58, __dest=<optimized out>)
at /usr/include/bits/string3.h:51
#2 virInsertElementsN
(ptrptr=ptrptr@entry=0x558e9c36fae8, size=size@entry=8,
at=<optimized out>, at@entry=18446744073709551615,
countptr=countptr@entry=0x558e9c36faf0, add=add@entry=1,
newelems=newelems@entry=0x7feadf7fdb58, clearOriginal=clearOriginal@entry=true,
inPlace=inPlace@entry=false, report=report@entry=true,
domcode=domcode@entry=7, filename=filename@entry=0x558e9af16107 "remote.c",
funcname=funcname@entry=0x558e9af24600 <__FUNCTION__.48097>
"remoteDispatchConnectDomainEventCallbackRegisterAny", linenr=linenr@entry=4424)
at util/viralloc.c:454
#3 0x0000558e9aed7001 in remoteDispatchConnectDomainEventCallbackRegisterAny
(server=<optimized out>, msg=<optimized out>, ret=0x7feab805e6f0,
args=0x7feab806aa40, rerr=0x7feadf7fdc90, client=<optimized out>)
at remote.c:4422
#4 remoteDispatchConnectDomainEventCallbackRegisterAnyHelper
(server=<optimized out>, client=<optimized out>, msg=<optimized out>,
rerr=0x7feadf7fdc90, args=0x7feab806aa40, ret=0x7feab805e6f0)
at remote_dispatch.h:424
#5 0x0000558e9af0ca48 in virNetServerProgramDispatchCall
(msg=0x558e9c3925c0, client=0x558e9c36f970, server=0x558e9c351570,
prog=0x558e9c367d50)
at rpc/virnetserverprogram.c:474
#6 virNetServerProgramDispatch
(prog=0x558e9c367d50, server=server@entry=0x558e9c351570, client=0x558e9c36f970,
msg=0x558e9c3925c0)
at rpc/virnetserverprogram.c:311
#7 0x0000558e9af085ed in virNetServerProcessMsg
(msg=<optimized out>, prog=<optimized out>, client=<optimized out>,
srv=0x558e9c351570)
at rpc/virnetserver.c:148
#8 virNetServerHandleJob
(jobOpaque=<optimized out>, opaque=0x558e9c351570)
at rpc/virnetserver.c:169
#9 0x00007feb7e7f1861 in virThreadPoolWorker
(opaque=opaque@entry=0x558e9c36b5f0)
at util/virthreadpool.c:167
#10 0x00007feb7e7f0b78 in virThreadHelper
(data=<optimized out>)
at util/virthread.c:219
#11 0x00007feb7b9fcdc5 in start_thread () from /usr/lib64/libpthread.so.0
#12 0x00007feb7b72b75d in clone () from /usr/lib64/libc.so.6
Signed-off-by: l00425170 <liujunjie23(a)huawei.com>
---
src/remote/remote_daemon.h | 2 ++
src/remote/remote_daemon_dispatch.c | 46 ++++++++++++++++++++++++++++++++++++-
2 files changed, 47 insertions(+), 1 deletion(-)
diff --git a/src/remote/remote_daemon.h b/src/remote/remote_daemon.h
index 4467f71..8accafc 100644
--- a/src/remote/remote_daemon.h
+++ b/src/remote/remote_daemon.h
@@ -76,6 +76,8 @@ struct daemonClientPrivate {
virConnectPtr conn;
daemonClientStreamPtr streams;
+
+ bool clientClosed;
};
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
index fdb0a36..59e69e6 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -1752,8 +1752,12 @@ static void remoteClientCloseFunc(virNetServerClientPtr client)
daemonRemoveAllClientStreams(priv->streams);
/* Deregister event delivery callback */
- if (priv->conn)
+ if (priv->conn) {
+ virMutexLock(&priv->lock);
remoteClientFreePrivateCallbacks(priv);
+ priv->clientClosed = true;
+ virMutexUnlock(&priv->lock);
+ }
}
@@ -3889,6 +3893,11 @@ remoteDispatchConnectDomainEventRegister(virNetServerPtr server ATTRIBUTE_UNUSED
virMutexLock(&priv->lock);
+ if (priv->clientClosed) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection want close"));
+ goto cleanup;
+ }
+
/* If we call register first, we could append a complete callback
* to our array, but on OOM append failure, we'd have to then hope
* deregister works to undo our register. So instead we append an
@@ -4116,6 +4125,11 @@ remoteDispatchConnectDomainEventRegisterAny(virNetServerPtr server ATTRIBUTE_UNU
virMutexLock(&priv->lock);
+ if (priv->clientClosed) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection want close"));
+ goto cleanup;
+ }
+
/* We intentionally do not use VIR_DOMAIN_EVENT_ID_LAST here; any
* new domain events added after this point should only use the
* modern callback style of RPC. */
@@ -4192,6 +4206,11 @@ remoteDispatchConnectDomainEventCallbackRegisterAny(virNetServerPtr server ATTRI
virMutexLock(&priv->lock);
+ if (priv->clientClosed) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection want close"));
+ goto cleanup;
+ }
+
if (args->dom &&
!(dom = get_nonnull_domain(priv->conn, *args->dom)))
goto cleanup;
@@ -5702,6 +5721,11 @@ remoteDispatchConnectNetworkEventRegisterAny(virNetServerPtr server ATTRIBUTE_UN
virMutexLock(&priv->lock);
+ if (priv->clientClosed) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection want close"));
+ goto cleanup;
+ }
+
if (args->net &&
!(net = get_nonnull_network(priv->conn, *args->net)))
goto cleanup;
@@ -5824,6 +5848,11 @@ remoteDispatchConnectStoragePoolEventRegisterAny(virNetServerPtr server ATTRIBUT
virMutexLock(&priv->lock);
+ if (priv->clientClosed) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection want close"));
+ goto cleanup;
+ }
+
if (args->pool &&
!(pool = get_nonnull_storage_pool(priv->conn, *args->pool)))
goto cleanup;
@@ -5945,6 +5974,11 @@ remoteDispatchConnectNodeDeviceEventRegisterAny(virNetServerPtr server ATTRIBUTE
virMutexLock(&priv->lock);
+ if (priv->clientClosed) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection want close"));
+ goto cleanup;
+ }
+
if (args->dev &&
!(dev = get_nonnull_node_device(priv->conn, *args->dev)))
goto cleanup;
@@ -6066,6 +6100,11 @@ remoteDispatchConnectSecretEventRegisterAny(virNetServerPtr server ATTRIBUTE_UNU
virMutexLock(&priv->lock);
+ if (priv->clientClosed) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection want close"));
+ goto cleanup;
+ }
+
if (args->secret &&
!(secret = get_nonnull_secret(priv->conn, *args->secret)))
goto cleanup;
@@ -6188,6 +6227,11 @@ qemuDispatchConnectDomainMonitorEventRegister(virNetServerPtr server ATTRIBUTE_U
virMutexLock(&priv->lock);
+ if (priv->clientClosed) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("connection want close"));
+ goto cleanup;
+ }
+
if (args->dom &&
!(dom = get_nonnull_domain(priv->conn, *args->dom)))
goto cleanup;
--
2.13.3.windows.1
6 years, 9 months
[libvirt] [PATCH] qemu: hotplug: fail when net device detach times out
by Jonathan Davies
qemuDomainDetachNetDevice should not treat a timeout in a call to
qemuDomainWaitForDeviceRemoval as success. Instead, it should treat it
as failure -- this is the intention behind having a timeout.
If qemuDomainWaitForDeviceRemoval times out, it returns 0. In this
instance, if qemuDomainDetachNetDevice returns 0, virsh detach-interface
reports:
Interface detached successfully
with a zero exit status.
But with a negative return value from qemuDomainDetachNetDevice, virsh
detach-interface reports:
error: Failed to detach interface
error: An error occurred, but the cause is unknown
with a non-zero exit status, which is more appropriate.
Signed-off-by: Jonathan Davies <jonathan.davies(a)nutanix.com>
---
src/qemu/qemu_hotplug.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c
index 4be0f546c..d9a2f2d4d 100644
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -5082,8 +5082,13 @@ qemuDomainDetachNetDevice(virQEMUDriverPtr driver,
if (qemuDomainObjExitMonitor(driver, vm) < 0)
goto cleanup;
- if ((ret = qemuDomainWaitForDeviceRemoval(vm)) == 1)
+ ret = qemuDomainWaitForDeviceRemoval(vm);
+ if (ret == 1) {
ret = qemuDomainRemoveNetDevice(driver, vm, detach);
+ } else if (ret == 0) {
+ VIR_WARN("Detach of device %s timed out; treating as a failure", detach->ifname);
+ ret = -1;
+ }
cleanup:
qemuDomainResetDeviceRemoval(vm);
--
2.14.1
6 years, 9 months
[libvirt] [PATCH security-notice 0/4] Add missing security notices
by Daniel P. Berrangé
This provides the security notices we've had so far in 2018 and a
script to make future ones easier to create.
Daniel P. Berrangé (4):
LSN-2018-0001 / CVE-2017-5715 - Spectre variant 2 branch target
injection
LSN-2018-0002 / CVE-2018-5748 - QEMU monitor denial of service
LSN-2018-0003 / CVE-2018-6764 - Insecure usage of NSS modules during
container startup
Add a script for generating a list of vulnerable tags & branches
notices/2018/0001.xml | 276 ++++++++++++++++++++++++++++++++++++++
notices/2018/0002.xml | 274 +++++++++++++++++++++++++++++++++++++
notices/2018/0003.xml | 269 +++++++++++++++++++++++++++++++++++++
scripts/report-vulnerable-tags.pl | 108 +++++++++++++++
4 files changed, 927 insertions(+)
create mode 100644 notices/2018/0001.xml
create mode 100644 notices/2018/0002.xml
create mode 100644 notices/2018/0003.xml
create mode 100644 scripts/report-vulnerable-tags.pl
--
2.14.3
6 years, 9 months
[libvirt] [PATCH] tests: Fix path to status XML test directory in makefile
by Peter Krempa
Commit 99e30acfdce added 'qemustatusxml2xmloutdata' to EXTRA_DIST but
the directory added in the commit is called 'qemustatusxml2xmldata'
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
Pushed under the I-didn't-run-distcheck-when-messing-with-files-in-the-tree-and-broke-the-build-rule.
tests/Makefile.am | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/Makefile.am b/tests/Makefile.am
index 1f60ee0393..11a9b904ed 100644
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -128,7 +128,7 @@ EXTRA_DIST = \
qemumonitorjsondata \
qemuxml2argvdata \
qemuxml2xmloutdata \
- qemustatusxml2xmloutdata \
+ qemustatusxml2xmldata \
qemumemlockdata \
secretxml2xmlin \
securityselinuxhelperdata \
--
2.16.2
6 years, 9 months
[libvirt] [PATCH] tests: bhyvexml2xml: Fix call to testCompareDomXML2XMLFiles
by Peter Krempa
Commit 1b28038300b forgot to fix the arguments for this one caller.
Signed-off-by: Peter Krempa <pkrempa(a)redhat.com>
---
Pushed under the build-breaker rule.
tests/bhyvexml2xmltest.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/bhyvexml2xmltest.c b/tests/bhyvexml2xmltest.c
index e483dac630..4d9c1681db 100644
--- a/tests/bhyvexml2xmltest.c
+++ b/tests/bhyvexml2xmltest.c
@@ -39,7 +39,7 @@ testCompareXMLToXMLHelper(const void *data)
ret = testCompareDomXML2XMLFiles(driver.caps, driver.xmlopt, xml_in,
is_different ? xml_out : xml_in,
- false, NULL, NULL, 0,
+ false, 0,
TEST_COMPARE_DOM_XML2XML_RESULT_SUCCESS);
if ((ret != 0) && (info->flags & FLAG_EXPECT_FAILURE)) {
--
2.16.2
6 years, 9 months
[libvirt] [PATCH] build: Add srpm make target
by Jiri Denemark
Signed-off-by: Jiri Denemark <jdenemar(a)redhat.com>
---
Makefile.am | 3 +++
1 file changed, 3 insertions(+)
diff --git a/Makefile.am b/Makefile.am
index 0d46c16c22..81c7f52d9c 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -69,6 +69,9 @@ EXTRA_DIST += \
rpm: clean
@(unset CDPATH ; $(MAKE) dist && rpmbuild -ta $(distdir).tar.xz)
+srpm: clean
+ @(unset CDPATH ; $(MAKE) dist && rpmbuild -ts $(distdir).tar.xz)
+
check-local: all tests
check-access:
--
2.16.2
6 years, 9 months
[libvirt] [PATCH 0/2] Two small memleak fixes
by Michal Privoznik
*** BLURB HERE ***
Michal Privoznik (2):
virSysinfoParseX86Chassis: Store asset tag into correct pointer
virSecurityDACChownListFree: Don't leak list->items array
src/security/security_dac.c | 1 +
src/util/virsysinfo.c | 2 +-
2 files changed, 2 insertions(+), 1 deletion(-)
--
2.16.1
6 years, 9 months
[libvirt] [PATCH] conf: allow more user friendly names for disk formats
by Daniel P. Berrangé
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
src/conf/domain_conf.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 04a6ee77af..007b73a84d 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -9152,6 +9152,12 @@ virDomainDiskDefDriverParseXML(virDomainDiskDefPtr def,
if (STREQ(tmp, "aio")) {
/* Xen back-compat */
def->src->format = VIR_STORAGE_FILE_RAW;
+ } else if (STREQ(tmp, "🐄")) {
+ def->src->format = VIR_STORAGE_FILE_COW;
+ } else if (STREQ(tmp, "q🐄")) {
+ def->src->format = VIR_STORAGE_FILE_QCOW;
+ } else if (STREQ(tmp, "q🐄2")) {
+ def->src->format = VIR_STORAGE_FILE_QCOW2;
} else {
if ((def->src->format = virStorageFileFormatTypeFromString(tmp)) <= 0) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
--
2.14.3
6 years, 9 months