[libvirt PATCH] API: virDomainLookupByID: s/UUId/UUID/
by Ján Tomko
Signed-off-by: Ján Tomko <jtomko(a)redhat.com>
---
src/libvirt-domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libvirt-domain.c b/src/libvirt-domain.c
index 415482a526..a7266ccd88 100644
--- a/src/libvirt-domain.c
+++ b/src/libvirt-domain.c
@@ -284,7 +284,7 @@ virDomainCreateLinux(virConnectPtr conn, const char *xmlDesc,
*
* Try to find a domain based on the hypervisor ID number
* Note that this won't work for inactive domains which have an ID of -1,
- * in that case a lookup based on the Name or UUId need to be done instead.
+ * in that case a lookup based on the Name or UUID need to be done instead.
*
* virDomainFree should be used to free the resources after the
* domain object is no longer needed.
--
2.26.2
4 years, 6 months
[PATCH 0/8] hyperv: implement new APIs & more
by mcoleman@datto.com
From: Matt Coleman <matt(a)datto.com>
These patches fix a couple bugs, consolidate duplicate code, and
implement several APIs.
Currently, some interactions with Hyper-V systems fail when the system
is not configured for the "en-US" locale. Additionally, some CPU names
also contain the clock frequency, making it too long for
_virNodeInfo.model. The first two patches fix these bugs.
The second two patches clean up the code a little: one moves repeated
operations into new helper functions; the other replaces the generic
"get WMI class list" functions with a macro.
The last four patches implement the following APIs in the Hyper-V
driver:
* virConnectGetCapabilities()
* virConnectGetMaxVcpus()
* virConnectGetVersion()
* virDomainGetAutostart()
Matt Coleman (8):
hyperv: make Msvm_ComputerSystem WQL queries locale agnostic
hyperv: fix nodeGetInfo failures caused by long CPU names
hyperv: break out common lookups into separate functions
hyperv: replace generic WMI class list helpers with a macro
hyperv: implement connectGetCapabilities
hyperv: implement connectGetMaxVcpus
hyperv: implement connectGetVersion
hyperv: implement domainGetAutostart
NEWS.rst | 10 +
src/hyperv/hyperv_driver.c | 691 ++++++++++++++++++--------
src/hyperv/hyperv_private.h | 2 +
src/hyperv/hyperv_wmi.c | 87 +---
src/hyperv/hyperv_wmi.h | 34 +-
src/hyperv/hyperv_wmi_classes.h | 4 +-
src/hyperv/hyperv_wmi_generator.input | 2 +-
7 files changed, 524 insertions(+), 306 deletions(-)
--
2.27.0
4 years, 6 months
[PATCH 0/4] docs: formatdomain: misc fixes
by Cole Robinson
A collection of formatdomain fixes that I've noticed over the past
few months
Cole Robinson (4):
docs: formatdomain: remove doubled filesystem <driver>
docs: formatdomain: fix incorrect 'Vsock' heading indent
docs: formatdomain: fix net downscript 'since'
docs: formatdomain: add spicevmc <redirdev> example
docs/formatdomain.rst | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
--
2.28.0
4 years, 6 months
[libvirt PATCH] tests: fix incorrect free of GVariant in our GLib mock functions
by Pavel Hrdina
GLib implementation of g_dbus_connection_call_sync() calls
g_variant_ref_sink() on the passed @parameters to make sure they have
proper reference. If the original reference is floating the
g_dbus_connection_call_sync() consumes it, but if it's normal reference
it will just add another one.
Our mock functions were only freeing the @parameters which is incorrect
and doesn't reflect how the real implementation works.
Reported-by: Cole Robinson <crobinso(a)redhat.com>
Signed-off-by: Pavel Hrdina <phrdina(a)redhat.com>
---
tests/networkxml2firewalltest.c | 4 +++-
tests/virfirewalltest.c | 3 +++
tests/virpolkittest.c | 3 +++
tests/virsystemdtest.c | 4 +++-
4 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/tests/networkxml2firewalltest.c b/tests/networkxml2firewalltest.c
index e0244f508e..3496445f0d 100644
--- a/tests/networkxml2firewalltest.c
+++ b/tests/networkxml2firewalltest.c
@@ -60,8 +60,10 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
GCancellable *, cancellable,
GError **, error)
{
- if (parameters)
+ if (parameters) {
+ g_variant_ref_sink(parameters);
g_variant_unref(parameters);
+ }
VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync);
diff --git a/tests/virfirewalltest.c b/tests/virfirewalltest.c
index 607638e9d0..646b999d96 100644
--- a/tests/virfirewalltest.c
+++ b/tests/virfirewalltest.c
@@ -79,6 +79,9 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
GVariant *reply = NULL;
g_autoptr(GVariant) params = parameters;
+ if (params)
+ g_variant_ref_sink(params);
+
VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync);
if (STREQ(bus_name, "org.freedesktop.DBus") &&
diff --git a/tests/virpolkittest.c b/tests/virpolkittest.c
index 011d83a506..b7cbe28466 100644
--- a/tests/virpolkittest.c
+++ b/tests/virpolkittest.c
@@ -52,6 +52,9 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
GVariant *reply = NULL;
g_autoptr(GVariant) params = parameters;
+ if (params)
+ g_variant_ref_sink(params);
+
VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync);
if (STREQ(bus_name, "org.freedesktop.PolicyKit1") &&
diff --git a/tests/virsystemdtest.c b/tests/virsystemdtest.c
index c1411d7c05..bd0ca51140 100644
--- a/tests/virsystemdtest.c
+++ b/tests/virsystemdtest.c
@@ -54,8 +54,10 @@ VIR_MOCK_WRAP_RET_ARGS(g_dbus_connection_call_sync,
{
GVariant *reply = NULL;
- if (parameters)
+ if (parameters) {
+ g_variant_ref_sink(parameters);
g_variant_unref(parameters);
+ }
VIR_MOCK_REAL_INIT(g_dbus_connection_call_sync);
--
2.26.2
4 years, 6 months
[PATCH 1/1] vircommand.c: write child pidfile before process tuning in virExec()
by Daniel Henrique Barboza
When VIR_EXEC_DAEMON is true and cmd->pidfile exists, the parent
will expect the pidfile to be written before exiting, sitting
tight in a saferead() call waiting.
The child then does process tuning (via virProcessSet* functions)
before writing the pidfile. Problem is that these tunings can
fail, and trigger a 'fork_error' jump, before cmd->pidfile is
written. The result is that the process was aborted in the
child, but the parent is still hang in the saferead() call.
This behavior can be reproduced by trying to create and execute
a QEMU guest in user mode (e.g. using qemu:///session as non-root).
virProcessSetMaxMemLock() will fail if the spawned libvirtd user
process does not have CAP_SYS_RESOURCE capability. setrlimit() will
fail, and a 'fork_error' jump is triggered before cmd->pidfile
is written. The parent will hung in saferead() indefinitely. From
the user perspective, 'virsh start <guest>' will hang up
indefinitely. CTRL+C can be used to retrieve the terminal, but
any subsequent 'virsh' call will also hang because the previous
libvirtd user process is still there.
We can fix this by moving all virProcessSet*() tuning functions
to be executed after cmd->pidfile is taken care of. In the case
mentioned above, this would be the result of 'virsh start'
after this patch:
error: Failed to start domain vm1
error: internal error: Process exited prior to exec: libvirt: error :
cannot limit locked memory to 79691776: Operation not permitted
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1882093
Signed-off-by: Daniel Henrique Barboza <danielhb413(a)gmail.com>
---
src/util/vircommand.c | 19 ++++++++++---------
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/src/util/vircommand.c b/src/util/vircommand.c
index 76f7eb9a3d..0475e22db6 100644
--- a/src/util/vircommand.c
+++ b/src/util/vircommand.c
@@ -787,15 +787,6 @@ virExec(virCommandPtr cmd)
}
}
- if (virProcessSetMaxMemLock(0, cmd->maxMemLock) < 0)
- goto fork_error;
- if (virProcessSetMaxProcesses(0, cmd->maxProcesses) < 0)
- goto fork_error;
- if (virProcessSetMaxFiles(0, cmd->maxFiles) < 0)
- goto fork_error;
- if (cmd->setMaxCore &&
- virProcessSetMaxCoreSize(0, cmd->maxCore) < 0)
- goto fork_error;
if (cmd->pidfile) {
int pidfilefd = -1;
char c;
@@ -820,6 +811,16 @@ virExec(virCommandPtr cmd)
/* pidfilefd is intentionally leaked. */
}
+ if (virProcessSetMaxMemLock(0, cmd->maxMemLock) < 0)
+ goto fork_error;
+ if (virProcessSetMaxProcesses(0, cmd->maxProcesses) < 0)
+ goto fork_error;
+ if (virProcessSetMaxFiles(0, cmd->maxFiles) < 0)
+ goto fork_error;
+ if (cmd->setMaxCore &&
+ virProcessSetMaxCoreSize(0, cmd->maxCore) < 0)
+ goto fork_error;
+
if (cmd->hook) {
VIR_DEBUG("Run hook %p %p", cmd->hook, cmd->opaque);
ret = cmd->hook(cmd->opaque);
--
2.26.2
4 years, 6 months
[libvirt PATCH 0/5] misc spelling errors reported by codespell
by Daniel P. Berrangé
Daniel P. Berrangé (5):
docs: fix misc spelling errors reported by codespell
src: fix misc spelling errors reported by codespell
tests: fix misc spelling errors reported by codespell
tools: fix misc spelling errors reported by codespell
examples: fix misc spelling errors reported by codespell
NEWS.rst | 8 ++++----
docs/auth.html.in | 2 +-
docs/daemons.rst | 4 ++--
docs/drvesx.html.in | 6 +++---
docs/drvxen.html.in | 2 +-
docs/format.html.in | 2 +-
docs/formatdomain.rst | 6 +++---
docs/formatdomaincaps.html.in | 2 +-
docs/formatnetwork.html.in | 4 ++--
docs/formatnode.html.in | 2 +-
docs/formatstorage.html.in | 2 +-
docs/formatstoragecaps.html.in | 2 +-
docs/hooks.html.in | 4 ++--
docs/kbase/backing_chains.rst | 2 +-
docs/kbase/debuglogs.rst | 6 +++---
docs/kbase/kvm-realtime.rst | 2 +-
docs/kbase/migrationinternals.rst | 2 +-
docs/kbase/rpm-deployment.rst | 2 +-
docs/logos/README | 2 +-
docs/manpages/virsh.rst | 2 +-
docs/manpages/virt-login-shell.rst | 8 ++++----
docs/schemas/basictypes.rng | 2 +-
docs/schemas/domaincommon.rng | 2 +-
docs/securityprocess.html.in | 2 +-
docs/strategy.html.in | 2 +-
docs/uri.html.in | 2 +-
examples/c/admin/list_clients.c | 2 +-
examples/c/admin/list_servers.c | 2 +-
examples/c/domain/info1.c | 2 +-
src/esx/esx_vi.c | 4 ++--
src/libvirt-domain.c | 4 ++--
src/locking/virtlockd.service.in | 2 +-
src/logging/virtlogd.service.in | 2 +-
src/qemu/qemu_qapi.c | 4 ++--
src/remote/remote_daemon.c | 2 +-
src/util/virbuffer.c | 2 +-
src/util/vireventglib.c | 2 +-
src/util/virhash.c | 2 +-
src/util/virnetdevmacvlan.c | 2 +-
src/vbox/vbox_uniformed_api.h | 2 +-
tests/vircgroupmock.c | 2 +-
tests/virmockstathelpers.c | 4 ++--
tests/virnetdaemondata/README | 2 +-
tests/virpcimock.c | 2 +-
tools/virsh-completer.c | 2 +-
tools/virsh-pool.c | 2 +-
tools/wireshark/util/genxdrstub.pl | 2 +-
47 files changed, 66 insertions(+), 66 deletions(-)
--
2.26.2
4 years, 6 months
[PATCH] NEWS: mention CVE-2020-25637 in v6.8.0 release notes
by Mauro Matteo Cascella
---
NEWS.rst | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index de46cac8c5..f6074d9fe8 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -27,6 +27,14 @@ v6.9.0 (unreleased)
v6.8.0 (2020-10-01)
===================
+* **Security**
+
+ * qemu: double free in qemuAgentGetInterfaces() in qemu_agent.c
+
+ Clients connecting to the read-write socket with limited ACL permissions
+ may be able to crash the libvirt daemon, resulting in a denial of service,
+ or potentially escalate their privileges on the system. CVE-2020-25637.
+
* **New features**
* xen: Add ``writeFiltering`` attribute for PCI devices
--
2.26.2
4 years, 6 months
[PATCH 0/6] virBitmapCopy: Refactor to prevent failures
by Peter Krempa
Note that this applies on top of my previous series dealing with
bitmaps.
Peter Krempa (6):
virBitmapNewCopy: Reimplement bitmap copying to prevent failure
Don't check return value of virBitmapNewCopy
Use 'virBitmapNewCopy' instead of 'virBitmapCopy'
util: virbitmap: Remove virBitmapCopy
virDomainResctrlNew: Refactor allocation to remove 'cleanup' label
qemuDomainFilterHotplugVcpuEntities: Refactor memory freeing to remove
'cleanup' label
src/conf/capabilities.c | 6 ++----
src/conf/domain_conf.c | 19 ++++--------------
src/conf/numa_conf.c | 4 ++--
src/libvirt_private.syms | 1 -
src/qemu/qemu_capabilities.c | 3 ++-
src/qemu/qemu_driver.c | 13 +++----------
src/qemu/qemu_hotplug.c | 20 ++++++-------------
src/qemu/qemu_migration_cookie.c | 3 ---
src/qemu/qemu_process.c | 3 +--
src/test/test_driver.c | 5 +----
src/util/virbitmap.c | 33 ++------------------------------
src/util/virbitmap.h | 6 ------
src/util/virresctrl.c | 4 ++--
src/util/virstoragefile.c | 5 ++---
14 files changed, 27 insertions(+), 98 deletions(-)
--
2.26.2
4 years, 6 months
[PATCH 00/20] qemu: migration_cookie: Refactor and modernize
by Peter Krempa
Note that this applies on top of the recent bitmap refactors
Peter Krempa (20):
qemu: migration_cookie: Extract parsing/validation of mandatory
features
qemuMigrationCookieXMLParse: Switch to single-purpose temporary
variables
qemuMigrationCookieXMLParse: Check domain element count more
defensively
qemuMigrationCookieXMLParse: Decrease scope of 'nodes' and use
automatic freeing
qemuMigrationCookieXMLParse: Remove comment mentioning that error was
already set
qemuMigrationCookieXMLParse: Remove 'error' label
qemuMigrationCookieGraphicsXMLFormat: Use 'virXMLFormatElement'
qemuMigrationCookieNetworkXMLFormat: Refactor XML formatting
qemuMigrationCookieXMLFormat: Extract formatting of NBD
qemuDomainExtractTLSSubject: Refactor memory handling
qemu: migration_cookie: Register 'autoptr' functions for internal
types
qemuMigrationCookieGraphicsSpiceAlloc: Refactor memory handling
qemuMigrationCookieNetworkAlloc: Refactor memory handling
qemuMigrationCookieXMLFormat: Refactor memory handling
qemuMigrationCookieNetworkXMLParse: Refactor memory handling
qemuMigrationCookieNBDXMLParse: Refactor memory handling
qemuMigrationCookieCapsXMLParse: Refactor memory handling
qemuMigrationCookieAddCaps: Use 'g_new0' instead of VIR_ALLOC
qemuMigrationCookieXMLParse: Avoid VIR_FREE when parsing lockstate
qemu: migration_cookie: s/VIR_FREE/g_free/
src/qemu/qemu_migration_cookie.c | 493 ++++++++++++++-----------------
1 file changed, 214 insertions(+), 279 deletions(-)
--
2.26.2
4 years, 6 months
virsystemdtest segfault on ppc64
by Cole Robinson
I'm seeing failures building libvirt 6.8.0 rpm on fedora 32, 33, and
rawhide. virsystemdtest is segfaulting on ppc64.
https://kojipkgs.fedoraproject.org//work/tasks/5494/52595494/build.log
The output from the failed tests:
74/160 libvirt / virsystemdtest FAIL 0.44s
(killed by signal 11 SIGSEGV)
--- command ---
17:14:09 abs_srcdir='/builddir/build/BUILD/libvirt-6.8.0/tests'
abs_top_srcdir='/builddir/build/BUILD/libvirt-6.8.0'
VIR_TEST_EXPENSIVE='1' LIBVIRT_AUTOSTART='0'
abs_top_builddir='/builddir/build/BUILD/libvirt-6.8.0/ppc64le-redhat-linux-gnu'
LC_ALL='C'
abs_builddir='/builddir/build/BUILD/libvirt-6.8.0/ppc64le-redhat-linux-gnu/tests'
/builddir/build/BUILD/libvirt-6.8.0/ppc64le-redhat-linux-gnu/tests/virsystemdtest
--- stderr ---
TEST: virsystemdtest
(process:3397099): GLib-CRITICAL **: 17:14:09.137:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.137:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.137:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.137:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.137:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.137:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.137:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.137:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.....
(process:3397099): GLib-CRITICAL **: 17:14:09.138:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.138:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.138:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
(process:3397099): GLib-CRITICAL **: 17:14:09.138:
g_atomic_ref_count_dec: assertion 'g_atomic_int_get (arc) > 0' failed
.
-------
Full log written to
/builddir/build/BUILD/libvirt-6.8.0/ppc64le-redhat-linux-gnu/meson-logs/testlog.txt
RPM build errors:
error: Bad exit status from /var/tmp/rpm-tmp.Yh8pF5 (%check)
Bad exit status from /var/tmp/rpm-tmp.Yh8pF5 (%check)
Child return code was: 1
Thanks,
Cole
4 years, 6 months
