[libvirt PATCH] nodedev: handle mdevs from multiple parents
by Jonathon Jongsma
Due to a rather unfortunate misunderstanding, we were parsing the list
of defined devices from mdevctl incorrectly. Since my primary
development machine only has a single device capable of mdevs, I
apparently neglected to test multiple parent devices and made some
assumptions based on reading the mdevctl code. These assumptions turned
out to be incorrect, so the parsing failed when devices from more than
one parent device were returned.
The details: mdevctl returns an array of objects representing the
defined devices. But instead of an array of multiple objects (with each
object representing a parent device), the array always contains only a
single object. That object has a separate property for each parent
device.
Signed-off-by: Jonathon Jongsma <jjongsma(a)redhat.com>
---
src/node_device/node_device_driver.c | 41 ++++++++++---------
.../mdevctl-list-multiple.json | 4 +-
2 files changed, 23 insertions(+), 22 deletions(-)
diff --git a/src/node_device/node_device_driver.c b/src/node_device/node_device_driver.c
index 8a0a2c3847..cb2c3ceaa4 100644
--- a/src/node_device/node_device_driver.c
+++ b/src/node_device/node_device_driver.c
@@ -1056,6 +1056,7 @@ nodeDeviceParseMdevctlJSON(const char *jsonstring,
size_t noutdevs = 0;
size_t i;
size_t j;
+ virJSONValue *obj;
json_devicelist = virJSONValueFromString(jsonstring);
@@ -1065,31 +1066,33 @@ nodeDeviceParseMdevctlJSON(const char *jsonstring,
goto error;
}
- n = virJSONValueArraySize(json_devicelist);
+ /* mdevctl list --dumpjson produces an output that is an array that
+ * contains only a single object which contains a property for each parent
+ * device */
+ if (virJSONValueArraySize(json_devicelist) != 1) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("Unexpected format for mdevctl response"));
+ goto error;
+ }
+
+ obj = virJSONValueArrayGet(json_devicelist, 0);
+
+ if (!virJSONValueIsObject(obj)) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("device list is not an object"));
+ goto error;
+ }
+ n = virJSONValueObjectKeysNumber(obj);
for (i = 0; i < n; i++) {
- virJSONValue *obj = virJSONValueArrayGet(json_devicelist, i);
const char *parent;
virJSONValue *child_array;
int nchildren;
- if (!virJSONValueIsObject(obj)) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Parent device is not an object"));
- goto error;
- }
-
- /* mdevctl returns an array of objects. Each object is a parent device
- * object containing a single key-value pair which maps from the name
- * of the parent device to an array of child devices */
- if (virJSONValueObjectKeysNumber(obj) != 1) {
- virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
- _("Unexpected format for parent device object"));
- goto error;
- }
-
- parent = virJSONValueObjectGetKey(obj, 0);
- child_array = virJSONValueObjectGetValue(obj, 0);
+ /* The key of each object property is the name of a parent device
+ * which maps to an array of child devices */
+ parent = virJSONValueObjectGetKey(obj, i);
+ child_array = virJSONValueObjectGetValue(obj, i);
if (!virJSONValueIsArray(child_array)) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
diff --git a/tests/nodedevmdevctldata/mdevctl-list-multiple.json b/tests/nodedevmdevctldata/mdevctl-list-multiple.json
index eefcd90c62..ca1918d00a 100644
--- a/tests/nodedevmdevctldata/mdevctl-list-multiple.json
+++ b/tests/nodedevmdevctldata/mdevctl-list-multiple.json
@@ -24,9 +24,7 @@
]
}
}
- ]
- },
- {
+ ],
"matrix": [
{ "783e6dbb-ea0e-411f-94e2-717eaad438bf": {
"mdev_type": "vfio_ap-passthrough",
--
2.31.1
3 years, 5 months
[libvirt PATCH] NEWS: Fix spacing between releases
by Andrea Bolognani
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
NEWS.rst | 2 ++
1 file changed, 2 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 552f845211..2536955a4a 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -90,6 +90,7 @@ v7.4.0 (2021-06-01)
Having a 0 offset so that the size of the image can be limited is a
valid configuration so it was allowed in the XML schema.
+
v7.3.0 (2021-05-03)
===================
@@ -189,6 +190,7 @@ v7.3.0 (2021-05-03)
properly when a connection URI or read only flag were specified on
``virsh`` or ``virt-admin`` command line.
+
v7.2.0 (2021-04-01)
===================
--
2.31.1
3 years, 5 months
Release of libvirt-7.5.0
by Jiri Denemark
The 7.5.0 release of both libvirt and libvirt-python is tagged and
signed tarballs and source RPMs are available at
https://libvirt.org/sources/
https://libvirt.org/sources/python/
Thanks everybody who helped with this release by sending patches,
reviewing, testing, or providing any other feedback. Your work is
greatly appreciated.
* Security
* svirt: fix MCS label generation (CVE-2021-3631)
A flaw in the way MCS labels were generated could result in a VM's
resource not being fully protected from access by another VM were
it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153
* Removed features
* xen: Remove support for Xen < 4.9
In accordance with our platform support policy, the oldest supported Xen
version is now bumped from 4.6 to 4.9.
* Improvements
* docs: Document disk serial truncation status quo
Disk ``<serial>`` is being truncated by QEMU before passed to the guest.
Since it's impossible to fix it without running into further regressions
the documentation was improved to document the intricacies.
* Bug fixes
* qemu: Fixed validation of disk ``iothread`` configuration
The validation of ``iothread`` config was previously moved to a place where
it caused bogus errors when address wasn't allocated when hotplugging a
disk. The check is now removed as it wasn't actually necessary at all.
Enjoy.
Jirka
3 years, 5 months
[PATCH] Add news item for sVirt CVE fix
by Daniel P. Berrangé
Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com>
---
NEWS.rst | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/NEWS.rst b/NEWS.rst
index 935b0d0aad..3297560941 100644
--- a/NEWS.rst
+++ b/NEWS.rst
@@ -11,6 +11,14 @@ For a more fine-grained view, use the `git log`_.
v7.5.0 (unreleased)
===================
+* **Security fixes**
+
+ * svirt: fix MCS label generation (CVE-2021-3631)
+
+ A flaw in the way MCS labels were generated could result in a VM's
+ resource not being fully protected from access by another VM were
+ it to be compromised. https://gitlab.com/libvirt/libvirt/-/issues/153
+
* **Removed features**
* xen: Remove support for Xen < 4.9
--
2.31.1
3 years, 5 months
[PATCH] qemu: code protection for qemuBlockJobEventProcessLegacy
by huangy81@chinatelecom.cn
From: Chongyun Wu <wucy11(a)chinatelecom.cn>
pointer disk might be null in some special cases or new
usage scenarios, therefore code protection is needed to
prevent segment faults.
Signed-off-by: Chongyun Wu <wucy11(a)chinatelecom.cn>
---
src/qemu/qemu_blockjob.c | 43 ++++++++++++++++++++++++-------------------
1 file changed, 24 insertions(+), 19 deletions(-)
diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c
index faf9a9f..00506b9 100644
--- a/src/qemu/qemu_blockjob.c
+++ b/src/qemu/qemu_blockjob.c
@@ -781,12 +781,13 @@ qemuBlockJobEventProcessLegacy(virQEMUDriver *driver,
{
virDomainDiskDef *disk = job->disk;
- VIR_DEBUG("disk=%s, mirrorState=%s, type=%d, state=%d, newstate=%d",
- disk->dst,
- NULLSTR(virDomainDiskMirrorStateTypeToString(disk->mirrorState)),
- job->type,
- job->state,
- job->newstate);
+ if (disk)
+ VIR_DEBUG("disk=%s, mirrorState=%s, type=%d, state=%d, newstate=%d",
+ disk->dst,
+ NULLSTR(virDomainDiskMirrorStateTypeToString(disk->mirrorState)),
+ job->type,
+ job->state,
+ job->newstate);
if (job->newstate == -1)
return;
@@ -804,26 +805,30 @@ qemuBlockJobEventProcessLegacy(virQEMUDriver *driver,
break;
case VIR_DOMAIN_BLOCK_JOB_READY:
- disk->mirrorState = VIR_DOMAIN_DISK_MIRROR_STATE_READY;
- qemuDomainSaveStatus(vm);
+ if (disk) {
+ disk->mirrorState = VIR_DOMAIN_DISK_MIRROR_STATE_READY;
+ qemuDomainSaveStatus(vm);
+ }
break;
case VIR_DOMAIN_BLOCK_JOB_FAILED:
case VIR_DOMAIN_BLOCK_JOB_CANCELED:
- if (disk->mirror) {
- virDomainLockImageDetach(driver->lockManager, vm, disk->mirror);
+ if (disk) {
+ if (disk->mirror) {
+ virDomainLockImageDetach(driver->lockManager, vm, disk->mirror);
- /* Ideally, we would restore seclabels on the backing chain here
- * but we don't know if somebody else is not using parts of it.
- * Remove security driver metadata so that they are not leaked. */
- qemuBlockRemoveImageMetadata(driver, vm, disk->dst, disk->mirror);
+ /* Ideally, we would restore seclabels on the backing chain here
+ * but we don't know if somebody else is not using parts of it.
+ * Remove security driver metadata so that they are not leaked. */
+ qemuBlockRemoveImageMetadata(driver, vm, disk->dst, disk->mirror);
- virObjectUnref(disk->mirror);
- disk->mirror = NULL;
+ virObjectUnref(disk->mirror);
+ disk->mirror = NULL;
+ }
+ disk->mirrorState = VIR_DOMAIN_DISK_MIRROR_STATE_NONE;
+ disk->mirrorJob = VIR_DOMAIN_BLOCK_JOB_TYPE_UNKNOWN;
+ qemuBlockJobUnregister(job, vm);
}
- disk->mirrorState = VIR_DOMAIN_DISK_MIRROR_STATE_NONE;
- disk->mirrorJob = VIR_DOMAIN_BLOCK_JOB_TYPE_UNKNOWN;
- qemuBlockJobUnregister(job, vm);
break;
case VIR_DOMAIN_BLOCK_JOB_LAST:
--
1.8.3.1
3 years, 5 months