Commit Graph

15051 Commits

Author SHA1 Message Date
Daniel P. Berrange
b81f30566b Honour error returned by virBitmapFormat
The code formatting NUMA args was ignoring the return value
of virBitmapFormat, so on OOM, it would silently drop the
NUMA cpumask arg.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 16:58:27 +01:00
Daniel P. Berrange
a4b0c75ce8 Add missing check for OOM when building boot menu args
When building boot menu args, if OOM occurred the CLI args
would end up containing  'order=(null)' due to a missing
call to 'virBufferError'.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 16:58:23 +01:00
Daniel P. Berrange
de87497fd1 Fix format specifier for OOM test fprintfs
The testutils.c file had some fprintfs which had not been
converted from %d to %zu, when 'testCounter' change to be
a size_t. This was a build breaker if --enable-test-oom
was enabled

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 16:56:53 +01:00
Eric Blake
21114ce9c2 maint: update to latest gnulib
Since we're about to freeze, it's time to pick up the latest
upstream gnulib.  Among other changes, gnulib now guarantees the
use of some -f flags that we were previously manually adding.

* .gnulib: Update to latest, in part for warning improvements.
* m4/virt-compile-warnings.m4 (LIBVIRT_COMPILE_WARNINGS): Drop
flags that are now guaranteed by gnulib.
* bootstrap: Resync to gnulib.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-24 06:53:07 -06:00
Claudio Bley
9f219dca48 Always open files in binary mode in virFDStreamOpenFileInternal
On win32, using text mode for binary files might result in short
reads since ASCII character 0x1A is interpreted as EOF. Also, it
could lead to problems using the seek functions because of the \r
handling.

Signed-off-by: Claudio Bley <cbley@av-test.de>
2013-09-24 14:27:41 +02:00
Claudio Bley
291edf708b test: fix call to virFDStreamOpenFile in testDomainScreenshot
N.B.  This had no ill effects as long as O_RDONLY is defined to
      to be 0, such that the expression (O_RDONLY < 0) yielded 0
      again.

Signed-off-by: Claudio Bley <cbley@av-test.de>
2013-09-24 14:27:41 +02:00
Daniel P. Berrange
6912cf4faa Don't ignore allocation failure in virCommandAddEnvPassCommon
The virCommandAddEnvPassCommon method ignored the failure to
pre-allocate the env variable array with VIR_RESIZE_N. While
this is harmless, it confuses the test harness which is trying
to validate OOM handling of every individual allocation call.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:58 +01:00
Daniel P. Berrange
ecd2ba6893 Fix reporting of errors in OOM injection code
When the various viralloc.c functions were changed to use the
normal error reporting code, the OOM injection code paths
were not updated to report errors.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
5dd3b5e32a Fix missing OOM check in qemuParseCommandLine when splitting strings
The qemuParseCommandLine method did not check the return value of
virStringSplit to see if OOM had occurred. This lead to dereference
of a NULL pointer on OOM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
5923ea67b1 Fix error checking of qemuParseKeywords return status
Most callers of qemuParseKeywords were assigning its return
value to a 'size_t' variable. Then then also checked '< 0'
for error condition, but this will never be true with the
unsigned size_t variable. Rather than using 'ssize_t', change
qemuParseKeywords so that the element count is returned via
an output parameter, leaving the return value solely as an
error indicator.

This avoids a crash accessing beyond the end of an error
upon OOM.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
150c1db52b Fix allocation of arglist in qemuStringToArgvEnv
In

  commit 41b5505679
  Author: Eric Blake <eblake@redhat.com>
  Date:   Wed Aug 28 15:01:23 2013 -0600

    qemu: simplify list cleanup

The qemuStringToArgvEnv method was changed to use virStringFreeList
to free the 'arglist' array. This method assumes the string list
array is NULL terminated, however, qemuStringToArgvEnv was not
ensuring this when populating 'arglist'. This caused an out of
bounds access by virStringFreeList when OOM occured in the initial
loop of qemuStringToArgvEnv

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
0bea528a33 Fix crash on OOM in qemuAddRBDHost
When parsing the RBD hosts, it increments the 'nhosts' counter
before increasing the 'hosts' array allocation. If an OOM then
occurs when increasing the array allocation, the cleanup block
will attempt to access beyond the end of the array. Switch
to using VIR_EXPAND_N instead of VIR_REALLOC_N to protect against
this mistake

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:26 +01:00
Daniel P. Berrange
ba19783d9b Fix crash on OOM in qemuDomainCCWAddressSetCreate()
If OOM occurs in qemuDomainCCWAddressSetCreate, it jumps to
a cleanup block and frees the partially initialized object.
It then mistakenly returns the address of the just free'd
pointer instead of NULL.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:52:21 +01:00
Daniel P. Berrange
f27490b705 Fix crash if OOM occurs when creating virConnectPtr
If a OOM error occurs in virGetConnect, this may cause the
virConnectDispose method to de-reference a NULL pointer,
since the close callback will not have been initialized.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:51:28 +01:00
Daniel P. Berrange
182d5ed331 Fix crash on OOM in parsing CPU mask in domain XML
The virDomainDefParseXML method did not check the return value
of the virBitmapNew API call for NULL. This lead to a crash on
OOM

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:51:28 +01:00
Daniel P. Berrange
a50de5d827 Fix crash on OOM when parsing disk security label
If an OOM error occurs in virSecurityDeviceLabelDefParseXML the
cleanup code may free an uninitialized pointer, causing a crash

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 10:51:28 +01:00
lawrancejing
e9f5f2e749 conf: Fix virNetworkAssignDef's comment. 2013-09-24 17:02:19 +08:00
Daniel P. Berrange
6fdafe278d Add test case for virNetServerClient object identity code
Start a test case for the virNetServerClient object, which
initially checks the creation of a virIdentityPtr object.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 09:37:26 +01:00
Daniel P. Berrange
199679585b Add a virNetSocketNewConnectSockFD method
To allow creation of a virNetSocketPtr instance from a pre-opened
socketpair FD, add a virNetSocketNewConnectSockFD method.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-24 09:37:26 +01:00
Giuseppe Scrivano
de51dc9c9a python: add bindings for virConnectGetCPUModelNames
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 16:59:39 -06:00
Giuseppe Scrivano
ea45b23cfc virsh: add function to get the CPU models for an arch
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 16:42:10 -06:00
Giuseppe Scrivano
dda4548c7b virConnectGetCPUModelNames: add the support for the test protocol
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 16:40:30 -06:00
Giuseppe Scrivano
cbcecd7ab1 virConnectGetCPUModelNames: add the support for qemu
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:52:14 -06:00
Giuseppe Scrivano
fd69544965 virConnectGetCPUModelNames: implement the remote protocol
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:50:35 -06:00
Giuseppe Scrivano
36cc09420a cpu: add function to get the models for an arch
Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:50:30 -06:00
Giuseppe Scrivano
f90857b32a libvirt: add new public API virConnectGetCPUModelNames
The new function virConnectGetCPUModelNames allows to retrieve the list
of CPU models known by the hypervisor for a specific architecture.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:41:50 -06:00
Eric Blake
b0d9207bc6 build: ensure 'make check' sees up-to-date config.h
Nehal J. Wani reported on IRC a rather interesting build failure:

In file included from util/virnetdevbridge.c:53:0:
/usr/include/linux/in6.h:30:8: error: redefinition of 'struct in6_addr'
 struct in6_addr {
        ^

I traced it to the fact that he ran 'git pull; make check' across
commit e62e0094.  What happened is that the configure changes
result in a new variable that was set to be defined on his system,
but config.h was not regenerated to contain the value of that
variable.  Running 'make' instead of 'make check' cleaned up the
problem.  A bit more investigation, and I see that in Makefile.am,
automake sticks rules that rebuild config.h as part of 'make all',
and that we also had a dependency 'check-local: all'; BUT the
rule for check-local is run only at the point when the top-level
directory is visited.  Automake documents that SUBDIRS should
contain an explicit '.' at the point the top-level should be
visited (defaulting to last, if it doesn't appear).  Sure enough,
with this patch, 'make check' now does the top-level 'all' rules,
which regenerates 'config.h' BEFORE compiling any code that might
depend on changed content of that file.

* Makefile.am (SUBDIRS): Put '.' first, not last.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-23 15:18:24 -06:00
Daniel P. Berrange
e4697b92ab Fix typo in identity code which is pre-requisite for CVE-2013-4311
The fix for CVE-2013-4311 had a pre-requisite enhancement
to the identity code

  commit db7a5688c0
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Thu Aug 22 16:00:01 2013 +0100

    Also store user & group ID values in virIdentity

This had a typo which caused the group ID to overwrite the
user ID string. This meant any checks using this would have
the wrong ID value. This only affected the ACL code, not the
initial polkit auth. It also leaked memory.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-23 14:07:55 -06:00
Jiri Denemark
0543e0d212 docs: Load libvirt_access*.xml from build dir
The xml files are generated in build directory and thus docs/newapi.xsl
was not able to find them in a VPATH build.

Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
2013-09-23 14:16:45 +02:00
Chen Hanxiao
9a08e2cbc6 LXC: Check the existence of dir before resolving symlinks
If a dir does not exist, raise an immediate error in logs
rather than letting virFileResolveAllLinks fail, since this
gives better error reporting to the user.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-23 11:22:17 +01:00
Chen Hanxiao
0e618c6aff LXC: follow the unit style of /proc/meminfo
When FUSE is enabled, the LXC container is setup with
a custom /proc/meminfo file. This file uses "KB" as a
suffix, rather than "kB" which is the kernel's style.
Fix this inconsistency to avoid confusing apps.

Signed-off-by: Chen Hanxiao <chenhanxiao@cn.fujitsu.com>
2013-09-23 11:01:07 +01:00
Peter Krempa
5702c014b2 conf: Do better job when comparing features ABI compatibility
The ABI compatibility check for domain features didn't check the
expanded HyperV and APIC EOI values, thus possibly allowing change in
guest ABI.

Add the check and use typecasted switch statement to warn developers
when adding a new HyperV feature.
2013-09-22 19:24:38 +02:00
Daniel P. Berrange
49a5262d2f Fix potential use of uninitialized value in virDomainGetVcpuPinInfo
The virDomainGetVcpuPinInfo python wrapper had a potential use of
uninitialized values

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-20 17:22:39 +01:00
Martin Kletzander
484cc3217b qemu: Fix seamless SPICE migration
Since the wait is done during migration (still inside
QEMU_ASYNC_JOB_MIGRATION_OUT), the code should enter the monitor as such
in order to prohibit all other jobs from interfering in the meantime.
This patch fixes bug #1009886 in which qemuDomainGetBlockInfo was
waiting on the monitor condition and after GetSpiceMigrationStatus
mangled its internal data, the daemon crashed.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1009886
2013-09-20 17:11:10 +02:00
Doug Goldstein
7457cbe871 VMware: Make version parsing testable and add tests
This splits up the version parsing code into a callable API like QEMU
help/version string parsing so that we can test it as we need to add
additional patterns for newer versions/products.
2013-09-20 08:23:31 -05:00
Doug Goldstein
e7a1ce9d07 VMware: Store vmrun binary's path in the driver
Rather than looking up the path to vmrun each time we call it, look it
up once and save it. This sets up the ability for us to detect where the
path is on Mac OS X and not have to look it up each time we execute it.
2013-09-20 08:23:31 -05:00
Doug Goldstein
ea5805ed29 VMware: Convert driver type defines to enum
The VMware driver supports multiple backends for the VMware Player and
VMware Workstation, convert this logic into enum and use VIR_ENUM_IMPL()
to provide conversions to and from strings.
2013-09-20 08:23:31 -05:00
Ján Tomko
5b36ab900a Don't dereference NULL in qemumonitorjsontest
In case of an error, qemuMonitorTestNewSimple returns NULL.
Error out instead of dereferencing it.

Found by Coverity, reported by John Ferlan.
2013-09-20 13:46:13 +02:00
Daniel P. Berrange
83c24493df Add checking of dbus_message_iter_append_basic return value
Coverity complains that the test suite did not check the
return value of dbus_message_iter_append_basic() as we did
in most other places.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-20 12:38:24 +01:00
Laine Stump
30bb4c4b54 qemu: use "ide" as device name for implicit SATA controller on Q35
This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1008903

The Q35 machinetype has an implicit SATA controller at 00:1F.2 which
isn't given the "expected" id of ahci0 by qemu when it's created. The
original suggested solution to this problem was to not specify any
controller for the disks that use the default controller and just
specify "unit=n" instead; qemu should then use the first IDE or SATA
controller for the disk.

Unfortunately, this "solution" is ignorant of the fact that in the
case of SATA disks, the "unit" attribute in the disk XML is actually
*not* being used for the unit, but is instead used to specify the
"bus" number; each SATA controller has 6 buses, and each bus only
allows a single unit. This makes it nonsensical to specify unit='n'
where n is anything other than 0. It also means that the only way to
connect more than a single device to the implicit SATA controller is
to explicitly give the bus names, which happen to be "ide.$n", where
$n can be replaced by the disk's "unit" number.
2013-09-20 07:03:23 -04:00
Jiri Denemark
604ae65744 daemon: Avoid dead code in polkit auth 2013-09-20 11:23:01 +02:00
Simone Gotti
fe64499dd1 virsh: add missing "async" option in opts_block_commit
After commit 8aecd35126 it'll detect
that a required option is not defined and it will assert and exit with:

virsh.c:1364: vshCommandOpt: Assertion `valid->name' failed.

Problem has been latent since commit ed23b106.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-09-19 12:14:03 -06:00
Michal Privoznik
2cf3a4e526 qemumonitorjsontest: Introduce DO_TEST_SIMPLE
This macro is there to test the simplest monitor functions we have,
those in the form of: int ( *func) (qemuMonitorPtr). So far, we have
seven such functions.
2013-09-19 12:31:59 +02:00
Michal Privoznik
4f1b6df127 qemumonitorjsontest: Test CPU state handling code
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
2013-09-19 12:31:59 +02:00
Christophe Fergeau
1533322211 daemon: Remove more hardcoded paths from help output
A previous patch used existing #define for the various files in /etc/pki
instead of hardcoding them in the help output. However I missed that
remote_driver.h contains #define for more paths that are present
in the daemon help output.
This commit uses the existing constants for the path to the
configuration file and to the libvirt sockets.
2013-09-19 09:32:42 +02:00
Christophe Fergeau
c5cc41584b Fix LIBVIRTD_CONFIGURATION_FILE constant
It's not used anywhere, but should be pointing to
$sysconfdir/libvirt/libvirtd.conf, not $sysconfdir/libvirtd.conf
2013-09-19 09:31:57 +02:00
Jonathan Lebon
b8e4644d1a docs: fix virEventAddHandle return details
In commit 6d41cb8, the interface for virEventAddHandleFunc was changed.
This patch updates the documentation for virEventAddHandle to reflect
the new significance of the return value. Also, both functions now
mention -1 for failure.
2013-09-18 13:06:13 -06:00
Daniel P. Berrange
e7f400a110 Fix crash in remoteDispatchDomainMemoryStats (CVE-2013-4296)
The 'stats' variable was not initialized to NULL, so if some
early validation of the RPC call fails, it is possible to jump
to the 'cleanup' label and VIR_FREE an uninitialized pointer.
This is a security flaw, since the API can be called from a
readonly connection which can trigger the validation checks.

This was introduced in release v0.9.1 onwards by

  commit 158ba8730e
  Author: Daniel P. Berrange <berrange@redhat.com>
  Date:   Wed Apr 13 16:21:35 2011 +0100

    Merge all returns paths from dispatcher into single path

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-18 12:41:14 -06:00
Giuseppe Scrivano
ab42c22627 doc: fix XML for the RNG device example
Add a missing '/' to close the "source" element.

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
2013-09-18 17:14:49 +02:00
Daniel P. Berrange
922b7fda77 Add support for using 3-arg pkcheck syntax for process (CVE-2013-4311)
With the existing pkcheck (pid, start time) tuple for identifying
the process, there is a race condition, where a process can make
a libvirt RPC call and in another thread exec a setuid application,
causing it to change to effective UID 0. This in turn causes polkit
to do its permission check based on the wrong UID.

To address this, libvirt must get the UID the caller had at time
of connect() (from SO_PEERCRED) and pass a (pid, start time, uid)
triple to the pkcheck program.

This fix requires that libvirt is re-built against a version of
polkit that has the fix for its CVE-2013-4288, so that libvirt
can see 'pkg-config --variable pkcheck_supports_uid polkit-gobject-1'

Signed-off-by: Colin Walters <walters@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-09-18 15:13:42 +01:00