Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
Go to file
Daniel Henrique Barboza 0bb796bda3 vircommand.c: write child pidfile before process tuning in virExec()
When VIR_EXEC_DAEMON is true and cmd->pidfile exists, the parent
will expect the pidfile to be written before exiting, sitting
tight in a saferead() call waiting.

The child then does process tuning (via virProcessSet* functions)
before writing the pidfile. Problem is that these tunings can
fail, and trigger a 'fork_error' jump, before cmd->pidfile is
written. The result is that the process was aborted in the
child, but the parent is still hang in the saferead() call.

This behavior can be reproduced by trying to create and execute
a QEMU guest in user mode (e.g. using qemu:///session as non-root).
virProcessSetMaxMemLock() will fail if the spawned libvirtd user
process does not have CAP_SYS_RESOURCE capability. setrlimit() will
fail, and a 'fork_error' jump is triggered before cmd->pidfile
is written. The parent will hung in saferead() indefinitely. From
the user perspective, 'virsh start <guest>' will hang up
indefinitely. CTRL+C can be used to retrieve the terminal, but
any subsequent 'virsh' call will also hang because the previous
libvirtd user process is still there.

We can fix this by moving all virProcessSet*() tuning functions
to be executed after cmd->pidfile is taken care of. In the case
mentioned above, this would be the result of 'virsh start'
after this patch:

error: Failed to start domain vm1
error: internal error: Process exited prior to exec: libvirt:  error :
cannot limit locked memory to 79691776: Operation not permitted

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1882093

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2020-10-02 14:32:57 -03:00
.ctags.d
.github github: skip lockdown of old issues/prs 2020-04-07 17:50:54 +01:00
build-aux syntax-check: Don't forbid curly braces around single line condition body 2020-09-15 15:20:23 +02:00
ci Add FreeBSD 11.4 CI job on Cirrus 2020-09-10 13:11:46 +01:00
docs docs: glib-adoption: add string arrays and objects 2020-10-02 14:10:44 +02:00
examples Use (un)signed printf specifiers correctly 2020-09-23 13:26:35 +02:00
include virsh: nodedev: ability to filter CSS capabilities 2020-09-15 09:06:24 +02:00
po Translated using Weblate (Russian) 2020-09-29 14:11:26 +02:00
scripts esx: separate header and source file generation 2020-09-23 13:23:18 +02:00
src vircommand.c: write child pidfile before process tuning in virExec() 2020-10-02 14:32:57 -03:00
tests virfirewalltest: Don't duplicate string when adding it onto stringlist 2020-10-02 12:48:55 +02:00
tools build: eliminate useless WITH_VIRTUALPORT check 2020-10-01 14:02:34 -04:00
.color_coded.in gnulib: delete all gnulib integration 2020-02-07 15:03:54 +00:00
.ctags
.dir-locals.el
.editorconfig Add .editorconfig 2019-09-06 12:47:46 +02:00
.gitignore Ignore clangd-related files and folders 2020-08-03 10:57:47 +02:00
.gitlab-ci.yml Add FreeBSD 11.4 CI job on Cirrus 2020-09-10 13:11:46 +01:00
.gitmodules gnulib: delete all gnulib integration 2020-02-07 15:03:54 +00:00
.gitpublish gitpublish: add a subject prefix 2020-01-16 13:04:11 +00:00
.mailmap
.ycm_extra_conf.py.in gnulib: delete all gnulib integration 2020-02-07 15:03:54 +00:00
AUTHORS.rst.in AUTHORS: Remove Emacs file variables 2020-09-02 13:20:17 +02:00
config.h config.h: add a copyright blurb 2020-08-03 13:54:15 +02:00
configmake.h.in meson: generate configmake.h 2020-08-03 09:26:48 +02:00
CONTRIBUTING.rst meson: adjust our documentation to mention meson instead of autoconf 2020-08-03 09:27:09 +02:00
COPYING
COPYING.LESSER
gitdm.config gitdm: add 'ibm' file 2019-10-18 17:32:52 +02:00
libvirt-admin.pc.in
libvirt-lxc.pc.in
libvirt-qemu.pc.in
libvirt.pc.in
libvirt.spec.in build: eliminate WITH_MACVTAP flag entirely 2020-10-01 14:02:34 -04:00
meson_options.txt build: eliminate WITH_MACVTAP flag entirely 2020-10-01 14:02:34 -04:00
meson.build build: remove old macvtap and virtualport leftovers 2020-10-02 11:32:32 +02:00
mingw-libvirt.spec.in spec: Require Fedora 31 2020-06-17 12:59:08 +02:00
NEWS.rst NEWS: mention CVE-2020-25637 in v6.8.0 release notes 2020-10-02 17:35:41 +02:00
README.rst README: drop Travis CI badge 2020-08-03 15:08:28 +02:00
run.in Prefer https: everywhere where possible 2020-09-01 21:58:46 +02:00

GitLab CI Build Status

CII Best Practices

Translation status

Libvirt API for virtualization

Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.

For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.

Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.

Further information about the libvirt project can be found on the website:

https://libvirt.org

License

The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.0 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.

Installation

Instructions on building and installing libvirt can be found on the website:

https://libvirt.org/compiling.html

Contributing

The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:

https://libvirt.org/contribute.html

Contact

The libvirt project has two primary mailing lists:

Further details on contacting the project are available on the website:

https://libvirt.org/contact.html