Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
Go to file
Eric Blake 858c2476d9 command: avoid deadlock on EPIPE situation
It is possible to deadlock libvirt by having a domain with XML
longer than PIPE_BUF, and by writing a hook script that closes
stdin early.  This is because libvirt was keeping a copy of the
child's stdin read fd open, which means the write fd in the
parent will never see EPIPE (remember, libvirt should always be
run with SIGPIPE ignored, so we should never get a SIGPIPE signal).
Since there is no error, libvirt blocks waiting for a write to
complete, even though the only reader is also libvirt.  The
solution is to ensure that only the child can act as a reader
before the parent does any writes; and then dealing with the
fallout of dealing with EPIPE.

Thankfully, this is not a security hole - since the only way to
trigger the deadlock is to install a custom hook script, anyone
that already has privileges to install a hook script already has
privileges to do any number of other equally disruptive things
to libvirt; it would only be a security hole if an unprivileged
user could install a hook script to DoS a privileged user.

* src/util/command.c (virCommandRun): Close parent's copy of child
read fd earlier.
(virCommandProcessIO): Don't let EPIPE be fatal; the child may
be done parsing input.
* tests/commandhelper.c (main): Set up a SIGPIPE situation.
* tests/commandtest.c (test20): Trigger it.
* tests/commanddata/test20.log: New file.
2012-06-04 13:06:07 -06:00
.gnulib@77cef20220 build: update to latest gnulib 2012-05-29 08:43:55 -06:00
build-aux Autogenerate augeas test case from default config files 2012-05-28 11:07:12 +01:00
daemon build: use same perl binary throughout build 2012-05-30 09:33:55 -06:00
docs nwfilter: add DHCP snooping 2012-06-01 19:32:06 -04:00
examples examples: add consolecallback example python script 2012-05-29 16:54:12 -06:00
gnulib build: fix fresh checkout on RHEL5 2012-04-19 17:11:43 -06:00
include Add sentinel for virErrorDomain enum 2012-05-24 16:20:55 +01:00
m4 build: allow building with newer glibc-headers and -O0 2012-06-04 12:08:27 -06:00
po virsh: Switch from generated cmd*Edit commands to nongenerated 2012-06-02 10:40:51 +02:00
python Coverity: Fix the forward_null error in Python binding codes 2012-05-04 10:23:57 +08:00
src command: avoid deadlock on EPIPE situation 2012-06-04 13:06:07 -06:00
tests command: avoid deadlock on EPIPE situation 2012-06-04 13:06:07 -06:00
tools fix make syntax-check failed 2012-06-04 09:29:59 -06:00
.dir-locals.el maint: let emacs avoid tabs in rng files 2011-08-13 08:56:26 -06:00
.gitignore build: fix testing of augeas files in VPATH builds 2012-05-30 09:29:32 -06:00
.gitmodules make .gnulib a submodule 2009-07-08 16:17:51 +02:00
.mailmap maint: prune duplicate listings in AUTHORS 2012-02-03 09:56:45 -07:00
AUTHORS Fix sync issue in virNetClientStreamEventRemoveCallback 2012-06-04 09:32:37 +02:00
autobuild.sh Enable all warnings permanently & default to -Werror for GIT builds 2012-03-27 17:08:06 +01:00
autogen.sh build: allow for local gnulib diffs 2011-11-09 09:03:33 -07:00
bootstrap build: update to latest gnulib 2012-05-29 08:43:55 -06:00
bootstrap.conf build: update to latest gnulib 2012-05-29 08:43:55 -06:00
cfg.mk build: fix sc_prohibit_readlink 2012-06-04 09:29:21 -06:00
ChangeLog-old virterror.c: Fix several spelling mistakes 2012-02-03 11:32:51 -07:00
configure.ac build: fix testing of augeas files in VPATH builds 2012-05-30 09:29:32 -06:00
COPYING.LIB remove all trailing blank lines 2009-07-16 15:06:42 +02:00
HACKING Document STREQ_NULLABLE and STRNEQ_NULLABLE 2011-10-06 16:50:38 +02:00
libvirt.pc.in build: silence warning from autoconf 2012-05-30 09:22:02 -06:00
libvirt.spec.in Fixes for check and rpm builds without sanlock (and qemu) 2012-05-30 18:57:50 +02:00
Makefile.am maint: add missing copyright notices 2011-07-28 15:01:17 -06:00
Makefile.nonreentrant Ban use of all inet_* functions 2010-10-22 11:59:23 +01:00
mingw32-libvirt.spec.in Fix typos in API XML file paths 2012-02-15 11:29:38 +00:00
README Correct typos in the documentation (Atsushi SAKAI) 2008-01-24 10:15:13 +00:00
README-hacking maint: relax git minimum version 2010-02-24 14:29:27 -05:00
TODO Update todo list file to point at bugzilla/website 2010-10-13 16:45:26 +01:00

         LibVirt : simple API for virtualization

  Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). It is free software
available under the GNU Lesser General Public License. Virtualization of
the Linux Operating System means the ability to run multiple instances of
Operating Systems concurrently on a single hardware system where the basic
resources are driven by a Linux instance. The library aim at providing
long term stable C API initially for the Xen paravirtualization but
should be able to integrate other virtualization mechanisms if needed.

Daniel Veillard <veillard@redhat.com>