pool/hyper-v
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 143411 from Virtualization

Browse Source 
- update hv_set_ifconfig, use single index for static ipv4/ipv6 [bnc#790469]

- update hv_set_ifconfig further to work with our ifcfg [bnc#790469]

- update hv_get_dhcp_info to work with our ifcfg [bnc#790469]
- remove cat usage from hv_get_dns_info
- add quoting to hv_set_ifconfig to make it more robust

- remove code to build kmp, it was not enabled because the
  drivers are now in kernel since a long time. [bnc#676890]

- Netlink source address validation allows DoS [bnc#791605, CVE-2012-5532]
  bugfix for recvfrom check from bnc#761200

- check origin of netlink messages, use recvfrom() [bnc#761200, CVE-2012-2669]

OBS-URL: https://build.opensuse.org/request/show/143411
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/hyper-v?expand=0&rev=8
This commit is contained in:
Stephan Kulow 2012-11-30 11:21:43 +00:00 committed by Git OBS Bridge
commit e4bcde0490
13 changed files with 183 additions and 274 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Module.supported
View File

@ -1,7 +0,0 @@
drivers/staging/hv/hv_blkvsc external
drivers/staging/hv/hv_netvsc external
drivers/staging/hv/hv_storvsc external
drivers/staging/hv/hv_timesource external
drivers/staging/hv/hv_utils external
drivers/staging/hv/hv_vmbus external

60
full-kernel-version.patch
View File

@ -1,60 +0,0 @@
From: "K. Y. Srinivasan" <kys@microsoft.com>
Subject: [PATCH 1/1] tools: hv: Return the full kernel version
Date: Fri, 12 Oct 2012 16:40:10 -0700
Message-Id: <1350085210-11108-1-git-send-email-kys@microsoft.com>
Currently, we are returning the same string for both OSBuildNumber
and OSVersion keys. Return the full uts string for the OSBuild
key since Windows does not impose any restrictions on this.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Reported-by: Claudio Latini <claudio.latini@live.com>
---
tools/hv/hv_kvp_daemon.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 5959aff..6c7bcb9 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -88,6 +88,7 @@ static char *os_major = "";
static char *os_minor = "";
static char *processor_arch;
static char *os_build;
+static char *os_version;
static char *lic_version = "Unknown version";
static struct utsname uts_buf;
@@ -453,7 +454,9 @@ void kvp_get_os_info(void)
char *p, buf[512];
uname(&uts_buf);
- os_build = uts_buf.release;
+ os_version = uts_buf.release;
+ os_build = strdup(uts_buf.release);
+
os_name = uts_buf.sysname;
processor_arch = uts_buf.machine;
@@ -462,7 +465,7 @@ void kvp_get_os_info(void)
* string to be of the form: x.y.z
* Strip additional information we may have.
*/
- p = strchr(os_build, '-');
+ p = strchr(os_version, '-');
if (p)
*p = '\0';
@@ -1649,7 +1652,7 @@ int main(void)
strcpy(key_name, "OSMinorVersion");
break;
case OSVersion:
- strcpy(key_value, os_build);
+ strcpy(key_value, os_version);
strcpy(key_name, "OSVersion");
break;
case ProcessorArchitecture:
--
1.7.4.1

31
hyper-v.changes
View File

@ -1,3 +1,32 @@
-------------------------------------------------------------------
Tue Nov 27 11:19:32 CET 2012 - ohering@suse.de
- update hv_set_ifconfig, use single index for static ipv4/ipv6 [bnc#790469]
-------------------------------------------------------------------
Sun Nov 25 17:50:40 CET 2012 - ohering@suse.de
- update hv_set_ifconfig further to work with our ifcfg [bnc#790469]
-------------------------------------------------------------------
Thu Nov 22 18:14:12 CET 2012 - ohering@suse.de
- update hv_get_dhcp_info to work with our ifcfg [bnc#790469]
- remove cat usage from hv_get_dns_info
- add quoting to hv_set_ifconfig to make it more robust
-------------------------------------------------------------------
Mon Nov 12 17:18:25 CET 2012 - ohering@suse.de
- remove code to build kmp, it was not enabled because the
drivers are now in kernel since a long time. [bnc#676890]
-------------------------------------------------------------------
Thu Nov 8 14:30:05 CET 2012 - ohering@suse.de
- Netlink source address validation allows DoS [bnc#791605, CVE-2012-5532]
bugfix for recvfrom check from bnc#761200
-------------------------------------------------------------------
Fri Oct 26 17:13:40 CEST 2012 - ohering@suse.de
@ -30,7 +59,7 @@ Tue Sep 4 14:55:38 CEST 2012 - ohering@suse.de
-------------------------------------------------------------------
Wed May 16 20:44:36 CEST 2012 - ohering@suse.de
- check origin of netlink messages, use recvfrom() [bnc#761200]
- check origin of netlink messages, use recvfrom() [bnc#761200, CVE-2012-2669]
-------------------------------------------------------------------
Wed May 2 12:13:03 CEST 2012 - ohering@suse.de

15
hyper-v.dummy_ko.c
View File

@ -1,15 +0,0 @@
#include <linux/init.h>
#include <linux/module.h>
static int __init hv_suse_kmp_dummy_init(void)
{
return 0;
}
static void __exit hv_suse_kmp_dummy_exit(void)
{
}
module_init(hv_suse_kmp_dummy_init);
module_exit(hv_suse_kmp_dummy_exit);
MODULE_LICENSE("GPL");

77
hyper-v.spec
View File

@ -16,21 +16,9 @@
#
%define with_kmp 0
%define with_modprobe 0
%if %{with_kmp}
%define with_drivers_in_kmp 0
%endif
%define hv_kvp_daemon hv_kvp_daemon
Name: hyper-v
%if %{with_kmp}
BuildRequires: kernel-default-devel
BuildRequires: module-init-tools
%ifarch %ix86
BuildRequires: kernel-pae-devel
%endif
%endif
ExclusiveArch: %ix86 x86_64
PreReq: %insserv_prereq
Summary: Microsoft Hyper-V tools
@ -41,11 +29,6 @@ Supplements: modalias(pci:v00001414d00005353sv*sd*bc*sc*i*)
Url: http://www.kernel.org
Version: 4
Release: 0
Source: Module.supported
Source1: hyperv_pvdrivers.conf
Source2: kmp_filelist
Source3: hyper-v.supplements.txt
Source4: hyper-v.dummy_ko.c
Source5: hyper-v.kvptest.ps1.txt
Source9: hyper-v.include.linux.hyperv.h
Source10: hyper-v.tools.hv.hv_kvp_daemon.c
@ -53,44 +36,17 @@ Source11: hyper-v.init.sh
Source20: hyper-v.tools.hv.hv_get_dhcp_info.sh
Source21: hyper-v.tools.hv.hv_get_dns_info.sh
Source22: hyper-v.tools.hv.hv_set_ifconfig.sh
Patch0: full-kernel-version.patch
Patch1: no-loopback.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%if %{with_kmp}
%if %{with_drivers_in_kmp}
%suse_kernel_module_package -n hyper-v um xen -f kmp_filelist
%else
%suse_kernel_module_package -n hyper-v um xen -f kmp_filelist -p hyper-v.supplements.txt
%endif
%endif
%description
This package contains the Microsoft Hyper-V tools.
%if %{with_kmp}
%package KMP
Summary: Microsoft Hyper-V drivers
Group: System/Kernel
%description KMP
This package contains the Microsoft Hyper-V drivers.
%endif
%prep
%setup -Tc
cp -avL %{S:5} kvptest.ps1.txt
cp -vL %{S:9} %{hv_kvp_daemon}.h
cp -vL %{S:10} %{hv_kvp_daemon}.c
%patch0 -p3
%patch1 -p3
%build
sed -i~ '/#include <linux.hyperv.h>/d' %{hv_kvp_daemon}.c
@ -104,31 +60,8 @@ gcc \
-DCN_KVP_IDX=0x9 \
-DCN_KVP_VAL=0x1 \
-o %{hv_kvp_daemon}
%if %{with_kmp}
for flavor in %flavors_to_build; do
%if %{with_drivers_in_kmp}
krel=$(make -s -C %{kernel_source $flavor} kernelrelease)
cp -a /lib/modules/$krel/source/drivers/staging/hv $flavor
%else
rm -rfv $flavor
mkdir -p $flavor
cp %_sourcedir/hyper-v.dummy_ko.c $flavor/hyper-v.suse_kmp_dummy.c
cat > $flavor/Makefile <<-EOF
obj-m += hyper-v.suse_kmp_dummy.o
EOF
%endif
cp %_sourcedir/Module.supported $flavor
make -C %{kernel_source $flavor} modules M=$PWD/$flavor
done
%endif
%install
%if %{with_kmp}
export INSTALL_MOD_PATH=$RPM_BUILD_ROOT
for flavor in %flavors_to_build; do
make -C %{kernel_source $flavor} modules_install M=$PWD/$flavor
done
%endif
mkdir -p $RPM_BUILD_ROOT/usr/sbin
install -m755 %{hv_kvp_daemon} $RPM_BUILD_ROOT/usr/sbin
mkdir -p $RPM_BUILD_ROOT/usr/lib/%{name}/bin
@ -139,20 +72,10 @@ chmod 755 $RPM_BUILD_ROOT/usr/lib/%{name}/bin/*
mkdir -p $RPM_BUILD_ROOT/etc/init.d
install -m755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/%{hv_kvp_daemon}
ln -sfvbn ../../etc/init.d/%{hv_kvp_daemon} $RPM_BUILD_ROOT/usr/sbin/rc%{hv_kvp_daemon}
%if %{with_modprobe}
mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d
install -m644 %SOURCE1 $RPM_BUILD_ROOT/etc/modprobe.d/hyperv_pvdrivers.conf
%endif
%files
%defattr (-,root,root)
%doc kvptest.ps1.txt
%if %{with_modprobe}
%if !%{with_kmp}
%dir /etc/modprobe.d
%config /etc/modprobe.d/hyperv_pvdrivers.conf
%endif
%endif
/etc/init.d/%{hv_kvp_daemon}
/usr/sbin/rc%{hv_kvp_daemon}
/usr/sbin/%{hv_kvp_daemon}

5
hyper-v.supplements.txt
View File

@ -1,5 +0,0 @@
# if built without drivers
Supplements: modalias(kernel-default:dmi*:svn*MicrosoftCorporation*:pn*VirtualMachine*:rn*VirtualMachine*:) modalias(kernel-default:pci:v00001414d00005353sv*sd*bc*sc*i*)
# hv drivers were enabled in the middle of the update cycle
# Its Microsoft. It must be a mess. ...
Requires: kernel-%1 >= 2.6.32.27

6
hyper-v.tools.hv.hv_get_dhcp_info.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# This example script retrieves the DHCP state of a given interface.
# This script retrieves the DHCP state of a given interface.
# In the interest of keeping the KVP daemon code free of distro specific
# information; the kvp daemon code invokes this external script to gather
# DHCP setting for the specific interface.
@ -16,9 +16,9 @@
# this script can be based on the Network Manager APIs for retrieving DHCP
# information.
if_file="/etc/sysconfig/network-scripts/ifcfg-"$1
if_file="/etc/sysconfig/network/ifcfg-$1"
dhcp=$(grep "dhcp" $if_file 2>/dev/null)
dhcp=$(grep -- '^BOOTPROTO=.*dhcp' "$if_file" 2>/dev/null)
if [ "$dhcp" != "" ];
then

7
hyper-v.tools.hv.hv_get_dns_info.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash
# This example script parses /etc/resolv.conf to retrive DNS information.
# This script parses /etc/resolv.conf to retrive DNS information.
# In the interest of keeping the KVP daemon code free of distro specific
# information; the kvp daemon code invokes this external script to gather
# DNS information.
@ -10,4 +10,7 @@
# this script can be based on the Network Manager APIs for retrieving DNS
# entries.
cat /etc/resolv.conf 2>/dev/null | awk '/^nameserver/ { print $2 }'
if test -r /etc/resolv.conf
then
awk -- '/^nameserver/ { print $2 }' /etc/resolv.conf
fi

30
hyper-v.tools.hv.hv_kvp_daemon.c
View File

@ -43,6 +43,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <dirent.h>
#include <net/if.h>
/*
* KVP protocol: The user mode component first registers with the
@ -88,6 +89,7 @@ static char *os_major = "";
static char *os_minor = "";
static char *processor_arch;
static char *os_build;
static char *os_version;
static char *lic_version = "Unknown version";
static struct utsname uts_buf;
@ -453,7 +455,9 @@ void kvp_get_os_info(void)
char *p, buf[512];
uname(&uts_buf);
os_build = uts_buf.release;
os_version = uts_buf.release;
os_build = strdup(uts_buf.release);
os_name = uts_buf.sysname;
processor_arch = uts_buf.machine;
@ -462,7 +466,7 @@ void kvp_get_os_info(void)
* string to be of the form: x.y.z
* Strip additional information we may have.
*/
p = strchr(os_build, '-');
p = strchr(os_version, '-');
if (p)
*p = '\0';
@ -879,7 +883,7 @@ static int kvp_process_ip_address(void *addrp,
addr_length = INET6_ADDRSTRLEN;
}
if ((length - *offset) < addr_length + 1)
if ((length - *offset) < addr_length + 2)
return HV_E_FAIL;
if (str == NULL) {
strcpy(buffer, "inet_ntop failed\n");
@ -887,11 +891,13 @@ static int kvp_process_ip_address(void *addrp,
}
if (*offset == 0)
strcpy(buffer, tmp);
else
else {
strcat(buffer, ";");
strcat(buffer, tmp);
strcat(buffer, ";");
}
*offset += strlen(str) + 1;
return 0;
}
@ -953,7 +959,9 @@ kvp_get_ip_info(int family, char *if_name, int op,
* supported address families; if not we gather info on
* the specified address family.
*/
if ((family != 0) && (curp->ifa_addr->sa_family != family)) {
if ((((family != 0) &&
(curp->ifa_addr->sa_family != family))) ||
(curp->ifa_flags & IFF_LOOPBACK)) {
curp = curp->ifa_next;
continue;
}
@ -1478,13 +1486,19 @@ int main(void)
len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
addr_p, &addr_l);
if (len < 0 || addr.nl_pid) {
if (len < 0) {
syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
addr.nl_pid, errno, strerror(errno));
close(fd);
return -1;
}
if (addr.nl_pid) {
syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
addr.nl_pid);
continue;
}
incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg);
hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;
@ -1649,7 +1663,7 @@ int main(void)
strcpy(key_name, "OSMinorVersion");
break;
case OSVersion:
strcpy(key_value, os_build);
strcpy(key_value, os_version);
strcpy(key_name, "OSVersion");
break;
case ProcessorArchitecture:

144
hyper-v.tools.hv.hv_set_ifconfig.sh
View File

@ -41,43 +41,145 @@ then
: expect configuration datafile as first argument
exit 1
fi
#
# send subshell output to syslog
(
f=/etc/sysconfig/network/scripts/functions
if test -f ${f}
then
. ${f}
else
echo "MISSING ${f}"
exit 1
fi
# remove known config variables from environment
unset HWADDR
unset DHCP
unset IF_NAME
unset ${!IPADDR*}
unset ${!NETMASK*}
unset ${!GATEWAY*}
unset ${!IPV6ADDR*}
unset ${!IPV6NETMASK*}
unset ${!IPV6_DEFAULTGW*}
unset ${!DNS*}
. "$1"
#
if test -z "${IF_NAME}"
then
echo "Missing IF_NAME= in ${cfg}"
exit 1
fi
#
t=`mktemp`
if test -z "${t}"
then
exit 1
fi
t_ifcfg=`mktemp`
t_ifroute=`mktemp`
_exit() {
rm -f "${t}"
rm -f "${t_ifcfg}" "${t_ifroute}"
}
trap _exit EXIT
#
cat >> "${t}" <<_EOF_
# contents from $0 $*
`cat "${cfg}"`
#
# additional options:
STARTMODE=auto
_EOF_
if test "${DHCP}" = "yes"
if test -z "${t_ifcfg}" || test -z "${t_ifroute}"
then
echo "BOOTPROTO=dhcp" >> ${t};
exit 1
fi
#
# Create ifcfg-* file
(
echo "STARTMODE=auto"
#
if test -n "${HWADDR}"
then
: # ignore HWADDR, it just repeats the existing MAC value
fi
#
if test "${DHCP}" = "yes"
then
echo "BOOTPROTO=dhcp"
fi
# single index for all ipv4 and ipv6 adresses in final ifcfg file
i=0
idx=""
# loop through all ipv4 adresses
for var in ${!IPADDR*}
do
index=${var#IPADDR}
pfx=
# find corresponding NETMASK variable
eval nm=\$NETMASK${index}
# if specified, calculate prefix
if test -n "${nm}"
then
pfx=`mask2pfxlen "${nm}" 2>/dev/null`
fi
# if not specified, force prefix
if test -z "${pfx}"
then
pfx="32"
fi
# construct actual value
eval val=\$IPADDR${index}
# write config variable
echo "IPADDR${idx}='${val}/${pfx}'"
idx="_$((++i))"
done
# loop through all ipv6 adresses
for var in ${!IPV6ADDR*}
do
index=${var#IPV6ADDR}
# find corresponding IPV6NETMASK variable
eval pfx=\$IPV6NETMASK${index}
# if not specified, force prefix
if test -z "${pfx}"
then
pfx=128
fi
# construct actual value
eval val=\$IPV6ADDR${index}
# write config variable
echo "IPADDR${idx}='${val}/${pfx}'"
idx="_$((++i))"
done
) >> "${t_ifcfg}"
# Create ifroute-* file
(
if test -n "${GATEWAY}"
then
echo "default $GATEWAY - $IF_NAME"
fi
if test -n "${IPV6_DEFAULTGW}"
then
echo "default $IPV6_DEFAULTGW - $IF_NAME"
fi
) >> "${t_ifroute}"
# Only a single default gateway is supported
unset GATEWAY IPV6_DEFAULTGW
if test -n "${!GATEWAY*}${!IPV6_DEFAULTGW*}"
then
echo "WARNING: multiple gateways not supported: ${!GATEWAY*} ${!IPV6_DEFAULTGW*}"
fi
# collect DNS info
_DNS_=
for var in ${!DNS*}
do
eval val=\$${var}
if test -n "${_DNS_}"
then
_DNS_="${_DNS_} ${val}"
else
_DNS_=${val}
fi
done
#
echo "$0: working on network interface ifcfg-${IF_NAME}"
cp -b ${t} /etc/sysconfig/network/ifcfg-${IF_NAME}
ifdown ${IF_NAME} -o hotplug
ifup ${IF_NAME} -o hotplug
cp -fb ${t_ifcfg} "/etc/sysconfig/network/ifcfg-${IF_NAME}"
cp -fb ${t_ifroute} "/etc/sysconfig/network/ifroute-${IF_NAME}"
if test -w /etc/sysconfig/network/config
then
sed -i "s@^NETCONFIG_DNS_STATIC_SERVERS=.*@NETCONFIG_DNS_STATIC_SERVERS='$_DNS_'@" /etc/sysconfig/network/config
netconfig update -m dns
fi
ifdown "${IF_NAME}"
ifup "${IF_NAME}"
) 2>&1 | logger -t "${0##*/}[$PPID / $$]"

5
hyperv_pvdrivers.conf
View File

@ -1,5 +0,0 @@
# Install HyperV paravirtualized drivers
install ide_core /sbin/modprobe hv_blkvsc 2>&1 ; /sbin/modprobe --ignore-install ide_core
install ata_piix { /sbin/modprobe hv_blkvsc 2>&1 || /sbin/modprobe --ignore-install ata_piix; }

3
kmp_filelist
View File

@ -1,3 +0,0 @@
%defattr (-,root,root)
/lib/modules/%2-%1
%config /etc/modprobe.d/hyperv_pvdrivers.conf

67
no-loopback.patch
View File

@ -1,67 +0,0 @@
From: "K. Y. Srinivasan" <kys@microsoft.com>
Subject: [PATCH 1/1] Tools: hv: Don't return loopback addresses
Date: Fri, 12 Oct 2012 16:41:48 -0700
Message-Id: <1350085308-11152-1-git-send-email-kys@microsoft.com>
Don't return loopback addresses and further don't terminate
the IP address strings with a semicolon. This is the current
behavior of Windows guests.
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Reviewed-by: Haiyang Zhang <haiyangz@microsoft.com>
Reported-by: Claudio Latini <claudio.latini@live.com>
---
tools/hv/hv_kvp_daemon.c | 13 +++++++++----
1 files changed, 9 insertions(+), 4 deletions(-)
diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 6c7bcb9..13c2a14 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -43,6 +43,7 @@
#include <sys/stat.h>
#include <fcntl.h>
#include <dirent.h>
+#include <net/if.h>
/*
* KVP protocol: The user mode component first registers with the
@@ -882,7 +883,7 @@ static int kvp_process_ip_address(void *addrp,
addr_length = INET6_ADDRSTRLEN;
}
- if ((length - *offset) < addr_length + 1)
+ if ((length - *offset) < addr_length + 2)
return HV_E_FAIL;
if (str == NULL) {
strcpy(buffer, "inet_ntop failed\n");
@@ -890,11 +891,13 @@ static int kvp_process_ip_address(void *addrp,
}
if (*offset == 0)
strcpy(buffer, tmp);
- else
+ else {
+ strcat(buffer, ";");
strcat(buffer, tmp);
- strcat(buffer, ";");
+ }
*offset += strlen(str) + 1;
+
return 0;
}
@@ -956,7 +959,9 @@ kvp_get_ip_info(int family, char *if_name, int op,
* supported address families; if not we gather info on
* the specified address family.
*/
- if ((family != 0) && (curp->ifa_addr->sa_family != family)) {
+ if ((((family != 0) &&
+ (curp->ifa_addr->sa_family != family))) ||
+ (curp->ifa_flags & IFF_LOOPBACK)) {
curp = curp->ifa_next;
continue;
}
--
1.7.4.1