diff --git a/Module.supported b/Module.supported deleted file mode 100644 index fe6eeaa..0000000 --- a/Module.supported +++ /dev/null @@ -1,7 +0,0 @@ -drivers/staging/hv/hv_blkvsc external -drivers/staging/hv/hv_netvsc external -drivers/staging/hv/hv_storvsc external -drivers/staging/hv/hv_timesource external -drivers/staging/hv/hv_utils external -drivers/staging/hv/hv_vmbus external - diff --git a/full-kernel-version.patch b/full-kernel-version.patch deleted file mode 100644 index a555544..0000000 --- a/full-kernel-version.patch +++ /dev/null @@ -1,60 +0,0 @@ -From: "K. Y. Srinivasan" -Subject: [PATCH 1/1] tools: hv: Return the full kernel version -Date: Fri, 12 Oct 2012 16:40:10 -0700 -Message-Id: <1350085210-11108-1-git-send-email-kys@microsoft.com> - -Currently, we are returning the same string for both OSBuildNumber -and OSVersion keys. Return the full uts string for the OSBuild -key since Windows does not impose any restrictions on this. - -Signed-off-by: K. Y. Srinivasan -Reviewed-by: Haiyang Zhang -Reported-by: Claudio Latini ---- - tools/hv/hv_kvp_daemon.c | 9 ++++++--- - 1 files changed, 6 insertions(+), 3 deletions(-) - -diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c -index 5959aff..6c7bcb9 100644 ---- a/tools/hv/hv_kvp_daemon.c -+++ b/tools/hv/hv_kvp_daemon.c -@@ -88,6 +88,7 @@ static char *os_major = ""; - static char *os_minor = ""; - static char *processor_arch; - static char *os_build; -+static char *os_version; - static char *lic_version = "Unknown version"; - static struct utsname uts_buf; - -@@ -453,7 +454,9 @@ void kvp_get_os_info(void) - char *p, buf[512]; - - uname(&uts_buf); -- os_build = uts_buf.release; -+ os_version = uts_buf.release; -+ os_build = strdup(uts_buf.release); -+ - os_name = uts_buf.sysname; - processor_arch = uts_buf.machine; - -@@ -462,7 +465,7 @@ void kvp_get_os_info(void) - * string to be of the form: x.y.z - * Strip additional information we may have. - */ -- p = strchr(os_build, '-'); -+ p = strchr(os_version, '-'); - if (p) - *p = '\0'; - -@@ -1649,7 +1652,7 @@ int main(void) - strcpy(key_name, "OSMinorVersion"); - break; - case OSVersion: -- strcpy(key_value, os_build); -+ strcpy(key_value, os_version); - strcpy(key_name, "OSVersion"); - break; - case ProcessorArchitecture: --- -1.7.4.1 - diff --git a/hyper-v.changes b/hyper-v.changes index 9949a8e..884162e 100644 --- a/hyper-v.changes +++ b/hyper-v.changes @@ -1,3 +1,32 @@ +------------------------------------------------------------------- +Tue Nov 27 11:19:32 CET 2012 - ohering@suse.de + +- update hv_set_ifconfig, use single index for static ipv4/ipv6 [bnc#790469] + +------------------------------------------------------------------- +Sun Nov 25 17:50:40 CET 2012 - ohering@suse.de + +- update hv_set_ifconfig further to work with our ifcfg [bnc#790469] + +------------------------------------------------------------------- +Thu Nov 22 18:14:12 CET 2012 - ohering@suse.de + +- update hv_get_dhcp_info to work with our ifcfg [bnc#790469] +- remove cat usage from hv_get_dns_info +- add quoting to hv_set_ifconfig to make it more robust + +------------------------------------------------------------------- +Mon Nov 12 17:18:25 CET 2012 - ohering@suse.de + +- remove code to build kmp, it was not enabled because the + drivers are now in kernel since a long time. [bnc#676890] + +------------------------------------------------------------------- +Thu Nov 8 14:30:05 CET 2012 - ohering@suse.de + +- Netlink source address validation allows DoS [bnc#791605, CVE-2012-5532] + bugfix for recvfrom check from bnc#761200 + ------------------------------------------------------------------- Fri Oct 26 17:13:40 CEST 2012 - ohering@suse.de @@ -30,7 +59,7 @@ Tue Sep 4 14:55:38 CEST 2012 - ohering@suse.de ------------------------------------------------------------------- Wed May 16 20:44:36 CEST 2012 - ohering@suse.de -- check origin of netlink messages, use recvfrom() [bnc#761200] +- check origin of netlink messages, use recvfrom() [bnc#761200, CVE-2012-2669] ------------------------------------------------------------------- Wed May 2 12:13:03 CEST 2012 - ohering@suse.de diff --git a/hyper-v.dummy_ko.c b/hyper-v.dummy_ko.c deleted file mode 100644 index cca41a6..0000000 --- a/hyper-v.dummy_ko.c +++ /dev/null @@ -1,15 +0,0 @@ -#include -#include - -static int __init hv_suse_kmp_dummy_init(void) -{ - return 0; -} - -static void __exit hv_suse_kmp_dummy_exit(void) -{ -} - -module_init(hv_suse_kmp_dummy_init); -module_exit(hv_suse_kmp_dummy_exit); -MODULE_LICENSE("GPL"); diff --git a/hyper-v.spec b/hyper-v.spec index 6f791cd..d359cc8 100644 --- a/hyper-v.spec +++ b/hyper-v.spec @@ -16,21 +16,9 @@ # -%define with_kmp 0 -%define with_modprobe 0 -%if %{with_kmp} -%define with_drivers_in_kmp 0 -%endif %define hv_kvp_daemon hv_kvp_daemon Name: hyper-v -%if %{with_kmp} -BuildRequires: kernel-default-devel -BuildRequires: module-init-tools -%ifarch %ix86 -BuildRequires: kernel-pae-devel -%endif -%endif ExclusiveArch: %ix86 x86_64 PreReq: %insserv_prereq Summary: Microsoft Hyper-V tools @@ -41,11 +29,6 @@ Supplements: modalias(pci:v00001414d00005353sv*sd*bc*sc*i*) Url: http://www.kernel.org Version: 4 Release: 0 -Source: Module.supported -Source1: hyperv_pvdrivers.conf -Source2: kmp_filelist -Source3: hyper-v.supplements.txt -Source4: hyper-v.dummy_ko.c Source5: hyper-v.kvptest.ps1.txt Source9: hyper-v.include.linux.hyperv.h Source10: hyper-v.tools.hv.hv_kvp_daemon.c @@ -53,44 +36,17 @@ Source11: hyper-v.init.sh Source20: hyper-v.tools.hv.hv_get_dhcp_info.sh Source21: hyper-v.tools.hv.hv_get_dns_info.sh Source22: hyper-v.tools.hv.hv_set_ifconfig.sh -Patch0: full-kernel-version.patch -Patch1: no-loopback.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -%if %{with_kmp} -%if %{with_drivers_in_kmp} -%suse_kernel_module_package -n hyper-v um xen -f kmp_filelist -%else -%suse_kernel_module_package -n hyper-v um xen -f kmp_filelist -p hyper-v.supplements.txt -%endif -%endif %description This package contains the Microsoft Hyper-V tools. - - -%if %{with_kmp} - -%package KMP - -Summary: Microsoft Hyper-V drivers -Group: System/Kernel - -%description KMP -This package contains the Microsoft Hyper-V drivers. - - - -%endif - %prep %setup -Tc cp -avL %{S:5} kvptest.ps1.txt cp -vL %{S:9} %{hv_kvp_daemon}.h cp -vL %{S:10} %{hv_kvp_daemon}.c -%patch0 -p3 -%patch1 -p3 %build sed -i~ '/#include /d' %{hv_kvp_daemon}.c @@ -104,31 +60,8 @@ gcc \ -DCN_KVP_IDX=0x9 \ -DCN_KVP_VAL=0x1 \ -o %{hv_kvp_daemon} -%if %{with_kmp} -for flavor in %flavors_to_build; do -%if %{with_drivers_in_kmp} - krel=$(make -s -C %{kernel_source $flavor} kernelrelease) - cp -a /lib/modules/$krel/source/drivers/staging/hv $flavor -%else - rm -rfv $flavor - mkdir -p $flavor - cp %_sourcedir/hyper-v.dummy_ko.c $flavor/hyper-v.suse_kmp_dummy.c - cat > $flavor/Makefile <<-EOF -obj-m += hyper-v.suse_kmp_dummy.o -EOF -%endif - cp %_sourcedir/Module.supported $flavor - make -C %{kernel_source $flavor} modules M=$PWD/$flavor -done -%endif %install -%if %{with_kmp} -export INSTALL_MOD_PATH=$RPM_BUILD_ROOT -for flavor in %flavors_to_build; do - make -C %{kernel_source $flavor} modules_install M=$PWD/$flavor -done -%endif mkdir -p $RPM_BUILD_ROOT/usr/sbin install -m755 %{hv_kvp_daemon} $RPM_BUILD_ROOT/usr/sbin mkdir -p $RPM_BUILD_ROOT/usr/lib/%{name}/bin @@ -139,20 +72,10 @@ chmod 755 $RPM_BUILD_ROOT/usr/lib/%{name}/bin/* mkdir -p $RPM_BUILD_ROOT/etc/init.d install -m755 %{S:11} $RPM_BUILD_ROOT/etc/init.d/%{hv_kvp_daemon} ln -sfvbn ../../etc/init.d/%{hv_kvp_daemon} $RPM_BUILD_ROOT/usr/sbin/rc%{hv_kvp_daemon} -%if %{with_modprobe} -mkdir -p $RPM_BUILD_ROOT/etc/modprobe.d -install -m644 %SOURCE1 $RPM_BUILD_ROOT/etc/modprobe.d/hyperv_pvdrivers.conf -%endif %files %defattr (-,root,root) %doc kvptest.ps1.txt -%if %{with_modprobe} -%if !%{with_kmp} -%dir /etc/modprobe.d -%config /etc/modprobe.d/hyperv_pvdrivers.conf -%endif -%endif /etc/init.d/%{hv_kvp_daemon} /usr/sbin/rc%{hv_kvp_daemon} /usr/sbin/%{hv_kvp_daemon} diff --git a/hyper-v.supplements.txt b/hyper-v.supplements.txt deleted file mode 100644 index ea92c9d..0000000 --- a/hyper-v.supplements.txt +++ /dev/null @@ -1,5 +0,0 @@ -# if built without drivers -Supplements: modalias(kernel-default:dmi*:svn*MicrosoftCorporation*:pn*VirtualMachine*:rn*VirtualMachine*:) modalias(kernel-default:pci:v00001414d00005353sv*sd*bc*sc*i*) -# hv drivers were enabled in the middle of the update cycle -# Its Microsoft. It must be a mess. ... -Requires: kernel-%1 >= 2.6.32.27 diff --git a/hyper-v.tools.hv.hv_get_dhcp_info.sh b/hyper-v.tools.hv.hv_get_dhcp_info.sh index 8d8fc1c..f16e8fc 100644 --- a/hyper-v.tools.hv.hv_get_dhcp_info.sh +++ b/hyper-v.tools.hv.hv_get_dhcp_info.sh @@ -1,6 +1,6 @@ #!/bin/bash -# This example script retrieves the DHCP state of a given interface. +# This script retrieves the DHCP state of a given interface. # In the interest of keeping the KVP daemon code free of distro specific # information; the kvp daemon code invokes this external script to gather # DHCP setting for the specific interface. @@ -16,9 +16,9 @@ # this script can be based on the Network Manager APIs for retrieving DHCP # information. -if_file="/etc/sysconfig/network-scripts/ifcfg-"$1 +if_file="/etc/sysconfig/network/ifcfg-$1" -dhcp=$(grep "dhcp" $if_file 2>/dev/null) +dhcp=$(grep -- '^BOOTPROTO=.*dhcp' "$if_file" 2>/dev/null) if [ "$dhcp" != "" ]; then diff --git a/hyper-v.tools.hv.hv_get_dns_info.sh b/hyper-v.tools.hv.hv_get_dns_info.sh index c02099b..65a0045 100644 --- a/hyper-v.tools.hv.hv_get_dns_info.sh +++ b/hyper-v.tools.hv.hv_get_dns_info.sh @@ -1,6 +1,6 @@ #!/bin/bash -# This example script parses /etc/resolv.conf to retrive DNS information. +# This script parses /etc/resolv.conf to retrive DNS information. # In the interest of keeping the KVP daemon code free of distro specific # information; the kvp daemon code invokes this external script to gather # DNS information. @@ -10,4 +10,7 @@ # this script can be based on the Network Manager APIs for retrieving DNS # entries. -cat /etc/resolv.conf 2>/dev/null | awk '/^nameserver/ { print $2 }' +if test -r /etc/resolv.conf +then + awk -- '/^nameserver/ { print $2 }' /etc/resolv.conf +fi diff --git a/hyper-v.tools.hv.hv_kvp_daemon.c b/hyper-v.tools.hv.hv_kvp_daemon.c index 645dab7..7164441 100644 --- a/hyper-v.tools.hv.hv_kvp_daemon.c +++ b/hyper-v.tools.hv.hv_kvp_daemon.c @@ -43,6 +43,7 @@ #include #include #include +#include /* * KVP protocol: The user mode component first registers with the @@ -88,6 +89,7 @@ static char *os_major = ""; static char *os_minor = ""; static char *processor_arch; static char *os_build; +static char *os_version; static char *lic_version = "Unknown version"; static struct utsname uts_buf; @@ -453,7 +455,9 @@ void kvp_get_os_info(void) char *p, buf[512]; uname(&uts_buf); - os_build = uts_buf.release; + os_version = uts_buf.release; + os_build = strdup(uts_buf.release); + os_name = uts_buf.sysname; processor_arch = uts_buf.machine; @@ -462,7 +466,7 @@ void kvp_get_os_info(void) * string to be of the form: x.y.z * Strip additional information we may have. */ - p = strchr(os_build, '-'); + p = strchr(os_version, '-'); if (p) *p = '\0'; @@ -879,7 +883,7 @@ static int kvp_process_ip_address(void *addrp, addr_length = INET6_ADDRSTRLEN; } - if ((length - *offset) < addr_length + 1) + if ((length - *offset) < addr_length + 2) return HV_E_FAIL; if (str == NULL) { strcpy(buffer, "inet_ntop failed\n"); @@ -887,11 +891,13 @@ static int kvp_process_ip_address(void *addrp, } if (*offset == 0) strcpy(buffer, tmp); - else + else { + strcat(buffer, ";"); strcat(buffer, tmp); - strcat(buffer, ";"); + } *offset += strlen(str) + 1; + return 0; } @@ -953,7 +959,9 @@ kvp_get_ip_info(int family, char *if_name, int op, * supported address families; if not we gather info on * the specified address family. */ - if ((family != 0) && (curp->ifa_addr->sa_family != family)) { + if ((((family != 0) && + (curp->ifa_addr->sa_family != family))) || + (curp->ifa_flags & IFF_LOOPBACK)) { curp = curp->ifa_next; continue; } @@ -1478,13 +1486,19 @@ int main(void) len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0, addr_p, &addr_l); - if (len < 0 || addr.nl_pid) { + if (len < 0) { syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s", addr.nl_pid, errno, strerror(errno)); close(fd); return -1; } + if (addr.nl_pid) { + syslog(LOG_WARNING, "Received packet from untrusted pid:%u", + addr.nl_pid); + continue; + } + incoming_msg = (struct nlmsghdr *)kvp_recv_buffer; incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg); hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data; @@ -1649,7 +1663,7 @@ int main(void) strcpy(key_name, "OSMinorVersion"); break; case OSVersion: - strcpy(key_value, os_build); + strcpy(key_value, os_version); strcpy(key_name, "OSVersion"); break; case ProcessorArchitecture: diff --git a/hyper-v.tools.hv.hv_set_ifconfig.sh b/hyper-v.tools.hv.hv_set_ifconfig.sh index 1be68df..a776d43 100644 --- a/hyper-v.tools.hv.hv_set_ifconfig.sh +++ b/hyper-v.tools.hv.hv_set_ifconfig.sh @@ -41,43 +41,145 @@ then : expect configuration datafile as first argument exit 1 fi -# +# send subshell output to syslog ( +f=/etc/sysconfig/network/scripts/functions +if test -f ${f} +then + . ${f} +else + echo "MISSING ${f}" + exit 1 +fi +# remove known config variables from environment +unset HWADDR unset DHCP unset IF_NAME +unset ${!IPADDR*} +unset ${!NETMASK*} +unset ${!GATEWAY*} +unset ${!IPV6ADDR*} +unset ${!IPV6NETMASK*} +unset ${!IPV6_DEFAULTGW*} +unset ${!DNS*} . "$1" +# if test -z "${IF_NAME}" then echo "Missing IF_NAME= in ${cfg}" exit 1 fi # -t=`mktemp` -if test -z "${t}" -then - exit 1 -fi - +t_ifcfg=`mktemp` +t_ifroute=`mktemp` _exit() { - rm -f "${t}" + rm -f "${t_ifcfg}" "${t_ifroute}" } trap _exit EXIT # -cat >> "${t}" <<_EOF_ -# contents from $0 $* -`cat "${cfg}"` -# -# additional options: -STARTMODE=auto -_EOF_ - -if test "${DHCP}" = "yes" +if test -z "${t_ifcfg}" || test -z "${t_ifroute}" then - echo "BOOTPROTO=dhcp" >> ${t}; + exit 1 +fi +# +# Create ifcfg-* file +( + echo "STARTMODE=auto" + # + if test -n "${HWADDR}" + then + : # ignore HWADDR, it just repeats the existing MAC value + fi + # + if test "${DHCP}" = "yes" + then + echo "BOOTPROTO=dhcp" + fi + # single index for all ipv4 and ipv6 adresses in final ifcfg file + i=0 + idx="" + # loop through all ipv4 adresses + for var in ${!IPADDR*} + do + index=${var#IPADDR} + pfx= + # find corresponding NETMASK variable + eval nm=\$NETMASK${index} + # if specified, calculate prefix + if test -n "${nm}" + then + pfx=`mask2pfxlen "${nm}" 2>/dev/null` + fi + # if not specified, force prefix + if test -z "${pfx}" + then + pfx="32" + fi + # construct actual value + eval val=\$IPADDR${index} + # write config variable + echo "IPADDR${idx}='${val}/${pfx}'" + idx="_$((++i))" + done + # loop through all ipv6 adresses + for var in ${!IPV6ADDR*} + do + index=${var#IPV6ADDR} + # find corresponding IPV6NETMASK variable + eval pfx=\$IPV6NETMASK${index} + # if not specified, force prefix + if test -z "${pfx}" + then + pfx=128 + fi + # construct actual value + eval val=\$IPV6ADDR${index} + # write config variable + echo "IPADDR${idx}='${val}/${pfx}'" + idx="_$((++i))" + done + +) >> "${t_ifcfg}" + +# Create ifroute-* file +( + if test -n "${GATEWAY}" + then + echo "default $GATEWAY - $IF_NAME" + fi + if test -n "${IPV6_DEFAULTGW}" + then + echo "default $IPV6_DEFAULTGW - $IF_NAME" + fi +) >> "${t_ifroute}" +# Only a single default gateway is supported +unset GATEWAY IPV6_DEFAULTGW +if test -n "${!GATEWAY*}${!IPV6_DEFAULTGW*}" +then + echo "WARNING: multiple gateways not supported: ${!GATEWAY*} ${!IPV6_DEFAULTGW*}" fi +# collect DNS info +_DNS_= +for var in ${!DNS*} +do + eval val=\$${var} + if test -n "${_DNS_}" + then + _DNS_="${_DNS_} ${val}" + else + _DNS_=${val} + fi +done +# echo "$0: working on network interface ifcfg-${IF_NAME}" -cp -b ${t} /etc/sysconfig/network/ifcfg-${IF_NAME} -ifdown ${IF_NAME} -o hotplug -ifup ${IF_NAME} -o hotplug +cp -fb ${t_ifcfg} "/etc/sysconfig/network/ifcfg-${IF_NAME}" +cp -fb ${t_ifroute} "/etc/sysconfig/network/ifroute-${IF_NAME}" +if test -w /etc/sysconfig/network/config +then + sed -i "s@^NETCONFIG_DNS_STATIC_SERVERS=.*@NETCONFIG_DNS_STATIC_SERVERS='$_DNS_'@" /etc/sysconfig/network/config + netconfig update -m dns +fi +ifdown "${IF_NAME}" +ifup "${IF_NAME}" ) 2>&1 | logger -t "${0##*/}[$PPID / $$]" diff --git a/hyperv_pvdrivers.conf b/hyperv_pvdrivers.conf deleted file mode 100644 index 4e4a331..0000000 --- a/hyperv_pvdrivers.conf +++ /dev/null @@ -1,5 +0,0 @@ -# Install HyperV paravirtualized drivers -install ide_core /sbin/modprobe hv_blkvsc 2>&1 ; /sbin/modprobe --ignore-install ide_core - -install ata_piix { /sbin/modprobe hv_blkvsc 2>&1 || /sbin/modprobe --ignore-install ata_piix; } - diff --git a/kmp_filelist b/kmp_filelist deleted file mode 100644 index efd5a65..0000000 --- a/kmp_filelist +++ /dev/null @@ -1,3 +0,0 @@ -%defattr (-,root,root) -/lib/modules/%2-%1 -%config /etc/modprobe.d/hyperv_pvdrivers.conf diff --git a/no-loopback.patch b/no-loopback.patch deleted file mode 100644 index 8aade95..0000000 --- a/no-loopback.patch +++ /dev/null @@ -1,67 +0,0 @@ -From: "K. Y. Srinivasan" -Subject: [PATCH 1/1] Tools: hv: Don't return loopback addresses -Date: Fri, 12 Oct 2012 16:41:48 -0700 -Message-Id: <1350085308-11152-1-git-send-email-kys@microsoft.com> - -Don't return loopback addresses and further don't terminate -the IP address strings with a semicolon. This is the current -behavior of Windows guests. - -Signed-off-by: K. Y. Srinivasan -Reviewed-by: Haiyang Zhang -Reported-by: Claudio Latini ---- - tools/hv/hv_kvp_daemon.c | 13 +++++++++---- - 1 files changed, 9 insertions(+), 4 deletions(-) - -diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c -index 6c7bcb9..13c2a14 100644 ---- a/tools/hv/hv_kvp_daemon.c -+++ b/tools/hv/hv_kvp_daemon.c -@@ -43,6 +43,7 @@ - #include - #include - #include -+#include - - /* - * KVP protocol: The user mode component first registers with the -@@ -882,7 +883,7 @@ static int kvp_process_ip_address(void *addrp, - addr_length = INET6_ADDRSTRLEN; - } - -- if ((length - *offset) < addr_length + 1) -+ if ((length - *offset) < addr_length + 2) - return HV_E_FAIL; - if (str == NULL) { - strcpy(buffer, "inet_ntop failed\n"); -@@ -890,11 +891,13 @@ static int kvp_process_ip_address(void *addrp, - } - if (*offset == 0) - strcpy(buffer, tmp); -- else -+ else { -+ strcat(buffer, ";"); - strcat(buffer, tmp); -- strcat(buffer, ";"); -+ } - - *offset += strlen(str) + 1; -+ - return 0; - } - -@@ -956,7 +959,9 @@ kvp_get_ip_info(int family, char *if_name, int op, - * supported address families; if not we gather info on - * the specified address family. - */ -- if ((family != 0) && (curp->ifa_addr->sa_family != family)) { -+ if ((((family != 0) && -+ (curp->ifa_addr->sa_family != family))) || -+ (curp->ifa_flags & IFF_LOOPBACK)) { - curp = curp->ifa_next; - continue; - } --- -1.7.4.1 -