Accepting request 44796 from Virtualization

checked in (request 44796)

OBS-URL: https://build.opensuse.org/request/show/44796
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=62
This commit is contained in:
OBS User autobuild 2010-08-09 00:19:46 +00:00 committed by Git OBS Bridge
parent 8b4217ed93
commit 0068ec2b5d
12 changed files with 923 additions and 36 deletions

29
bitmap-alloc.patch Normal file
View File

@ -0,0 +1,29 @@
commit ce49cfb48ad5e9cac79819d0ccde4394c237af25
Author: Eric Blake <eblake@redhat.com>
Date: Wed Jun 2 09:03:57 2010 -0600
bitmap: reject zero-size bitmap
* src/util/bitmap.c (virBitmapAlloc): Tighten sanity check.
diff --git a/src/util/bitmap.c b/src/util/bitmap.c
index 69094a5..44edb49 100644
--- a/src/util/bitmap.c
+++ b/src/util/bitmap.c
@@ -1,6 +1,7 @@
/*
* bitmap.h: Simple bitmap operations
*
+ * Copyright (C) 2010 Red Hat, Inc.
* Copyright (C) 2010 Novell, Inc.
*
* This library is free software; you can redistribute it and/or
@@ -58,7 +59,7 @@ virBitmapPtr virBitmapAlloc(size_t size)
virBitmapPtr bitmap;
size_t sz;
- if (SIZE_MAX - VIR_BITMAP_BITS_PER_UNIT < size)
+ if (SIZE_MAX - VIR_BITMAP_BITS_PER_UNIT < size || size == 0)
return NULL;
sz = (size + VIR_BITMAP_BITS_PER_UNIT - 1) /

59
bitmap-fixes.patch Normal file
View File

@ -0,0 +1,59 @@
If VM startup fails early enough (can't find a referenced USB device),
libvirtd will crash trying to clear the VNC port bit, since port = 0,
which overflows us out of the bitmap bounds.
Fix this by being more defensive in the bitmap operations, and only
clearing a previously set VNC port.
v2: Add safety check to all relevant bitmap ops.
Signed-off-by: Cole Robinson <crobinso@redhat.com>
---
src/qemu/qemu_driver.c | 2 +-
src/util/bitmap.c | 6 +++---
2 files changed, 4 insertions(+), 4 deletions(-)
Index: libvirt-0.8.1/src/qemu/qemu_driver.c
===================================================================
--- libvirt-0.8.1.orig/src/qemu/qemu_driver.c
+++ libvirt-0.8.1/src/qemu/qemu_driver.c
@@ -3635,7 +3635,7 @@ retry:
if ((vm->def->ngraphics == 1) &&
vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
vm->def->graphics[0]->data.vnc.autoport &&
- vm->def->graphics[0]->data.vnc.port != -1) {
+ vm->def->graphics[0]->data.vnc.port >= QEMU_VNC_PORT_MIN) {
if (virBitmapClearBit(driver->reservedVNCPorts,
vm->def->graphics[0]->data.vnc.port - \
QEMU_VNC_PORT_MIN) < 0) {
Index: libvirt-0.8.1/src/util/bitmap.c
===================================================================
--- libvirt-0.8.1.orig/src/util/bitmap.c
+++ libvirt-0.8.1/src/util/bitmap.c
@@ -101,7 +101,7 @@ void virBitmapFree(virBitmapPtr bitmap)
*/
int virBitmapSetBit(virBitmapPtr bitmap, size_t b)
{
- if (b > bitmap->size - 1)
+ if (bitmap->size <= b)
return -1;
bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] |= (1 << VIR_BITMAP_BIT_OFFSET(b));
@@ -119,7 +119,7 @@ int virBitmapSetBit(virBitmapPtr bitmap,
*/
int virBitmapClearBit(virBitmapPtr bitmap, size_t b)
{
- if (b > bitmap->size - 1)
+ if (bitmap->size <= b)
return -1;
bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] &= ~(1 << VIR_BITMAP_BIT_OFFSET(b));
@@ -141,7 +141,7 @@ int virBitmapGetBit(virBitmapPtr bitmap,
{
uint32_t bit;
- if (b > bitmap->size - 1)
+ if (bitmap->size <= b)
return -1;
bit = bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] &

3
libvirt-0.8.1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:037256df745a96ba141dbfc4e4197e8bc16c51f21c834f4f89c599c379792698
size 7706670

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:759f4957e6f2b905857897a84e36cbe73f7dc3a5150637430ff086c3e2b414b4
size 8250164

View File

@ -1,20 +1,3 @@
-------------------------------------------------------------------
Fri Aug 6 21:53:21 MDT 2010 - jfehlig@novell.com
- Update to libvirt 0.8.3
- Support vSphere 4.1
- Qemu arbitrary monitor commands
- Qemu Monitor API entry point
- lots of improvements and bug fixes
-------------------------------------------------------------------
Fri Jul 9 14:35:04 MDT 2010 - jfehlig@novell.com
- VUL-0: multiple issues in libvirt
CVE-2010-223x-000[1-0].patch, CVE-2010-223x-0010.patch,
CVE-2010-2242-nat.patch
bnc#618155
-------------------------------------------------------------------
Fri Jun 25 09:02:38 MDT 2010 - jfehlig@novell.com

View File

@ -1,5 +1,5 @@
#
# spec file for package libvirt (Version 0.8.3)
# spec file for package libvirt (Version 0.8.1)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -44,7 +44,6 @@
%define with_udev 0
%define with_hal 0
%define with_yajl 0
%define with_macvtap 0
# Xen is available only on i386 x86_64
%ifnarch %ix86 x86_64
@ -97,9 +96,6 @@ BuildRequires: avahi-devel
%if %{with_selinux}
BuildRequires: libselinux-devel
%endif
%if %{with_apparmor}
BuildRequires: libapparmor-devel
%endif
%if %{with_numactl}
BuildRequires: libnuma-devel
%endif
@ -111,17 +107,14 @@ BuildRequires: PolicyKit-devel >= 0.6
%if %{with_phyp}
BuildRequires: libssh2-devel
%endif
%if %{with_macvtap}
BuildRequires: libnl-devel
%endif
# Only for directory ownership:
BuildRequires: gtk-doc
Url: http://libvirt.org/
License: LGPLv2.1+
Group: Development/Libraries/C and C++
AutoReqProv: yes
Version: 0.8.3
Release: 1
Version: 0.8.1
Release: 3
Summary: A C toolkit to interract with the virtualization capabilities of Linux
# The client side, i.e. shared libs and virsh are in a subpackage
Requires: %{name}-client = %{version}-%{release}
@ -145,6 +138,14 @@ Requires: PolicyKit >= 0.6
Source0: %{name}-%{version}.tar.bz2
Source1: libvirtd.init
# Upstream patches
Patch0: remote-rm-unused-field.patch
Patch1: vnc-race-1.patch
Patch2: vnc-race-2.patch
Patch3: vnc-race-3.patch
Patch4: bitmap-alloc.patch
Patch5: bitmap-fixes.patch
Patch6: xend-content-buf.patch
Patch7: xend-content-buf-fix.patch
# Need to go upstream
Patch100: xen-name-for-devid.patch
Patch102: clone.patch
@ -257,6 +258,14 @@ Authors:
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch100 -p1
%patch102
%patch103 -p1
@ -317,9 +326,6 @@ Authors:
%if ! %{with_yajl}
%define _without_yajl --without-yajl
%endif
%if ! %{with_macvtap}
%define _without_macvtap --without-macvtap
%endif
autoreconf -f -i
export CFLAGS="$RPM_OPT_FLAGS"
%configure --disable-static --with-pic \
@ -341,7 +347,6 @@ export CFLAGS="$RPM_OPT_FLAGS"
%{?_without_hal} \
%{?_without_udev} \
%{?_without_yajl} \
%{?_without_macvtap} \
--without-xen-proxy \
--libexecdir=%{_libdir}/%{name} \
--with-init-script=none \
@ -467,7 +472,6 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{with_storage_disk}
%{_libdir}/%{name}/libvirt_parthelper
%endif
%doc %{_mandir}/man8/libvirtd.8*
%files client -f %{name}.lang
%defattr(-, root, root)
@ -496,7 +500,6 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/libvirt/schemas/storageencryption.rng
%{_datadir}/libvirt/cpu_map.xml
%{_datadir}/libvirt/schemas/nwfilter.rng
%{_datadir}/libvirt/schemas/domainsnapshot.rng
%config(noreplace) %{_sysconfdir}/sasl2/libvirt.conf
%files devel

View File

@ -0,0 +1,50 @@
commit 34a7f3f6be9c63ac3d4c4604c1fb2482a4e5053b
Author: Matthew Booth <mbooth@redhat.com>
Date: Fri May 7 16:38:05 2010 +0200
Remove unused nwfilter field from struct remote_error
Change 965466c1 added a new field to struct remote_error, which broke
the RPC protocol. Fortunately the new field is unused, so this change
simply removes it again.
* src/remote/remote_protocol.(c|h|x): Remove remote_nwfilter from struct
remote_error
diff --git a/src/remote/remote_protocol.c b/src/remote/remote_protocol.c
index 187281d..972bf52 100644
--- a/src/remote/remote_protocol.c
+++ b/src/remote/remote_protocol.c
@@ -227,8 +227,6 @@ xdr_remote_error (XDR *xdrs, remote_error *objp)
return FALSE;
if (!xdr_remote_network (xdrs, &objp->net))
return FALSE;
- if (!xdr_remote_nwfilter (xdrs, &objp->nwfilter))
- return FALSE;
return TRUE;
}
diff --git a/src/remote/remote_protocol.h b/src/remote/remote_protocol.h
index 6f01da7..a600af6 100644
--- a/src/remote/remote_protocol.h
+++ b/src/remote/remote_protocol.h
@@ -143,7 +143,6 @@ struct remote_error {
int int1;
int int2;
remote_network net;
- remote_nwfilter nwfilter;
};
typedef struct remote_error remote_error;
diff --git a/src/remote/remote_protocol.x b/src/remote/remote_protocol.x
index 8000ee0..1ce488c 100644
--- a/src/remote/remote_protocol.x
+++ b/src/remote/remote_protocol.x
@@ -266,7 +266,6 @@ struct remote_error {
int int1;
int int2;
remote_network net;
- remote_nwfilter nwfilter;
};
/* Authentication types available thus far.... */

281
vnc-race-1.patch Normal file
View File

@ -0,0 +1,281 @@
commit 2f32d7afd5bd71f79c0e756c87813702065c6d1a
Author: Jim Fehlig <jfehlig@novell.com>
Date: Thu May 20 22:23:48 2010 -0600
Add simple bitmap operations to utils
V2:
- Move bitmap impl to src/util/bitmap.[ch]
- Use CHAR_BIT instead of explicit '8'
- Use size_t instead of unsigned int
- Fix calculation of bitmap size in virBitmapAlloc
- Ensure bit is within range of map in the set, clear, and get
operations
- Use bool in virBitmapGetBit
- Add virBitmapFree to free-like funcs in cfg.mk
V3:
- Check for overflow in virBitmapAlloc
- Fix copy and paste bug in virBitmapAlloc
- Use size_t in prototypes
- Add ATTRIBUTE_NONNULL in prototypes where appropriate
and remove NULL check from impl
V4:
- Add ATTRIBUTE_RETURN_CHECK in prototypes where appropriate.
Index: libvirt-0.8.1/src/Makefile.am
===================================================================
--- libvirt-0.8.1.orig/src/Makefile.am
+++ libvirt-0.8.1/src/Makefile.am
@@ -50,6 +50,7 @@ augeastest_DATA =
# helper APIs for various purposes
UTIL_SOURCES = \
util/authhelper.c util/authhelper.h \
+ util/bitmap.c util/bitmap.h \
util/bridge.c util/bridge.h \
util/buf.c util/buf.h \
util/conf.c util/conf.h \
Index: libvirt-0.8.1/src/libvirt_private.syms
===================================================================
--- libvirt-0.8.1.orig/src/libvirt_private.syms
+++ libvirt-0.8.1/src/libvirt_private.syms
@@ -4,6 +4,14 @@
#
+# bitmap.h
+virBitmapAlloc;
+virBitmapFree;
+virBitmapSetBit;
+virBitmapClearBit;
+virBitmapGetBit;
+
+
# buf.h
virBufferVSprintf;
virBufferEscapeString;
Index: libvirt-0.8.1/src/util/bitmap.c
===================================================================
--- /dev/null
+++ libvirt-0.8.1/src/util/bitmap.c
@@ -0,0 +1,151 @@
+/*
+ * bitmap.h: Simple bitmap operations
+ *
+ * Copyright (C) 2010 Novell, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Jim Fehlig <jfehlig@novell.com>
+ */
+
+#include <config.h>
+
+#include <limits.h>
+#include <stdint.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <sys/types.h>
+
+#include "bitmap.h"
+#include "memory.h"
+
+
+struct _virBitmap {
+ size_t size;
+ uint32_t *map;
+};
+
+
+#define VIR_BITMAP_BITS_PER_UNIT (sizeof(uint32_t) * CHAR_BIT)
+#define VIR_BITMAP_UNIT_OFFSET(b) ((b) / VIR_BITMAP_BITS_PER_UNIT)
+#define VIR_BITMAP_BIT_OFFSET(b) ((b) % VIR_BITMAP_BITS_PER_UNIT)
+
+
+/**
+ * virBitmapAlloc:
+ * @size: number of bits
+ *
+ * Allocate a bitmap capable of containing @size bits.
+ *
+ * Returns a pointer to the allocated bitmap or NULL if
+ * memory cannot be allocated.
+ */
+virBitmapPtr virBitmapAlloc(size_t size)
+{
+ virBitmapPtr bitmap;
+ size_t sz;
+
+ if (SIZE_MAX - VIR_BITMAP_BITS_PER_UNIT < size)
+ return NULL;
+
+ sz = (size + VIR_BITMAP_BITS_PER_UNIT - 1) /
+ VIR_BITMAP_BITS_PER_UNIT;
+
+ if (VIR_ALLOC(bitmap) < 0)
+ return NULL;
+
+ if (VIR_ALLOC_N(bitmap->map, sz) < 0) {
+ VIR_FREE(bitmap);
+ return NULL;
+ }
+
+ return bitmap;
+}
+
+/**
+ * virBitmapFree:
+ * @bitmap: previously allocated bitmap
+ *
+ * Free @bitmap previously allocated by virBitmapAlloc.
+ */
+void virBitmapFree(virBitmapPtr bitmap)
+{
+ if (bitmap) {
+ VIR_FREE(bitmap->map);
+ VIR_FREE(bitmap);
+ }
+}
+
+/**
+ * virBitmapSetBit:
+ * @bitmap: Pointer to bitmap
+ * @b: bit position to set
+ *
+ * Set bit position @b in @bitmap
+ *
+ * Returns 0 on if bit is successfully set, -1 on error.
+ */
+int virBitmapSetBit(virBitmapPtr bitmap, size_t b)
+{
+ if (b > bitmap->size - 1)
+ return -1;
+
+ bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] |= (1 << VIR_BITMAP_BIT_OFFSET(b));
+ return 0;
+}
+
+/**
+ * virBitmapClearBit:
+ * @bitmap: Pointer to bitmap
+ * @b: bit position to clear
+ *
+ * Clear bit position @b in @bitmap
+ *
+ * Returns 0 on if bit is successfully clear, -1 on error.
+ */
+int virBitmapClearBit(virBitmapPtr bitmap, size_t b)
+{
+ if (b > bitmap->size - 1)
+ return -1;
+
+ bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] &= ~(1 << VIR_BITMAP_BIT_OFFSET(b));
+ return 0;
+}
+
+/**
+ * virBitmapGetBit:
+ * @bitmap: Pointer to bitmap
+ * @b: bit position to get
+ * @result: bool pointer to receive bit setting
+ *
+ * Get setting of bit position @b in @bitmap and store in @result
+ *
+ * On success, @result will contain the setting of @b and 0 is
+ * returned. On failure, -1 is returned and @result is unchanged.
+ */
+int virBitmapGetBit(virBitmapPtr bitmap, size_t b, bool *result)
+{
+ uint32_t bit;
+
+ if (b > bitmap->size - 1)
+ return -1;
+
+ bit = bitmap->map[VIR_BITMAP_UNIT_OFFSET(b)] &
+ (1 << VIR_BITMAP_BIT_OFFSET(b));
+
+ *result = bit != 0;
+ return 0;
+}
Index: libvirt-0.8.1/src/util/bitmap.h
===================================================================
--- /dev/null
+++ libvirt-0.8.1/src/util/bitmap.h
@@ -0,0 +1,63 @@
+/*
+ * bitmap.h: Simple bitmap operations
+ *
+ * Copyright (C) 2010 Novell, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ * Author: Jim Fehlig <jfehlig@novell.com>
+ */
+
+#ifndef __BITMAP_H__
+# define __BITMAP_H__
+
+#include "internal.h"
+
+#include <stdbool.h>
+#include <sys/types.h>
+
+
+typedef struct _virBitmap virBitmap;
+typedef virBitmap *virBitmapPtr;
+
+/*
+ * Allocate a bitmap capable of containing @size bits.
+ */
+virBitmapPtr virBitmapAlloc(size_t size) ATTRIBUTE_RETURN_CHECK;
+
+/*
+ * Free previously allocated bitmap
+ */
+void virBitmapFree(virBitmapPtr bitmap);
+
+/*
+ * Set bit position @b in @bitmap
+ */
+int virBitmapSetBit(virBitmapPtr bitmap, size_t b)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;
+
+/*
+ * Clear bit position @b in @bitmap
+ */
+int virBitmapClearBit(virBitmapPtr bitmap, size_t b)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_RETURN_CHECK;
+
+/*
+ * Get setting of bit position @b in @bitmap and store in @result
+ */
+int virBitmapGetBit(virBitmapPtr bitmap, size_t b, bool *result)
+ ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(3) ATTRIBUTE_RETURN_CHECK;
+
+#endif

29
vnc-race-2.patch Normal file
View File

@ -0,0 +1,29 @@
commit c020f6203e3735a531135bc4321415ce5520fbde
Author: Jim Fehlig <jfehlig@novell.com>
Date: Thu May 20 22:25:16 2010 -0600
Add defines for QEMU_VNC_PORT_{MIN,MAX} and use them
Index: libvirt-0.8.1/src/qemu/qemu_driver.c
===================================================================
--- libvirt-0.8.1.orig/src/qemu/qemu_driver.c
+++ libvirt-0.8.1/src/qemu/qemu_driver.c
@@ -89,6 +89,9 @@
#define VIR_FROM_THIS VIR_FROM_QEMU
+#define QEMU_VNC_PORT_MIN 5900
+#define QEMU_VNC_PORT_MAX 65535
+
/* Only 1 job is allowed at any time
* A job includes *all* monitor commands, even those just querying
* information, not merely actions */
@@ -2607,7 +2610,7 @@ qemuInitPCIAddresses(struct qemud_driver
static int qemudNextFreeVNCPort(struct qemud_driver *driver ATTRIBUTE_UNUSED) {
int i;
- for (i = 5900 ; i < 65535 ; i++) {
+ for (i = QEMU_VNC_PORT_MIN; i < QEMU_VNC_PORT_MAX; i++) {
int fd;
int reuse = 1;
struct sockaddr_in addr;

130
vnc-race-3.patch Normal file
View File

@ -0,0 +1,130 @@
commit ba196952f57f2cb22be75fa5a4f363035a111103
Author: Jim Fehlig <jfehlig@novell.com>
Date: Fri May 21 07:52:09 2010 -0600
Fix race in finding available vnc port
The qemu driver contains a subtle race in the logic to find next
available vnc port. Currently it iterates through all available ports
and returns the first for which bind(2) succeeds. However it is possible
that a previously issued port has not yet been bound by qemu, resulting
in the same port used for a subsequent domain.
This patch addresses the race by using a simple bitmap to "reserve" the
ports allocated by libvirt.
V2:
- Put port bitmap in struct qemud_driver
- Initialize bitmap in qemudStartup
V3:
- Check for failure of virBitmapGetBit
- Additional check for port != -1 before calling virbitmapClearBit
V4:
- Check for failure of virBitmap{Set,Clear}Bit
Index: libvirt-0.8.1/src/qemu/qemu_conf.h
===================================================================
--- libvirt-0.8.1.orig/src/qemu/qemu_conf.h
+++ libvirt-0.8.1/src/qemu/qemu_conf.h
@@ -39,6 +39,7 @@
# include "pci.h"
# include "cpu_conf.h"
# include "driver.h"
+# include "bitmap.h"
# define qemudDebug(fmt, ...) do {} while(0)
@@ -153,6 +154,8 @@ struct qemud_driver {
char *saveImageFormat;
pciDeviceList *activePciHostdevs;
+
+ virBitmapPtr reservedVNCPorts;
};
typedef struct _qemuDomainPCIAddressSet qemuDomainPCIAddressSet;
Index: libvirt-0.8.1/src/qemu/qemu_driver.c
===================================================================
--- libvirt-0.8.1.orig/src/qemu/qemu_driver.c
+++ libvirt-0.8.1/src/qemu/qemu_driver.c
@@ -1479,6 +1479,11 @@ qemudStartup(int privileged) {
virEventAddTimeout(-1, qemuDomainEventFlush, qemu_driver, NULL)) < 0)
goto error;
+ /* Allocate bitmap for vnc port reservation */
+ if ((qemu_driver->reservedVNCPorts =
+ virBitmapAlloc(QEMU_VNC_PORT_MAX - QEMU_VNC_PORT_MIN)) == NULL)
+ goto out_of_memory;
+
if (privileged) {
if (virAsprintf(&qemu_driver->logDir,
"%s/log/libvirt/qemu", LOCAL_STATE_DIR) == -1)
@@ -1775,6 +1780,7 @@ qemudShutdown(void) {
virCapabilitiesFree(qemu_driver->caps);
virDomainObjListDeinit(&qemu_driver->domains);
+ virBitmapFree(qemu_driver->reservedVNCPorts);
VIR_FREE(qemu_driver->securityDriverName);
VIR_FREE(qemu_driver->logDir);
@@ -2607,13 +2613,22 @@ qemuInitPCIAddresses(struct qemud_driver
return ret;
}
-static int qemudNextFreeVNCPort(struct qemud_driver *driver ATTRIBUTE_UNUSED) {
+static int qemudNextFreeVNCPort(struct qemud_driver *driver) {
int i;
for (i = QEMU_VNC_PORT_MIN; i < QEMU_VNC_PORT_MAX; i++) {
int fd;
int reuse = 1;
struct sockaddr_in addr;
+ bool used = false;
+
+ if (virBitmapGetBit(driver->reservedVNCPorts,
+ i - QEMU_VNC_PORT_MIN, &used) < 0)
+ VIR_DEBUG("virBitmapGetBit failed on bit %d", i - QEMU_VNC_PORT_MIN);
+
+ if (used)
+ continue;
+
addr.sin_family = AF_INET;
addr.sin_port = htons(i);
addr.sin_addr.s_addr = htonl(INADDR_ANY);
@@ -2629,6 +2644,12 @@ static int qemudNextFreeVNCPort(struct q
if (bind(fd, (struct sockaddr*)&addr, sizeof(addr)) == 0) {
/* Not in use, lets grab it */
close(fd);
+ /* Add port to bitmap of reserved ports */
+ if (virBitmapSetBit(driver->reservedVNCPorts,
+ i - QEMU_VNC_PORT_MIN) < 0) {
+ VIR_DEBUG("virBitmapSetBit failed on bit %d",
+ i - QEMU_VNC_PORT_MIN);
+ }
return i;
}
close(fd);
@@ -3608,6 +3629,21 @@ retry:
qemudRemoveDomainStatus(driver, vm);
+ /* Remove VNC port from port reservation bitmap, but only if it was
+ reserved by the driver (autoport=yes)
+ */
+ if ((vm->def->ngraphics == 1) &&
+ vm->def->graphics[0]->type == VIR_DOMAIN_GRAPHICS_TYPE_VNC &&
+ vm->def->graphics[0]->data.vnc.autoport &&
+ vm->def->graphics[0]->data.vnc.port != -1) {
+ if (virBitmapClearBit(driver->reservedVNCPorts,
+ vm->def->graphics[0]->data.vnc.port - \
+ QEMU_VNC_PORT_MIN) < 0) {
+ VIR_DEBUG("virBitmapClearBit failed on bit %d",
+ vm->def->graphics[0]->data.vnc.port - QEMU_VNC_PORT_MIN);
+ }
+ }
+
vm->pid = -1;
vm->def->id = -1;
vm->state = VIR_DOMAIN_SHUTOFF;

View File

@ -0,0 +1,79 @@
commit b1eb7f2e987d21b1711e86e5cb63a69abfce82f1
Author: Jim Fehlig <jfehlig@linux-ypgk.site>
Date: Fri Jun 4 10:04:03 2010 -0600
Fixes for commit 211dd1e9
Fixes for issues in commit 211dd1e9 noted by by Jim Meyering.
1. Allocate content buffer of size content_length + 1 to ensure
NUL-termination.
2. Limit content buffer size to 64k
3. Fix whitespace issue
V2:
- Add comment to clarify allocation of content buffer
- Add ATTRIBUTE_NONNULL where appropriate
- User NULLSTR macro
diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
index 0c1a738..51cad92 100644
--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
@@ -68,6 +68,7 @@
# define XEND_CONFIG_MIN_VERS_PVFB_NEWCONF 3
#endif
+#define XEND_RCV_BUF_MAX_LEN 65536
#ifndef PROXY
static int
@@ -310,7 +311,7 @@ istartswith(const char *haystack, const char *needle)
* Returns the HTTP return code and @content is set to the
* allocated memory containing HTTP content.
*/
-static int
+static int ATTRIBUTE_NONNULL (2)
xend_req(int fd, char **content)
{
char buffer[4096];
@@ -330,7 +331,19 @@ xend_req(int fd, char **content)
if (content_length > 0) {
ssize_t ret;
- if (VIR_ALLOC_N(*content, content_length) < 0 ) {
+ if (content_length > XEND_RCV_BUF_MAX_LEN) {
+ virXendError(VIR_ERR_INTERNAL_ERROR,
+ _("Xend returned HTTP Content-Length of %d, "
+ "which exceeds maximum of %d"),
+ content_length,
+ XEND_RCV_BUF_MAX_LEN);
+ return -1;
+ }
+
+ /* Allocate one byte beyond the end of the largest buffer we will read.
+ Combined with the fact that VIR_ALLOC_N zeros the returned buffer,
+ this guarantees that "content" will always be NUL-terminated. */
+ if (VIR_ALLOC_N(*content, content_length + 1) < 0 ) {
virReportOOMError();
return -1;
}
@@ -353,7 +366,7 @@ xend_req(int fd, char **content)
*
* Returns the HTTP return code or -1 in case or error.
*/
-static int
+static int ATTRIBUTE_NONNULL(3)
xend_get(virConnectPtr xend, const char *path,
char **content)
{
@@ -379,8 +392,7 @@ xend_get(virConnectPtr xend, const char *path,
((ret != 404) || (!STRPREFIX(path, "/xend/domain/")))) {
virXendError(VIR_ERR_GET_FAILED,
_("%d status from xen daemon: %s:%s"),
- ret, path,
- content ? *content: "NULL");
+ ret, path, NULLSTR(*content));
}
return ret;

244
xend-content-buf.patch Normal file
View File

@ -0,0 +1,244 @@
commit 211dd1e9c54a9ba92e2e648acacbc18981374073
Author: Jim Fehlig <jfehlig@novell.com>
Date: Wed Jun 2 18:07:17 2010 -0600
Allocate buffer to hold xend response
There are cases when a response from xend can exceed 4096 bytes, in
which case anything beyond 4096 is ignored. This patch changes the
current fixed-size, stack-allocated buffer to a dynamically allocated
buffer based on Content-Length in HTTP header.
diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
index e763bad..0c1a738 100644
--- a/src/xen/xend_internal.c
+++ b/src/xen/xend_internal.c
@@ -302,17 +302,19 @@ istartswith(const char *haystack, const char *needle)
* xend_req:
* @fd: the file descriptor
* @content: the buffer to store the content
- * @n_content: the size of the buffer
*
* Read the HTTP response from a Xen Daemon request.
+ * If the response contains content, memory is allocated to
+ * hold the content.
*
- * Returns the HTTP return code.
+ * Returns the HTTP return code and @content is set to the
+ * allocated memory containing HTTP content.
*/
static int
-xend_req(int fd, char *content, size_t n_content)
+xend_req(int fd, char **content)
{
char buffer[4096];
- int content_length = -1;
+ int content_length = 0;
int retcode = 0;
while (sreads(fd, buffer, sizeof(buffer)) > 0) {
@@ -325,19 +327,17 @@ xend_req(int fd, char *content, size_t n_content)
retcode = atoi(buffer + 9);
}
- if (content_length > -1) {
+ if (content_length > 0) {
ssize_t ret;
- if ((unsigned int) content_length > (n_content + 1))
- content_length = n_content - 1;
+ if (VIR_ALLOC_N(*content, content_length) < 0 ) {
+ virReportOOMError();
+ return -1;
+ }
- ret = sread(fd, content, content_length);
+ ret = sread(fd, *content, content_length);
if (ret < 0)
return -1;
-
- content[ret] = 0;
- } else {
- content[0] = 0;
}
return retcode;
@@ -348,7 +348,6 @@ xend_req(int fd, char *content, size_t n_content)
* @xend: pointer to the Xen Daemon structure
* @path: the path used for the HTTP request
* @content: the buffer to store the content
- * @n_content: the size of the buffer
*
* Do an HTTP GET RPC with the Xen Daemon
*
@@ -356,7 +355,7 @@ xend_req(int fd, char *content, size_t n_content)
*/
static int
xend_get(virConnectPtr xend, const char *path,
- char *content, size_t n_content)
+ char **content)
{
int ret;
int s = do_connect(xend);
@@ -373,14 +372,15 @@ xend_get(virConnectPtr xend, const char *path,
"Accept-Encoding: identity\r\n"
"Content-Type: application/x-www-form-urlencoded\r\n" "\r\n");
- ret = xend_req(s, content, n_content);
+ ret = xend_req(s, content);
close(s);
if (((ret < 0) || (ret >= 300)) &&
((ret != 404) || (!STRPREFIX(path, "/xend/domain/")))) {
virXendError(VIR_ERR_GET_FAILED,
_("%d status from xen daemon: %s:%s"),
- ret, path, content);
+ ret, path,
+ content ? *content: "NULL");
}
return ret;
@@ -392,8 +392,6 @@ xend_get(virConnectPtr xend, const char *path,
* @xend: pointer to the Xen Daemon structure
* @path: the path used for the HTTP request
* @ops: the information sent for the POST
- * @content: the buffer to store the content
- * @n_content: the size of the buffer
*
* Do an HTTP POST RPC with the Xen Daemon, this usually makes changes at the
* Xen level.
@@ -401,10 +399,10 @@ xend_get(virConnectPtr xend, const char *path,
* Returns the HTTP return code or -1 in case or error.
*/
static int
-xend_post(virConnectPtr xend, const char *path, const char *ops,
- char *content, size_t n_content)
+xend_post(virConnectPtr xend, const char *path, const char *ops)
{
char buffer[100];
+ char *err_buf = NULL;
int ret;
int s = do_connect(xend);
@@ -425,26 +423,28 @@ xend_post(virConnectPtr xend, const char *path, const char *ops,
swrites(s, "\r\n\r\n");
swrites(s, ops);
- ret = xend_req(s, content, n_content);
+ ret = xend_req(s, &err_buf);
close(s);
if ((ret < 0) || (ret >= 300)) {
virXendError(VIR_ERR_POST_FAILED,
- _("xend_post: error from xen daemon: %s"), content);
- } else if ((ret == 202) && (strstr(content, "failed") != NULL)) {
+ _("xend_post: error from xen daemon: %s"), err_buf);
+ } else if ((ret == 202) && err_buf && (strstr(err_buf, "failed") != NULL)) {
virXendError(VIR_ERR_POST_FAILED,
- _("xend_post: error from xen daemon: %s"), content);
+ _("xend_post: error from xen daemon: %s"), err_buf);
ret = -1;
- } else if (((ret >= 200) && (ret <= 202)) && (strstr(content, "xend.err") != NULL)) {
+ } else if (((ret >= 200) && (ret <= 202)) && err_buf &&
+ (strstr(err_buf, "xend.err") != NULL)) {
/* This is to catch case of things like 'virsh dump Domain-0 foo'
* which returns a success code, but the word 'xend.err'
* in body to indicate error :-(
*/
virXendError(VIR_ERR_POST_FAILED,
- _("xend_post: error from xen daemon: %s"), content);
+ _("xend_post: error from xen daemon: %s"), err_buf);
ret = -1;
}
+ VIR_FREE(err_buf);
return ret;
}
#endif /* ! PROXY */
@@ -487,8 +487,6 @@ http2unix(int ret)
* xend_op_ext:
* @xend: pointer to the Xen Daemon structure
* @path: path for the object
- * @error: buffer for the error output
- * @n_error: size of @error
* @key: the key for the operation
* @ap: input values to pass to the operation
*
@@ -497,8 +495,7 @@ http2unix(int ret)
* Returns 0 in case of success, -1 in case of failure.
*/
static int
-xend_op_ext(virConnectPtr xend, const char *path, char *error,
- size_t n_error, const char *key, va_list ap)
+xend_op_ext(virConnectPtr xend, const char *path, const char *key, va_list ap)
{
const char *k = key, *v;
virBuffer buf = VIR_BUFFER_INITIALIZER;
@@ -524,7 +521,7 @@ xend_op_ext(virConnectPtr xend, const char *path, char *error,
}
content = virBufferContentAndReset(&buf);
- ret = http2unix(xend_post(xend, path, content, error, n_error));
+ ret = http2unix(xend_post(xend, path, content));
VIR_FREE(content);
return ret;
@@ -535,8 +532,6 @@ xend_op_ext(virConnectPtr xend, const char *path, char *error,
* xend_op:
* @xend: pointer to the Xen Daemon structure
* @name: the domain name target of this operation
- * @error: buffer for the error output
- * @n_error: size of @error
* @key: the key for the operation
* @ap: input values to pass to the operation
* @...: input values to pass to the operation
@@ -550,14 +545,13 @@ static int ATTRIBUTE_SENTINEL
xend_op(virConnectPtr xend, const char *name, const char *key, ...)
{
char buffer[1024];
- char error[1024];
va_list ap;
int ret;
snprintf(buffer, sizeof(buffer), "/xend/domain/%s", name);
va_start(ap, key);
- ret = xend_op_ext(xend, buffer, error, sizeof(error), key, ap);
+ ret = xend_op_ext(xend, buffer, key, ap);
va_end(ap);
return ret;
@@ -581,21 +575,29 @@ static struct sexpr *sexpr_get(virConnectPtr xend, const char *fmt, ...)
static struct sexpr *
sexpr_get(virConnectPtr xend, const char *fmt, ...)
{
- char buffer[4096];
+ char *buffer = NULL;
char path[1024];
va_list ap;
int ret;
+ struct sexpr *res = NULL;
va_start(ap, fmt);
vsnprintf(path, sizeof(path), fmt, ap);
va_end(ap);
- ret = xend_get(xend, path, buffer, sizeof(buffer));
+ ret = xend_get(xend, path, &buffer);
ret = http2unix(ret);
if (ret == -1)
- return NULL;
+ goto cleanup;
+
+ if (buffer == NULL)
+ goto cleanup;
+
+ res = string2sexpr(buffer);
- return string2sexpr(buffer);
+cleanup:
+ VIR_FREE(buffer);
+ return res;
}
/**