From fefbae879b0ffb54315af6c3e7acc9edd3d37d73 Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Fri, 5 Sep 2014 16:15:01 +0100 Subject: [PATCH] Update to 1.2.8 release --- ...ly-report-active-commit-for-job-info.patch | 36 ------ ...avoid-memory-leak-during-block-pivot.patch | 51 -------- ...kjob-fix-use-after-free-in-blockcopy.patch | 108 ---------------- libvirt.spec | 121 ++++++++---------- sources | 2 +- 5 files changed, 56 insertions(+), 262 deletions(-) delete mode 100644 0001-blockjob-correctly-report-active-commit-for-job-info.patch delete mode 100644 0002-blockjob-avoid-memory-leak-during-block-pivot.patch delete mode 100644 0003-blockjob-fix-use-after-free-in-blockcopy.patch diff --git a/0001-blockjob-correctly-report-active-commit-for-job-info.patch b/0001-blockjob-correctly-report-active-commit-for-job-info.patch deleted file mode 100644 index b6bfe3a..0000000 --- a/0001-blockjob-correctly-report-active-commit-for-job-info.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 2151695a5119a8d7f44d416c730df50a1e42695a Mon Sep 17 00:00:00 2001 -Message-Id: <2151695a5119a8d7f44d416c730df50a1e42695a.1407860168.git.crobinso@redhat.com> -From: Eric Blake -Date: Tue, 5 Aug 2014 08:49:32 -0600 -Subject: [PATCH 1/3] blockjob: correctly report active commit for job info - -Commit 232a31b munged job info to report 'active commit' instead of -'commit' when generating events, but forgot to also munge the polling -variant of the command. - -* src/qemu/qemu_driver.c (qemuDomainBlockJobImpl): Adjust type as -needed. - -Signed-off-by: Eric Blake -(cherry picked from commit e8cc973041e7ac4ddeefe343af751863c76687fe) ---- - src/qemu/qemu_driver.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index a3de784..57cc913 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -15103,6 +15103,9 @@ qemuDomainBlockJobImpl(virDomainObjPtr vm, - ret = qemuMonitorBlockJob(priv->mon, device, basePath, backingPath, - bandwidth, info, mode, async); - qemuDomainObjExitMonitor(driver, vm); -+ if (info && info->type == VIR_DOMAIN_BLOCK_JOB_TYPE_COMMIT && -+ disk->mirrorJob == VIR_DOMAIN_BLOCK_JOB_TYPE_ACTIVE_COMMIT) -+ info->type = disk->mirrorJob; - if (ret < 0) { - if (mode == BLOCK_JOB_ABORT && disk->mirror) - disk->mirrorState = VIR_DOMAIN_DISK_MIRROR_STATE_NONE; --- -1.9.3 - diff --git a/0002-blockjob-avoid-memory-leak-during-block-pivot.patch b/0002-blockjob-avoid-memory-leak-during-block-pivot.patch deleted file mode 100644 index fd306c0..0000000 --- a/0002-blockjob-avoid-memory-leak-during-block-pivot.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 7620b422e515249bbfff02d0372301334fe1dd50 Mon Sep 17 00:00:00 2001 -Message-Id: <7620b422e515249bbfff02d0372301334fe1dd50.1407860168.git.crobinso@redhat.com> -In-Reply-To: <2151695a5119a8d7f44d416c730df50a1e42695a.1407860168.git.crobinso@redhat.com> -References: <2151695a5119a8d7f44d416c730df50a1e42695a.1407860168.git.crobinso@redhat.com> -From: Eric Blake -Date: Wed, 6 Aug 2014 14:48:59 -0600 -Subject: [PATCH 2/3] blockjob: avoid memory leak during block pivot - -Valgrind caught a memory leak: - -==2018== 9 bytes in 1 blocks are definitely lost in loss record 143 of 927 -==2018== at 0x4A0645D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) -==2018== by 0x8C42369: strdup (strdup.c:42) -==2018== by 0x50EACC9: virStrdup (virstring.c:676) -==2018== by 0x50E79E5: virStorageSourceCopy (virstoragefile.c:1845) -==2018== by 0x20A3FAA7: qemuDomainBlockCommit (qemu_driver.c:15620) -==2018== by 0x51DC6B2: virDomainBlockCommit (libvirt.c:20092) - -I traced it to the fact that blockcopy and blockcommit end up -reparsing a backing chain on pivot, but the chain parsing code -doesn't gracefully handle the case where the backing file is -already known. - -I'm not exactly sure when this was introduced, but suspect that the -refactoring in commit 9944b71 and friends that moved towards probing -in-place rather than into a temporary structure are part of the cause. - -* src/util/virstoragefile.c (virStorageFileGetMetadataInternal): -Don't leak any prior value. - -Signed-off-by: Eric Blake -(cherry picked from commit a595a005725f142e1a258d10f7647982efa3cfd8) ---- - src/util/virstoragefile.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/util/virstoragefile.c b/src/util/virstoragefile.c -index 3da9073..5b6b2f5 100644 ---- a/src/util/virstoragefile.c -+++ b/src/util/virstoragefile.c -@@ -817,6 +817,7 @@ virStorageFileGetMetadataInternal(virStorageSourcePtr meta, - goto cleanup; - } - -+ VIR_FREE(meta->backingStoreRaw); - if (fileTypeInfo[meta->format].getBackingStore != NULL) { - int store = fileTypeInfo[meta->format].getBackingStore(&meta->backingStoreRaw, - backingFormat, --- -1.9.3 - diff --git a/0003-blockjob-fix-use-after-free-in-blockcopy.patch b/0003-blockjob-fix-use-after-free-in-blockcopy.patch deleted file mode 100644 index f510230..0000000 --- a/0003-blockjob-fix-use-after-free-in-blockcopy.patch +++ /dev/null @@ -1,108 +0,0 @@ -From 9617e31b5349b193469874706abcbcb013e6a6fd Mon Sep 17 00:00:00 2001 -Message-Id: <9617e31b5349b193469874706abcbcb013e6a6fd.1407860168.git.crobinso@redhat.com> -In-Reply-To: <2151695a5119a8d7f44d416c730df50a1e42695a.1407860168.git.crobinso@redhat.com> -References: <2151695a5119a8d7f44d416c730df50a1e42695a.1407860168.git.crobinso@redhat.com> -From: Eric Blake -Date: Wed, 6 Aug 2014 14:06:23 -0600 -Subject: [PATCH 3/3] blockjob: fix use-after-free in blockcopy - -Commit febf84c2 tried to delay in-memory modification of the actual -domain disk structure until after the qemu event was received. -However, I missed that the code for block pivot had been temporarily -setting disk->src = disk->mirror prior to the qemu command, in order -to label the backing chain of a reused external blockcopy disk; -and calls into qemu while still in that state before finally undoing -things at the cleanup label. Since the qemu event handler then does: - virStorageSourceFree(disk->src); - disk->src = disk->mirror; -we have the sad race that a fast enough qemu event can cause a leak of -the original disk->src, as well as a use-after-free of the disk->mirror -contents, bad enough to crash libvirtd in some of my test runs, even -though the common case of the qemu event being much later won't trip -the race. - -I'll go wear the brown paper bag of shame, for introducing a crasher -in between rc1 and rc2 of the freeze for 1.2.7 :( My only -consolation is that virDomainBlockJobAbort requires the domain:write -ACL, so it is not a CVE. - -The valgrind report when the race occurs looks like: - -==25612== Invalid read of size 4 -==25612== at 0x50E7C90: virStorageSourceGetActualType (virstoragefile.c:1948) -==25612== by 0x209C0B18: qemuDomainDetermineDiskChain (qemu_domain.c:2473) -==25612== by 0x209D7F6A: qemuProcessHandleBlockJob (qemu_process.c:1087) -==25612== by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357) -... -==25612== Address 0xe4b5610 is 0 bytes inside a block of size 200 free'd -==25612== at 0x4A07577: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) -==25612== by 0x50839E9: virFree (viralloc.c:582) -==25612== by 0x50E7E51: virStorageSourceFree (virstoragefile.c:2015) -==25612== by 0x209D7EFF: qemuProcessHandleBlockJob (qemu_process.c:1073) -==25612== by 0x209F40C9: qemuMonitorEmitBlockJob (qemu_monitor.c:1357) - -* src/qemu/qemu_driver.c (qemuDomainBlockPivot): Don't corrupt -disk->src, and only label chain for blockcopy. - -Signed-off-by: Eric Blake -(cherry picked from commit 265680c58ebbee30bb70369e7d9905a599afbd6a) ---- - src/qemu/qemu_driver.c | 40 +++++++++++++++++++++++++--------------- - 1 file changed, 25 insertions(+), 15 deletions(-) - -diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c -index 57cc913..a050dbc 100644 ---- a/src/qemu/qemu_driver.c -+++ b/src/qemu/qemu_driver.c -@@ -14888,23 +14888,33 @@ qemuDomainBlockPivot(virConnectPtr conn, - } - } - -- /* We previously labeled only the top-level image; but if the -- * image includes a relative backing file, the pivot may result in -- * qemu needing to open the entire backing chain, so we need to -- * label the entire chain. This action is safe even if the -- * backing chain has already been labeled; but only necessary when -- * we know for sure that there is a backing chain. */ -- oldsrc = disk->src; -- disk->src = disk->mirror; -+ /* For active commit, the mirror is part of the already labeled -+ * chain. For blockcopy, we previously labeled only the top-level -+ * image; but if the user is reusing an external image that -+ * includes a backing file, the pivot may result in qemu needing -+ * to open the entire backing chain, so we need to label the -+ * entire chain. This action is safe even if the backing chain -+ * has already been labeled; but only necessary when we know for -+ * sure that there is a backing chain. */ -+ if (disk->mirrorJob == VIR_DOMAIN_BLOCK_JOB_TYPE_COPY) { -+ oldsrc = disk->src; -+ disk->src = disk->mirror; -+ -+ if (qemuDomainDetermineDiskChain(driver, vm, disk, false) < 0) -+ goto cleanup; - -- if (qemuDomainDetermineDiskChain(driver, vm, disk, false) < 0) -- goto cleanup; -+ if (disk->mirror->format && -+ disk->mirror->format != VIR_STORAGE_FILE_RAW && -+ (virDomainLockDiskAttach(driver->lockManager, cfg->uri, vm, -+ disk) < 0 || -+ qemuSetupDiskCgroup(vm, disk) < 0 || -+ virSecurityManagerSetDiskLabel(driver->securityManager, vm->def, -+ disk) < 0)) -+ goto cleanup; - -- if (disk->mirror->format && disk->mirror->format != VIR_STORAGE_FILE_RAW && -- (virDomainLockDiskAttach(driver->lockManager, cfg->uri, vm, disk) < 0 || -- qemuSetupDiskCgroup(vm, disk) < 0 || -- virSecurityManagerSetDiskLabel(driver->securityManager, vm->def, disk) < 0)) -- goto cleanup; -+ disk->src = oldsrc; -+ oldsrc = NULL; -+ } - - /* Attempt the pivot. Record the attempt now, to prevent duplicate - * attempts; but the actual disk change will be made when emitting --- -1.9.3 - diff --git a/libvirt.spec b/libvirt.spec index 7620470..b88b041 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -1,5 +1,7 @@ # -*- rpm-spec -*- +# This spec file assumes you are building for Fedora 13 or newer, +# or for RHEL 5 or newer. It may need some tweaks for other distros. # If neither fedora nor rhel was defined, try to guess them from %{dist} %if !0%{?rhel} && !0%{?fedora} %{expand:%(echo "%{?dist}" | \ @@ -139,7 +141,6 @@ %define with_libpcap 0%{!?_without_libpcap:0} %define with_macvtap 0%{!?_without_macvtap:0} %define with_libnl 0%{!?_without_libnl:0} -%define with_audit 0%{!?_without_audit:0} %define with_dtrace 0%{!?_without_dtrace:0} %define with_cgconfig 0%{!?_without_cgconfig:0} %define with_sanlock 0%{!?_without_sanlock:0} @@ -153,6 +154,7 @@ # Non-server/HV driver defaults which are always enabled %define with_sasl 0%{!?_without_sasl:1} +%define with_audit 0%{!?_without_audit:1} # Finally set the OS / architecture specific special cases @@ -223,31 +225,21 @@ %define with_libxl 0 %endif -# PolicyKit was introduced in Fedora 8 / RHEL-6 or newer -%if 0%{?fedora} >= 8 || 0%{?rhel} >= 6 - %define with_polkit 0%{!?_without_polkit:1} -%endif - -# libcapng is used to manage capabilities in Fedora 12 / RHEL-6 or newer -%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 - %define with_capng 0%{!?_without_capng:1} -%endif - # fuse is used to provide virtualized /proc for LXC %if 0%{?fedora} >= 17 || 0%{?rhel} >= 7 %define with_fuse 0%{!?_without_fuse:1} %endif -# netcf is used to manage network interfaces in Fedora 12 / RHEL-6 or newer -%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 - %define with_netcf 0%{!?_without_netcf:%{server_drivers}} -%endif - -# udev is used to manage host devices in Fedora 12 / RHEL-6 or newer -%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 - %define with_udev 0%{!?_without_udev:%{server_drivers}} -%else +# RHEL 5 lacks newer tools +%if 0%{?rhel} == 5 %define with_hal 0%{!?_without_hal:%{server_drivers}} +%else + %define with_polkit 0%{!?_without_polkit:1} + %define with_capng 0%{!?_without_capng:1} + %define with_netcf 0%{!?_without_netcf:%{server_drivers}} + %define with_udev 0%{!?_without_udev:%{server_drivers}} + %define with_yajl 0%{!?_without_yajl:%{server_drivers}} + %define with_dtrace 1 %endif # interface requires netcf @@ -255,11 +247,6 @@ %define with_interface 0 %endif -# Enable yajl library for JSON mode with QEMU -%if 0%{?fedora} >= 13 || 0%{?rhel} >= 6 - %define with_yajl 0%{!?_without_yajl:%{server_drivers}} -%endif - # Enable sanlock library for lock management with QEMU # Sanlock is available only on arches where kvm is available for RHEL %if 0%{?fedora} >= 16 @@ -277,12 +264,9 @@ %endif # Enable wireshark plugins for all distros shipping libvirt 1.2.2 or newer -#%if 0%{?fedora} >= 21 -# %define with_wireshark 0%{!?_without_wireshark:1} -#%endif -# Except this is presently busted on F21/rawhide with wireshark 1.12.0 -# https://bugzilla.redhat.com/show_bug.cgi?id=1129419 -%define with_wireshark 0 +%if 0%{?fedora} >= 21 + %define with_wireshark 0%{!?_without_wireshark:1} +%endif # Disable some drivers when building without libvirt daemon. # The logic is the same as in configure.ac @@ -323,16 +307,8 @@ %define with_libnl 1 %endif -%if 0%{?fedora} >= 11 || 0%{?rhel} >= 5 - %define with_audit 0%{!?_without_audit:1} -%endif - -%if 0%{?fedora} >= 13 || 0%{?rhel} >= 6 - %define with_dtrace 1 -%endif - # Pull in cgroups config system -%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 +%if 0%{?fedora} || 0%{?rhel} >= 6 %if %{with_qemu} || %{with_lxc} %define with_cgconfig 0%{!?_without_cgconfig:1} %endif @@ -352,7 +328,7 @@ # Force QEMU to run as non-root -%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 +%if 0%{?fedora} || 0%{?rhel} >= 6 %define qemu_user qemu %define qemu_group qemu %else @@ -386,8 +362,8 @@ Summary: Library providing a simple virtualization API Name: libvirt -Version: 1.2.7 -Release: 2%{?dist}%{?extra_release} +Version: 1.2.8 +Release: 1%{?dist}%{?extra_release} License: LGPLv2+ Group: Development/Libraries BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root @@ -398,10 +374,6 @@ URL: http://libvirt.org/ %endif Source: http://libvirt.org/sources/%{?mainturl}libvirt-%{version}.tar.gz -Patch0001: 0001-blockjob-correctly-report-active-commit-for-job-info.patch -Patch0002: 0002-blockjob-avoid-memory-leak-during-block-pivot.patch -Patch0003: 0003-blockjob-fix-use-after-free-in-blockcopy.patch - %if %{with_libvirtd} Requires: libvirt-daemon = %{version}-%{release} %if %{with_network} @@ -453,6 +425,7 @@ BuildRequires: gettext-devel BuildRequires: libtool BuildRequires: /usr/bin/pod2man %endif +BuildRequires: perl BuildRequires: python %if %{with_systemd} BuildRequires: systemd-units @@ -479,7 +452,7 @@ BuildRequires: libattr-devel # For pool-build probing for existing pools BuildRequires: libblkid-devel >= 2.17 %endif -%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 +%if 0%{?fedora} || 0%{?rhel} >= 6 # for augparse, optionally used in testing BuildRequires: augeas %endif @@ -544,7 +517,7 @@ BuildRequires: cyrus-sasl-devel %if 0%{?fedora} >= 20 || 0%{?rhel} >= 7 BuildRequires: polkit-devel >= 0.112 %else - %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 + %if 0%{?fedora} || 0%{?rhel} >= 6 BuildRequires: polkit-devel >= 0.93 %else BuildRequires: PolicyKit-devel >= 0.6 @@ -627,7 +600,7 @@ BuildRequires: netcf-devel >= 0.1.4 %endif %endif %if %{with_esx} - %if 0%{?fedora} >= 9 || 0%{?rhel} >= 6 + %if 0%{?fedora} || 0%{?rhel} >= 6 BuildRequires: libcurl-devel %else BuildRequires: curl-devel @@ -711,7 +684,7 @@ Requires: avahi-libs %if 0%{?fedora} >= 20 || 0%{?rhel} >= 7 Requires: polkit >= 0.112 %else - %if 0%{?fedora} >= 12 || 0%{?rhel} >=6 + %if 0%{?fedora} || 0%{?rhel} >=6 Requires: polkit >= 0.93 %else Requires: PolicyKit >= 0.6 @@ -871,7 +844,7 @@ Requires: nfs-utils # For mkfs Requires: util-linux # For glusterfs - %if 0%{?fedora} >= 11 + %if 0%{?fedora} Requires: glusterfs-client >= 2.0.1 %endif %endif @@ -1225,10 +1198,6 @@ driver %prep %setup -q -%patch0001 -p1 -%patch0002 -p1 -%patch0003 -p1 - %build %if ! %{with_xen} %define _without_xen --without-xen @@ -1589,7 +1558,7 @@ mv $RPM_BUILD_ROOT%{_datadir}/systemtap/tapset/libvirt_qemu_probes.stp \ %endif %endif -%if 0%{?fedora} < 14 && 0%{?rhel} < 6 +%if 0%{?rhel} == 5 rm -f $RPM_BUILD_ROOT%{_prefix}/lib/sysctl.d/libvirtd.conf %endif @@ -1617,7 +1586,7 @@ fi %if ! %{with_driver_modules} %if %{with_qemu} %pre daemon - %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 + %if 0%{?fedora} || 0%{?rhel} >= 6 # We want soft static allocation of well-known ids, as disk images # are commonly shared across NFS mounts by id rather than name; see # https://fedoraproject.org/wiki/Packaging:UsersAndGroups @@ -1681,11 +1650,13 @@ done %if %{with_systemd} %if %{with_systemd_macros} - %systemd_post virtlockd.socket libvirtd.service + %systemd_post virtlockd.socket libvirtd.service libvirtd.socket %else if [ $1 -eq 1 ] ; then # Initial installation - /bin/systemctl enable virtlockd.socket libvirtd.service >/dev/null 2>&1 || : + /bin/systemctl enable \ + virtlockd.socket \ + libvirtd.service >/dev/null 2>&1 || : fi %endif %else @@ -1706,12 +1677,24 @@ fi %preun daemon %if %{with_systemd} %if %{with_systemd_macros} - %systemd_preun libvirtd.service virtlockd.socket virtlockd.service + %systemd_preun \ + libvirtd.socket \ + libvirtd.service \ + virtlockd.socket \ + virtlockd.service %else if [ $1 -eq 0 ] ; then # Package removal, not upgrade - /bin/systemctl --no-reload disable libvirtd.service virtlockd.socket virtlockd.service > /dev/null 2>&1 || : - /bin/systemctl stop libvirtd.service virtlockd.socket virtlockd.service > /dev/null 2>&1 || : + /bin/systemctl --no-reload disable \ + libvirtd.socket \ + libvirtd.service \ + virtlockd.socket \ + virtlockd.service > /dev/null 2>&1 || : + /bin/systemctl stop \ + libvirtd.socket \ + libvirtd.service \ + virtlockd.socket \ + virtlockd.service > /dev/null 2>&1 || : fi %endif %else @@ -1772,7 +1755,7 @@ fi %if %{with_driver_modules} %if %{with_qemu} %pre daemon-driver-qemu - %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 + %if 0%{?fedora} || 0%{?rhel} >= 6 # We want soft static allocation of well-known ids, as disk images # are commonly shared across NFS mounts by id rather than name; see # https://fedoraproject.org/wiki/Packaging:UsersAndGroups @@ -1868,6 +1851,7 @@ exit 0 %if %{with_systemd} %{_unitdir}/libvirtd.service +%{_unitdir}/libvirtd.socket %{_unitdir}/virtlockd.service %{_unitdir}/virtlockd.socket %else @@ -1879,7 +1863,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/sysconfig/virtlockd %config(noreplace) %{_sysconfdir}/libvirt/libvirtd.conf %config(noreplace) %{_sysconfdir}/libvirt/virtlockd.conf - %if 0%{?fedora} >= 14 || 0%{?rhel} >= 6 + %if 0%{?fedora} || 0%{?rhel} >= 6 %config(noreplace) %{_prefix}/lib/sysctl.d/libvirtd.conf %endif @@ -1907,7 +1891,7 @@ exit 0 %endif %if %{with_polkit} - %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 + %if 0%{?fedora} || 0%{?rhel} >= 6 %{_datadir}/polkit-1/actions/org.libvirt.unix.policy %{_datadir}/polkit-1/actions/org.libvirt.api.policy %else @@ -2110,6 +2094,8 @@ exit 0 %files daemon-driver-vbox %defattr(-, root, root) %{_libdir}/%{name}/connection-driver/libvirt_driver_vbox.so +%{_libdir}/%{name}/connection-driver/libvirt_driver_vbox_network.so +%{_libdir}/%{name}/connection-driver/libvirt_driver_vbox_storage.so %endif %endif # %{with_driver_modules} @@ -2261,6 +2247,9 @@ exit 0 %doc examples/systemtap %changelog +* Fri Sep 5 2014 Daniel P. Berrange - 1.2.8-1 +- Update to 1.2.8 release + * Sun Aug 17 2014 Fedora Release Engineering - 1.2.7-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild diff --git a/sources b/sources index 031bc84..f55662c 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -d556b3d815a222fd9680f9f3948595cb libvirt-1.2.7.tar.gz +75114991290f7c8f01dd5223431b9c00 libvirt-1.2.8.tar.gz