starlingx/virt
Code Issues Proposed changes

Upversion libvirt to v8.0.0-1

Browse Source 
The new stx-openstack release will be based on the Openstack 2025.1
Epoxy version, which uses libvirt >= 8.0.0. This change aims to
upversion the current libvirt package from 7.0.0-3 to the 8.0.0-1. To
make this possible, it was necessary to update the libvirt metadata
and review all the patches currently applied to version 7.0.0-3,
analyzing which patches should be kept, which need to be adapted,
which can be removed and which new patches need to be created. The
following list describes the actions taken for each patch included in
this change:

Patches removed because they are no longer needed in version 8.0.0-1:
 CVE-2021-3631.patch
 CVE-2021-3667.patch
 CVE-2021-3975.patch
 CVE-2021-4147_1.patch
 CVE-2021-4147_2.patch
 CVE-2021-4147_3.patch
 CVE-2021-4147_4.patch
 CVE-2021-4147_5.patch
 CVE-2021-4147_6.patch
 0010-qemu-capabilities-Introduce-QEMU_CAPS_OBJECT_QAPIFIE.patch
 0011-qemu-monitor-Make-wrapping-of-props-of-object-add-op.patch
 0012-qemuMonitorCreateObjectPropsWrap-Open-code-in-qemuBu.patch
 0013-qemu-monitor-Don-t-add-props-wrapper-if-qemu-has-QEM.patch
 0014-qemu-remove-support-for-generating-yes-no-boolean-op.patch
 0015-qemu-command-Use-JSON-for-QAPIfied-object-directly.patch
 0016-qemu-capabilities-Enable-detection-of-QEMU_CAPS_OBJE.patch
 libxl-Fix-domain-shutdown.patch

Patches adapted due to changes between versions 7.0.0-3 and 8.0.0-1:
 CVE-2024-1441.patch
 CVE-2024-2494.patch
 CVE-2024-2496.patch
 0001-STX-Customize-Debian-build-files.patch
 0001-STX-CPU-pinning-not-working-over-live-migration.patch
 0002-STX-System-Logging-set-group-read-permission-on-log.patch
 0003-STX-Drop-migration-poll-times-to-10mS.patch
 0004-STX-DPDK-parms-handling.patch
 0007-STX-Stop-processing-memory-stats-if-balloon-info.patch
 0008-STX-Increase-timeout-for-connecting-to-monitor.patch
 0009-STX-pci-sriov-perform-limited-retry-on-netlink.patch

Some examples of changes between libvirt versions that required
updates to the patches can be found in [1], [2], [3], [4], and [5].

New patch required to ensure compatibility with the libc6-dev version
dependency (see the patch description for more details):
 0002-STX-Adjust-libc6-dev-version-compatibility.patch

[1] https://salsa.debian.org/libvirt-team/libvirt/-/commit/53a7a787d3
[2] https://salsa.debian.org/libvirt-team/libvirt/-/blob/debian/7.0.0-3/src/conf/domain_conf.c?ref_type=tags#L2011
[3] https://salsa.debian.org/libvirt-team/libvirt/-/blob/debian/8.0.0-1/src/conf/domain_conf.c?ref_type=tags#L2079
[4] https://salsa.debian.org/libvirt-team/libvirt/-/blob/debian/7.0.0-3/src/qemu/qemu_monitor_json.c?ref_type=tags#L2270
[5] https://salsa.debian.org/libvirt-team/libvirt/-/blob/debian/8.0.0-1/src/qemu/qemu_monitor_json.c?ref_type=tags#L2076

TEST PLAN:

PASS - build-pkgs --all
PASS - build-pkgs -c -p libvirt
PASS - build ISO image
PASS - build wheels and base docker image
PASS - build stx-libvirt docker image
PASS - build stx-openstack
PASS - AIO-SX: fresh install with the ISO
PASS - launch/pause/resume/restart/delete vm on the host
PASS - STD system: apply stx-openstack
PASS - check pods are healthy
PASS - check libvirt version
PASS - launch vm
PASS - pause/resume vm
PASS - restart vm
PASS - delete vm
PASS - cold migrate vm
PASS - live migrate vm
PASS - virsh list vm

Story: 2011516
Task: 52969

Change-Id: I792e8bba8b7288f2d3257ce3e1c5d0fc0780fcf8
Signed-off-by: Murillo Arantes <murillo.arantes@windriver.com>
Co-Authored-By: Daniel Caires <danielmarques.caires@windriver.com>
This commit is contained in:
Murillo Arantes
2025-10-30 16:57:33 -03:00
committed by marantes
parent 81d47c9a1f
commit c9f3f21e23
32 changed files with 162 additions and 2138 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
libvirt/debian/deb_patches/0001-STX-Customize-Debian-build-files.patch
View File

@@ -1,4 +1,4 @@
From 4e4452b3bba71265864d9c46f135418ffd6113a0 Mon Sep 17 00:00:00 2001
From b3341ac524d1ff53554c45833650200b59b72431 Mon Sep 17 00:00:00 2001
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Date: Wed, 9 Nov 2022 09:07:21 -0300
Subject: [PATCH] STX: Customize Debian build files
@@ -12,13 +12,15 @@ delivered on CentOS, adding to the following:
* Qemu hook
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
[ Fixed function renaming while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Murillo Arantes <murillo.arantes@windriver.com>
---
debian/libvirt-daemon-system.install | 1 +
debian/rules | 24 ++++++++++++++++++++++++
2 files changed, 25 insertions(+)
debian/rules | 23 +++++++++++++++++++++++
2 files changed, 24 insertions(+)
diff --git a/debian/libvirt-daemon-system.install b/debian/libvirt-daemon-system.install
index 04cf9052c..b2ce2ac75 100644
index c75e3c8c8..36c03176e 100644
--- a/debian/libvirt-daemon-system.install
+++ b/debian/libvirt-daemon-system.install
@@ -2,6 +2,7 @@ etc/default/libvirt-guests
@@ -30,7 +32,7 @@ index 04cf9052c..b2ce2ac75 100644
etc/libvirt/qemu-lockd.conf
etc/libvirt/qemu.conf
diff --git a/debian/rules b/debian/rules
index a495870c4..a34132779 100755
index 2b5339a45..3f29f8d90 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,6 +15,11 @@ DEB_LDFLAGS_MAINT_STRIP = -Wl,-Bsymbolic-functions
@@ -45,7 +47,7 @@ index a495870c4..a34132779 100755
ARCHES_LXC = alpha amd64 arm64 armel armhf hppa i386 m68k mips64el mipsel powerpc ppc64 ppc64el riscv64 s390x sh4 sparc64 x32
ARCHES_XEN = amd64 arm64 armhf i386
ARCHES_VBOX = amd64 i386
@@ -221,6 +226,25 @@ override_dh_auto_install:
@@ -261,6 +266,24 @@ execute_after_dh_auto_install:
$(DEB_DESTDIR)/etc/libvirt/nwfilter/ \
$(DEB_DESTDIR)/usr/share/libvirt/
@@ -65,12 +67,11 @@ index a495870c4..a34132779 100755
+ # Install hooks
+ mkdir -p $(DEB_DESTDIR)/etc/libvirt/hooks
+ install -m 0500 $(SOURCE4) $(DEB_DESTDIR)/etc/libvirt/hooks/qemu
+
+ # STX: End custom install
+
override_dh_install-arch:
dh_install
execute_after_dh_install:
ifneq (,$(findstring $(DEB_HOST_ARCH_OS), linux))
# Linux supports more nice things:
--
2.25.1
2.34.1

34
libvirt/debian/deb_patches/0002-STX-Adjust-libc6-dev-version-compatibility.patch Normal file
View File

@@ -0,0 +1,34 @@
From 6f3f61023e36a07d23dacee05a46f63e7cdad58b Mon Sep 17 00:00:00 2001
From: Murillo Arantes <murillo.arantes@windriver.com>
Date: Wed, 29 Oct 2025 09:20:40 -0300
Subject: [PATCH] STX: Adjust libc6-dev version compatibility
To ensure compatibility, this patch adjusts the build dependency of
libvirt to use libc6-dev version 2.31-13 instead of 2.31-14. This
modification was necessary to align the libc6-dev version with the one
currently used on the platform. Using libc6-dev version 2.31-14 would
break the build of several other packages that directly depend on
version 2.31-13 and could introduce the risk of side effects on the
system.
Signed-off-by: Murillo Arantes <murillo.arantes@windriver.com>
---
debian/control | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/control b/debian/control
index 1d3c576fb..0d2f44c77 100644
--- a/debian/control
+++ b/debian/control
@@ -18,7 +18,7 @@ Build-Depends:
libattr1-dev [linux-any],
libaudit-dev [linux-any],
libblkid-dev,
- libc6-dev (>= 2.31-14~),
+ libc6-dev (>= 2.31-13~),
libcap-ng-dev [linux-any],
libcurl4-gnutls-dev,
libdevmapper-dev [linux-any],
--
2.34.1

1
libvirt/debian/deb_patches/series
View File

@@ -1 +1,2 @@
0001-STX-Customize-Debian-build-files.patch
0002-STX-Adjust-libc6-dev-version-compatibility.patch

12
libvirt/debian/meta_data.yaml
View File

@@ -1,11 +1,11 @@
---
debname: libvirt
debver: 7.0.0-3
debver: 8.0.0-1
dl_path:
name: libvirt-debian-7.0.0-3.tar.gz
url: https://salsa.debian.org/libvirt-team/libvirt/-/archive/debian/7.0.0-3/libvirt-debian-7.0.0-3.tar.gz
md5sum: 371673c35fda957748ce3a19a0cd8539
sha256sum: 6f6acf34b2ae20ec9cfa64e89c3245ccf44321c86cd5606abe718ca25e443b2f
name: libvirt-debian-8.0.0-1.tar.gz
url: https://salsa.debian.org/libvirt-team/libvirt/-/archive/debian/8.0.0-1/libvirt-debian-8.0.0-1.tar.gz
md5sum: a1cea29706702eddb94d47d375e66bab
sha256sum: 6f29b22ec3f63e708c47cf6d66c7d9fa4b51d6261f8463cea7d11bd487f9c2cd
src_files:
- libvirt/libvirt.logrotate
- libvirt/libvirt.lxc
@@ -14,4 +14,4 @@ src_files:
revision:
dist: $STX_DIST
GITREVCOUNT:
BASE_SRCREV: 365de7ff2a68fff20d124fe90a90546e3f7e824f
BASE_SRCREV: d00a058faba08888a085611f6fa968184173df3e

8
libvirt/debian/patches/0001-STX-CPU-pinning-not-working-over-live-migration.patch
View File

@@ -7,15 +7,17 @@ Commit carried over from pre-CentOS
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
[ Fixed pointers while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Daniel Caires <danielmarques.caires@windriver.com>
---
src/conf/domain_conf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 01b718763..70d29475d 100644
index 5691b8d2d..755de0f26 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -23184,10 +23184,14 @@ virDomainDefCheckABIStabilityFlags(virDomainDefPtr src,
@@ -22550,10 +22550,14 @@ virDomainDefCheckABIStabilityFlags(virDomainDef *src,
goto error;
}
@@ -31,5 +33,5 @@ index 01b718763..70d29475d 100644
if (src->nhubs != dst->nhubs) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
--
2.25.1
2.34.1

12
libvirt/debian/patches/0002-STX-System-Logging-set-group-read-permission-on-log.patch
View File

@@ -7,15 +7,17 @@ Commit carried over from pre-CentOS
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
[ Fixed pointers while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Daniel Caires <danielmarques.caires@windriver.com>
---
src/qemu/qemu_domain.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 0765dc72d..72cccd1e9 100644
index a8401bac3..f65dcece6 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -6339,7 +6339,7 @@ qemuDomainLogContextPtr qemuDomainLogContextNew(virQEMUDriverPtr driver,
@@ -6583,7 +6583,7 @@ qemuDomainLogContext *qemuDomainLogContextNew(virQEMUDriver *driver,
if (ctxt->writefd < 0)
goto error;
} else {
@@ -24,7 +26,7 @@ index 0765dc72d..72cccd1e9 100644
virReportSystemError(errno, _("failed to create logfile %s"),
ctxt->path);
goto error;
@@ -6506,7 +6506,7 @@ qemuDomainLogAppendMessage(virQEMUDriverPtr driver,
@@ -6750,7 +6750,7 @@ qemuDomainLogAppendMessage(virQEMUDriver *driver,
vm->def->name, path, message, 0) < 0)
goto cleanup;
} else {
@@ -33,7 +35,7 @@ index 0765dc72d..72cccd1e9 100644
virReportSystemError(errno, _("failed to create logfile %s"),
path);
goto cleanup;
@@ -11060,7 +11060,7 @@ virQEMUFileOpenAs(uid_t fallback_uid,
@@ -11227,7 +11227,7 @@ virQEMUFileOpenAs(uid_t fallback_uid,
goto error;
}
} else {
@@ -43,5 +45,5 @@ index 0765dc72d..72cccd1e9 100644
/* If we failed as root, and the error was permission-denied
(EACCES or EPERM), assume it's on a network-connected share
--
2.25.1
2.34.1

8
libvirt/debian/patches/0003-STX-Drop-migration-poll-times-to-10mS.patch
View File

@@ -5,15 +5,17 @@ Subject: [PATCH] STX: Drop migration poll times to 10mS
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
[ Fixed pointers while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Daniel Caires <danielmarques.caires@windriver.com>
---
src/qemu/qemu_migration.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_migration.c b/src/qemu/qemu_migration.c
index 5353c7ee0..741ab986a 100644
index 2635ef116..7b1b53ca7 100644
--- a/src/qemu/qemu_migration.c
+++ b/src/qemu/qemu_migration.c
@@ -1846,8 +1846,8 @@ qemuMigrationSrcWaitForCompletion(virQEMUDriverPtr driver,
@@ -1899,8 +1899,8 @@ qemuMigrationSrcWaitForCompletion(virQEMUDriver *driver,
return -2;
}
} else {
@@ -25,5 +27,5 @@ index 5353c7ee0..741ab986a 100644
virObjectUnlock(vm);
nanosleep(&ts, NULL);
--
2.25.1
2.34.1

83
libvirt/debian/patches/0004-STX-DPDK-parms-handling.patch
View File

@@ -1,4 +1,4 @@
From e4c5a64fb4134ce2a57fe5263824ed5e85ec97eb Mon Sep 17 00:00:00 2001
From 8da897a3cb0c04d163e67a232799fffa636d6996 Mon Sep 17 00:00:00 2001
From: Ludovic Beliveau <ludovic.beliveau@windriver.com>
Date: Tue, 22 Mar 2016 09:58:36 -0400
Subject: [PATCH] STX: DPDK parms handling
@@ -6,18 +6,20 @@ Subject: [PATCH] STX: DPDK parms handling
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
[ Removed deprecated macros ]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
[ Fixed pointers and goto while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Murillo Arantes <murillo.arantes@windriver.com>
---
src/conf/domain_conf.c | 152 ++++++++++++++++++++++++++++++++++++++++
src/conf/domain_conf.h | 25 +++++++
src/qemu/qemu.conf | 4 +-
src/qemu/qemu_command.c | 35 +++++++++
4 files changed, 214 insertions(+), 2 deletions(-)
src/qemu/qemu_command.c | 34 +++++++++
4 files changed, 213 insertions(+), 2 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 70d29475d..e760e61fb 100644
index 5691b8d2d..3a5bdbfec 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -1195,6 +1195,14 @@ VIR_ENUM_IMPL(virDomainVsockModel,
@@ -1289,6 +1289,14 @@ VIR_ENUM_IMPL(virDomainVsockModel,
"virtio-non-transitional",
);
@@ -32,7 +34,7 @@ index 70d29475d..e760e61fb 100644
VIR_ENUM_IMPL(virDomainDiskDiscard,
VIR_DOMAIN_DISK_DISCARD_LAST,
"default",
@@ -1612,6 +1620,103 @@ virBlkioDeviceArrayClear(virBlkioDevicePtr devices,
@@ -1691,6 +1699,103 @@ virBlkioDeviceArrayClear(virBlkioDevice *devices,
VIR_FREE(devices[i].path);
}
@@ -136,7 +138,7 @@ index 70d29475d..e760e61fb 100644
/**
* virDomainBlkioDeviceParseXML
*
@@ -3221,6 +3326,16 @@ virDomainClockDefClear(virDomainClockDefPtr def)
@@ -3398,6 +3503,16 @@ virDomainClockDefClear(virDomainClockDef *def)
VIR_FREE(def->timers);
}
@@ -152,10 +154,10 @@ index 70d29475d..e760e61fb 100644
+}
static bool
virDomainIOThreadIDArrayHasPin(virDomainDefPtr def)
@@ -3397,6 +3512,10 @@ void virDomainDefFree(virDomainDefPtr def)
virDomainIOThreadIDArrayHasPin(virDomainDef *def)
@@ -3613,6 +3728,10 @@ void virDomainDefFree(virDomainDef *def)
virDomainVcpuDefFree(def->vcpus[i]);
VIR_FREE(def->vcpus);
g_free(def->vcpus);
+ /* STX: DPDK Customization */
+ virDomainDpdkParamsDefFree(def->dpdk);
@@ -164,7 +166,7 @@ index 70d29475d..e760e61fb 100644
/* hostdevs must be freed before nets (or any future "intelligent
* hostdevs") because the pointer to the hostdev is really
* pointing into the middle of the higher level device's object,
@@ -19786,6 +19905,15 @@ virDomainDefParseMemory(virDomainDefPtr def,
@@ -19130,6 +19249,15 @@ virDomainDefParseMemory(virDomainDef *def,
if (virXPathBoolean("boolean(./memoryBacking/discard)", ctxt))
def->mem.discard = VIR_TRISTATE_BOOL_YES;
@@ -172,15 +174,15 @@ index 70d29475d..e760e61fb 100644
+ if ((node = virXPathNode("./dpdk", ctxt))) {
+ def->dpdk = (virDomainDpdkParamsDefPtr)calloc(1, sizeof(*(def->dpdk)));
+ if (def->dpdk == NULL)
+ goto error;
+ return -1;
+ if (virDomainDpdkParamsParseXML(node, def->dpdk) < 0)
+ goto error;
+ return -1;
+ }
+
return 0;
}
error:
@@ -28466,6 +28594,8 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def,
@@ -28130,6 +28258,8 @@ virDomainDefFormatInternalSetRootName(virDomainDef *def,
unsigned char *uuid;
char uuidstr[VIR_UUID_STRING_BUFLEN];
const char *type = NULL;
@@ -189,7 +191,7 @@ index 70d29475d..e760e61fb 100644
int n;
size_t i;
@@ -28511,6 +28641,28 @@ virDomainDefFormatInternalSetRootName(virDomainDefPtr def,
@@ -28175,6 +28305,28 @@ virDomainDefFormatInternalSetRootName(virDomainDef *def,
virBufferEscapeString(buf, "<description>%s</description>\n",
def->description);
@@ -215,14 +217,14 @@ index 70d29475d..e760e61fb 100644
+ VIR_FREE(cpu_list);
+ }
+
if (def->metadata) {
g_autoptr(xmlBuffer) xmlbuf = NULL;
int oldIndentTreeOutput = xmlIndentTreeOutput;
if (virXMLFormatMetadata(buf, def->metadata) < 0)
return -1;
diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h
index ec43bbe18..c5a0a16d3 100644
index 144ba4dd1..0dd1f3978 100644
--- a/src/conf/domain_conf.h
+++ b/src/conf/domain_conf.h
@@ -2143,6 +2143,24 @@ struct _virDomainOSDef {
@@ -2342,6 +2342,24 @@ struct _virDomainOSDef {
virDomainBIOSDef bios;
};
@@ -241,13 +243,13 @@ index ec43bbe18..c5a0a16d3 100644
+ enum virDomainDpdkProcessType process_type;
+ char *file_prefix;
+ unsigned nchannels;
+ virBitmapPtr cpumask;
+ virBitmap *cpumask;
+};
+
typedef enum {
VIR_DOMAIN_TIMER_NAME_PLATFORM = 0,
VIR_DOMAIN_TIMER_NAME_PIT,
@@ -2569,6 +2587,9 @@ struct _virDomainDef {
@@ -2795,6 +2813,9 @@ struct _virDomainDef {
char *title;
char *description;
@@ -257,26 +259,26 @@ index ec43bbe18..c5a0a16d3 100644
virDomainBlkiotune blkio;
virDomainMemtune mem;
@@ -3062,6 +3083,8 @@ int virDomainObjWaitUntil(virDomainObjPtr vm,
@@ -3297,6 +3318,8 @@ int virDomainObjWaitUntil(virDomainObj *vm,
void virDomainPanicDefFree(virDomainPanicDefPtr panic);
void virDomainResourceDefFree(virDomainResourceDefPtr resource);
void virDomainPanicDefFree(virDomainPanicDef *panic);
void virDomainResourceDefFree(virDomainResourceDef *resource);
+/* STX: DPDK Customization */
+void virDomainDpdkParamsDefFree(virDomainDpdkParamsDefPtr dpdk);
void virDomainGraphicsDefFree(virDomainGraphicsDefPtr def);
const char *virDomainInputDefGetPath(virDomainInputDefPtr input);
void virDomainInputDefFree(virDomainInputDefPtr def);
@@ -3711,6 +3734,8 @@ VIR_ENUM_DECL(virDomainRNGBackend);
VIR_ENUM_DECL(virDomainTPMModel);
void virDomainGraphicsDefFree(virDomainGraphicsDef *def);
const char *virDomainInputDefGetPath(virDomainInputDef *input);
void virDomainInputDefFree(virDomainInputDef *def);
@@ -3977,6 +4000,8 @@ VIR_ENUM_DECL(virDomainTPMModel);
VIR_ENUM_DECL(virDomainTPMBackend);
VIR_ENUM_DECL(virDomainTPMVersion);
VIR_ENUM_DECL(virDomainTPMPcrBank);
+/* STX: DPDK Customization */
+VIR_ENUM_DECL(virDomainDpdkProcess);
VIR_ENUM_DECL(virDomainMemoryModel);
VIR_ENUM_DECL(virDomainMemoryBackingModel);
VIR_ENUM_DECL(virDomainMemorySource);
diff --git a/src/qemu/qemu.conf b/src/qemu/qemu.conf
index 0c1054f19..754161254 100644
index 71fd12569..e2b92f7de 100644
--- a/src/qemu/qemu.conf
+++ b/src/qemu/qemu.conf
@@ -516,11 +516,11 @@
@@ -294,16 +296,16 @@ index 0c1054f19..754161254 100644
# Whether libvirt should dynamically change file ownership
# to match the configured user/group above. Defaults to 1.
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 6f970a312..4f2908085 100644
index d822533cc..fde38e84a 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -1873,6 +1873,35 @@ qemuCommandAddExtDevice(virCommandPtr cmd,
@@ -2489,6 +2489,34 @@ qemuBuildFloppyCommandLineControllerOptionsExplicit(virCommand *cmd,
return 0;
}
+/* STX: DPDK Customization */
+static int
+qemuBuildDpdkArgStr(virCommandPtr cmd,
+qemuBuildDpdkArgStr(virCommand *cmd,
+ const virDomainDpdkParamsDefPtr dpdk)
+{
+ char *cpumask;
@@ -329,11 +331,10 @@ index 6f970a312..4f2908085 100644
+
+ return 0;
+}
+
static int
qemuBuildFloppyCommandLineControllerOptions(virCommandPtr cmd,
const virDomainDef *def,
@@ -9816,6 +9845,12 @@ qemuBuildCommandLine(virQEMUDriverPtr driver,
qemuBuildFloppyCommandLineControllerOptions(virCommand *cmd,
@@ -10495,6 +10523,12 @@ qemuBuildCommandLine(virQEMUDriver *driver,
virCommandAddEnvXDG(cmd, priv->libDir);
}
@@ -343,9 +344,9 @@ index 6f970a312..4f2908085 100644
+ return NULL;
+ }
+
if (qemuBuildNameCommandLine(cmd, cfg, def, qemuCaps) < 0)
if (qemuBuildNameCommandLine(cmd, cfg, def) < 0)
return NULL;
--
2.25.1
2.34.1

12
libvirt/debian/patches/0007-STX-Stop-processing-memory-stats-if-balloon-info.patch
View File

@@ -1,4 +1,4 @@
From dedd074269d21f5eb5114705baac1ae43a166e8a Mon Sep 17 00:00:00 2001
From 442aa3ef9cae11f113a43d2cfb04b62d55f5ad8f Mon Sep 17 00:00:00 2001
From: Jim Somerville <Jim.Somerville@windriver.com>
Date: Tue, 19 Dec 2017 16:50:34 -0500
Subject: [PATCH] STX: Stop processing memory stats if balloon fails
@@ -13,23 +13,25 @@ first query.
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
[ Trimmed the shortlog ]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
[ Fixed goto cleanup while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Murillo Arantes <murillo.arantes@windriver.com>
---
src/qemu/qemu_monitor_json.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_monitor_json.c b/src/qemu/qemu_monitor_json.c
index 8a75a2734..d2a21ebbd 100644
index b0b513683..460867ef9 100644
--- a/src/qemu/qemu_monitor_json.c
+++ b/src/qemu/qemu_monitor_json.c
@@ -2260,6 +2260,8 @@ int qemuMonitorJSONGetMemoryStats(qemuMonitorPtr mon,
@@ -2066,6 +2066,8 @@ qemuMonitorJSONGetMemoryStats(qemuMonitor *mon,
int got = 0;
ret = qemuMonitorJSONGetBalloonInfo(mon, &mem);
+ if (ret < 0)
+ goto cleanup;
+ return got;
if (ret == 1 && (got < nr_stats)) {
stats[got].tag = VIR_DOMAIN_MEMORY_STAT_ACTUAL_BALLOON;
stats[got].val = mem;
--
2.25.1
2.34.1

10
libvirt/debian/patches/0008-STX-Increase-timeout-for-connecting-to-monitor.patch
View File

@@ -12,17 +12,19 @@ of waiting should suffice.
Signed-off-by: Jim Somerville <Jim.Somerville@windriver.com>
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
[ Fixed pointers while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Daniel Caires <danielmarques.caires@windriver.com>
---
src/qemu/qemu_process.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 202d86728..6dae07215 100644
index 5c9ca0fe4..eb6790ae1 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -2024,6 +2024,12 @@ qemuConnectMonitor(virQEMUDriverPtr driver, virDomainObjPtr vm, int asyncJob,
@@ -1926,6 +1926,12 @@ qemuConnectMonitor(virQEMUDriver *driver, virDomainObj *vm, int asyncJob,
* 1GiB of guest RAM. */
timeout = vm->def->mem.total_memory / (1024 * 1024);
timeout = virDomainDefGetMemoryTotal(vm->def) / (1024 * 1024);
+ /* STX: When launching a number of large VMs concurrently on
+ * a single host, the above timeout may not be good enough.
@@ -34,5 +36,5 @@ index 202d86728..6dae07215 100644
mon = qemuMonitorOpen(vm,
--
2.25.1
2.34.1

12
libvirt/debian/patches/0009-STX-pci-sriov-perform-limited-retry-on-netlink.patch
View File

@@ -14,7 +14,7 @@ Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
1 file changed, 62 insertions(+), 38 deletions(-)
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index a73e5f72f..f787b4919 100644
index d93b2c6a8..55eb798b6 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -36,6 +36,7 @@
@@ -25,7 +25,7 @@ index a73e5f72f..f787b4919 100644
#ifdef __linux__
# include <linux/sockios.h>
@@ -1533,6 +1534,8 @@ static struct nla_policy ifla_vfstats_policy[IFLA_VF_STATS_MAX+1] = {
@@ -1509,6 +1510,8 @@ static struct nla_policy ifla_vfstats_policy[IFLA_VF_STATS_MAX+1] = {
[IFLA_VF_STATS_MULTICAST] = { .type = NLA_U64 },
};
@@ -34,7 +34,7 @@ index a73e5f72f..f787b4919 100644
static int
virNetDevSetVfConfig(const char *ifname, int vf,
@@ -1540,6 +1543,7 @@ virNetDevSetVfConfig(const char *ifname, int vf,
@@ -1516,6 +1519,7 @@ virNetDevSetVfConfig(const char *ifname, int vf,
bool *allowRetry)
{
int rc = -1;
@@ -42,7 +42,7 @@ index a73e5f72f..f787b4919 100644
char macstr[VIR_MAC_STRING_BUFLEN];
g_autofree struct nlmsghdr *resp = NULL;
struct nlmsgerr *err;
@@ -1602,50 +1606,53 @@ virNetDevSetVfConfig(const char *ifname, int vf,
@@ -1574,50 +1578,53 @@ virNetDevSetVfConfig(const char *ifname, int vf,
nla_nest_end(nl_msg, vfinfo);
nla_nest_end(nl_msg, vfinfolist);
@@ -134,7 +134,7 @@ index a73e5f72f..f787b4919 100644
cleanup:
VIR_DEBUG("RTM_SETLINK %s vf %d MAC=%s vlanid=%d - %s",
ifname, vf,
@@ -1664,6 +1671,23 @@ virNetDevSetVfConfig(const char *ifname, int vf,
@@ -1636,6 +1643,23 @@ virNetDevSetVfConfig(const char *ifname, int vf,
virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
_("allocated netlink buffer is too small"));
goto cleanup;
@@ -159,5 +159,5 @@ index a73e5f72f..f787b4919 100644
/**
--
2.25.1
2.34.1

54
libvirt/debian/patches/0010-qemu-capabilities-Introduce-QEMU_CAPS_OBJECT_QAPIFIE.patch
View File

@@ -1,54 +0,0 @@
From d5f22ad0310e6f8068189647d2f5b45dde662691 Mon Sep 17 00:00:00 2001
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Date: Wed, 18 Sep 2024 18:56:53 -0300
Subject: [PATCH] qemu: capabilities: Introduce QEMU_CAPS_OBJECT_QAPIFIED
Starting from qemu-6.0 the parameters of -object/object-add are formally
described by the QAPI schema. Additionally this changes the nesting of
the properties as the 'props' nested object will be flattened to the
parent.
We'll need to detect whether qemu switched to this new approach to
generate the objects with proper nesting and also allow testing.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
[ Patch defuzzed for libvirt 7.0.0]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
---
src/qemu/qemu_capabilities.c | 4 ++++
src/qemu/qemu_capabilities.h | 3 +++
2 files changed, 7 insertions(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index 4d132defbd4..fba718f53df 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -609,6 +609,10 @@ VIR_ENUM_IMPL(virQEMUCaps,
"ncr53c90",
"dc390",
"am53c974",
+
+ /* 395 */
+ "object.qapified",
+
);
diff --git a/src/qemu/qemu_capabilities.h b/src/qemu/qemu_capabilities.h
index 0f90efa4598..9d891f1c942 100644
--- a/src/qemu/qemu_capabilities.h
+++ b/src/qemu/qemu_capabilities.h
@@ -590,6 +590,9 @@ typedef enum { /* virQEMUCapsFlags grouping marker for syntax-check */
QEMU_CAPS_SCSI_DC390, /* -device dc-390 */
QEMU_CAPS_SCSI_AM53C974, /* -device am53c974 */
+ /* 395 */
+ QEMU_CAPS_OBJECT_QAPIFIED, /* parameters for object-add are formally described */
+
QEMU_CAPS_LAST /* this must always be the last item */
} virQEMUCapsFlags;
--
2.34.1

197
libvirt/debian/patches/0011-qemu-monitor-Make-wrapping-of-props-of-object-add-op.patch
View File

@@ -1,197 +0,0 @@
From 150c1d229e2f3a24784875cb9e7de8b60bee5cb5 Mon Sep 17 00:00:00 2001
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Date: Wed, 18 Sep 2024 18:57:40 -0300
Subject: [PATCH] qemu: monitor: Make wrapping of 'props' of 'object-add'
optional
Construct the JSON object which is used for object-add without the
'props' wrapper and add the wrapper only in the monitor code.
This simplifies the JSON->commandline generator in the first place and
also prepares for upcoming qemu where 'props' will be removed.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
[ Patch defuzzed for libvirt 7.0.0]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
---
src/qemu/qemu_monitor.c | 66 ++++++++++++++++++++++++++++-------------
src/util/virqemu.c | 34 +++++++--------------
2 files changed, 56 insertions(+), 44 deletions(-)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index ac8960cfc45..2e280b82689 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -109,6 +109,9 @@ struct _qemuMonitor {
qemuMonitorReportDomainLogError logFunc;
void *logOpaque;
virFreeCallback logDestroy;
+
+ /* true if qemu no longer wants 'props' sub-object of object-add */
+ bool objectAddNoWrap;
};
/**
@@ -3031,14 +3034,11 @@ qemuMonitorCreateObjectPropsWrap(const char *type,
const char *alias,
virJSONValuePtr *props)
{
- virJSONValuePtr ret;
+ if (virJSONValueObjectPrependString(*props, "id", alias) < 0 ||
+ virJSONValueObjectPrependString(*props, "qom-type", type))
+ return NULL;
- ignore_value(virJSONValueObjectCreate(&ret,
- "s:qom-type", type,
- "s:id", alias,
- "A:props", props,
- NULL));
- return ret;
+ return g_steal_pointer(props);
}
@@ -3058,26 +3058,27 @@ qemuMonitorCreateObjectProps(virJSONValuePtr *propsret,
const char *alias,
...)
{
- virJSONValuePtr props = NULL;
- int ret = -1;
+ g_autoptr(virJSONValue) props = NULL;
+ int rc;
va_list args;
- *propsret = NULL;
+ if (virJSONValueObjectCreate(&props,
+ "s:qom-type", type,
+ "s:id", alias,
+ NULL) < 0)
+ return -1;
va_start(args, alias);
- if (virJSONValueObjectCreateVArgs(&props, args) < 0)
- goto cleanup;
+ rc = virJSONValueObjectAddVArgs(props, args);
- if (!(*propsret = qemuMonitorCreateObjectPropsWrap(type, alias, &props)))
- goto cleanup;
+ va_end(args);
- ret = 0;
+ if (rc < 0)
+ return -1;
- cleanup:
- virJSONValueFree(props);
- va_end(args);
- return ret;
+ *propsret = g_steal_pointer(&props);
+ return 0;
}
@@ -3097,6 +3098,7 @@ qemuMonitorAddObject(qemuMonitorPtr mon,
virJSONValuePtr *props,
char **alias)
{
+ g_autoptr(virJSONValue) pr = NULL;
const char *type = NULL;
const char *id = NULL;
g_autofree char *aliasCopy = NULL;
@@ -3124,7 +3126,31 @@ qemuMonitorAddObject(qemuMonitorPtr mon,
if (alias)
aliasCopy = g_strdup(id);
- if (qemuMonitorJSONAddObject(mon, props) < 0)
+ if (mon->objectAddNoWrap) {
+ pr = g_steal_pointer(props);
+ } else {
+ /* we need to create a wrapper which has the 'qom-type' and 'id' and
+ * store everything else under a 'props' sub-object */
+ g_autoptr(virJSONValue) typeobj = NULL;
+ g_autoptr(virJSONValue) idobj = NULL;
+
+ ignore_value(virJSONValueObjectRemoveKey(*props, "qom-type", &typeobj));
+ ignore_value(virJSONValueObjectRemoveKey(*props, "id", &idobj));
+
+ if (!virJSONValueObjectGetKey(*props, 0)) {
+ virJSONValueFree(*props);
+ *props = NULL;
+ }
+
+ if (virJSONValueObjectCreate(&pr,
+ "s:qom-type", type,
+ "s:id", id,
+ "A:props", props,
+ NULL) < 0)
+ return -1;
+ }
+
+ if (qemuMonitorJSONAddObject(mon, &pr) < 0)
return -1;
if (alias)
diff --git a/src/util/virqemu.c b/src/util/virqemu.c
index c4b6e8b3db2..a6011e55c9f 100644
--- a/src/util/virqemu.c
+++ b/src/util/virqemu.c
@@ -319,12 +319,13 @@ virQEMUBuildNetdevCommandlineFromJSON(virJSONValuePtr props,
}
-static int
-virQEMUBuildObjectCommandlineFromJSONInternal(virBufferPtr buf,
- const char *type,
- const char *alias,
- virJSONValuePtr props)
+int
+virQEMUBuildObjectCommandlineFromJSON(virBufferPtr buf,
+ virJSONValuePtr objprops)
{
+ const char *type = virJSONValueObjectGetString(objprops, "qom-type");
+ const char *alias = virJSONValueObjectGetString(objprops, "id");
+
if (!type || !alias) {
virReportError(VIR_ERR_INTERNAL_ERROR,
_("missing 'type'(%s) or 'alias'(%s) field of QOM 'object'"),
@@ -332,31 +333,16 @@ virQEMUBuildObjectCommandlineFromJSONInternal(virBufferPtr buf,
return -1;
}
- virBufferAsprintf(buf, "%s,id=%s", type, alias);
+ virBufferAsprintf(buf, "%s,", type);
- if (props) {
- virBufferAddLit(buf, ",");
- if (virQEMUBuildCommandLineJSON(props, buf, NULL, false,
- virQEMUBuildCommandLineJSONArrayBitmap) < 0)
- return -1;
- }
+ if (virQEMUBuildCommandLineJSON(objprops, buf, "qom-type", false,
+ virQEMUBuildCommandLineJSONArrayBitmap) < 0)
+ return -1;
return 0;
}
-int
-virQEMUBuildObjectCommandlineFromJSON(virBufferPtr buf,
- virJSONValuePtr objprops)
-{
- const char *type = virJSONValueObjectGetString(objprops, "qom-type");
- const char *alias = virJSONValueObjectGetString(objprops, "id");
- virJSONValuePtr props = virJSONValueObjectGetObject(objprops, "props");
-
- return virQEMUBuildObjectCommandlineFromJSONInternal(buf, type, alias, props);
-}
-
-
char *
virQEMUBuildDriveCommandlineFromJSON(virJSONValuePtr srcdef)
{
--
2.34.1

82
libvirt/debian/patches/0012-qemuMonitorCreateObjectPropsWrap-Open-code-in-qemuBu.patch
View File

@@ -1,82 +0,0 @@
From 4d984701dd6440fdc541fb803e72bd59c1950d4d Mon Sep 17 00:00:00 2001
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Date: Wed, 18 Sep 2024 19:01:29 -0300
Subject: [PATCH] qemuMonitorCreateObjectPropsWrap: Open-code in
qemuBuildMemoryBackendProps
There's just one caller left. Since qemuBuildMemoryBackendProps is too
complex to be modified for now, just move the adding of 'id' and 'qom'
type directly into the function.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
[ Patch defuzzed for libvirt 7.0.0]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
---
src/qemu/qemu_command.c | 6 ++++--
src/qemu/qemu_monitor.c | 14 --------------
src/qemu/qemu_monitor.h | 4 ----
3 files changed, 4 insertions(+), 20 deletions(-)
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index fa40f36cf25..f3462c528ce 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -3256,10 +3256,12 @@ qemuBuildMemoryBackendProps(virJSONValuePtr *backendProps,
rc = 0;
}
- if (!(*backendProps = qemuMonitorCreateObjectPropsWrap(backendType, alias,
- &props)))
+ if (virJSONValueObjectPrependString(props, "id", alias) < 0 ||
+ virJSONValueObjectPrependString(props, "qom-type", backendType) < 0)
return -1;
+ *backendProps = g_steal_pointer(&props);
+
return rc;
}
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 2e280b82689..4665f451640 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -3029,20 +3029,6 @@ qemuMonitorAddDeviceArgs(qemuMonitorPtr mon,
}
-virJSONValuePtr
-qemuMonitorCreateObjectPropsWrap(const char *type,
- const char *alias,
- virJSONValuePtr *props)
-{
- if (virJSONValueObjectPrependString(*props, "id", alias) < 0 ||
- virJSONValueObjectPrependString(*props, "qom-type", type))
- return NULL;
-
- return g_steal_pointer(props);
-}
-
-
-
/**
* qemuMonitorCreateObjectProps:
* @propsret: returns full object properties
diff --git a/src/qemu/qemu_monitor.h b/src/qemu/qemu_monitor.h
index a46b971a33f..792b74a67ea 100644
--- a/src/qemu/qemu_monitor.h
+++ b/src/qemu/qemu_monitor.h
@@ -1006,10 +1006,6 @@ int qemuMonitorAddDeviceWithFd(qemuMonitorPtr mon,
int qemuMonitorDelDevice(qemuMonitorPtr mon,
const char *devalias);
-virJSONValuePtr qemuMonitorCreateObjectPropsWrap(const char *type,
- const char *alias,
- virJSONValuePtr *props);
-
int qemuMonitorCreateObjectProps(virJSONValuePtr *propsret,
const char *type,
const char *alias,
--
2.34.1

49
libvirt/debian/patches/0013-qemu-monitor-Don-t-add-props-wrapper-if-qemu-has-QEM.patch
View File

@@ -1,49 +0,0 @@
From 26175ffbda7997115b3a168061e62008d7136bd4 Mon Sep 17 00:00:00 2001
From: Thales Elero Cervi <thaleselero.cervi@windriver.com>
Date: Wed, 18 Sep 2024 19:02:56 -0300
Subject: [PATCH] qemu: monitor: Don't add 'props' wrapper if qemu has
QEMU_CAPS_OBJECT_QAPIFIED
Set 'objectAddNoWrap' when the capability is present.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
[ Patch defuzzed for libvirt 7.0.0]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
---
src/qemu/qemu_monitor.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/qemu/qemu_monitor.c b/src/qemu/qemu_monitor.c
index 4665f451640..5fb4d32678f 100644
--- a/src/qemu/qemu_monitor.c
+++ b/src/qemu/qemu_monitor.c
@@ -32,6 +32,7 @@
#include "qemu_monitor_json.h"
#include "qemu_domain.h"
#include "qemu_process.h"
+#include "qemu_capabilities.h"
#include "virerror.h"
#include "viralloc.h"
#include "virlog.h"
@@ -672,6 +673,7 @@ qemuMonitorOpenInternal(virDomainObjPtr vm,
qemuMonitorCallbacksPtr cb,
void *opaque)
{
+ qemuDomainObjPrivatePtr priv = vm->privateData;
qemuMonitorPtr mon;
g_autoptr(GError) gerr = NULL;
@@ -704,6 +706,9 @@ qemuMonitorOpenInternal(virDomainObjPtr vm,
mon->cb = cb;
mon->callbackOpaque = opaque;
+ if (priv)
+ mon->objectAddNoWrap = virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_OBJECT_QAPIFIED);
+
if (virSetCloseExec(mon->fd) < 0) {
virReportError(VIR_ERR_INTERNAL_ERROR,
"%s", _("Unable to set monitor close-on-exec flag"));
--
2.34.1

261
libvirt/debian/patches/0014-qemu-remove-support-for-generating-yes-no-boolean-op.patch
View File

@@ -1,261 +0,0 @@
From 29318399667114b3dd8a054f7ef898b3ba74828d Mon Sep 17 00:00:00 2001
From: Daniel Berrange <berrange@redhat.com>
Date: Tue, 16 Feb 2021 12:36:15 +0000
Subject: [PATCH] qemu: remove support for generating yes|no boolean options
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
All callers are now using the on|off syntax, so yes|no is a unreachable
code path.
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
[ Patch defuzzed for libvirt 7.0.0]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
---
src/util/virqemu.c | 48 +++++++++++++------------------------
src/util/virqemu.h | 10 +++-----
tests/qemucommandutiltest.c | 10 ++++----
3 files changed, 24 insertions(+), 44 deletions(-)
diff --git a/src/util/virqemu.c b/src/util/virqemu.c
index a6011e5..aa322be 100644
--- a/src/util/virqemu.c
+++ b/src/util/virqemu.c
@@ -37,7 +37,6 @@ struct virQEMUCommandLineJSONIteratorData {
const char *prefix;
virBufferPtr buf;
const char *skipKey;
- bool onOff;
virQEMUBuildCommandLineJSONArrayFormatFunc arrayFunc;
};
@@ -47,7 +46,6 @@ virQEMUBuildCommandLineJSONRecurse(const char *key,
virJSONValuePtr value,
virBufferPtr buf,
const char *skipKey,
- bool onOff,
virQEMUBuildCommandLineJSONArrayFormatFunc arrayFunc,
bool nested);
@@ -57,8 +55,7 @@ int
virQEMUBuildCommandLineJSONArrayBitmap(const char *key,
virJSONValuePtr array,
virBufferPtr buf,
- const char *skipKey G_GNUC_UNUSED,
- bool onOff G_GNUC_UNUSED)
+ const char *skipKey G_GNUC_UNUSED)
{
ssize_t pos = -1;
ssize_t end;
@@ -87,8 +84,7 @@ int
virQEMUBuildCommandLineJSONArrayNumbered(const char *key,
virJSONValuePtr array,
virBufferPtr buf,
- const char *skipKey,
- bool onOff)
+ const char *skipKey)
{
virJSONValuePtr member;
size_t i;
@@ -99,7 +95,7 @@ virQEMUBuildCommandLineJSONArrayNumbered(const char *key,
member = virJSONValueArrayGet((virJSONValuePtr) array, i);
prefix = g_strdup_printf("%s.%zu", key, i);
- if (virQEMUBuildCommandLineJSONRecurse(prefix, member, buf, skipKey, onOff,
+ if (virQEMUBuildCommandLineJSONRecurse(prefix, member, buf, skipKey,
virQEMUBuildCommandLineJSONArrayNumbered,
true) < 0)
return 0;
@@ -125,8 +121,7 @@ static int
virQEMUBuildCommandLineJSONArrayObjectsStr(const char *key,
virJSONValuePtr array,
virBufferPtr buf,
- const char *skipKey G_GNUC_UNUSED,
- bool onOff G_GNUC_UNUSED)
+ const char *skipKey G_GNUC_UNUSED)
{
g_auto(virBuffer) tmp = VIR_BUFFER_INITIALIZER;
size_t i;
@@ -163,11 +158,11 @@ virQEMUBuildCommandLineJSONIterate(const char *key,
tmpkey = g_strdup_printf("%s.%s", data->prefix, key);
return virQEMUBuildCommandLineJSONRecurse(tmpkey, value, data->buf,
- data->skipKey, data->onOff,
+ data->skipKey,
data->arrayFunc, false);
} else {
return virQEMUBuildCommandLineJSONRecurse(key, value, data->buf,
- data->skipKey, data->onOff,
+ data->skipKey,
data->arrayFunc, false);
}
}
@@ -178,11 +173,10 @@ virQEMUBuildCommandLineJSONRecurse(const char *key,
virJSONValuePtr value,
virBufferPtr buf,
const char *skipKey,
- bool onOff,
virQEMUBuildCommandLineJSONArrayFormatFunc arrayFunc,
bool nested)
{
- struct virQEMUCommandLineJSONIteratorData data = { key, buf, skipKey, onOff, arrayFunc };
+ struct virQEMUCommandLineJSONIteratorData data = { key, buf, skipKey, arrayFunc };
virJSONType type = virJSONValueGetType(value);
virJSONValuePtr elem;
bool tmp;
@@ -207,18 +201,10 @@ virQEMUBuildCommandLineJSONRecurse(const char *key,
case VIR_JSON_TYPE_BOOLEAN:
virJSONValueGetBoolean(value, &tmp);
- if (onOff) {
- if (tmp)
- virBufferAsprintf(buf, "%s=on,", key);
- else
- virBufferAsprintf(buf, "%s=off,", key);
- } else {
- if (tmp)
- virBufferAsprintf(buf, "%s=yes,", key);
- else
- virBufferAsprintf(buf, "%s=no,", key);
- }
-
+ if (tmp)
+ virBufferAsprintf(buf, "%s=on,", key);
+ else
+ virBufferAsprintf(buf, "%s=off,", key);
break;
case VIR_JSON_TYPE_ARRAY:
@@ -229,7 +215,7 @@ virQEMUBuildCommandLineJSONRecurse(const char *key,
return -1;
}
- if (!arrayFunc || arrayFunc(key, value, buf, skipKey, onOff) < 0) {
+ if (!arrayFunc || arrayFunc(key, value, buf, skipKey) < 0) {
/* fallback, treat the array as a non-bitmap, adding the key
* for each member */
for (i = 0; i < virJSONValueArraySize(value); i++) {
@@ -237,7 +223,7 @@ virQEMUBuildCommandLineJSONRecurse(const char *key,
/* recurse to avoid duplicating code */
if (virQEMUBuildCommandLineJSONRecurse(key, elem, buf, skipKey,
- onOff, arrayFunc, true) < 0)
+ arrayFunc, true) < 0)
return -1;
}
}
@@ -265,7 +251,6 @@ virQEMUBuildCommandLineJSONRecurse(const char *key,
* @value: json object containing the value
* @buf: otuput buffer
* @skipKey: name of key that will be handled separately by caller
- * @onOff: Use 'on' and 'off' for boolean values rather than 'yes' and 'no'
* @arrayFunc: array formatter function to allow for different syntax
*
* Formats JSON value object into command line parameters suitable for use with
@@ -277,10 +262,9 @@ int
virQEMUBuildCommandLineJSON(virJSONValuePtr value,
virBufferPtr buf,
const char *skipKey,
- bool onOff,
virQEMUBuildCommandLineJSONArrayFormatFunc array)
{
- if (virQEMUBuildCommandLineJSONRecurse(NULL, value, buf, skipKey, onOff, array, false) < 0)
+ if (virQEMUBuildCommandLineJSONRecurse(NULL, value, buf, skipKey, array, false) < 0)
return -1;
virBufferTrim(buf, ",");
@@ -311,7 +295,7 @@ virQEMUBuildNetdevCommandlineFromJSON(virJSONValuePtr props,
virBufferAsprintf(&buf, "%s,", type);
- if (virQEMUBuildCommandLineJSON(props, &buf, "type", true,
+ if (virQEMUBuildCommandLineJSON(props, &buf, "type",
virQEMUBuildCommandLineJSONArrayObjectsStr) < 0)
return NULL;
@@ -348,7 +332,7 @@ virQEMUBuildDriveCommandlineFromJSON(virJSONValuePtr srcdef)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
- if (virQEMUBuildCommandLineJSON(srcdef, &buf, NULL, false,
+ if (virQEMUBuildCommandLineJSON(srcdef, &buf, NULL,
virQEMUBuildCommandLineJSONArrayNumbered) < 0)
return NULL;
diff --git a/src/util/virqemu.h b/src/util/virqemu.h
index b81efc7..849b7df 100644
--- a/src/util/virqemu.h
+++ b/src/util/virqemu.h
@@ -29,23 +29,19 @@
typedef int (*virQEMUBuildCommandLineJSONArrayFormatFunc)(const char *key,
virJSONValuePtr array,
virBufferPtr buf,
- const char *skipKey,
- bool onOff);
+ const char *skipKey);
int virQEMUBuildCommandLineJSONArrayBitmap(const char *key,
virJSONValuePtr array,
virBufferPtr buf,
- const char *skipKey,
- bool onOff);
+ const char *skipKey);
int virQEMUBuildCommandLineJSONArrayNumbered(const char *key,
virJSONValuePtr array,
virBufferPtr buf,
- const char *skipKey,
- bool onOff);
+ const char *skipKey);
int virQEMUBuildCommandLineJSON(virJSONValuePtr value,
virBufferPtr buf,
const char *skipKey,
- bool onOff,
virQEMUBuildCommandLineJSONArrayFormatFunc array);
char *
diff --git a/tests/qemucommandutiltest.c b/tests/qemucommandutiltest.c
index 305f59e..6291c3b 100644
--- a/tests/qemucommandutiltest.c
+++ b/tests/qemucommandutiltest.c
@@ -47,7 +47,7 @@ testQemuCommandBuildFromJSON(const void *opaque)
return -1;
}
- if (virQEMUBuildCommandLineJSON(val, &buf, NULL, false, data->arrayfunc) < 0) {
+ if (virQEMUBuildCommandLineJSON(val, &buf, NULL, data->arrayfunc) < 0) {
fprintf(stderr,
"\nvirQEMUBuildCommandlineJSON failed process JSON:\n%s\n",
data->props);
@@ -99,8 +99,8 @@ mymain(void)
DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"string\":\"qwer\"}", "string=qwer");
DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"string\":\"qw,e,r\"}", "string=qw,,e,,r");
DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"number\":1234}", "number=1234");
- DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"boolean\":true}", "boolean=yes");
- DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"boolean\":false}", "boolean=no");
+ DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"boolean\":true}", "boolean=on");
+ DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"boolean\":false}", "boolean=off");
DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"bitmap\":[]}", NULL);
DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"bitmap\":[0]}", "bitmap=0");
DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"bitmap\":[1,3,5]}",
@@ -113,14 +113,14 @@ mymain(void)
DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"array\":[\"bleah\",\"qwerty\",1]}",
"array=bleah,array=qwerty,array=1");
DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"boolean\":true,\"hyphen-name\":1234,\"some_string\":\"bleah\"}",
- "boolean=yes,hyphen-name=1234,some_string=bleah");
+ "boolean=on,hyphen-name=1234,some_string=bleah");
DO_TEST_COMMAND_OBJECT_FROM_JSON("{\"nest\": {\"boolean\":true,"
"\"hyphen-name\":1234,"
"\"some_string\":\"bleah\","
"\"bleah\":\"bl,eah\""
"}"
"}",
- "nest.boolean=yes,nest.hyphen-name=1234,"
+ "nest.boolean=on,nest.hyphen-name=1234,"
"nest.some_string=bleah,nest.bleah=bl,,eah");
DO_TEST_COMMAND_DRIVE_FROM_JSON("{\"driver\":\"gluster\","
"\"volume\":\"test\","
--
2.34.1

369
libvirt/debian/patches/0015-qemu-command-Use-JSON-for-QAPIfied-object-directly.patch
View File

@@ -1,369 +0,0 @@
From 4f33b817b2926198ec626f10c3fca1c8aaececf6 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 12 Mar 2021 15:44:19 +0100
Subject: [PATCH] qemu: command: Use JSON for QAPIfied -object directly
Skip the lossy conversion to legacy commandline arguments by using the
JSON props directly when -object is QAPIfied. This avoids issues with
conversion of bitmaps and also allows validation of the generated JSON
against the QMP schema in the tests.
Since the new approach is triggered by a qemu capability the code
from 'virQEMUBuildObjectCommandlineFromJSON' in util/virqemu.c was moved
to 'qemuBuildObjectCommandlineFromJSON' in qemu/qemu_command.c which has
the virQEMUCaps type.
Some functions needed to be modified to propagate qemuCaps.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
[ Patch defuzzed for libvirt 7.0.0]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
---
src/libvirt_private.syms | 1 -
src/qemu/qemu_command.c | 106 +++++++++++++++++++++++++++------------
src/util/virqemu.c | 24 ---------
src/util/virqemu.h | 3 --
4 files changed, 73 insertions(+), 61 deletions(-)
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index c325040..e96bf96 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2955,7 +2955,6 @@ virQEMUBuildCommandLineJSONArrayBitmap;
virQEMUBuildCommandLineJSONArrayNumbered;
virQEMUBuildDriveCommandlineFromJSON;
virQEMUBuildNetdevCommandlineFromJSON;
-virQEMUBuildObjectCommandlineFromJSON;
# util/virrandom.h
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c
index 9f972a8..dafa85b 100644
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -177,6 +177,32 @@ VIR_ENUM_IMPL(qemuNumaPolicy,
);
+static int
+qemuBuildObjectCommandlineFromJSON(virBuffer *buf,
+ virJSONValue *props,
+ virQEMUCaps *qemuCaps)
+{
+ const char *type = virJSONValueObjectGetString(props, "qom-type");
+ const char *alias = virJSONValueObjectGetString(props, "id");
+
+ if (!type || !alias) {
+ virReportError(VIR_ERR_INTERNAL_ERROR,
+ _("missing 'type'(%s) or 'alias'(%s) field of QOM 'object'"),
+ NULLSTR(type), NULLSTR(alias));
+ return -1;
+ }
+
+ if (virQEMUCapsGet(qemuCaps, QEMU_CAPS_OBJECT_QAPIFIED)) {
+ return virJSONValueToBuffer(props, buf, false);
+ } else {
+ virBufferAsprintf(buf, "%s,", type);
+
+ return virQEMUBuildCommandLineJSON(props, buf, "qom-type",
+ virQEMUBuildCommandLineJSONArrayBitmap);
+ }
+}
+
+
/**
* qemuBuildMasterKeyCommandLine:
* @cmd: the command to modify
@@ -690,6 +716,7 @@ qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
* qemuBuildObjectSecretCommandLine:
* @cmd: the command to modify
* @secinfo: pointer to the secret info object
+ * @qemuCaps: qemu capabilities
*
* If the secinfo is available and associated with an AES secret,
* then format the command line for the secret object. This object
@@ -700,7 +727,8 @@ qemuBuildSecretInfoProps(qemuDomainSecretInfoPtr secinfo,
*/
static int
qemuBuildObjectSecretCommandLine(virCommandPtr cmd,
- qemuDomainSecretInfoPtr secinfo)
+ qemuDomainSecretInfoPtr secinfo,
+ virQEMUCaps *qemuCaps)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
g_autoptr(virJSONValue) props = NULL;
@@ -708,7 +736,7 @@ qemuBuildObjectSecretCommandLine(virCommandPtr cmd,
if (qemuBuildSecretInfoProps(secinfo, &props) < 0)
return -1;
- if (virQEMUBuildObjectCommandlineFromJSON(&buf, props) < 0)
+ if (qemuBuildObjectCommandlineFromJSON(&buf, props, qemuCaps) < 0)
return -1;
virCommandAddArg(cmd, "-object");
@@ -876,7 +904,7 @@ qemuBuildTLSx509CommandLine(virCommandPtr cmd,
certEncSecretAlias, qemuCaps, &props) < 0)
return -1;
- if (virQEMUBuildObjectCommandlineFromJSON(&buf, props) < 0)
+ if (qemuBuildObjectCommandlineFromJSON(&buf, props, qemuCaps) < 0)
return -1;
virCommandAddArg(cmd, "-object");
@@ -1981,14 +2009,15 @@ qemuBuildFloppyCommandLineControllerOptions(virCommandPtr cmd,
static int
qemuBuildObjectCommandline(virCommandPtr cmd,
- virJSONValuePtr objProps)
+ virJSONValuePtr objProps,
+ virQEMUCaps *qemuCaps)
{
g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
if (!objProps)
return 0;
- if (virQEMUBuildObjectCommandlineFromJSON(&buf, objProps) < 0)
+ if (qemuBuildObjectCommandlineFromJSON(&buf, objProps, qemuCaps) < 0)
return -1;
virCommandAddArg(cmd, "-object");
@@ -2000,16 +2029,17 @@ qemuBuildObjectCommandline(virCommandPtr cmd,
static int
qemuBuildBlockStorageSourceAttachDataCommandline(virCommandPtr cmd,
- qemuBlockStorageSourceAttachDataPtr data)
+ qemuBlockStorageSourceAttachDataPtr data,
+ virQEMUCaps *qemuCaps)
{
char *tmp;
- if (qemuBuildObjectCommandline(cmd, data->prmgrProps) < 0 ||
- qemuBuildObjectCommandline(cmd, data->authsecretProps) < 0 ||
- qemuBuildObjectCommandline(cmd, data->encryptsecretProps) < 0 ||
- qemuBuildObjectCommandline(cmd, data->httpcookiesecretProps) < 0 ||
- qemuBuildObjectCommandline(cmd, data->tlsKeySecretProps) < 0 ||
- qemuBuildObjectCommandline(cmd, data->tlsProps) < 0)
+ if (qemuBuildObjectCommandline(cmd, data->prmgrProps, qemuCaps) < 0 ||
+ qemuBuildObjectCommandline(cmd, data->authsecretProps, qemuCaps) < 0 ||
+ qemuBuildObjectCommandline(cmd, data->encryptsecretProps, qemuCaps) < 0 ||
+ qemuBuildObjectCommandline(cmd, data->httpcookiesecretProps, qemuCaps) < 0 ||
+ qemuBuildObjectCommandline(cmd, data->tlsKeySecretProps, qemuCaps) < 0 ||
+ qemuBuildObjectCommandline(cmd, data->tlsProps, qemuCaps) < 0)
return -1;
if (data->driveCmd)
@@ -2072,7 +2102,8 @@ qemuBuildDiskSourceCommandLine(virCommandPtr cmd,
for (i = data->nsrcdata; i > 0; i--) {
if (qemuBuildBlockStorageSourceAttachDataCommandline(cmd,
- data->srcdata[i - 1]) < 0)
+ data->srcdata[i - 1],
+ qemuCaps) < 0)
return -1;
}
@@ -3271,7 +3302,7 @@ qemuBuildMemoryCellBackendStr(virDomainDefPtr def,
priv, def, &mem, false)) < 0)
return -1;
- if (virQEMUBuildObjectCommandlineFromJSON(buf, props) < 0)
+ if (qemuBuildObjectCommandlineFromJSON(buf, props, priv->qemuCaps) < 0)
return -1;
return rc;
@@ -3300,7 +3331,7 @@ qemuBuildMemoryDimmBackendStr(virBufferPtr buf,
priv, def, mem, true) < 0)
return -1;
- if (virQEMUBuildObjectCommandlineFromJSON(buf, props) < 0)
+ if (qemuBuildObjectCommandlineFromJSON(buf, props, priv->qemuCaps) < 0)
return -1;
return 0;
@@ -4886,7 +4917,8 @@ qemuBuildChrChardevStr(virLogManagerPtr logManager,
* functions can just check the config fields */
if (chrSourcePriv && chrSourcePriv->secinfo) {
if (qemuBuildObjectSecretCommandLine(cmd,
- chrSourcePriv->secinfo) < 0)
+ chrSourcePriv->secinfo,
+ qemuCaps) < 0)
return NULL;
tlsCertEncSecAlias = chrSourcePriv->secinfo->s.aes.alias;
@@ -5124,7 +5156,7 @@ qemuBuildHostdevSCSICommandLine(virCommandPtr cmd,
if (!(data = qemuBuildHostdevSCSIAttachPrepare(hostdev, &backendAlias, qemuCaps)))
return -1;
- if (qemuBuildBlockStorageSourceAttachDataCommandline(cmd, data) < 0)
+ if (qemuBuildBlockStorageSourceAttachDataCommandline(cmd, data, qemuCaps) < 0)
return -1;
virCommandAddArg(cmd, "-device");
@@ -5530,7 +5562,7 @@ qemuBuildRNGCommandLine(virLogManagerPtr logManager,
if (qemuBuildRNGBackendProps(rng, &props) < 0)
return -1;
- rc = virQEMUBuildObjectCommandlineFromJSON(&buf, props);
+ rc = qemuBuildObjectCommandlineFromJSON(&buf, props, qemuCaps);
if (rc < 0)
return -1;
@@ -7099,7 +7131,7 @@ qemuBuildMemCommandLineMemoryDefaultBackend(virCommandPtr cmd,
priv, def, &mem, false) < 0)
return -1;
- if (virQEMUBuildObjectCommandlineFromJSON(&buf, props) < 0)
+ if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < 0)
return -1;
virCommandAddArg(cmd, "-object");
@@ -7172,25 +7204,31 @@ qemuBuildMemCommandLine(virCommandPtr cmd,
static int
qemuBuildIOThreadCommandLine(virCommandPtr cmd,
- const virDomainDef *def)
+ const virDomainDef *def,
+ virQEMUCaps *qemuCaps)
{
size_t i;
if (def->niothreadids == 0)
return 0;
- /* Create iothread objects using the defined iothreadids list
- * and the defined id and name from the list. These may be used
- * by a disk definition which will associate to an iothread by
- * supplying a value of an id from the list
- */
for (i = 0; i < def->niothreadids; i++) {
+ g_autoptr(virJSONValue) props = NULL;
+ g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER;
+ g_autofree char *alias = g_strdup_printf("iothread%u", def->iothreadids[i]->iothread_id);
+
+ if (qemuMonitorCreateObjectProps(&props, "iothread", alias, NULL) < 0)
+ return -1;
+
+ if (qemuBuildObjectCommandlineFromJSON(&buf, props, qemuCaps) < 0)
+ return -1;
+
virCommandAddArg(cmd, "-object");
- virCommandAddArgFormat(cmd, "iothread,id=iothread%u",
- def->iothreadids[i]->iothread_id);
+ virCommandAddArgBuffer(cmd, &buf);
}
return 0;
+
}
@@ -7613,7 +7651,8 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfigPtr cfg,
if (gfxPriv->secinfo) {
if (qemuBuildObjectSecretCommandLine(cmd,
- gfxPriv->secinfo) < 0)
+ gfxPriv->secinfo,
+ qemuCaps) < 0)
return -1;
secretAlias = gfxPriv->secinfo->s.aes.alias;
}
@@ -8658,7 +8697,7 @@ qemuBuildShmemCommandLine(virLogManagerPtr logManager,
if (!(memProps = qemuBuildShmemBackendMemProps(shmem)))
return -1;
- rc = virQEMUBuildObjectCommandlineFromJSON(&buf, memProps);
+ rc = qemuBuildObjectCommandlineFromJSON(&buf, memProps, qemuCaps);
if (rc < 0)
return -1;
@@ -9523,7 +9562,7 @@ qemuBuildManagedPRCommandLine(virCommandPtr cmd,
if (!(props = qemuBuildPRManagedManagerInfoProps(priv)))
return -1;
- if (virQEMUBuildObjectCommandlineFromJSON(&buf, props) < 0)
+ if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < 0)
return -1;
virCommandAddArg(cmd, "-object");
@@ -9547,7 +9586,8 @@ qemuBuildPflashBlockdevOne(virCommandPtr cmd,
for (i = data->nsrcdata; i > 0; i--) {
if (qemuBuildBlockStorageSourceAttachDataCommandline(cmd,
- data->srcdata[i - 1]) < 0)
+ data->srcdata[i - 1],
+ qemuCaps) < 0)
return -1;
}
@@ -9612,7 +9652,7 @@ qemuBuildDBusVMStateCommandLine(virCommandPtr cmd,
if (!(props = qemuBuildDBusVMStateInfoProps(driver, vm)))
return -1;
- if (virQEMUBuildObjectCommandlineFromJSON(&buf, props) < 0)
+ if (qemuBuildObjectCommandlineFromJSON(&buf, props, priv->qemuCaps) < 0)
return -1;
virCommandAddArg(cmd, "-object");
@@ -9890,7 +9930,7 @@ qemuBuildCommandLine(virQEMUDriverPtr driver,
if (qemuBuildSmpCommandLine(cmd, def, qemuCaps) < 0)
return NULL;
- if (qemuBuildIOThreadCommandLine(cmd, def) < 0)
+ if (qemuBuildIOThreadCommandLine(cmd, def, qemuCaps) < 0)
return NULL;
if (virDomainNumaGetNodeCount(def->numa) &&
diff --git a/src/util/virqemu.c b/src/util/virqemu.c
index aa322be..a1f57de 100644
--- a/src/util/virqemu.c
+++ b/src/util/virqemu.c
@@ -303,30 +303,6 @@ virQEMUBuildNetdevCommandlineFromJSON(virJSONValuePtr props,
}
-int
-virQEMUBuildObjectCommandlineFromJSON(virBufferPtr buf,
- virJSONValuePtr objprops)
-{
- const char *type = virJSONValueObjectGetString(objprops, "qom-type");
- const char *alias = virJSONValueObjectGetString(objprops, "id");
-
- if (!type || !alias) {
- virReportError(VIR_ERR_INTERNAL_ERROR,
- _("missing 'type'(%s) or 'alias'(%s) field of QOM 'object'"),
- NULLSTR(type), NULLSTR(alias));
- return -1;
- }
-
- virBufferAsprintf(buf, "%s,", type);
-
- if (virQEMUBuildCommandLineJSON(objprops, buf, "qom-type", false,
- virQEMUBuildCommandLineJSONArrayBitmap) < 0)
- return -1;
-
- return 0;
-}
-
-
char *
virQEMUBuildDriveCommandlineFromJSON(virJSONValuePtr srcdef)
{
diff --git a/src/util/virqemu.h b/src/util/virqemu.h
index 849b7df..361abdd 100644
--- a/src/util/virqemu.h
+++ b/src/util/virqemu.h
@@ -48,9 +48,6 @@ char *
virQEMUBuildNetdevCommandlineFromJSON(virJSONValuePtr props,
bool rawjson);
-int virQEMUBuildObjectCommandlineFromJSON(virBufferPtr buf,
- virJSONValuePtr objprops);
-
char *virQEMUBuildDriveCommandlineFromJSON(virJSONValuePtr src);
void virQEMUBuildBufferEscapeComma(virBufferPtr buf, const char *str);
--
2.34.1

34
libvirt/debian/patches/0016-qemu-capabilities-Enable-detection-of-QEMU_CAPS_OBJE.patch
View File

@@ -1,34 +0,0 @@
From f763b6e43900605308df8dbca16e4702033947e9 Mon Sep 17 00:00:00 2001
From: Peter Krempa <pkrempa@redhat.com>
Date: Fri, 12 Mar 2021 16:28:11 +0100
Subject: [PATCH] qemu: capabilities: Enable detection of
QEMU_CAPS_OBJECT_QAPIFIED
Base the detection on the presence of the 'secret' qom-type entry, which
isn't conditionally compiled in qemu.
All caps-based test now switch to using JSON for -object.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
[ Patch defuzzed for libvirt 7.0.0]
Signed-off-by: Thales Elero Cervi <thaleselero.cervi@windriver.com>
---
src/qemu/qemu_capabilities.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
index fba718f..81fece7 100644
--- a/src/qemu/qemu_capabilities.c
+++ b/src/qemu/qemu_capabilities.c
@@ -1537,6 +1537,7 @@ static struct virQEMUCapsStringFlags virQEMUCapsQMPSchemaQueries[] = {
{ "migrate-set-parameters/arg-type/xbzrle-cache-size", QEMU_CAPS_MIGRATION_PARAM_XBZRLE_CACHE_SIZE },
{ "set-numa-node/arg-type/+hmat-lb", QEMU_CAPS_NUMA_HMAT },
{ "netdev_add/arg-type/+vhost-vdpa", QEMU_CAPS_NETDEV_VHOST_VDPA },
+ { "object-add/arg-type/qom-type/^secret", QEMU_CAPS_OBJECT_QAPIFIED },
};
typedef struct _virQEMUCapsObjectTypeProps virQEMUCapsObjectTypeProps;
--
2.34.1

49
libvirt/debian/patches/CVE-2021-3631.patch
View File

@@ -1,49 +0,0 @@
From: Daniel P. Berrangé <berrange@redhat.com>
Date: Mon, 28 Jun 2021 13:09:04 +0100
Subject: security: fix SELinux label generation logic
A process can access a file if the set of MCS categories
for the file is equal-to *or* a subset-of, the set of
MCS categories for the process.
If there are two VMs:
a) svirt_t:s0:c117
b) svirt_t:s0:c117,c720
Then VM (b) is able to access files labelled for VM (a).
IOW, we must discard case where the categories are equal
because that is a subset of many other valid category pairs.
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/15073504dbb624d3f6c911e85557019d3620fdb2
Bug: https://gitlab.com/libvirt/libvirt/-/issues/153
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-3631
Bug-Debian: https://bugs.debian.org/990709
---
src/security/security_selinux.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 2fc6ef2..61a871e 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -389,7 +389,15 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
if (c1 == c2) {
- mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
+ /*
+ * A process can access a file if the set of MCS categories
+ * for the file is equal-to *or* a subset-of, the set of
+ * MCS categories for the process.
+ *
+ * IOW, we must discard case where the categories are equal
+ * because that is a subset of other category pairs.
+ */
+ continue;
} else {
if (c1 > c2) {
int t = c1;

36
libvirt/debian/patches/CVE-2021-3667.patch
View File

@@ -1,36 +0,0 @@
From: Peter Krempa <pkrempa@redhat.com>
Date: Wed, 21 Jul 2021 11:22:25 +0200
Subject: storage_driver: Unlock object on ACL fail in
storagePoolLookupByTargetPath
'virStoragePoolObjListSearch' returns a locked and refed object, thus we
must release it on ACL permission failure.
Fixes: 7aa0e8c0cb8
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-3667
Bug-Debian: https://bugs.debian.org/991594
---
src/storage/storage_driver.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
index 16bc53a..2787c16 100644
--- a/src/storage/storage_driver.c
+++ b/src/storage/storage_driver.c
@@ -1739,8 +1739,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
storagePoolLookupByTargetPathCallback,
cleanpath))) {
def = virStoragePoolObjGetDef(obj);
- if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
+ if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
+ virStoragePoolObjEndAPI(&obj);
return NULL;
+ }
pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
virStoragePoolObjEndAPI(&obj);

37
libvirt/debian/patches/CVE-2021-3975.patch
View File

@@ -1,37 +0,0 @@
From: Peng Liang <liangpeng10@huawei.com>
Date: Wed, 24 Feb 2021 19:28:23 +0800
Subject: qemu: Add missing lock in qemuProcessHandleMonitorEOF
qemuMonitorUnregister will be called in multiple threads (e.g. threads
in rpc worker pool and the vm event thread). In some cases, it isn't
protected by the monitor lock, which may lead to call g_source_unref
more than one time and a use-after-free problem eventually.
Add the missing lock in qemuProcessHandleMonitorEOF (which is the only
position missing lock of monitor I found).
Suggested-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Origin: https://github.com/libvirt/libvirt/commit/1ac703a7d0789e46833f4013a3876c2e3af18ec7
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2024326
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-3975
---
src/qemu/qemu_process.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 202d867..3f7355f 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -317,7 +317,9 @@ qemuProcessHandleMonitorEOF(qemuMonitorPtr mon,
/* We don't want this EOF handler to be called over and over while the
* thread is waiting for a job.
*/
+ virObjectLock(mon);
qemuMonitorUnregister(mon);
+ virObjectUnlock(mon);
/* We don't want any cleanup from EOF handler (or any other
* thread) to enter qemu namespace. */

111
libvirt/debian/patches/CVE-2021-4147_1.patch
View File

@@ -1,111 +0,0 @@
From: Jim Fehlig <jfehlig@suse.com>
Date: Fri, 29 Oct 2021 14:16:33 -0600
Subject: libxl: Disable death events after receiving a shutdown event
The libxl driver will handle all domain destruction and cleanup
when receiving a domain shutdown event from libxl. Commit fa30ee04a2a
introduced the ignoreDeathEvent boolean in the DomainObjPrivate struct
to ignore subsequent death events from libxl. But libxl already provides
a mechanism to disable death events via libxl_evdisable_domain_death.
This patch partially reverts commit fa30ee04a2a and instead uses
libxl_evdisable_domain_death to disable subsequent death events when
processing a shutdown event.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/23b51d7b8ec885e97a9277cf0a6c2833db4636e8
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-4147
Bug-Debian: https://bugs.debian.org/1002535
---
src/libxl/libxl_domain.c | 23 +++++------------------
src/libxl/libxl_domain.h | 3 ---
2 files changed, 5 insertions(+), 21 deletions(-)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 63938d5..f97c6da 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -614,12 +614,6 @@ static void
libxlDomainHandleDeath(libxlDriverPrivatePtr driver, virDomainObjPtr vm)
{
virObjectEventPtr dom_event = NULL;
- libxlDomainObjPrivatePtr priv = vm->privateData;
-
- if (priv->ignoreDeathEvent) {
- priv->ignoreDeathEvent = false;
- return;
- }
if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
return;
@@ -667,7 +661,6 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
}
if (event->type == LIBXL_EVENT_TYPE_DOMAIN_SHUTDOWN) {
- libxlDomainObjPrivatePtr priv = vm->privateData;
struct libxlShutdownThreadInfo *shutdown_info = NULL;
virThread thread;
g_autofree char *name = NULL;
@@ -684,12 +677,9 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
name = g_strdup_printf("ev-%d", event->domid);
/*
* Cleanup will be handled by the shutdown thread.
- * Ignore the forthcoming death event from libxl
*/
- priv->ignoreDeathEvent = true;
if (virThreadCreateFull(&thread, false, libxlDomainShutdownThread,
name, false, shutdown_info) < 0) {
- priv->ignoreDeathEvent = false;
/*
* Not much we can do on error here except log it.
*/
@@ -813,18 +803,17 @@ libxlDomainDestroyInternal(libxlDriverPrivatePtr driver,
libxlDomainObjPrivatePtr priv = vm->privateData;
int ret = -1;
- /* Ignore next LIBXL_EVENT_TYPE_DOMAIN_DEATH as the caller will handle
- * domain death appropriately already (having more info, like the reason).
- */
- priv->ignoreDeathEvent = true;
+ if (priv->deathW) {
+ libxl_evdisable_domain_death(cfg->ctx, priv->deathW);
+ priv->deathW = NULL;
+ }
+
/* Unlock virDomainObj during destroy, which can take considerable
* time on large memory domains.
*/
virObjectUnlock(vm);
ret = libxl_domain_destroy(cfg->ctx, vm->def->id, NULL);
virObjectLock(vm);
- if (ret)
- priv->ignoreDeathEvent = false;
return ret;
}
@@ -877,8 +866,6 @@ libxlDomainCleanup(libxlDriverPrivatePtr driver,
priv->deathW = NULL;
}
- priv->ignoreDeathEvent = false;
-
if (!!g_atomic_int_dec_and_test(&driver->nactive) && driver->inhibitCallback)
driver->inhibitCallback(false, driver->inhibitOpaque);
diff --git a/src/libxl/libxl_domain.h b/src/libxl/libxl_domain.h
index 0068254..e06a88b 100644
--- a/src/libxl/libxl_domain.h
+++ b/src/libxl/libxl_domain.h
@@ -62,9 +62,6 @@ struct _libxlDomainObjPrivate {
/* console */
virChrdevsPtr devs;
libxl_evgen_domain_death *deathW;
- /* Flag to indicate the upcoming LIBXL_EVENT_TYPE_DOMAIN_DEATH is caused
- * by libvirt and should not be handled separately */
- bool ignoreDeathEvent;
virThreadPtr migrationDstReceiveThr;
unsigned short migrationPort;
char *lockState;

68
libvirt/debian/patches/CVE-2021-4147_2.patch
View File

@@ -1,68 +0,0 @@
From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 24 Nov 2021 11:10:19 -0700
Subject: libxl: Rename libxlShutdownThreadInfo struct
An upcoming change will use the struct in a thread created to process
death events. Rename libxlShutdownThreadInfo to libxlEventHandlerThreadInfo
to reflect the more generic usage.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/a4e6fba069c0809b8b5dde5e9db62d2efd91b4a0
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-4147
Bug-Debian: https://bugs.debian.org/1002535
---
src/libxl/libxl_domain.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index f97c6da..6ad9ab7 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -473,7 +473,7 @@ libxlDomainShutdownHandleRestart(libxlDriverPrivatePtr driver,
}
-struct libxlShutdownThreadInfo
+struct libxlEventHandlerThreadInfo
{
libxlDriverPrivatePtr driver;
virDomainObjPtr vm;
@@ -484,7 +484,7 @@ struct libxlShutdownThreadInfo
static void
libxlDomainShutdownThread(void *opaque)
{
- struct libxlShutdownThreadInfo *shutdown_info = opaque;
+ struct libxlEventHandlerThreadInfo *shutdown_info = opaque;
virDomainObjPtr vm = shutdown_info->vm;
libxl_event *ev = shutdown_info->event;
libxlDriverPrivatePtr driver = shutdown_info->driver;
@@ -661,7 +661,7 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
}
if (event->type == LIBXL_EVENT_TYPE_DOMAIN_SHUTDOWN) {
- struct libxlShutdownThreadInfo *shutdown_info = NULL;
+ struct libxlEventHandlerThreadInfo *shutdown_info = NULL;
virThread thread;
g_autofree char *name = NULL;
@@ -669,7 +669,7 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
* Start a thread to handle shutdown. We don't want to be tying up
* libxl's event machinery by doing a potentially lengthy shutdown.
*/
- shutdown_info = g_new0(struct libxlShutdownThreadInfo, 1);
+ shutdown_info = g_new0(struct libxlEventHandlerThreadInfo, 1);
shutdown_info->driver = driver;
shutdown_info->vm = vm;
@@ -689,7 +689,7 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
}
/*
* virDomainObjEndAPI is called in the shutdown thread, where
- * libxlShutdownThreadInfo and libxl_event are also freed.
+ * libxlEventHandlerThreadInfo and libxl_event are also freed.
*/
return;
} else if (event->type == LIBXL_EVENT_TYPE_DOMAIN_DEATH) {

32
libvirt/debian/patches/CVE-2021-4147_3.patch
View File

@@ -1,32 +0,0 @@
From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 24 Nov 2021 11:16:38 -0700
Subject: libxl: Modify name of shutdown thread
The current thread name 'ev-<domid>' is a bit terse. Change the name
to 'shutdown-event-<domid>', allowing it to be distinguished between
thread handling other event types.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/e4f7589a3ec285489618ca04c8c0230cc31f3d99
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-4147
Bug-Debian: https://bugs.debian.org/1002535
---
src/libxl/libxl_domain.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 6ad9ab7..2af9d31 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -674,7 +674,7 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
shutdown_info->driver = driver;
shutdown_info->vm = vm;
shutdown_info->event = (libxl_event *)event;
- name = g_strdup_printf("ev-%d", event->domid);
+ name = g_strdup_printf("shutdown-event-%d", event->domid);
/*
* Cleanup will be handled by the shutdown thread.
*/

145
libvirt/debian/patches/CVE-2021-4147_4.patch
View File

@@ -1,145 +0,0 @@
From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 24 Nov 2021 11:36:55 -0700
Subject: libxl: Handle domain death events in a thread
Similar to domain shutdown events, processing domain death events can be a
lengthy process and we don't want to block the event handler while the
operation completes. Move the death handling function to a thread.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/b9a5faea49b7412e26d7389af4c32fc2b3ee80e5
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-4147
Bug-Debian: https://bugs.debian.org/1002535
---
src/libxl/libxl_domain.c | 67 +++++++++++++++++++++++++++++++++---------------
1 file changed, 47 insertions(+), 20 deletions(-)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index 2af9d31..f541469 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -611,12 +611,17 @@ libxlDomainShutdownThread(void *opaque)
}
static void
-libxlDomainHandleDeath(libxlDriverPrivatePtr driver, virDomainObjPtr vm)
+libxlDomainDeathThread(void *opaque)
{
+ struct libxlEventHandlerThreadInfo *death_info = opaque;
+ virDomainObjPtr vm = death_info->vm;
+ libxl_event *ev = death_info->event;
+ libxlDriverPrivatePtr driver = death_info->driver;
virObjectEventPtr dom_event = NULL;
+ g_autoptr(libxlDriverConfig) cfg = libxlDriverConfigGet(driver);
if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
- return;
+ goto cleanup;
virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, VIR_DOMAIN_SHUTOFF_DESTROYED);
dom_event = virDomainEventLifecycleNewFromObj(vm,
@@ -627,6 +632,11 @@ libxlDomainHandleDeath(libxlDriverPrivatePtr driver, virDomainObjPtr vm)
virDomainObjListRemove(driver->domains, vm);
libxlDomainObjEndJob(driver, vm);
virObjectEventStateQueue(driver->domainEventState, dom_event);
+
+ cleanup:
+ virDomainObjEndAPI(&vm);
+ libxl_event_free(cfg->ctx, ev);
+ VIR_FREE(death_info);
}
@@ -640,6 +650,9 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
libxl_shutdown_reason xl_reason = event->u.domain_shutdown.shutdown_reason;
virDomainObjPtr vm = NULL;
g_autoptr(libxlDriverConfig) cfg = NULL;
+ struct libxlEventHandlerThreadInfo *thread_info = NULL;
+ virThread thread;
+ g_autofree char *thread_name = NULL;
if (event->type != LIBXL_EVENT_TYPE_DOMAIN_SHUTDOWN &&
event->type != LIBXL_EVENT_TYPE_DOMAIN_DEATH) {
@@ -660,31 +673,27 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
goto cleanup;
}
+ /*
+ * Start event-specific threads to handle shutdown and death.
+ * They are potentially lengthy operations and we don't want to be
+ * blocking this event handler while they are in progress.
+ */
if (event->type == LIBXL_EVENT_TYPE_DOMAIN_SHUTDOWN) {
- struct libxlEventHandlerThreadInfo *shutdown_info = NULL;
- virThread thread;
- g_autofree char *name = NULL;
-
- /*
- * Start a thread to handle shutdown. We don't want to be tying up
- * libxl's event machinery by doing a potentially lengthy shutdown.
- */
- shutdown_info = g_new0(struct libxlEventHandlerThreadInfo, 1);
+ thread_info = g_new0(struct libxlEventHandlerThreadInfo, 1);
- shutdown_info->driver = driver;
- shutdown_info->vm = vm;
- shutdown_info->event = (libxl_event *)event;
- name = g_strdup_printf("shutdown-event-%d", event->domid);
+ thread_info->driver = driver;
+ thread_info->vm = vm;
+ thread_info->event = (libxl_event *)event;
+ thread_name = g_strdup_printf("shutdown-event-%d", event->domid);
/*
* Cleanup will be handled by the shutdown thread.
*/
if (virThreadCreateFull(&thread, false, libxlDomainShutdownThread,
- name, false, shutdown_info) < 0) {
+ thread_name, false, thread_info) < 0) {
/*
* Not much we can do on error here except log it.
*/
VIR_ERROR(_("Failed to create thread to handle domain shutdown"));
- VIR_FREE(shutdown_info);
goto cleanup;
}
/*
@@ -693,15 +702,33 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
*/
return;
} else if (event->type == LIBXL_EVENT_TYPE_DOMAIN_DEATH) {
+ thread_info = g_new0(struct libxlEventHandlerThreadInfo, 1);
+
+ thread_info->driver = driver;
+ thread_info->vm = vm;
+ thread_info->event = (libxl_event *)event;
+ thread_name = g_strdup_printf("death-event-%d", event->domid);
/*
- * On death the domain is cleaned up from Xen's perspective.
- * Cleanup on the libvirt side can be done synchronously.
+ * Cleanup will be handled by the death thread.
*/
- libxlDomainHandleDeath(driver, vm);
+ if (virThreadCreateFull(&thread, false, libxlDomainDeathThread,
+ thread_name, false, thread_info) < 0) {
+ /*
+ * Not much we can do on error here except log it.
+ */
+ VIR_ERROR(_("Failed to create thread to handle domain death"));
+ goto cleanup;
+ }
+ /*
+ * virDomainObjEndAPI is called in the death thread, where
+ * libxlEventHandlerThreadInfo and libxl_event are also freed.
+ */
+ return;
}
cleanup:
virDomainObjEndAPI(&vm);
+ VIR_FREE(thread_info);
cfg = libxlDriverConfigGet(driver);
/* Cast away any const */
libxl_event_free(cfg->ctx, (libxl_event *)event);

172
libvirt/debian/patches/CVE-2021-4147_5.patch
View File

@@ -1,172 +0,0 @@
From: Jim Fehlig <jfehlig@suse.com>
Date: Wed, 24 Nov 2021 11:48:51 -0700
Subject: libxl: Search for virDomainObj in event handler threads
libxl can deliver events and invoke callbacks on any application thread
calling into libxl. This can cause deadlock in the libvirt libxl driver
Thread 19 (Thread 0x7f31411ec700 (LWP 14068) "libvirtd"):
#0 0x00007f318520cc7d in __lll_lock_wait () from /lib64/libpthread.so.0
#1 0x00007f3185205ed5 in pthread_mutex_lock () from /lib64/libpthread.so.0
#2 0x00007f3189488015 in virMutexLock (m=<optimized out>) at ../../src/util/virthread.c:79
#3 0x00007f3189463f3b in virObjectLock (anyobj=<optimized out>) at ../../src/util/virobject.c:433
#4 0x00007f31894f2f41 in virDomainObjListSearchID (payload=0x7f317400a6d0, name=<optimized out>, data=0x7f31411eaeac) at ../../src/conf/virdomainobjlist.c:105
#5 0x00007f3189437ac5 in virHashSearch (ctable=0x7f3124025a30, iter=iter@entry=0x7f31894f2f30 <virDomainObjListSearchID>, data=data@entry=0x7f31411eaeac, name=name@entry=0x0) at ../../src/util/virhash.c:745
#6 0x00007f31894f3919 in virDomainObjListFindByID (doms=0x7f3124025430, id=<optimized out>) at ../../src/conf/virdomainobjlist.c:121
#7 0x00007f3152f292e5 in libxlDomainEventHandler (data=0x7f3124023d80, event=0x7f310c010ae0) at ../../src/libxl/libxl_domain.c:660
#8 0x00007f3152c6ff5d in egc_run_callbacks (egc=egc@entry=0x7f31411eaf50) at libxl_event.c:1427
#9 0x00007f3152c718bd in libxl__egc_cleanup (egc=0x7f31411eaf50) at libxl_event.c:1458
#10 libxl__ao_inprogress (ao=ao@entry=0x7f310c00b8a0, file=file@entry=0x7f3152cce987 "libxl_domain.c", line=line@entry=730, func=func@entry=0x7f3152ccf750 <__func__.22238> "libxl_domain_unpause") at libxl_event.c:2047
#11 0x00007f3152c8c5b8 in libxl_domain_unpause (ctx=0x7f3124015a40, domid=<optimized out>, ao_how=ao_how@entry=0x0) at libxl_domain.c:730
#12 0x00007f3152f2a584 in libxl_domain_unpause_0x041200 (domid=<optimized out>, ctx=<optimized out>) at /usr/include/libxl.h:1756
#13 libxlDomainStart (driver=driver@entry=0x7f3124023d80, vm=vm@entry=0x7f317400a6d0, start_paused=start_paused@entry=false, restore_fd=restore_fd@entry=-1, restore_ver=<optimized out>, restore_ver@entry=2) at ../../src/libxl/libxl_domain.c:1482
#14 0x00007f3152f2a6e3 in libxlDomainStartNew (driver=driver@entry=0x7f3124023d80, vm=vm@entry=0x7f317400a6d0, start_paused=start_paused@entry=false) at ../../src/libxl/libxl_domain.c:1545
#15 0x00007f3152f2a789 in libxlDomainShutdownHandleRestart (driver=0x7f3124023d80, vm=0x7f317400a6d0) at ../../src/libxl/libxl_domain.c:464
#16 0x00007f3152f2a9e4 in libxlDomainShutdownThread (opaque=<optimized out>) at ../../src/libxl/libxl_domain.c:559
#17 0x00007f3189487ee2 in virThreadHelper (data=<optimized out>) at ../../src/util/virthread.c:196
#18 0x00007f3185203539 in start_thread () from /lib64/libpthread.so.0
#19 0x00007f3184f3becf in clone () from /lib64/libc.so.6
Frame 16 runs a thread created to handle domain shutdown processing for
domid 28712. In this case the event contained the reboot reason, so the
old domain is destroyed and a new one is created by libxlDomainStart new.
After starting the domain, it is unpaused by calling libxl_domain_unpause
in frame 12. While the thread is running within libxl, libxl takes the
opportunity to deliver a pending domain shutdown event for unrelated domid
28710. While searching for the associated virDomainObj by ID, a deadlock is
encountered when attempting to lock the virDomainObj for domid 28712, which
is already locked since this thread is processing its shutdown event.
The deadlock can be avoided by moving the search for a virDomainObj
associated with the event domid to the shutdown thread. The same is done
for the death thread.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/5c5df5310f72be4878a71ace47074c54e0d1a27d
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-4147
Bug-Debian: https://bugs.debian.org/1002535
---
src/libxl/libxl_domain.c | 35 ++++++++++++++++++-----------------
1 file changed, 18 insertions(+), 17 deletions(-)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index f541469..0127211 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -476,7 +476,6 @@ libxlDomainShutdownHandleRestart(libxlDriverPrivatePtr driver,
struct libxlEventHandlerThreadInfo
{
libxlDriverPrivatePtr driver;
- virDomainObjPtr vm;
libxl_event *event;
};
@@ -485,7 +484,7 @@ static void
libxlDomainShutdownThread(void *opaque)
{
struct libxlEventHandlerThreadInfo *shutdown_info = opaque;
- virDomainObjPtr vm = shutdown_info->vm;
+ virDomainObjPtr vm = NULL;
libxl_event *ev = shutdown_info->event;
libxlDriverPrivatePtr driver = shutdown_info->driver;
virObjectEventPtr dom_event = NULL;
@@ -495,6 +494,12 @@ libxlDomainShutdownThread(void *opaque)
libxl_domain_config_init(&d_config);
+ vm = virDomainObjListFindByID(driver->domains, ev->domid);
+ if (!vm) {
+ /* Nothing to do if we can't find the virDomainObj */
+ goto cleanup;
+ }
+
if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
goto cleanup;
@@ -614,12 +619,18 @@ static void
libxlDomainDeathThread(void *opaque)
{
struct libxlEventHandlerThreadInfo *death_info = opaque;
- virDomainObjPtr vm = death_info->vm;
+ virDomainObjPtr vm = NULL;
libxl_event *ev = death_info->event;
libxlDriverPrivatePtr driver = death_info->driver;
virObjectEventPtr dom_event = NULL;
g_autoptr(libxlDriverConfig) cfg = libxlDriverConfigGet(driver);
+ vm = virDomainObjListFindByID(driver->domains, ev->domid);
+ if (!vm) {
+ /* Nothing to do if we can't find the virDomainObj */
+ goto cleanup;
+ }
+
if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
goto cleanup;
@@ -648,7 +659,6 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
{
libxlDriverPrivatePtr driver = data;
libxl_shutdown_reason xl_reason = event->u.domain_shutdown.shutdown_reason;
- virDomainObjPtr vm = NULL;
g_autoptr(libxlDriverConfig) cfg = NULL;
struct libxlEventHandlerThreadInfo *thread_info = NULL;
virThread thread;
@@ -667,12 +677,6 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
if (xl_reason == LIBXL_SHUTDOWN_REASON_SUSPEND)
goto cleanup;
- vm = virDomainObjListFindByID(driver->domains, event->domid);
- if (!vm) {
- /* Nothing to do if we can't find the virDomainObj */
- goto cleanup;
- }
-
/*
* Start event-specific threads to handle shutdown and death.
* They are potentially lengthy operations and we don't want to be
@@ -682,7 +686,6 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
thread_info = g_new0(struct libxlEventHandlerThreadInfo, 1);
thread_info->driver = driver;
- thread_info->vm = vm;
thread_info->event = (libxl_event *)event;
thread_name = g_strdup_printf("shutdown-event-%d", event->domid);
/*
@@ -697,15 +700,14 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
goto cleanup;
}
/*
- * virDomainObjEndAPI is called in the shutdown thread, where
- * libxlEventHandlerThreadInfo and libxl_event are also freed.
+ * libxlEventHandlerThreadInfo and libxl_event are freed in the
+ * shutdown thread
*/
return;
} else if (event->type == LIBXL_EVENT_TYPE_DOMAIN_DEATH) {
thread_info = g_new0(struct libxlEventHandlerThreadInfo, 1);
thread_info->driver = driver;
- thread_info->vm = vm;
thread_info->event = (libxl_event *)event;
thread_name = g_strdup_printf("death-event-%d", event->domid);
/*
@@ -720,14 +722,13 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
goto cleanup;
}
/*
- * virDomainObjEndAPI is called in the death thread, where
- * libxlEventHandlerThreadInfo and libxl_event are also freed.
+ * libxlEventHandlerThreadInfo and libxl_event are freed in the
+ * death thread
*/
return;
}
cleanup:
- virDomainObjEndAPI(&vm);
VIR_FREE(thread_info);
cfg = libxlDriverConfigGet(driver);
/* Cast away any const */

90
libvirt/debian/patches/CVE-2021-4147_6.patch
View File

@@ -1,90 +0,0 @@
From: Jim Fehlig <jfehlig@suse.com>
Date: Thu, 18 Nov 2021 12:03:20 -0700
Subject: libxl: Protect access to libxlLogger files hash table
The hash table of log file objects in libxlLogger is not protected against
concurrent access. It is possible for one thread to remove an entry while
another is updating it. Add a mutex to the libxlLogger object and lock it
when accessing the files hash table.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/a7a03324d86e111f81687b5315b8f296dde84340
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-4147
Bug-Debian: https://bugs.debian.org/1002535
---
src/libxl/libxl_logger.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/src/libxl/libxl_logger.c b/src/libxl/libxl_logger.c
index 93a9c76..4113d67 100644
--- a/src/libxl/libxl_logger.c
+++ b/src/libxl/libxl_logger.c
@@ -28,6 +28,7 @@
#include "util/virfile.h"
#include "util/virhash.h"
#include "util/virstring.h"
+#include "util/virthread.h"
#include "util/virtime.h"
#define VIR_FROM_THIS VIR_FROM_LIBXL
@@ -43,6 +44,7 @@ struct xentoollog_logger_libvirt {
/* map storing the opened fds: "domid" -> FILE* */
GHashTable *files;
+ virMutex tableLock;
FILE *defaultLogFile;
};
@@ -85,7 +87,9 @@ libvirt_vmessage(xentoollog_logger *logger_in,
start = start + 9;
*end = '\0';
+ virMutexLock(&lg->tableLock);
domainLogFile = virHashLookup(lg->files, start);
+ virMutexUnlock(&lg->tableLock);
if (domainLogFile)
logFile = domainLogFile;
@@ -161,6 +165,11 @@ libxlLoggerNew(const char *logDir, virLogPriority minLevel)
if ((logger.defaultLogFile = fopen(path, "a")) == NULL)
goto error;
+ if (virMutexInit(&logger.tableLock) < 0) {
+ VIR_FORCE_FCLOSE(logger.defaultLogFile);
+ goto error;
+ }
+
logger_out = XTL_NEW_LOGGER(libvirt, logger);
cleanup:
@@ -179,6 +188,7 @@ libxlLoggerFree(libxlLoggerPtr logger)
if (logger->defaultLogFile)
VIR_FORCE_FCLOSE(logger->defaultLogFile);
virHashFree(logger->files);
+ virMutexDestroy(&logger->tableLock);
xtl_logger_destroy(xtl_logger);
}
@@ -200,7 +210,9 @@ libxlLoggerOpenFile(libxlLoggerPtr logger,
path, g_strerror(errno));
goto cleanup;
}
+ virMutexLock(&logger->tableLock);
ignore_value(virHashAddEntry(logger->files, domidstr, logFile));
+ virMutexUnlock(&logger->tableLock);
/* domain_config is non NULL only when starting a new domain */
if (domain_config) {
@@ -219,7 +231,9 @@ libxlLoggerCloseFile(libxlLoggerPtr logger, int id)
char *domidstr = NULL;
domidstr = g_strdup_printf("%d", id);
+ virMutexLock(&logger->tableLock);
ignore_value(virHashRemoveEntry(logger->files, domidstr));
+ virMutexUnlock(&logger->tableLock);
VIR_FREE(domidstr);
}

8
libvirt/debian/patches/CVE-2024-1441.patch
View File

@@ -16,16 +16,18 @@ Reviewed-by: Ján Tomko <jtomko@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/c664015fe3a7bf59db26686e9ed69af011c6ebb8
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-1441
Bug-Debian: https://bugs.debian.org/1066058
[ Fixed pointers while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Daniel Caires <danielmarques.caires@windriver.com>
---
src/interface/interface_backend_udev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
index 6a94a45..65a5244 100644
index 8c417714e..5b22a601c 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -221,7 +221,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
virInterfaceDefPtr def;
@@ -220,7 +220,7 @@ udevListInterfacesByStatus(virConnectPtr conn,
g_autoptr(virInterfaceDef) def = NULL;
/* Ensure we won't exceed the size of our array */
- if (count > names_len)

36
libvirt/debian/patches/CVE-2024-2494.patch
View File

@@ -22,16 +22,18 @@ Origin: https://gitlab.com/libvirt/libvirt/-/commit/8a3f8d957507c1f8223fdcf25a3f
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2270115
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-2494
Bug-Debian: https://bugs.debian.org/1067461
[ Fixed pointers while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Daniel Caires <danielmarques.caires@windriver.com>
---
src/remote/remote_daemon_dispatch.c | 65 +++++++++++++++++++++++++++++++++++++
src/rpc/gendispatch.pl | 5 +++
2 files changed, 70 insertions(+)
diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c
index 46683aa..4def952 100644
index 689001889..78d4b3174 100644
--- a/src/remote/remote_daemon_dispatch.c
+++ b/src/remote/remote_daemon_dispatch.c
@@ -2330,6 +2330,10 @@ remoteDispatchDomainGetSchedulerParameters(virNetServerPtr server G_GNUC_UNUSED,
@@ -2306,6 +2306,10 @@ remoteDispatchDomainGetSchedulerParameters(virNetServer *server G_GNUC_UNUSED,
if (!conn)
goto cleanup;
@@ -42,7 +44,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -2378,6 +2382,10 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServerPtr server G_GNUC_UN
@@ -2354,6 +2358,10 @@ remoteDispatchDomainGetSchedulerParametersFlags(virNetServer *server G_GNUC_UNUS
if (!conn)
goto cleanup;
@@ -53,7 +55,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_DOMAIN_SCHEDULER_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -2536,6 +2544,10 @@ remoteDispatchDomainBlockStatsFlags(virNetServerPtr server G_GNUC_UNUSED,
@@ -2512,6 +2520,10 @@ remoteDispatchDomainBlockStatsFlags(virNetServer *server G_GNUC_UNUSED,
goto cleanup;
flags = args->flags;
@@ -64,7 +66,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_DOMAIN_BLOCK_STATS_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -2764,6 +2776,14 @@ remoteDispatchDomainGetVcpuPinInfo(virNetServerPtr server G_GNUC_UNUSED,
@@ -2737,6 +2749,14 @@ remoteDispatchDomainGetVcpuPinInfo(virNetServer *server G_GNUC_UNUSED,
if (!(dom = get_nonnull_domain(conn, args->dom)))
goto cleanup;
@@ -79,7 +81,7 @@ index 46683aa..4def952 100644
if (args->ncpumaps > REMOTE_VCPUINFO_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("ncpumaps > REMOTE_VCPUINFO_MAX"));
goto cleanup;
@@ -2858,6 +2878,11 @@ remoteDispatchDomainGetEmulatorPinInfo(virNetServerPtr server G_GNUC_UNUSED,
@@ -2831,6 +2851,11 @@ remoteDispatchDomainGetEmulatorPinInfo(virNetServer *server G_GNUC_UNUSED,
if (!(dom = get_nonnull_domain(conn, args->dom)))
goto cleanup;
@@ -91,7 +93,7 @@ index 46683aa..4def952 100644
/* Allocate buffers to take the results */
if (args->maplen > 0)
cpumaps = g_new0(unsigned char, args->maplen);
@@ -2905,6 +2930,14 @@ remoteDispatchDomainGetVcpus(virNetServerPtr server G_GNUC_UNUSED,
@@ -2878,6 +2903,14 @@ remoteDispatchDomainGetVcpus(virNetServer *server G_GNUC_UNUSED,
if (!(dom = get_nonnull_domain(conn, args->dom)))
goto cleanup;
@@ -106,7 +108,7 @@ index 46683aa..4def952 100644
if (args->maxinfo > REMOTE_VCPUINFO_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("maxinfo > REMOTE_VCPUINFO_MAX"));
goto cleanup;
@@ -3145,6 +3178,10 @@ remoteDispatchDomainGetMemoryParameters(virNetServerPtr server G_GNUC_UNUSED,
@@ -3117,6 +3150,10 @@ remoteDispatchDomainGetMemoryParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
@@ -117,7 +119,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_DOMAIN_MEMORY_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3205,6 +3242,10 @@ remoteDispatchDomainGetNumaParameters(virNetServerPtr server G_GNUC_UNUSED,
@@ -3177,6 +3214,10 @@ remoteDispatchDomainGetNumaParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
@@ -128,7 +130,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_DOMAIN_NUMA_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3265,6 +3306,10 @@ remoteDispatchDomainGetBlkioParameters(virNetServerPtr server G_GNUC_UNUSED,
@@ -3237,6 +3278,10 @@ remoteDispatchDomainGetBlkioParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
@@ -139,7 +141,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_DOMAIN_BLKIO_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3326,6 +3371,10 @@ remoteDispatchNodeGetCPUStats(virNetServerPtr server G_GNUC_UNUSED,
@@ -3298,6 +3343,10 @@ remoteDispatchNodeGetCPUStats(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
@@ -150,7 +152,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_NODE_CPU_STATS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3393,6 +3442,10 @@ remoteDispatchNodeGetMemoryStats(virNetServerPtr server G_GNUC_UNUSED,
@@ -3365,6 +3414,10 @@ remoteDispatchNodeGetMemoryStats(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
@@ -161,7 +163,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_NODE_MEMORY_STATS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -3573,6 +3626,10 @@ remoteDispatchDomainGetBlockIoTune(virNetServerPtr server G_GNUC_UNUSED,
@@ -3545,6 +3598,10 @@ remoteDispatchDomainGetBlockIoTune(virNetServer *server G_GNUC_UNUSED,
if (!conn)
goto cleanup;
@@ -172,7 +174,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_DOMAIN_BLOCK_IO_TUNE_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -5117,6 +5174,10 @@ remoteDispatchDomainGetInterfaceParameters(virNetServerPtr server G_GNUC_UNUSED,
@@ -5087,6 +5144,10 @@ remoteDispatchDomainGetInterfaceParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
@@ -183,7 +185,7 @@ index 46683aa..4def952 100644
if (args->nparams > REMOTE_DOMAIN_INTERFACE_PARAMETERS_MAX) {
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
@@ -5337,6 +5398,10 @@ remoteDispatchNodeGetMemoryParameters(virNetServerPtr server G_GNUC_UNUSED,
@@ -5307,6 +5368,10 @@ remoteDispatchNodeGetMemoryParameters(virNetServer *server G_GNUC_UNUSED,
flags = args->flags;
@@ -195,10 +197,10 @@ index 46683aa..4def952 100644
virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("nparams too large"));
goto cleanup;
diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl
index 0020273..84b239c 100755
index 9f5bf0e31..aacab8880 100755
--- a/src/rpc/gendispatch.pl
+++ b/src/rpc/gendispatch.pl
@@ -1073,6 +1073,11 @@ elsif ($mode eq "server") {
@@ -1074,6 +1074,11 @@ elsif ($mode eq "server") {
print "\n";
if ($single_ret_as_list) {

12
libvirt/debian/patches/CVE-2024-2496.patch
View File

@@ -13,12 +13,14 @@ Signed-off-by: Dmitry Frolov <frolov@swemel.ru>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/2ca94317ac642a70921947150ced8acc674ccdc8
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2024-2496
[ Fixed pointers while porting patch to libvirt v8.0.0-1 ]
Signed-off-by: Daniel Caires <danielmarques.caires@windriver.com>
---
src/interface/interface_backend_udev.c | 26 +++++++++++++++++++-------
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/src/interface/interface_backend_udev.c b/src/interface/interface_backend_udev.c
index 65a5244..74b24e8 100644
index 5b22a601c..731670d8f 100644
--- a/src/interface/interface_backend_udev.c
+++ b/src/interface/interface_backend_udev.c
@@ -23,6 +23,7 @@
@@ -38,9 +40,9 @@ index 65a5244..74b24e8 100644
struct udev_iface_driver {
struct udev *udev;
/* pid file FD, ensures two copies of the driver can't use the same root */
@@ -357,11 +360,20 @@ udevConnectListAllInterfaces(virConnectPtr conn,
@@ -355,11 +358,20 @@ udevConnectListAllInterfaces(virConnectPtr conn,
const char *macaddr;
virInterfaceDefPtr def;
g_autoptr(virInterfaceDef) def = NULL;
- path = udev_list_entry_get_name(dev_entry);
- dev = udev_device_new_from_syspath(udev, path);
@@ -63,7 +65,7 @@ index 65a5244..74b24e8 100644
def = udevGetMinimalDefForDevice(dev);
if (!virConnectListAllInterfacesCheckACL(conn, def)) {
@@ -976,9 +988,9 @@ udevGetIfaceDef(struct udev *udev, const char *name)
@@ -969,9 +981,9 @@ udevGetIfaceDef(struct udev *udev, const char *name)
/* MTU */
mtu_str = udev_device_get_sysattr_value(dev, "mtu");
@@ -75,7 +77,7 @@ index 65a5244..74b24e8 100644
goto error;
}
ifacedef->mtu = mtu;
@@ -1105,7 +1117,7 @@ udevInterfaceIsActive(virInterfacePtr ifinfo)
@@ -1094,7 +1106,7 @@ udevInterfaceIsActive(virInterfacePtr ifinfo)
goto cleanup;
/* Check if it's active or not */

226
libvirt/debian/patches/libxl-Fix-domain-shutdown.patch
View File

@@ -1,226 +0,0 @@
From: Jim Fehlig <jfehlig@suse.com>
Date: Fri, 19 Feb 2021 16:29:10 -0700
Subject: libxl: Fix domain shutdown
Commit fa30ee04a2 caused a regression in normal domain shutown.
Initiating a shutdown from within the domain or via 'virsh shutdown'
does cause the guest OS running in the domain to shutdown, but libvirt
never reaps the domain so it is always shown in a running state until
calling 'virsh destroy'.
The shutdown thread is also an internal user of the driver shutdown
machinery and eventually calls libxlDomainDestroyInternal where
the ignoreDeathEvent inhibitor is set, but running in a thread
introduces the possibility of racing with the death event from
libxl. This can be prevented by setting ignoreDeathEvent before
running the shutdown thread.
An additional improvement is to handle the destroy event synchronously
instead of spawning a thread. The time consuming aspects of destroying
a domain have been completed when the destroy event is delivered.
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Origin: https://gitlab.com/libvirt/libvirt/-/commit/87a9d3a6b01baebdca33d95ad0e79781b6a46ca8
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=2034195
Bug-Debian: https://security-tracker.debian.org/tracker/CVE-2021-4147
Bug-Debian: https://bugs.debian.org/1002535
---
src/libxl/libxl_domain.c | 120 ++++++++++++++++++++++-------------------------
1 file changed, 57 insertions(+), 63 deletions(-)
diff --git a/src/libxl/libxl_domain.c b/src/libxl/libxl_domain.c
index afa21bf..63938d5 100644
--- a/src/libxl/libxl_domain.c
+++ b/src/libxl/libxl_domain.c
@@ -476,6 +476,7 @@ libxlDomainShutdownHandleRestart(libxlDriverPrivatePtr driver,
struct libxlShutdownThreadInfo
{
libxlDriverPrivatePtr driver;
+ virDomainObjPtr vm;
libxl_event *event;
};
@@ -484,7 +485,7 @@ static void
libxlDomainShutdownThread(void *opaque)
{
struct libxlShutdownThreadInfo *shutdown_info = opaque;
- virDomainObjPtr vm = NULL;
+ virDomainObjPtr vm = shutdown_info->vm;
libxl_event *ev = shutdown_info->event;
libxlDriverPrivatePtr driver = shutdown_info->driver;
virObjectEventPtr dom_event = NULL;
@@ -494,12 +495,6 @@ libxlDomainShutdownThread(void *opaque)
libxl_domain_config_init(&d_config);
- vm = virDomainObjListFindByID(driver->domains, ev->domid);
- if (!vm) {
- VIR_INFO("Received event for unknown domain ID %d", ev->domid);
- goto cleanup;
- }
-
if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
goto cleanup;
@@ -616,32 +611,18 @@ libxlDomainShutdownThread(void *opaque)
}
static void
-libxlDomainDeathThread(void *opaque)
+libxlDomainHandleDeath(libxlDriverPrivatePtr driver, virDomainObjPtr vm)
{
- struct libxlShutdownThreadInfo *shutdown_info = opaque;
- virDomainObjPtr vm = NULL;
- libxl_event *ev = shutdown_info->event;
- libxlDriverPrivatePtr driver = shutdown_info->driver;
virObjectEventPtr dom_event = NULL;
- g_autoptr(libxlDriverConfig) cfg = libxlDriverConfigGet(driver);
- libxlDomainObjPrivatePtr priv;
-
- vm = virDomainObjListFindByID(driver->domains, ev->domid);
- if (!vm) {
- /* vm->def->id already cleared, means the death was handled by the
- * driver already */
- goto cleanup;
- }
-
- priv = vm->privateData;
+ libxlDomainObjPrivatePtr priv = vm->privateData;
if (priv->ignoreDeathEvent) {
priv->ignoreDeathEvent = false;
- goto cleanup;
+ return;
}
if (libxlDomainObjBeginJob(driver, vm, LIBXL_JOB_MODIFY) < 0)
- goto cleanup;
+ return;
virDomainObjSetState(vm, VIR_DOMAIN_SHUTOFF, VIR_DOMAIN_SHUTOFF_DESTROYED);
dom_event = virDomainEventLifecycleNewFromObj(vm,
@@ -651,12 +632,7 @@ libxlDomainDeathThread(void *opaque)
if (!vm->persistent)
virDomainObjListRemove(driver->domains, vm);
libxlDomainObjEndJob(driver, vm);
-
- cleanup:
- virDomainObjEndAPI(&vm);
virObjectEventStateQueue(driver->domainEventState, dom_event);
- libxl_event_free(cfg->ctx, ev);
- VIR_FREE(shutdown_info);
}
@@ -668,16 +644,13 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
{
libxlDriverPrivatePtr driver = data;
libxl_shutdown_reason xl_reason = event->u.domain_shutdown.shutdown_reason;
- struct libxlShutdownThreadInfo *shutdown_info = NULL;
- virThread thread;
+ virDomainObjPtr vm = NULL;
g_autoptr(libxlDriverConfig) cfg = NULL;
- int ret = -1;
- g_autofree char *name = NULL;
if (event->type != LIBXL_EVENT_TYPE_DOMAIN_SHUTDOWN &&
event->type != LIBXL_EVENT_TYPE_DOMAIN_DEATH) {
VIR_INFO("Unhandled event type %d", event->type);
- goto error;
+ goto cleanup;
}
/*
@@ -685,42 +658,63 @@ libxlDomainEventHandler(void *data, VIR_LIBXL_EVENT_CONST libxl_event *event)
* after calling libxl_domain_suspend() are handled by its callers.
*/
if (xl_reason == LIBXL_SHUTDOWN_REASON_SUSPEND)
- goto error;
+ goto cleanup;
+
+ vm = virDomainObjListFindByID(driver->domains, event->domid);
+ if (!vm) {
+ /* Nothing to do if we can't find the virDomainObj */
+ goto cleanup;
+ }
+
+ if (event->type == LIBXL_EVENT_TYPE_DOMAIN_SHUTDOWN) {
+ libxlDomainObjPrivatePtr priv = vm->privateData;
+ struct libxlShutdownThreadInfo *shutdown_info = NULL;
+ virThread thread;
+ g_autofree char *name = NULL;
- /*
- * Start a thread to handle shutdown. We don't want to be tying up
- * libxl's event machinery by doing a potentially lengthy shutdown.
- */
- shutdown_info = g_new0(struct libxlShutdownThreadInfo, 1);
-
- shutdown_info->driver = driver;
- shutdown_info->event = (libxl_event *)event;
- name = g_strdup_printf("ev-%d", event->domid);
- if (event->type == LIBXL_EVENT_TYPE_DOMAIN_SHUTDOWN)
- ret = virThreadCreateFull(&thread, false, libxlDomainShutdownThread,
- name, false, shutdown_info);
- else if (event->type == LIBXL_EVENT_TYPE_DOMAIN_DEATH)
- ret = virThreadCreateFull(&thread, false, libxlDomainDeathThread,
- name, false, shutdown_info);
-
- if (ret < 0) {
/*
- * Not much we can do on error here except log it.
+ * Start a thread to handle shutdown. We don't want to be tying up
+ * libxl's event machinery by doing a potentially lengthy shutdown.
*/
- VIR_ERROR(_("Failed to create thread to handle domain shutdown"));
- goto error;
- }
+ shutdown_info = g_new0(struct libxlShutdownThreadInfo, 1);
- /*
- * libxlShutdownThreadInfo and libxl_event are freed in shutdown thread
- */
- return;
+ shutdown_info->driver = driver;
+ shutdown_info->vm = vm;
+ shutdown_info->event = (libxl_event *)event;
+ name = g_strdup_printf("ev-%d", event->domid);
+ /*
+ * Cleanup will be handled by the shutdown thread.
+ * Ignore the forthcoming death event from libxl
+ */
+ priv->ignoreDeathEvent = true;
+ if (virThreadCreateFull(&thread, false, libxlDomainShutdownThread,
+ name, false, shutdown_info) < 0) {
+ priv->ignoreDeathEvent = false;
+ /*
+ * Not much we can do on error here except log it.
+ */
+ VIR_ERROR(_("Failed to create thread to handle domain shutdown"));
+ VIR_FREE(shutdown_info);
+ goto cleanup;
+ }
+ /*
+ * virDomainObjEndAPI is called in the shutdown thread, where
+ * libxlShutdownThreadInfo and libxl_event are also freed.
+ */
+ return;
+ } else if (event->type == LIBXL_EVENT_TYPE_DOMAIN_DEATH) {
+ /*
+ * On death the domain is cleaned up from Xen's perspective.
+ * Cleanup on the libvirt side can be done synchronously.
+ */
+ libxlDomainHandleDeath(driver, vm);
+ }
- error:
+ cleanup:
+ virDomainObjEndAPI(&vm);
cfg = libxlDriverConfigGet(driver);
/* Cast away any const */
libxl_event_free(cfg->ctx, (libxl_event *)event);
- VIR_FREE(shutdown_info);
}
char *

17
libvirt/debian/patches/series
View File

@@ -1,13 +1,3 @@
CVE-2021-3631.patch
CVE-2021-3667.patch
CVE-2021-3975.patch
libxl-Fix-domain-shutdown.patch
CVE-2021-4147_1.patch
CVE-2021-4147_2.patch
CVE-2021-4147_3.patch
CVE-2021-4147_4.patch
CVE-2021-4147_5.patch
CVE-2021-4147_6.patch
CVE-2022-0897.patch
CVE-2024-1441.patch
CVE-2024-2496.patch
@@ -21,10 +11,3 @@ CVE-2024-2494.patch
0007-STX-Stop-processing-memory-stats-if-balloon-info.patch
0008-STX-Increase-timeout-for-connecting-to-monitor.patch
0009-STX-pci-sriov-perform-limited-retry-on-netlink.patch
0010-qemu-capabilities-Introduce-QEMU_CAPS_OBJECT_QAPIFIE.patch
0011-qemu-monitor-Make-wrapping-of-props-of-object-add-op.patch
0012-qemuMonitorCreateObjectPropsWrap-Open-code-in-qemuBu.patch
0013-qemu-monitor-Don-t-add-props-wrapper-if-qemu-has-QEM.patch
0014-qemu-remove-support-for-generating-yes-no-boolean-op.patch
0015-qemu-command-Use-JSON-for-QAPIfied-object-directly.patch
0016-qemu-capabilities-Enable-detection-of-QEMU_CAPS_OBJE.patch