libvirt-6.6.0-5

Fix noisy log error 'Failed to open file ...unique_id...' (bz #1692100) Fix USB device error 'vendor cannot be 0' (bz #1897625)
Build libvirt-daemon-kvm for riscv64.
2020-12-07 12:54:26 -05:00 · 2020-12-05 17:38:59 +00:00 · 2020-11-03 11:45:58 -05:00
18 changed files with 775 additions and 774 deletions
@@ -1,56 +0,0 @@
-From: Laine Stump <laine@redhat.com>
-Date: Thu, 21 Jan 2021 16:01:06 -0500
-Subject: [PATCH] build: support explicitly disabling netcf
-
-placing "-Dnetcf=disabled" on the meson commandline was ignored,
-meaning that even with that option the build would get WITH_NETCF if
-the netcf-devel package was found - the only way to disable it was to
-uninstall netcf-devel.
-
-This patch adds the small bit of logic to check the netcf meson
-commandline option (in addition to whether netcf-devel is installed)
-before defining WITH_NETCF.
-
-Signed-off-by: Laine Stump <laine@redhat.com>
-Reviewed-by: Neal Gompa <ngompa13@gmail.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 06169a115d46d8870a96d293c2faf6ea87e71020)
---
- meson.build | 10 ++++++----
- 1 file changed, 6 insertions(+), 4 deletions(-)
-
-diff --git a/meson.build b/meson.build
-index b5164f68ed..e9d6d9f82e 100644
--- a/meson.build
-+++ b/meson.build
-@@ -1155,8 +1155,10 @@ libm_dep = cc.find_library('m', required : false)
- 
- netcf_version = '0.1.8'
- netcf_dep = dependency('netcf', version: '>=' + netcf_version, required: get_option('netcf'))
-if netcf_dep.found()
-  conf.set('WITH_NETCF', 1)
-+if not get_option('netcf').disabled()
-+  if netcf_dep.found()
-+    conf.set('WITH_NETCF', 1)
-+  endif
- endif
- 
- have_gnu_gettext_tools = false
-@@ -1550,7 +1552,7 @@ elif get_option('driver_hyperv').enabled()
-   error('openwsman is required for the Hyper-V driver')
- endif
- 
-if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or netcf_dep.found())
-+if not get_option('driver_interface').disabled() and conf.has('WITH_LIBVIRTD') and (udev_dep.found() or conf.has('WITH_NETCF'))
-   conf.set('WITH_INTERFACE', 1)
- elif get_option('driver_interface').enabled()
-   error('Requested the Interface driver without netcf or udev and libvirtd support')
-@@ -2362,7 +2364,7 @@ libs_summary = {
-   'libssh': libssh_dep.found(),
-   'libssh2': libssh2_dep.found(),
-   'libutil': libutil_dep.found(),
-  'netcf': netcf_dep.found(),
-+  'netcf': conf.has('WITH_NETCF'),
-   'NLS': have_gnu_gettext_tools,
-   'numactl': numactl_dep.found(),
-   'openwsman': openwsman_dep.found(),
@@ -0,0 +1,34 @@
+From: Jiri Denemark <jdenemar@redhat.com>
+Date: Wed, 5 Aug 2020 10:01:45 +0200
+Subject: [PATCH] util: Fix logic in virFileSetCOW
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+When COW is not explicitly requested to be disabled or enabled, the
+function is supposed to do nothing on non-BTRFS file systems.
+
+Fixes commit 7230bc95aa78379c9ee20cf59394c5fc4305b75b.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1866157
+
+Signed-off-by: Jiri Denemark <jdenemar@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 2edd63a0dbd445112db23596ee0128521e8f1ff5)
+---
+ src/util/virfile.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/util/virfile.c b/src/util/virfile.c
+index af150421e7..a06e7dfcce 100644
+--- a/src/util/virfile.c
+++ b/src/util/virfile.c
+@@ -4550,7 +4550,7 @@ virFileSetCOW(const char *path,
+     }
+ 
+     if (buf.f_type != BTRFS_SUPER_MAGIC) {
+-        if (state == VIR_TRISTATE_BOOL_ABSENT) {
+        if (state != VIR_TRISTATE_BOOL_ABSENT) {
+             virReportSystemError(ENOSYS,
+                                  _("unable to control COW flag on '%s', not btrfs"),
+                                  path);
@@ -1,72 +0,0 @@
-From: wangjian <wangjian161@huawei.com>
-Date: Fri, 26 Mar 2021 11:21:16 +0800
-Subject: [PATCH] node_device_udev: Serialize access to pci_get_strings)_
-
-Since the functions provided by libpciaccess are not thread-safe,
-when the udev-event and nodedev-init threads of libvirt call the
-pci_get_strings function provided by libpaciaccess at the same
-time the following can happen:
-
-nodedev-init thread:
-nodeStateInitializeEnumerate ->
-  udevEnumerateDevices->
-    udevProcessDeviceListEntry ->
-      udevAddOneDevice ->
-        udevGetDeviceDetails->
-          udevProcessPCI ->
-            udevTranslatePCIIds ->
-              pci_get_strings -> (libpciaccess)
-                find_device_name ->
-                  populate_vendor ->
-                    d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
-                    vend->num_devices++;
-
-udev-event thread:
-udevEventHandleThread ->
-  udevHandleOneDevice ->
-    udevAddOneDevice->
-      udevGetDeviceDetails->
-        udevProcessPCI ->
-          udevTranslatePCIIds ->
-            pci_get_strings -> (libpciaccess)
-              find_device_name ->
-                populate_vendor ->
-                  d = realloc( vend->devices, (vend->num_devices + 1), * sizeof( struct pci_device_leaf ) );
-                  vend->num_devices++;
-
-Signed-off-by: WangJian <wangjian161@huawei.com>
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 59788a5caea5f292c86e07a31ee2b853d68db87e)
---
- src/node_device/node_device_udev.c | 5 ++++-
- 1 file changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
-index 55a2731681..6f0defe908 100644
--- a/src/node_device/node_device_udev.c
-+++ b/src/node_device/node_device_udev.c
-@@ -328,6 +328,7 @@ udevGenerateDeviceName(struct udev_device *device,
-     return 0;
- }
- 
-+static virMutex pciaccessMutex = VIR_MUTEX_INITIALIZER;
- 
- static int
- udevTranslatePCIIds(unsigned int vendor,
-@@ -346,12 +347,14 @@ udevTranslatePCIIds(unsigned int vendor,
-     m.device_class_mask = 0;
-     m.match_data = 0;
- 
-    /* pci_get_strings returns void */
-+    /* pci_get_strings returns void and unfortunately is not thread safe. */
-+    virMutexLock(&pciaccessMutex);
-     pci_get_strings(&m,
-                     &device_name,
-                     &vendor_name,
-                     NULL,
-                     NULL);
-+    virMutexUnlock(&pciaccessMutex);
- 
-     *vendor_string = g_strdup(vendor_name);
-     *product_string = g_strdup(device_name);
@@ -0,0 +1,88 @@
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 18 Aug 2020 11:08:15 +0200
+Subject: [PATCH] virdevmapper: Don't cache device-mapper major
+
+The device mapper major is needed in virIsDevMapperDevice() which
+determines whether given device is managed by device-mapper. This
+number is obtained by parsing /proc/devices and then stored in a
+global variable so that the file doesn't have to be parsed again.
+However, as it turns out this logic is flawed - the major number
+is not static and can change as it can be specified as a
+parameter when loading the dm-mod module.
+
+Unfortunately, I was not able to come up with a good solution and
+thus the /proc/devices file is being parsed every time we need
+the device mapper major.
+
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+(cherry picked from commit 82bb167f0d15b733b23931205be3488b83cb9ec6)
+---
+ src/util/virdevmapper.c | 17 +++++------------
+ 1 file changed, 5 insertions(+), 12 deletions(-)
+
+diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
+index a471504176..b43dbefa9a 100644
+--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
+@@ -46,11 +46,9 @@
+ 
+ G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl));
+ 
+-static unsigned int virDMMajor;
+-
+ 
+ static int
+-virDevMapperOnceInit(void)
+virDevMapperGetMajor(unsigned int *major)
+ {
+     g_autofree char *buf = NULL;
+     VIR_AUTOSTRINGLIST lines = NULL;
+@@ -69,7 +67,7 @@ virDevMapperOnceInit(void)
+ 
+         if (sscanf(lines[i], "%u %ms\n", &maj, &dev) == 2 &&
+             STREQ(dev, DM_NAME)) {
+-            virDMMajor = maj;
+            *major = maj;
+             break;
+         }
+     }
+@@ -85,9 +83,6 @@ virDevMapperOnceInit(void)
+ }
+ 
+ 
+-VIR_ONCE_GLOBAL_INIT(virDevMapper);
+-
+-
+ static void *
+ virDMIoctl(int controlFD, int cmd, struct dm_ioctl *dm, char **buf)
+ {
+@@ -305,9 +300,6 @@ virDevMapperGetTargets(const char *path,
+      * consist of devices or yet another targets. If that's the
+      * case, we have to stop recursion somewhere. */
+ 
+-    if (virDevMapperInitialize() < 0)
+-        return -1;
+-
+     if ((controlFD = virDMOpen()) < 0)
+         return -1;
+ 
+@@ -319,13 +311,14 @@ bool
+ virIsDevMapperDevice(const char *dev_name)
+ {
+     struct stat buf;
+    unsigned int major;
+ 
+-    if (virDevMapperInitialize() < 0)
+    if (virDevMapperGetMajor(&major) < 0)
+         return false;
+ 
+     if (!stat(dev_name, &buf) &&
+         S_ISBLK(buf.st_mode) &&
+-        major(buf.st_rdev) == virDMMajor)
+        major(buf.st_rdev) == major)
+         return true;
+ 
+     return false;
@@ -1,53 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 24 Jun 2021 16:58:09 +0200
-Subject: [PATCH] virSetUIDGIDWithCaps: Don't drop CAP_SETPCAP right away
-
-There are few cases where we execute a virCommand with all caps
-cleared (virCommandClearCaps()). For instance
-dnsmasqCapsRefreshInternal() does just that. This means, that
-after fork() and before exec() the virSetUIDGIDWithCaps() is
-called. But since the caller did not want to change anything,
-just drop capabilities, these are the values of arguments:
-
-  virSetUIDGIDWithCaps (uid=-1, gid=-1, groups=0x0, ngroups=0,
-                        capBits=0, clearExistingCaps=true)
-
-This means that indeed all capabilities will be dropped,
-including CAP_SETPCAP. But this capability controls whether
-capabilities can be set, IOW whether capng_apply() succeeds.
-
-There are two calls of capng_apply() in the function. The
-CAP_SETPCAP is dropped after the first call and thus the other
-call (capng_apply(CAPNG_SELECT_BOUNDS);) fails.
-
-The solution is to keep the capability for as long as needed
-(just like CAP_SETGID and CAP_SETUID) and drop it only at the
-very end (just like CAP_SETGID and CAP_SETUID).
-
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1949388
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Martin Kletzander <mkletzan@redhat.com>
-(cherry picked from commit 438b50dda8a863fdc988e9ab612f097cc1626e8a)
---
- src/util/virutil.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/util/virutil.c b/src/util/virutil.c
-index a0cd0f1bcd..7ae23a7061 100644
--- a/src/util/virutil.c
-+++ b/src/util/virutil.c
-@@ -1202,12 +1202,10 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
-     }
- # ifdef PR_CAPBSET_DROP
-     /* If newer kernel, we need also need setpcap to change the bounding set */
-    if ((capBits || need_setgid || need_setuid) &&
-        !capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-+    if (!capng_have_capability(CAPNG_EFFECTIVE, CAP_SETPCAP)) {
-         need_setpcap = true;
-    }
-    if (need_setpcap)
-         capng_update(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED, CAP_SETPCAP);
-+    }
- # endif
- 
-     /* Tell system we want to keep caps across uid change */
@@ -0,0 +1,76 @@
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 18 Aug 2020 11:04:24 +0200
+Subject: [PATCH] virdevmapper: Handle kernel without device-mapper support
+
+In one of my latest patch (v6.6.0~30) I was trying to remove
+libdevmapper use in favor of our own implementation. However, the
+code did not take into account that device mapper can be not
+compiled into the kernel (e.g. be a separate module that's not
+loaded) in which case /proc/devices won't have the device-mapper
+major number and thus virDevMapperGetTargets() and/or
+virIsDevMapperDevice() fails.
+
+However, such failure is safe to ignore, because if device mapper
+is missing then there can't be any multipath devices and thus we
+don't need to allow the deps in CGroups, nor create them in the
+domain private namespace, etc.
+
+Fixes: 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e
+Reported-by: Andrea Bolognani <abologna@redhat.com>
+Reported-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Peter Krempa <pkrempa@redhat.com>
+Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Tested-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+(cherry picked from commit feb8564a3cc63bc8f68284063d53ec0d2d81a1cc)
+---
+ src/util/virdevmapper.c | 20 ++++++++++++++++++--
+ 1 file changed, 18 insertions(+), 2 deletions(-)
+
+diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
+index b43dbefa9a..a81e2edee4 100644
+--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
+@@ -54,6 +54,9 @@ virDevMapperGetMajor(unsigned int *major)
+     VIR_AUTOSTRINGLIST lines = NULL;
+     size_t i;
+ 
+    if (!virFileExists(CONTROL_PATH))
+        return -2;
+
+     if (virFileReadAll(PROC_DEVICES, BUF_SIZE, &buf) < 0)
+         return -1;
+ 
+@@ -126,8 +129,13 @@ virDMOpen(void)
+ 
+     memset(&dm, 0, sizeof(dm));
+ 
+-    if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0)
+    if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) {
+        if (errno == ENOENT)
+            return -2;
+
+        virReportSystemError(errno, _("Unable to open %s"), CONTROL_PATH);
+         return -1;
+    }
+ 
+     if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) {
+         virReportSystemError(errno, "%s",
+@@ -300,8 +308,16 @@ virDevMapperGetTargets(const char *path,
+      * consist of devices or yet another targets. If that's the
+      * case, we have to stop recursion somewhere. */
+ 
+-    if ((controlFD = virDMOpen()) < 0)
+    if ((controlFD = virDMOpen()) < 0) {
+        if (controlFD == -2) {
+            /* The CONTROL_PATH doesn't exist. Probably the
+             * module isn't loaded, yet. Don't error out, just
+             * exit. */
+            return 0;
+        }
+
+         return -1;
+    }
+ 
+     return virDevMapperGetTargetsImpl(controlFD, path, devPaths, ttl);
+ }
@@ -1,51 +0,0 @@
-From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
-Date: Mon, 28 Jun 2021 13:09:04 +0100
-Subject: [PATCH] security: fix SELinux label generation logic
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-A process can access a file if the set of MCS categories
-for the file is equal-to *or* a subset-of, the set of
-MCS categories for the process.
-
-If there are two VMs:
-
-  a) svirt_t:s0:c117
-  b) svirt_t:s0:c117,c720
-
-Then VM (b) is able to access files labelled for VM (a).
-
-IOW, we must discard case where the categories are equal
-because that is a subset of many other valid category pairs.
-
-Fixes: https://gitlab.com/libvirt/libvirt/-/issues/153
-CVE-2021-3631
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 15073504dbb624d3f6c911e85557019d3620fdb2)
---
- src/security/security_selinux.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
-index 2fc6ef2616..61a871ec3d 100644
--- a/src/security/security_selinux.c
-+++ b/src/security/security_selinux.c
-@@ -389,7 +389,15 @@ virSecuritySELinuxMCSFind(virSecurityManagerPtr mgr,
-         VIR_DEBUG("Try cat %s:c%d,c%d", sens, c1 + catMin, c2 + catMin);
- 
-         if (c1 == c2) {
-            mcs = g_strdup_printf("%s:c%d", sens, catMin + c1);
-+            /*
-+             * A process can access a file if the set of MCS categories
-+             * for the file is equal-to *or* a subset-of, the set of
-+             * MCS categories for the process.
-+             *
-+             * IOW, we must discard case where the categories are equal
-+             * because that is a subset of other category pairs.
-+             */
-+            continue;
-         } else {
-             if (c1 > c2) {
-                 int t = c1;
@@ -0,0 +1,77 @@
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Wed, 19 Aug 2020 13:35:55 +0200
+Subject: [PATCH] virdevmapper: Ignore all errors when opening
+ /dev/mapper/control
+
+So far, only ENOENT is ignored (to deal with kernels without
+devmapper). However, as reported on the list, under certain
+scenarios a different error can occur. For instance, when libvirt
+is running inside a container which doesn't have permissions to
+talk to the devmapper. If this is the case, then open() returns
+-1 and sets errno=EPERM.
+
+Assuming that multipath devices are fairly narrow use case and
+using them in a restricted container is even more narrow the best
+fix seems to be to ignore all open errors BUT produce a warning
+on failure. To avoid flooding logs with warnings on kernels
+without devmapper the level is reduced to a plain debug message.
+
+Reported-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+(cherry picked from commit 53d9af1e7924757e3b5f661131dd707d7110d094)
+---
+ src/util/virdevmapper.c | 23 +++++++++++++++--------
+ 1 file changed, 15 insertions(+), 8 deletions(-)
+
+diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c
+index a81e2edee4..ee2fab5ae3 100644
+--- a/src/util/virdevmapper.c
+++ b/src/util/virdevmapper.c
+@@ -35,9 +35,12 @@
+ # include "viralloc.h"
+ # include "virstring.h"
+ # include "virfile.h"
+# include "virlog.h"
+ 
+ # define VIR_FROM_THIS VIR_FROM_STORAGE
+ 
+VIR_LOG_INIT("util.virdevmapper");
+
+ # define PROC_DEVICES "/proc/devices"
+ # define DM_NAME "device-mapper"
+ # define DEV_DM_DIR "/dev/" DM_DIR
+@@ -130,11 +133,15 @@ virDMOpen(void)
+     memset(&dm, 0, sizeof(dm));
+ 
+     if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) {
+-        if (errno == ENOENT)
+-            return -2;
+-
+-        virReportSystemError(errno, _("Unable to open %s"), CONTROL_PATH);
+-        return -1;
+        /* We can't talk to devmapper. Produce a warning and let
+         * the caller decide what to do next. */
+        if (errno == ENOENT) {
+            VIR_DEBUG("device mapper not available");
+        } else {
+            VIR_WARN("unable to open %s: %s",
+                     CONTROL_PATH, g_strerror(errno));
+        }
+        return -2;
+     }
+ 
+     if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) {
+@@ -310,9 +317,9 @@ virDevMapperGetTargets(const char *path,
+ 
+     if ((controlFD = virDMOpen()) < 0) {
+         if (controlFD == -2) {
+-            /* The CONTROL_PATH doesn't exist. Probably the
+-             * module isn't loaded, yet. Don't error out, just
+-             * exit. */
+            /* The CONTROL_PATH doesn't exist or is unusable.
+             * Probably the module isn't loaded, yet. Don't error
+             * out, just exit. */
+             return 0;
+         }
+ 
@@ -0,0 +1,57 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Wed, 4 Nov 2020 12:08:19 +0100
+Subject: [PATCH] util: use g_autofree in virSCSIHostGetUniqueId
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+(cherry picked from commit 843b70995471c1a20822ee62ff084310066b4b4a)
+---
+ src/util/virscsihost.c | 16 +++++-----------
+ 1 file changed, 5 insertions(+), 11 deletions(-)
+
+diff --git a/src/util/virscsihost.c b/src/util/virscsihost.c
+index 7d8e5299b8..4e6d8f7ad6 100644
+--- a/src/util/virscsihost.c
+++ b/src/util/virscsihost.c
+@@ -46,17 +46,16 @@ int
+ virSCSIHostGetUniqueId(const char *sysfs_prefix,
+                        int host)
+ {
+-    char *sysfs_path = NULL;
+    g_autofree char *sysfs_path = NULL;
+     char *p = NULL;
+-    int ret = -1;
+-    char *buf = NULL;
+    g_autofree char *buf = NULL;
+     int unique_id;
+ 
+     sysfs_path = g_strdup_printf("%s/host%d/unique_id",
+                                  sysfs_prefix ? sysfs_prefix : SYSFS_SCSI_HOST_PATH, host);
+ 
+     if (virFileReadAll(sysfs_path, 1024, &buf) < 0)
+-        goto cleanup;
+        return -1;
+ 
+     if ((p = strchr(buf, '\n')))
+         *p = '\0';
+@@ -65,15 +64,10 @@ virSCSIHostGetUniqueId(const char *sysfs_prefix,
+         virReportError(VIR_ERR_INTERNAL_ERROR,
+                        _("unable to parse unique_id: %s"), buf);
+ 
+-        goto cleanup;
+        return -1;
+     }
+ 
+-    ret = unique_id;
+-
+- cleanup:
+-    VIR_FREE(sysfs_path);
+-    VIR_FREE(buf);
+-    return ret;
+    return unique_id;
+ }
+ 
+ 
@@ -1,43 +0,0 @@
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Thu, 22 Jul 2021 14:26:00 +0200
-Subject: [PATCH] virSetUIDGIDWithCaps: Set bounding capabilities only with
- CAP_SETPCAP
-
-In one of my previous patches I've tried to postpone dropping
-CAP_SETPCAP until the very end because it's needed for
-capng_apply(). What I did not realize back then was that we might
-not have the capability to begin with. Because of unknown reasons
-capng_apply() pollutes logs only for CAPNG_SELECT_BOUNDS and not
-for CAPNG_SELECT_CAPS.
-
-Reproducer is really simple: run libvirtd as a regular user.
-During its initialization, libvirtd will spawn some binaries
-(dnsmasq, qemu-*, etc.) and while doing so it will try to drop
-capabilities.
-
-Anyway, let's call capng_apply(CAPNG_SELECT_BOUNDS) only if we
-have the CAP_SETPCAP (which is tracked in need_setpcap variable).
-
-Fixes: 438b50dda8a863fdc988e9ab612f097cc1626e8a
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1924218
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Cole Robinson <crobinso@redhat.com>
-(cherry picked from commit a2476f37a7789eb9315b77bb451f4754ef4ef15b)
---
- src/util/virutil.c | 3 ++-
- 1 file changed, 2 insertions(+), 1 deletion(-)
-
-diff --git a/src/util/virutil.c b/src/util/virutil.c
-index 7ae23a7061..333f99e91d 100644
--- a/src/util/virutil.c
-+++ b/src/util/virutil.c
-@@ -1269,7 +1269,8 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups,
-      * do this if we failed to get the capability above, so ignore the
-      * return value.
-      */
-    capng_apply(CAPNG_SELECT_BOUNDS);
-+    if (!need_setpcap)
-+        capng_apply(CAPNG_SELECT_BOUNDS);
- 
-     /* Drop the caps that allow setuid/gid (unless they were requested) */
-     if (need_setgid)
@@ -1,57 +0,0 @@
-From: Pavel Hrdina <phrdina@redhat.com>
-Date: Mon, 10 May 2021 15:07:09 +0200
-Subject: [PATCH] qemu_firmware: don't error out for unknown firmware features
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-When QEMU introduces new firmware features libvirt will fail until we
-list that feature in our code as well which doesn't sound right.
-
-We should simply ignore the new feature until we add a proper support
-for it.
-
-Reported-by: Laszlo Ersek <lersek@redhat.com>
-Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
-Reviewed-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit 61d95a1073833ec4323c1ef28e71e913c55aa7b9)
---
- src/qemu/qemu_firmware.c | 12 ++++++------
- 1 file changed, 6 insertions(+), 6 deletions(-)
-
-diff --git a/src/qemu/qemu_firmware.c b/src/qemu/qemu_firmware.c
-index 639cff7459..e602de22e3 100644
--- a/src/qemu/qemu_firmware.c
-+++ b/src/qemu/qemu_firmware.c
-@@ -573,6 +573,7 @@ qemuFirmwareFeatureParse(const char *path,
-     virJSONValuePtr featuresJSON;
-     g_autoptr(qemuFirmwareFeature) features = NULL;
-     size_t nfeatures;
-+    size_t nparsed = 0;
-     size_t i;
- 
-     if (!(featuresJSON = virJSONValueObjectGetArray(doc, "features"))) {
-@@ -592,17 +593,16 @@ qemuFirmwareFeatureParse(const char *path,
-         int tmp;
- 
-         if ((tmp = qemuFirmwareFeatureTypeFromString(tmpStr)) <= 0) {
-            virReportError(VIR_ERR_INTERNAL_ERROR,
-                           _("unknown feature %s"),
-                           tmpStr);
-            return -1;
-+            VIR_DEBUG("ignoring unknown QEMU firmware feature '%s'", tmpStr);
-+            continue;
-         }
- 
-        features[i] = tmp;
-+        features[nparsed] = tmp;
-+        nparsed++;
-     }
- 
-     fw->features = g_steal_pointer(&features);
-    fw->nfeatures = nfeatures;
-+    fw->nfeatures = nparsed;
-     return 0;
- }
- 
@@ -0,0 +1,56 @@
+From: =?UTF-8?q?J=C3=A1n=20Tomko?= <jtomko@redhat.com>
+Date: Wed, 4 Nov 2020 12:29:07 +0100
+Subject: [PATCH] util: quieten virSCSIHostGetUniqueId
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The only caller of this function ignores failure
+and just sets the unique_id to -1.
+
+Failing to read the file is likely to the device no longer
+being present, not a real error.
+
+Stop reporting errors in this function.
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1692100
+
+Signed-off-by: Ján Tomko <jtomko@redhat.com>
+Reviewed-by: Erik Skultety <eskultet@redhat.com>
+(cherry picked from commit 4a56278e770c972dbee7be5842b557de152a586e)
+---
+ src/util/virscsihost.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/util/virscsihost.c b/src/util/virscsihost.c
+index 4e6d8f7ad6..b1d51b40d3 100644
+--- a/src/util/virscsihost.c
+++ b/src/util/virscsihost.c
+@@ -41,6 +41,8 @@ VIR_LOG_INIT("util.scsi_host");
+  * Read the value of the "scsi_host" unique_id file.
+  *
+  * Returns the value on success or -1 on failure.
+ *
+ * No errors are reported.
+  */
+ int
+ virSCSIHostGetUniqueId(const char *sysfs_prefix,
+@@ -54,16 +56,14 @@ virSCSIHostGetUniqueId(const char *sysfs_prefix,
+     sysfs_path = g_strdup_printf("%s/host%d/unique_id",
+                                  sysfs_prefix ? sysfs_prefix : SYSFS_SCSI_HOST_PATH, host);
+ 
+-    if (virFileReadAll(sysfs_path, 1024, &buf) < 0)
+    if (virFileReadAllQuiet(sysfs_path, 1024, &buf) < 0)
+         return -1;
+ 
+     if ((p = strchr(buf, '\n')))
+         *p = '\0';
+ 
+     if (virStrToLong_i(buf, NULL, 10, &unique_id) < 0) {
+-        virReportError(VIR_ERR_INTERNAL_ERROR,
+-                       _("unable to parse unique_id: %s"), buf);
+-
+        VIR_DEBUG("unable to parse unique_id: '%s'", buf);
+         return -1;
+     }
+ 
@@ -0,0 +1,46 @@
+From: Michal Privoznik <mprivozn@redhat.com>
+Date: Tue, 17 Nov 2020 12:56:39 +0100
+Subject: [PATCH] node_device: Use "udev" monitor source
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+In v6.3.0-rc1~67 I've made a switch: instead of listening on udev
+events the nodedev driver started listening for kernel events.
+This was because when a device changes its name (e.g. NICs) we
+will get "move" event with DEVPATH_OLD property set, which we can
+then use to remove the old device and thus keep our internal list
+up to date. The switch to "kernel" source was made because if the
+old NICs naming (eth0, eth1, ...) is enabled (e.g. via
+net.ifnames=0 on the kernel cmd line) then udev overwrites the
+property with the new name making our internal list go out of
+sync. Interestingly, when the od NICs naming is not enabled then
+the DEVPATH_OLD contains the correct value.
+
+But as it turns out, "kernel" source might be missing some other
+important properties, e.g. USB vendor/product IDs. Therefore,
+switch back to "udev" source and wish the best of luck to users
+using the old NICs naming.
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1897625
+Fixes: 9a13704818e4a018723e0ec5b9e97b176f1c8584
+Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
+Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
+(cherry picked from commit 7e67a136dab9034dd3cb2ed76fa90c524c800cde)
+---
+ src/node_device/node_device_udev.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/node_device/node_device_udev.c b/src/node_device/node_device_udev.c
+index ff558efb83..b7fbd42fa1 100644
+--- a/src/node_device/node_device_udev.c
+++ b/src/node_device/node_device_udev.c
+@@ -1878,7 +1878,7 @@ nodeStateInitialize(bool privileged,
+ 
+     virObjectLock(priv);
+ 
+-    priv->udev_monitor = udev_monitor_new_from_netlink(udev, "kernel");
+    priv->udev_monitor = udev_monitor_new_from_netlink(udev, "udev");
+     if (!priv->udev_monitor) {
+         virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+                        _("udev_monitor_new_from_netlink returned NULL"));
@@ -1,33 +0,0 @@
-From: Peter Krempa <pkrempa@redhat.com>
-Date: Wed, 21 Jul 2021 11:22:25 +0200
-Subject: [PATCH] storage_driver: Unlock object on ACL fail in
- storagePoolLookupByTargetPath
-
-'virStoragePoolObjListSearch' returns a locked and refed object, thus we
-must release it on ACL permission failure.
-
-Fixes: 7aa0e8c0cb8
-Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1984318
-Signed-off-by: Peter Krempa <pkrempa@redhat.com>
-Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
-(cherry picked from commit 447f69dec47e1b0bd15ecd7cd49a9fd3b050fb87)
---
- src/storage/storage_driver.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/src/storage/storage_driver.c b/src/storage/storage_driver.c
-index 16bc53aa46..2787c1671b 100644
--- a/src/storage/storage_driver.c
-+++ b/src/storage/storage_driver.c
-@@ -1739,8 +1739,10 @@ storagePoolLookupByTargetPath(virConnectPtr conn,
-                                            storagePoolLookupByTargetPathCallback,
-                                            cleanpath))) {
-         def = virStoragePoolObjGetDef(obj);
-        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0)
-+        if (virStoragePoolLookupByTargetPathEnsureACL(conn, def) < 0) {
-+            virStoragePoolObjEndAPI(&obj);
-             return NULL;
-+        }
- 
-         pool = virGetStoragePool(conn, def->name, def->uuid, NULL, NULL);
-         virStoragePoolObjEndAPI(&obj);
@@ -1,81 +0,0 @@
-From 7e299ba649b1288d529c7595c0e6060c9ae0ff2a Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 29 Nov 2021 09:57:49 +0100
-Subject: [PATCH 1/2] wireshark: Switch to tvb_bytes_to_str()
-
-When the dissector sees a byte sequence that is either an opaque
-data (xdr_opaque) or a byte sequence (xdr_bytes) it formats the
-bytes as a hex numbers using our own implementation. But
-wireshark already provides a function for it: tvb_bytes_to_str().
-NB, the reason why it returns a const string is so that callers
-don't try to free it - the string is allocated using an allocator
-which will decide when to free it.
-
-The wireshark formatter was introduced in wireshark commit of
-v1.99.2~479 and thus is present in the version we require at
-least (2.6.0).
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 30 ++++++++--------------------
- 1 file changed, 8 insertions(+), 22 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index f43919b05d..cb922b8070 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -158,24 +158,6 @@ dissect_xdr_string(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     }
- }
- 
-static const gchar *
-format_xdr_bytes(guint8 *bytes, guint32 length)
-{
-    gchar *buf;
-    guint32 i;
-
-    if (length == 0)
-        return "";
-    buf = wmem_alloc(wmem_packet_scope(), length*2 + 1);
-    for (i = 0; i < length; i++) {
-        /* We know that buf has enough size to contain
-           2 * length + '\0' characters. */
-        g_snprintf(buf, 2*(length - i) + 1, "%02x", bytes[i]);
-        buf += 2;
-    }
-    return buf - length*2;
-}
-
- static gboolean
- dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-                    guint32 size)
-@@ -187,8 +169,10 @@ dissect_xdr_opaque(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-     val = g_malloc(size);
-     start = xdr_getpos(xdrs);
-     if ((rc = xdr_opaque(xdrs, (caddr_t)val, size))) {
-        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
-                                          NULL, "%s", format_xdr_bytes(val, size));
-+        gint len = xdr_getpos(xdrs) - start;
-+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+
-+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-     } else {
-         proto_tree_add_item(tree, hf_libvirt_unknown, tvb, start, -1, ENC_NA);
-     }
-@@ -207,8 +191,10 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
- 
-     start = xdr_getpos(xdrs);
-     if (xdr_bytes(xdrs, (char **)&val, &length, maxlen)) {
-        proto_tree_add_bytes_format_value(tree, hf, tvb, start, xdr_getpos(xdrs) - start,
-                                          NULL, "%s", format_xdr_bytes(val, length));
-+        gint len = xdr_getpos(xdrs) - start;
-+        const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
-+
-+        proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-         /* Seems I can't call xdr_free() for this case.
-            It will raises SEGV by referencing out of bounds call stack */
-         free(val);
-- 
-2.33.1
-
@@ -1,33 +0,0 @@
-From 010613cfd8dae6d85602a84c5c95b2d441e1b3d1 Mon Sep 17 00:00:00 2001
-From: Michal Privoznik <mprivozn@redhat.com>
-Date: Mon, 29 Nov 2021 10:20:05 +0100
-Subject: [PATCH 2/2] wireshark: Drop needless comment in dissect_xdr_bytes()
-
-In the dissect_xdr_bytes() there's a comment that the string
-allocated by xdr_bytes() can't be freed using xdr_free(). Well,
-that is expected because xdr_bytes() used plain calloc() AND the
-string is not an XDR struct but plain 'char *' type. Passing it
-to xdr_free() must result in weird things happening.
-
-Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
-Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
---
- tools/wireshark/src/packet-libvirt.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/tools/wireshark/src/packet-libvirt.c b/tools/wireshark/src/packet-libvirt.c
-index cb922b8070..eeacbcdf0e 100644
--- a/tools/wireshark/src/packet-libvirt.c
-+++ b/tools/wireshark/src/packet-libvirt.c
-@@ -195,8 +195,6 @@ dissect_xdr_bytes(tvbuff_t *tvb, proto_tree *tree, XDR *xdrs, int hf,
-         const char *s = tvb_bytes_to_str(wmem_packet_scope(), tvb, start, len);
- 
-         proto_tree_add_bytes_format_value(tree, hf, tvb, start, len, NULL, "%s", s);
-        /* Seems I can't call xdr_free() for this case.
-           It will raises SEGV by referencing out of bounds call stack */
-         free(val);
-         return TRUE;
-     } else {
-- 
-2.33.1
-
@@ -1 +1 @@
-SHA512 (libvirt-7.0.0.tar.xz) = dd6db5ec4971cf4c6059795fd81d5a3a889b10740e34c3c92271eda1c683c99df2c8f923398065d8a7c4f987a20eb1da617d5297ba8ea5a31f154412af50c343
+SHA512 (libvirt-6.6.0.tar.xz) = 55091addcf43d3c0bdd50f9378b588351181d191272d5a19220a0babe0893c1f6e0f1e41a7f51b8c1fb8e2098236b273e1a18b81573f4008ee3cf65374ba9465
Author	SHA1	Message	Date
Cole Robinson	16a0b3ee88	libvirt-6.6.0-5 Fix noisy log error 'Failed to open file ...unique_id...' (bz #1692100) Fix USB device error 'vendor cannot be 0' (bz #1897625)	2020-12-07 12:54:26 -05:00
Richard W.M. Jones	c4ffbc71ac	Build libvirt-daemon-kvm for riscv64. (cherry picked from commit `9e2eeb32e3`)	2020-12-05 17:38:59 +00:00
Cole Robinson	55716b555d	libvirt-6.6.0-3 devmapper fixes	2020-11-03 11:45:58 -05:00