diff --git a/SOURCES/libvirt-qemu-block-Remove-active-write-bitmap-even-if-there-are-no-bitmaps-to-merge.patch b/SOURCES/libvirt-qemu-block-Remove-active-write-bitmap-even-if-there-are-no-bitmaps-to-merge.patch new file mode 100644 index 0000000..78fb8d3 --- /dev/null +++ b/SOURCES/libvirt-qemu-block-Remove-active-write-bitmap-even-if-there-are-no-bitmaps-to-merge.patch @@ -0,0 +1,105 @@ +From cb297cdd8dc75abc8fd0d60dddf54cbe305d4c14 Mon Sep 17 00:00:00 2001 +Message-Id: +From: Peter Krempa +Date: Tue, 21 Jul 2020 13:56:23 +0200 +Subject: [PATCH] qemu: block: Remove 'active-write' bitmap even if there are + no bitmaps to merge + +The 'libvirt-tmp-activewrite' bitmap is added during the 'pivot' +operation of block copy and active layer block commit operations +regardless of whether there are any bitmaps to merge, but was not +removed unless a bitmap was merged. This meant that subsequent attempts +to merge into the same image would fail. + +Fix it by checking whether the 'libvirt-tmp-activewrite' would be used +by the code and don't skip the code which would delete it. + +This is a regression introduced when we switched to the new code for +block commit in <20a7abc2d2d> and for block copy in <7bfff40fdfe5>. The +actual bug originates from <4fa8654ece>. + +https://bugzilla.redhat.com/show_bug.cgi?id=1857735 + +Signed-off-by: Peter Krempa +Reviewed-by: Eric Blake +(cherry picked from commit 9d039863e2cae227cc73b7a886b40be5e5218a12) + +rhel-8.3: https://bugzilla.redhat.com/show_bug.cgi?id=1857779 +rhel-av-8.2.1: not cloned yet +Message-Id: <4fea6a40be534d5a6fe7aad88d6bee1c3e77dcfb.1595332476.git.pkrempa@redhat.com> + +Reviewed-by: Jiri Denemark +--- + src/qemu/qemu_block.c | 3 ++- + tests/qemublocktestdata/bitmapblockcommit/empty | 9 +++++++++ + .../bitmapblockcopy/empty-deep-out.json | 9 +++++++++ + .../bitmapblockcopy/empty-shallow-out.json | 9 +++++++++ + 4 files changed, 29 insertions(+), 1 deletion(-) + +diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c +index 18c3861a2e..dc5fa3da03 100644 +--- a/src/qemu/qemu_block.c ++++ b/src/qemu/qemu_block.c +@@ -2935,7 +2935,7 @@ qemuBlockGetBitmapMergeActions(virStorageSourcePtr topsrc, + + if (!(bitmaps = qemuBlockGetBitmapMergeActionsGetBitmaps(topsrc, bitmapname, + blockNamedNodeData))) +- return 0; ++ goto done; + + for (next = bitmaps; next; next = next->next) { + const char *curbitmap = next->data; +@@ -2992,6 +2992,7 @@ qemuBlockGetBitmapMergeActions(virStorageSourcePtr topsrc, + return -1; + } + ++ done: + if (writebitmapsrc && + qemuMonitorTransactionBitmapRemove(act, writebitmapsrc->nodeformat, + "libvirt-tmp-activewrite") < 0) +diff --git a/tests/qemublocktestdata/bitmapblockcommit/empty b/tests/qemublocktestdata/bitmapblockcommit/empty +index 9260011852..eddef0ddcd 100644 +--- a/tests/qemublocktestdata/bitmapblockcommit/empty ++++ b/tests/qemublocktestdata/bitmapblockcommit/empty +@@ -1 +1,10 @@ + merge bitmpas: ++[ ++ { ++ "type": "block-dirty-bitmap-remove", ++ "data": { ++ "node": "libvirt-2-format", ++ "name": "libvirt-tmp-activewrite" ++ } ++ } ++] +diff --git a/tests/qemublocktestdata/bitmapblockcopy/empty-deep-out.json b/tests/qemublocktestdata/bitmapblockcopy/empty-deep-out.json +index e69de29bb2..99f2589ed4 100644 +--- a/tests/qemublocktestdata/bitmapblockcopy/empty-deep-out.json ++++ b/tests/qemublocktestdata/bitmapblockcopy/empty-deep-out.json +@@ -0,0 +1,9 @@ ++[ ++ { ++ "type": "block-dirty-bitmap-remove", ++ "data": { ++ "node": "mirror-format-node", ++ "name": "libvirt-tmp-activewrite" ++ } ++ } ++] +diff --git a/tests/qemublocktestdata/bitmapblockcopy/empty-shallow-out.json b/tests/qemublocktestdata/bitmapblockcopy/empty-shallow-out.json +index e69de29bb2..99f2589ed4 100644 +--- a/tests/qemublocktestdata/bitmapblockcopy/empty-shallow-out.json ++++ b/tests/qemublocktestdata/bitmapblockcopy/empty-shallow-out.json +@@ -0,0 +1,9 @@ ++[ ++ { ++ "type": "block-dirty-bitmap-remove", ++ "data": { ++ "node": "mirror-format-node", ++ "name": "libvirt-tmp-activewrite" ++ } ++ } ++] +-- +2.27.0 + diff --git a/SOURCES/libvirt-qemu-blockjob-Actually-delete-temporary-bitmap-on-failed-active-commit.patch b/SOURCES/libvirt-qemu-blockjob-Actually-delete-temporary-bitmap-on-failed-active-commit.patch new file mode 100644 index 0000000..3edbf3b --- /dev/null +++ b/SOURCES/libvirt-qemu-blockjob-Actually-delete-temporary-bitmap-on-failed-active-commit.patch @@ -0,0 +1,65 @@ +From 2069251b1f50e1aaec566909478f1443ccfe32e6 Mon Sep 17 00:00:00 2001 +Message-Id: <2069251b1f50e1aaec566909478f1443ccfe32e6@dist-git> +From: Peter Krempa +Date: Tue, 21 Jul 2020 13:56:22 +0200 +Subject: [PATCH] qemu: blockjob: Actually delete temporary bitmap on failed + active commit + +Commit 20a7abc2d2d tried to delete the possibly leftover bitmap but +neglected to call the actual monitor to do so. + +Signed-off-by: Peter Krempa +Reviewed-by: Eric Blake +(cherry picked from commit 378e4fbc795c607485799cbd060f34483f580544) + +rhel-8.3: https://bugzilla.redhat.com/show_bug.cgi?id=1857779 +rhel-av-8.2.1: not cloned yet +Message-Id: + +Reviewed-by: Jiri Denemark +--- + src/qemu/qemu_blockjob.c | 13 +++++++++++-- + 1 file changed, 11 insertions(+), 2 deletions(-) + +diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c +index 7e2df1445d..486fca31f3 100644 +--- a/src/qemu/qemu_blockjob.c ++++ b/src/qemu/qemu_blockjob.c +@@ -1378,8 +1378,10 @@ qemuBlockJobProcessEventConcludedCopyAbort(virQEMUDriverPtr driver, + static void + qemuBlockJobProcessEventFailedActiveCommit(virQEMUDriverPtr driver, + virDomainObjPtr vm, +- qemuBlockJobDataPtr job) ++ qemuBlockJobDataPtr job, ++ qemuDomainAsyncJob asyncJob) + { ++ qemuDomainObjPrivatePtr priv = vm->privateData; + g_autoptr(virJSONValue) actions = virJSONValueNewArray(); + virDomainDiskDefPtr disk = job->disk; + +@@ -1391,6 +1393,13 @@ qemuBlockJobProcessEventFailedActiveCommit(virQEMUDriverPtr driver, + ignore_value(qemuMonitorTransactionBitmapRemove(actions, disk->mirror->nodeformat, + "libvirt-tmp-activewrite")); + ++ if (qemuDomainObjEnterMonitorAsync(priv->driver, vm, asyncJob) < 0) ++ return; ++ ++ qemuMonitorTransaction(priv->mon, &actions); ++ ++ if (qemuDomainObjExitMonitor(priv->driver, vm) < 0) ++ return; + + /* Ideally, we would make the backing chain read only again (yes, SELinux + * can do that using different labels). But that is not implemented yet and +@@ -1515,7 +1524,7 @@ qemuBlockJobEventProcessConcludedTransition(qemuBlockJobDataPtr job, + if (success) { + qemuBlockJobProcessEventCompletedActiveCommit(driver, vm, job, asyncJob); + } else { +- qemuBlockJobProcessEventFailedActiveCommit(driver, vm, job); ++ qemuBlockJobProcessEventFailedActiveCommit(driver, vm, job, asyncJob); + } + break; + +-- +2.27.0 + diff --git a/SOURCES/libvirt-qemu-blockjob-Don-t-base-bitmap-handling-of-active-layer-block-commit-on-QEMU_CAPS_BLOCKDEV_REOPEN.patch b/SOURCES/libvirt-qemu-blockjob-Don-t-base-bitmap-handling-of-active-layer-block-commit-on-QEMU_CAPS_BLOCKDEV_REOPEN.patch new file mode 100644 index 0000000..13d121b --- /dev/null +++ b/SOURCES/libvirt-qemu-blockjob-Don-t-base-bitmap-handling-of-active-layer-block-commit-on-QEMU_CAPS_BLOCKDEV_REOPEN.patch @@ -0,0 +1,59 @@ +From 3c9641730c62ffae735d7984b3bc0632a9194b03 Mon Sep 17 00:00:00 2001 +Message-Id: <3c9641730c62ffae735d7984b3bc0632a9194b03@dist-git> +From: Peter Krempa +Date: Tue, 21 Jul 2020 13:56:21 +0200 +Subject: [PATCH] qemu: blockjob: Don't base bitmap handling of active-layer + block commit on QEMU_CAPS_BLOCKDEV_REOPEN + +The handler finalizing the active layer block commit doesn't actually +reopen the file for active layer block commit, so the comment and check +are invalid. + +Signed-off-by: Peter Krempa +Reviewed-by: Eric Blake +(cherry picked from commit d73f107469c8882a47ffbf1a55bd0b0370d6969e) + +rhel-8.3: https://bugzilla.redhat.com/show_bug.cgi?id=1857779 +rhel-av-8.2.1: not cloned yet +Message-Id: <6946fb2535038e24dcef4884806c11c258f0fc70.1595332476.git.pkrempa@redhat.com> + +Reviewed-by: Jiri Denemark +--- + src/qemu/qemu_blockjob.c | 3 ++- + src/qemu/qemu_driver.c | 6 +----- + 2 files changed, 3 insertions(+), 6 deletions(-) + +diff --git a/src/qemu/qemu_blockjob.c b/src/qemu/qemu_blockjob.c +index 6e33f8666c..7e2df1445d 100644 +--- a/src/qemu/qemu_blockjob.c ++++ b/src/qemu/qemu_blockjob.c +@@ -1063,7 +1063,8 @@ qemuBlockJobProcessEventCompletedCommitBitmaps(virDomainObjPtr vm, + g_autoptr(virJSONValue) actions = NULL; + bool active = job->type == QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT; + +- if (!virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV_REOPEN)) ++ if (!active && ++ !virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV_REOPEN)) + return 0; + + if (!(blockNamedNodeData = qemuBlockGetNamedNodeData(vm, asyncJob))) +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 9e3a455814..ad5ef7d67d 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -17631,11 +17631,7 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, + break; + + case QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT: +- /* we technically don't need reopen here, but we couldn't prepare +- * the bitmaps if it wasn't present thus must skip this */ +- if (blockdev && +- virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV_REOPEN)) { +- ++ if (blockdev) { + actions = virJSONValueNewArray(); + + if (qemuMonitorTransactionBitmapAdd(actions, +-- +2.27.0 + diff --git a/SOURCES/libvirt-qemuDomainBlockPivot-Ignore-failures-of-creating-active-layer-bitmap.patch b/SOURCES/libvirt-qemuDomainBlockPivot-Ignore-failures-of-creating-active-layer-bitmap.patch new file mode 100644 index 0000000..17a09fa --- /dev/null +++ b/SOURCES/libvirt-qemuDomainBlockPivot-Ignore-failures-of-creating-active-layer-bitmap.patch @@ -0,0 +1,42 @@ +From 0084cc867b6de11a1b5ac1207ada57a3cc43acaf Mon Sep 17 00:00:00 2001 +Message-Id: <0084cc867b6de11a1b5ac1207ada57a3cc43acaf@dist-git> +From: Peter Krempa +Date: Tue, 21 Jul 2020 13:56:25 +0200 +Subject: [PATCH] qemuDomainBlockPivot: Ignore failures of creating active + layer bitmap + +Ignore errors from creating "libvirt-tmp-activewrite" bitmap. This +prevents failures of finishing blockjobs if the bitmap already exists. + +Note that if the bitmap exists, the worst case that can happen is that +more bits are marked as dirty in the resulting merge. + +Signed-off-by: Peter Krempa +Reviewed-by: Eric Blake +(cherry picked from commit 66dc4992fa8a51c4e774d32bcf75f26b1365e998) + +rhel-8.3: https://bugzilla.redhat.com/show_bug.cgi?id=1857779 +rhel-av-8.2.1: not cloned yet +Message-Id: <9cec292732836005d59b50a0701acb804ed1dda5.1595332476.git.pkrempa@redhat.com> + +Reviewed-by: Jiri Denemark +--- + src/qemu/qemu_driver.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index 454d7b1c16..b5df0c63d4 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -17659,7 +17659,7 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, + } + + if (bitmapactions && rc == 0) +- rc = qemuMonitorTransaction(priv->mon, &bitmapactions); ++ ignore_value(qemuMonitorTransaction(priv->mon, &bitmapactions)); + + if (rc == 0) + ret = qemuMonitorJobComplete(priv->mon, job->name); +-- +2.27.0 + diff --git a/SOURCES/libvirt-qemuDomainBlockPivot-Rename-actions-to-bitmapactions.patch b/SOURCES/libvirt-qemuDomainBlockPivot-Rename-actions-to-bitmapactions.patch new file mode 100644 index 0000000..3054d1d --- /dev/null +++ b/SOURCES/libvirt-qemuDomainBlockPivot-Rename-actions-to-bitmapactions.patch @@ -0,0 +1,73 @@ +From 31a752d5bdd63d431b619ec5045b431fc3ca6bef Mon Sep 17 00:00:00 2001 +Message-Id: <31a752d5bdd63d431b619ec5045b431fc3ca6bef@dist-git> +From: Peter Krempa +Date: Tue, 21 Jul 2020 13:56:24 +0200 +Subject: [PATCH] qemuDomainBlockPivot: Rename 'actions' to 'bitmapactions' + +There are two possible 'transaction' command arguments in the function. +Rename 'actions' as they deal with creating bitmaps only. + +Signed-off-by: Peter Krempa +Reviewed-by: Eric Blake +(cherry picked from commit 24ac1a7c04fded2f8639478abead72bb57506162) + +rhel-8.3: https://bugzilla.redhat.com/show_bug.cgi?id=1857779 +rhel-av-8.2.1: not cloned yet +Message-Id: <6a3969721f1e701a16eb3679dcc37c9908c753ae.1595332476.git.pkrempa@redhat.com> + +Reviewed-by: Jiri Denemark +--- + src/qemu/qemu_driver.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c +index ad5ef7d67d..454d7b1c16 100644 +--- a/src/qemu/qemu_driver.c ++++ b/src/qemu/qemu_driver.c +@@ -17564,7 +17564,7 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, + int ret = -1; + qemuDomainObjPrivatePtr priv = vm->privateData; + bool blockdev = virQEMUCapsGet(priv->qemuCaps, QEMU_CAPS_BLOCKDEV); +- g_autoptr(virJSONValue) actions = NULL; ++ g_autoptr(virJSONValue) bitmapactions = NULL; + g_autoptr(virJSONValue) reopenactions = NULL; + + if (job->state != QEMU_BLOCKJOB_STATE_READY) { +@@ -17597,9 +17597,9 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, + bool shallow = job->jobflags & VIR_DOMAIN_BLOCK_COPY_SHALLOW; + bool reuse = job->jobflags & VIR_DOMAIN_BLOCK_COPY_REUSE_EXT; + +- actions = virJSONValueNewArray(); ++ bitmapactions = virJSONValueNewArray(); + +- if (qemuMonitorTransactionBitmapAdd(actions, ++ if (qemuMonitorTransactionBitmapAdd(bitmapactions, + disk->mirror->nodeformat, + "libvirt-tmp-activewrite", + false, +@@ -17632,9 +17632,9 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, + + case QEMU_BLOCKJOB_TYPE_ACTIVE_COMMIT: + if (blockdev) { +- actions = virJSONValueNewArray(); ++ bitmapactions = virJSONValueNewArray(); + +- if (qemuMonitorTransactionBitmapAdd(actions, ++ if (qemuMonitorTransactionBitmapAdd(bitmapactions, + job->data.commit.base->nodeformat, + "libvirt-tmp-activewrite", + false, +@@ -17658,8 +17658,8 @@ qemuDomainBlockPivot(virQEMUDriverPtr driver, + } + } + +- if (actions && rc == 0) +- rc = qemuMonitorTransaction(priv->mon, &actions); ++ if (bitmapactions && rc == 0) ++ rc = qemuMonitorTransaction(priv->mon, &bitmapactions); + + if (rc == 0) + ret = qemuMonitorJobComplete(priv->mon, job->name); +-- +2.27.0 + diff --git a/SOURCES/libvirt-src-assume-sys-sysmacros.h-always-exists-on-Linux.patch b/SOURCES/libvirt-src-assume-sys-sysmacros.h-always-exists-on-Linux.patch new file mode 100644 index 0000000..dc51d5e --- /dev/null +++ b/SOURCES/libvirt-src-assume-sys-sysmacros.h-always-exists-on-Linux.patch @@ -0,0 +1,168 @@ +From 06e0a9d40c52736919f32578f926bf4d829e77ec Mon Sep 17 00:00:00 2001 +Message-Id: <06e0a9d40c52736919f32578f926bf4d829e77ec@dist-git> +From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= +Date: Mon, 27 Jul 2020 12:36:49 +0200 +Subject: [PATCH] src: assume sys/sysmacros.h always exists on Linux +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +All our supported Linux distros now have this header. +It has never existed on FreeBSD / macOS / Mingw. + +Reviewed-by: Pavel Hrdina +Signed-off-by: Daniel P. Berrangé +(cherry picked from commit 03c532cf9711dd6ad35380455a77141ef7d492ab) + +https://bugzilla.redhat.com/show_bug.cgi?id=1860421 + +Conflicts: +- src/util/virutil.c - context, because + db72866310d1e520efa8ed2d4589bdb5e76a1c95 (util: add API for + reading password from the console) isn't backported. + +Signed-off-by: Michal Privoznik +Message-Id: +Reviewed-by: Jiri Denemark +--- + src/conf/domain_audit.c | 4 +--- + src/lxc/lxc_controller.c | 4 +--- + src/lxc/lxc_driver.c | 4 +--- + src/qemu/qemu_domain.c | 4 +--- + src/util/vircgroup.c | 8 +------- + src/util/virdevmapper.c | 4 +--- + src/util/virutil.c | 4 +--- + tests/vircgroupmock.c | 8 +------- + 8 files changed, 8 insertions(+), 32 deletions(-) + +diff --git a/src/conf/domain_audit.c b/src/conf/domain_audit.c +index fdccc585fb..6d3579e0f6 100644 +--- a/src/conf/domain_audit.c ++++ b/src/conf/domain_audit.c +@@ -23,9 +23,7 @@ + + #include + +-#ifdef MAJOR_IN_MKDEV +-# include +-#elif MAJOR_IN_SYSMACROS ++#ifdef __linux__ + # include + #endif + +diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c +index 42c631ed0b..0da89dba89 100644 +--- a/src/lxc/lxc_controller.c ++++ b/src/lxc/lxc_controller.c +@@ -25,9 +25,7 @@ + #include + #include + +-#ifdef MAJOR_IN_MKDEV +-# include +-#elif MAJOR_IN_SYSMACROS ++#ifdef __linux__ + # include + #endif + +diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c +index 780c6ed4a2..a8c93dd228 100644 +--- a/src/lxc/lxc_driver.c ++++ b/src/lxc/lxc_driver.c +@@ -25,9 +25,7 @@ + #include + #include + +-#ifdef MAJOR_IN_MKDEV +-# include +-#elif MAJOR_IN_SYSMACROS ++#ifdef __linux__ + # include + #endif + +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index 1e968368ae..ffe88ff027 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -64,9 +64,7 @@ + #include "backup_conf.h" + #include "virdevmapper.h" + +-#ifdef MAJOR_IN_MKDEV +-# include +-#elif MAJOR_IN_SYSMACROS ++#ifdef __linux__ + # include + #endif + #include +diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c +index dff2f6fd3a..a45c2e7f2f 100644 +--- a/src/util/vircgroup.c ++++ b/src/util/vircgroup.c +@@ -25,13 +25,7 @@ + # include + # include + # include +- +-# ifdef MAJOR_IN_MKDEV +-# include +-# elif MAJOR_IN_SYSMACROS +-# include +-# endif +- ++# include + # include + # include + # include +diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c +index c346432d86..40a82285f9 100644 +--- a/src/util/virdevmapper.c ++++ b/src/util/virdevmapper.c +@@ -20,9 +20,7 @@ + + #include + +-#ifdef MAJOR_IN_MKDEV +-# include +-#elif MAJOR_IN_SYSMACROS ++#ifdef __linux__ + # include + #endif + +diff --git a/src/util/virutil.c b/src/util/virutil.c +index 17fd06dbb2..5e6bbb37c0 100644 +--- a/src/util/virutil.c ++++ b/src/util/virutil.c +@@ -28,9 +28,7 @@ + #include + #include + +-#ifdef MAJOR_IN_MKDEV +-# include +-#elif MAJOR_IN_SYSMACROS ++#ifdef __linux__ + # include + #endif + +diff --git a/tests/vircgroupmock.c b/tests/vircgroupmock.c +index 9ec3b576d2..66b8c01852 100644 +--- a/tests/vircgroupmock.c ++++ b/tests/vircgroupmock.c +@@ -23,13 +23,7 @@ + # include + # include + # include +- +-# ifdef MAJOR_IN_MKDEV +-# include +-# elif MAJOR_IN_SYSMACROS +-# include +-# endif +- ++# include + # include + # include "testutilslxc.h" + # include "virstring.h" +-- +2.28.0 + diff --git a/SOURCES/libvirt-virDevMapperGetTargets-Don-t-ignore-EBADF.patch b/SOURCES/libvirt-virDevMapperGetTargets-Don-t-ignore-EBADF.patch new file mode 100644 index 0000000..077da01 --- /dev/null +++ b/SOURCES/libvirt-virDevMapperGetTargets-Don-t-ignore-EBADF.patch @@ -0,0 +1,61 @@ +From 16b2178f23f82688b988c12bf7ee6caa97974669 Mon Sep 17 00:00:00 2001 +Message-Id: <16b2178f23f82688b988c12bf7ee6caa97974669@dist-git> +From: Michal Privoznik +Date: Mon, 27 Jul 2020 12:36:53 +0200 +Subject: [PATCH] virDevMapperGetTargets: Don't ignore EBADF +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: Michal Privoznik +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit e450ebb4c6eab1b7376a5ba873d10936ad563b75) + +https://bugzilla.redhat.com/show_bug.cgi?id=1860421 + +Signed-off-by: Michal Privoznik +Message-Id: <6dc32e8797122ad9ecd44a60aaff8e70d060b3b9.1595846084.git.mprivozn@redhat.com> +Reviewed-by: Jiri Denemark +--- + src/qemu/qemu_cgroup.c | 2 +- + src/qemu/qemu_domain.c | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/qemu/qemu_cgroup.c b/src/qemu/qemu_cgroup.c +index 57a1231855..3a62b4ac15 100644 +--- a/src/qemu/qemu_cgroup.c ++++ b/src/qemu/qemu_cgroup.c +@@ -89,7 +89,7 @@ qemuSetupImagePathCgroup(virDomainObjPtr vm, + } + + if (virDevMapperGetTargets(path, &targetPaths) < 0 && +- errno != ENOSYS && errno != EBADF) { ++ errno != ENOSYS) { + virReportSystemError(errno, + _("Unable to get devmapper targets for %s"), + path); +diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c +index ffe88ff027..35b536868a 100644 +--- a/src/qemu/qemu_domain.c ++++ b/src/qemu/qemu_domain.c +@@ -14924,7 +14924,7 @@ qemuDomainSetupDisk(virQEMUDriverConfigPtr cfg G_GNUC_UNUSED, + goto cleanup; + + if (virDevMapperGetTargets(next->path, &targetPaths) < 0 && +- errno != ENOSYS && errno != EBADF) { ++ errno != ENOSYS) { + virReportSystemError(errno, + _("Unable to get devmapper targets for %s"), + next->path); +@@ -15985,7 +15985,7 @@ qemuDomainNamespaceSetupDisk(virDomainObjPtr vm, + tmpPath = g_strdup(next->path); + + if (virDevMapperGetTargets(next->path, &targetPaths) < 0 && +- errno != ENOSYS && errno != EBADF) { ++ errno != ENOSYS) { + virReportSystemError(errno, + _("Unable to get devmapper targets for %s"), + next->path); +-- +2.28.0 + diff --git a/SOURCES/libvirt-virDevMapperGetTargetsImpl-Use-VIR_AUTOSTRINGLIST.patch b/SOURCES/libvirt-virDevMapperGetTargetsImpl-Use-VIR_AUTOSTRINGLIST.patch new file mode 100644 index 0000000..2d72c75 --- /dev/null +++ b/SOURCES/libvirt-virDevMapperGetTargetsImpl-Use-VIR_AUTOSTRINGLIST.patch @@ -0,0 +1,73 @@ +From 318beaace7890f3ccf2d09c1afcdde40f4f0284f Mon Sep 17 00:00:00 2001 +Message-Id: <318beaace7890f3ccf2d09c1afcdde40f4f0284f@dist-git> +From: Michal Privoznik +Date: Mon, 27 Jul 2020 12:36:51 +0200 +Subject: [PATCH] virDevMapperGetTargetsImpl: Use VIR_AUTOSTRINGLIST +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Since we have VIR_AUTOSTRINGLIST we can use it to free string +lists used in the function automatically. + +Signed-off-by: Michal Privoznik +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit b8ebbe05451fde7ce541564f73437a29ffd5db0d) + +https://bugzilla.redhat.com/show_bug.cgi?id=1860421 + +Signed-off-by: Michal Privoznik +Message-Id: +Reviewed-by: Jiri Denemark +--- + src/util/virdevmapper.c | 16 +++------------- + 1 file changed, 3 insertions(+), 13 deletions(-) + +diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c +index 118dc82e94..44c4731fb4 100644 +--- a/src/util/virdevmapper.c ++++ b/src/util/virdevmapper.c +@@ -67,8 +67,7 @@ virDevMapperGetTargetsImpl(const char *path, + struct dm_task *dmt = NULL; + struct dm_deps *deps; + struct dm_info info; +- char **devPaths = NULL; +- char **recursiveDevPaths = NULL; ++ VIR_AUTOSTRINGLIST devPaths = NULL; + size_t i; + int ret = -1; + +@@ -133,28 +132,19 @@ virDevMapperGetTargetsImpl(const char *path, + minor(deps->device[i])); + } + +- recursiveDevPaths = NULL; + for (i = 0; i < deps->count; i++) { +- char **tmpPaths; ++ VIR_AUTOSTRINGLIST tmpPaths = NULL; + + if (virDevMapperGetTargetsImpl(devPaths[i], &tmpPaths, ttl - 1) < 0) + goto cleanup; + +- if (tmpPaths && +- virStringListMerge(&recursiveDevPaths, &tmpPaths) < 0) { +- virStringListFree(tmpPaths); ++ if (virStringListMerge(&devPaths, &tmpPaths) < 0) + goto cleanup; +- } + } + +- if (virStringListMerge(&devPaths, &recursiveDevPaths) < 0) +- goto cleanup; +- + *devPaths_ret = g_steal_pointer(&devPaths); + ret = 0; + cleanup: +- virStringListFree(recursiveDevPaths); +- virStringListFree(devPaths); + dm_task_destroy(dmt); + return ret; + } +-- +2.28.0 + diff --git a/SOURCES/libvirt-virdevmapper-Don-t-use-libdevmapper-to-obtain-dependencies.patch b/SOURCES/libvirt-virdevmapper-Don-t-use-libdevmapper-to-obtain-dependencies.patch new file mode 100644 index 0000000..27647cd --- /dev/null +++ b/SOURCES/libvirt-virdevmapper-Don-t-use-libdevmapper-to-obtain-dependencies.patch @@ -0,0 +1,467 @@ +From 7ba9a0bbdf30984c13e7719e0646fffc7539f853 Mon Sep 17 00:00:00 2001 +Message-Id: <7ba9a0bbdf30984c13e7719e0646fffc7539f853@dist-git> +From: Michal Privoznik +Date: Mon, 27 Jul 2020 12:36:52 +0200 +Subject: [PATCH] virdevmapper: Don't use libdevmapper to obtain dependencies +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +CVE-2020-14339 + +When building domain's private /dev in a namespace, libdevmapper +is consulted for getting full dependency tree of domain's disks. +The reason is that for a multipath devices all dependent devices +must be created in the namespace and allowed in CGroups. + +However, this approach is very fragile as building of namespace +happens in the forked off child process, after mass close of FDs +and just before dropping privileges and execing QEMU. And it so +happens that when calling libdevmapper APIs, one of them opens +/dev/mapper/control and saves the FD into a global variable. The +FD is kept open until the lib is unlinked or dm_lib_release() is +called explicitly. We are doing neither. + +However, the virDevMapperGetTargets() function is called also +from libvirtd (when setting up CGroups) and thus has to be thread +safe. Unfortunately, libdevmapper APIs are not thread safe (nor +async signal safe) and thus we can't use them. Reimplement what +libdevmapper would do using plain C (ioctl()-s, /proc/devices +parsing, /dev/mapper dirwalking, and so on). + +Fixes: a30078cb832646177defd256e77c632905f1e6d0 +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1858260 + +Signed-off-by: Michal Privoznik +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit 22494556542c676d1b9e7f1c1f2ea13ac17e1e3e) + +https://bugzilla.redhat.com/show_bug.cgi?id=1860421 + +Conflicts: +- po/POTFILES.in - In c6a0d3ff8b4ead3b1f38a40668df65f152cc2f32 + (po: change the format of POTFILES.in) we've changed the format + of the file and haven't backported it, yet. + +Signed-off-by: Michal Privoznik +Message-Id: +Reviewed-by: Jiri Denemark +--- + po/POTFILES.in | 1 + + src/util/virdevmapper.c | 300 +++++++++++++++++++++++++++++----------- + 2 files changed, 217 insertions(+), 84 deletions(-) + +diff --git a/po/POTFILES.in b/po/POTFILES.in +index 29984042f4..49348292eb 100644 +--- a/po/POTFILES.in ++++ b/po/POTFILES.in +@@ -238,6 +238,7 @@ + @SRCDIR@/src/util/vircrypto.c + @SRCDIR@/src/util/virdbus.c + @SRCDIR@/src/util/virdnsmasq.c ++@SRCDIR@/src/util/virdevmapper.c + @SRCDIR@/src/util/virerror.c + @SRCDIR@/src/util/virerror.h + @SRCDIR@/src/util/virevent.c +diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c +index 44c4731fb4..a471504176 100644 +--- a/src/util/virdevmapper.c ++++ b/src/util/virdevmapper.c +@@ -20,38 +20,67 @@ + + #include + ++#include "virdevmapper.h" ++#include "internal.h" ++ + #ifdef __linux__ + # include +-#endif ++# include ++# include ++# include ++# include ++# include + +-#ifdef WITH_DEVMAPPER +-# include +-#endif ++# include "virthread.h" ++# include "viralloc.h" ++# include "virstring.h" ++# include "virfile.h" ++ ++# define VIR_FROM_THIS VIR_FROM_STORAGE ++ ++# define PROC_DEVICES "/proc/devices" ++# define DM_NAME "device-mapper" ++# define DEV_DM_DIR "/dev/" DM_DIR ++# define CONTROL_PATH DEV_DM_DIR "/" DM_CONTROL_NODE ++# define BUF_SIZE (16 * 1024) ++ ++G_STATIC_ASSERT(BUF_SIZE > sizeof(struct dm_ioctl)); ++ ++static unsigned int virDMMajor; + +-#include "virdevmapper.h" +-#include "internal.h" +-#include "virthread.h" +-#include "viralloc.h" +-#include "virstring.h" +- +-#ifdef WITH_DEVMAPPER +-static void +-virDevMapperDummyLogger(int level G_GNUC_UNUSED, +- const char *file G_GNUC_UNUSED, +- int line G_GNUC_UNUSED, +- int dm_errno G_GNUC_UNUSED, +- const char *fmt G_GNUC_UNUSED, +- ...) +-{ +- return; +-} + + static int + virDevMapperOnceInit(void) + { +- /* Ideally, we would not need this. But libdevmapper prints +- * error messages to stderr by default. Sad but true. */ +- dm_log_with_errno_init(virDevMapperDummyLogger); ++ g_autofree char *buf = NULL; ++ VIR_AUTOSTRINGLIST lines = NULL; ++ size_t i; ++ ++ if (virFileReadAll(PROC_DEVICES, BUF_SIZE, &buf) < 0) ++ return -1; ++ ++ lines = virStringSplit(buf, "\n", 0); ++ if (!lines) ++ return -1; ++ ++ for (i = 0; lines[i]; i++) { ++ g_autofree char *dev = NULL; ++ unsigned int maj; ++ ++ if (sscanf(lines[i], "%u %ms\n", &maj, &dev) == 2 && ++ STREQ(dev, DM_NAME)) { ++ virDMMajor = maj; ++ break; ++ } ++ } ++ ++ if (!lines[i]) { ++ virReportError(VIR_ERR_INTERNAL_ERROR, ++ _("Unable to find major for %s"), ++ DM_NAME); ++ return -1; ++ } ++ + return 0; + } + +@@ -59,94 +88,190 @@ virDevMapperOnceInit(void) + VIR_ONCE_GLOBAL_INIT(virDevMapper); + + ++static void * ++virDMIoctl(int controlFD, int cmd, struct dm_ioctl *dm, char **buf) ++{ ++ size_t bufsize = BUF_SIZE; ++ ++ reread: ++ *buf = g_new0(char, bufsize); ++ ++ dm->version[0] = DM_VERSION_MAJOR; ++ dm->version[1] = 0; ++ dm->version[2] = 0; ++ dm->data_size = bufsize; ++ dm->data_start = sizeof(struct dm_ioctl); ++ ++ memcpy(*buf, dm, sizeof(struct dm_ioctl)); ++ ++ if (ioctl(controlFD, cmd, *buf) < 0) { ++ VIR_FREE(*buf); ++ return NULL; ++ } ++ ++ memcpy(dm, *buf, sizeof(struct dm_ioctl)); ++ ++ if (dm->flags & DM_BUFFER_FULL_FLAG) { ++ bufsize += BUF_SIZE; ++ VIR_FREE(*buf); ++ goto reread; ++ } ++ ++ return *buf + dm->data_start; ++} ++ ++ + static int +-virDevMapperGetTargetsImpl(const char *path, ++virDMOpen(void) ++{ ++ VIR_AUTOCLOSE controlFD = -1; ++ struct dm_ioctl dm; ++ g_autofree char *tmp = NULL; ++ int ret; ++ ++ memset(&dm, 0, sizeof(dm)); ++ ++ if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) ++ return -1; ++ ++ if (!virDMIoctl(controlFD, DM_VERSION, &dm, &tmp)) { ++ virReportSystemError(errno, "%s", ++ _("Unable to get device-mapper version")); ++ return -1; ++ } ++ ++ if (dm.version[0] != DM_VERSION_MAJOR) { ++ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, ++ _("Unsupported device-mapper version. Expected %d got %d"), ++ DM_VERSION_MAJOR, dm.version[0]); ++ return -1; ++ } ++ ++ ret = controlFD; ++ controlFD = -1; ++ return ret; ++} ++ ++ ++static char * ++virDMSanitizepath(const char *path) ++{ ++ g_autofree char *dmDirPath = NULL; ++ struct dirent *ent = NULL; ++ struct stat sb[2]; ++ DIR *dh = NULL; ++ const char *p; ++ char *ret = NULL; ++ int rc; ++ ++ /* If a path is NOT provided then assume it's DM name */ ++ p = strrchr(path, '/'); ++ ++ if (!p) ++ return g_strdup(path); ++ else ++ p++; ++ ++ /* It's a path. Check if the last component is DM name */ ++ if (stat(path, &sb[0]) < 0) { ++ virReportError(errno, ++ _("Unable to stat %p"), ++ path); ++ return NULL; ++ } ++ ++ dmDirPath = g_strdup_printf(DEV_DM_DIR "/%s", p); ++ ++ if (stat(dmDirPath, &sb[1]) == 0 && ++ sb[0].st_rdev == sb[1].st_rdev) { ++ return g_strdup(p); ++ } ++ ++ /* The last component of @path wasn't DM name. Let's check if ++ * there's a device under /dev/mapper/ with the same rdev. */ ++ if (virDirOpen(&dh, DEV_DM_DIR) < 0) ++ return NULL; ++ ++ while ((rc = virDirRead(dh, &ent, DEV_DM_DIR)) > 0) { ++ g_autofree char *tmp = g_strdup_printf(DEV_DM_DIR "/%s", ent->d_name); ++ ++ if (stat(tmp, &sb[1]) == 0 && ++ sb[0].st_rdev == sb[0].st_rdev) { ++ ret = g_steal_pointer(&tmp); ++ break; ++ } ++ } ++ ++ virDirClose(&dh); ++ return ret; ++} ++ ++ ++static int ++virDevMapperGetTargetsImpl(int controlFD, ++ const char *path, + char ***devPaths_ret, + unsigned int ttl) + { +- struct dm_task *dmt = NULL; +- struct dm_deps *deps; +- struct dm_info info; ++ g_autofree char *sanitizedPath = NULL; ++ g_autofree char *buf = NULL; ++ struct dm_ioctl dm; ++ struct dm_target_deps *deps = NULL; + VIR_AUTOSTRINGLIST devPaths = NULL; + size_t i; +- int ret = -1; + ++ memset(&dm, 0, sizeof(dm)); + *devPaths_ret = NULL; + +- if (virDevMapperInitialize() < 0) +- return ret; +- + if (ttl == 0) { + errno = ELOOP; +- return ret; ++ return -1; + } + + if (!virIsDevMapperDevice(path)) + return 0; + +- if (!(dmt = dm_task_create(DM_DEVICE_DEPS))) { +- if (errno == ENOENT || errno == ENODEV) { +- /* It's okay. Kernel is probably built without +- * devmapper support. */ +- ret = 0; +- } +- return ret; +- } +- +- if (!dm_task_set_name(dmt, path)) { +- if (errno == ENOENT) { +- /* It's okay, @path is not managed by devmapper => +- * not a devmapper device. */ +- ret = 0; +- } +- goto cleanup; +- } +- +- dm_task_no_open_count(dmt); ++ if (!(sanitizedPath = virDMSanitizepath(path))) ++ return 0; + +- if (!dm_task_run(dmt)) { +- if (errno == ENXIO) { +- /* If @path = "/dev/mapper/control" ENXIO is returned. */ +- ret = 0; +- } +- goto cleanup; ++ if (virStrncpy(dm.name, sanitizedPath, -1, DM_TABLE_DEPS) < 0) { ++ virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s", ++ _("Resolved device mapper name too long")); ++ return -1; + } + +- if (!dm_task_get_info(dmt, &info)) +- goto cleanup; ++ deps = virDMIoctl(controlFD, DM_TABLE_DEPS, &dm, &buf); ++ if (!deps) { ++ if (errno == ENXIO) ++ return 0; + +- if (!info.exists) { +- ret = 0; +- goto cleanup; ++ virReportSystemError(errno, ++ _("Unable to query dependencies for %s"), ++ path); ++ return -1; + } + +- if (!(deps = dm_task_get_deps(dmt))) +- goto cleanup; +- + if (VIR_ALLOC_N_QUIET(devPaths, deps->count + 1) < 0) +- goto cleanup; ++ return -1; + + for (i = 0; i < deps->count; i++) { + devPaths[i] = g_strdup_printf("/dev/block/%u:%u", +- major(deps->device[i]), +- minor(deps->device[i])); ++ major(deps->dev[i]), ++ minor(deps->dev[i])); + } + + for (i = 0; i < deps->count; i++) { + VIR_AUTOSTRINGLIST tmpPaths = NULL; + +- if (virDevMapperGetTargetsImpl(devPaths[i], &tmpPaths, ttl - 1) < 0) +- goto cleanup; ++ if (virDevMapperGetTargetsImpl(controlFD, devPaths[i], &tmpPaths, ttl - 1) < 0) ++ return -1; + + if (virStringListMerge(&devPaths, &tmpPaths) < 0) +- goto cleanup; ++ return -1; + } + + *devPaths_ret = g_steal_pointer(&devPaths); +- ret = 0; +- cleanup: +- dm_task_destroy(dmt); +- return ret; ++ return 0; + } + + +@@ -165,9 +290,6 @@ virDevMapperGetTargetsImpl(const char *path, + * If @path consists of yet another devmapper targets these are + * consulted recursively. + * +- * If we don't have permissions to talk to kernel, -1 is returned +- * and errno is set to EBADF. +- * + * Returns 0 on success, + * -1 otherwise (with errno set, no libvirt error is + * reported) +@@ -176,13 +298,20 @@ int + virDevMapperGetTargets(const char *path, + char ***devPaths) + { ++ VIR_AUTOCLOSE controlFD = -1; + const unsigned int ttl = 32; + + /* Arbitrary limit on recursion level. A devmapper target can + * consist of devices or yet another targets. If that's the + * case, we have to stop recursion somewhere. */ + +- return virDevMapperGetTargetsImpl(path, devPaths, ttl); ++ if (virDevMapperInitialize() < 0) ++ return -1; ++ ++ if ((controlFD = virDMOpen()) < 0) ++ return -1; ++ ++ return virDevMapperGetTargetsImpl(controlFD, path, devPaths, ttl); + } + + +@@ -191,15 +320,18 @@ virIsDevMapperDevice(const char *dev_name) + { + struct stat buf; + ++ if (virDevMapperInitialize() < 0) ++ return false; ++ + if (!stat(dev_name, &buf) && + S_ISBLK(buf.st_mode) && +- dm_is_dm_major(major(buf.st_rdev))) +- return true; ++ major(buf.st_rdev) == virDMMajor) ++ return true; + + return false; + } + +-#else /* ! WITH_DEVMAPPER */ ++#else /* !defined(__linux__) */ + + int + virDevMapperGetTargets(const char *path G_GNUC_UNUSED, +@@ -215,4 +347,4 @@ virIsDevMapperDevice(const char *dev_name G_GNUC_UNUSED) + { + return false; + } +-#endif /* ! WITH_DEVMAPPER */ ++#endif /* ! defined(__linux__) */ +-- +2.28.0 + diff --git a/SOURCES/libvirt-virdevmapper.c-Join-two-WITH_DEVMAPPER-sections-together.patch b/SOURCES/libvirt-virdevmapper.c-Join-two-WITH_DEVMAPPER-sections-together.patch new file mode 100644 index 0000000..c3b6b78 --- /dev/null +++ b/SOURCES/libvirt-virdevmapper.c-Join-two-WITH_DEVMAPPER-sections-together.patch @@ -0,0 +1,69 @@ +From 4e021109613173e72df17eca6bff970ebb86b47f Mon Sep 17 00:00:00 2001 +Message-Id: <4e021109613173e72df17eca6bff970ebb86b47f@dist-git> +From: Michal Privoznik +Date: Mon, 27 Jul 2020 12:36:50 +0200 +Subject: [PATCH] virdevmapper.c: Join two WITH_DEVMAPPER sections together +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +There are two distinct WITH_DEVMAPPER sections in the file, for +different functions each. Rearrange the code to make some of +future commits smaller. + +Signed-off-by: Michal Privoznik +Reviewed-by: Daniel P. Berrangé +(cherry picked from commit ae5752aabc09f435675504246e30a0b9c4795d79) + +https://bugzilla.redhat.com/show_bug.cgi?id=1860421 + +Signed-off-by: Michal Privoznik +Message-Id: <2b5410a10bb23e8a9526c663052afbb6f37b0a0c.1595846084.git.mprivozn@redhat.com> +Reviewed-by: Jiri Denemark +--- + src/util/virdevmapper.c | 21 +++++++++------------ + 1 file changed, 9 insertions(+), 12 deletions(-) + +diff --git a/src/util/virdevmapper.c b/src/util/virdevmapper.c +index 40a82285f9..118dc82e94 100644 +--- a/src/util/virdevmapper.c ++++ b/src/util/virdevmapper.c +@@ -195,19 +195,7 @@ virDevMapperGetTargets(const char *path, + return virDevMapperGetTargetsImpl(path, devPaths, ttl); + } + +-#else /* ! WITH_DEVMAPPER */ +- +-int +-virDevMapperGetTargets(const char *path G_GNUC_UNUSED, +- char ***devPaths G_GNUC_UNUSED) +-{ +- errno = ENOSYS; +- return -1; +-} +-#endif /* ! WITH_DEVMAPPER */ + +- +-#if WITH_DEVMAPPER + bool + virIsDevMapperDevice(const char *dev_name) + { +@@ -223,6 +211,15 @@ virIsDevMapperDevice(const char *dev_name) + + #else /* ! WITH_DEVMAPPER */ + ++int ++virDevMapperGetTargets(const char *path G_GNUC_UNUSED, ++ char ***devPaths G_GNUC_UNUSED) ++{ ++ errno = ENOSYS; ++ return -1; ++} ++ ++ + bool + virIsDevMapperDevice(const char *dev_name G_GNUC_UNUSED) + { +-- +2.28.0 + diff --git a/SPECS/libvirt.spec b/SPECS/libvirt.spec index ed004d6..f8dfb3c 100644 --- a/SPECS/libvirt.spec +++ b/SPECS/libvirt.spec @@ -219,7 +219,7 @@ Summary: Library providing a simple virtualization API Name: libvirt Version: 6.0.0 -Release: 25%{?dist}%{?extra_release} +Release: 27%{?dist}%{?extra_release} License: LGPLv2+ URL: https://libvirt.org/ @@ -656,6 +656,16 @@ Patch424: libvirt-tools-Secure-guest-check-on-s390-in-virt-host-validate.patch Patch425: libvirt-tools-Secure-guest-check-for-AMD-in-virt-host-validate.patch Patch426: libvirt-docs-Update-AMD-launch-secure-description.patch Patch427: libvirt-docs-Describe-protected-virtualization-guest-setup.patch +Patch428: libvirt-qemu-blockjob-Don-t-base-bitmap-handling-of-active-layer-block-commit-on-QEMU_CAPS_BLOCKDEV_REOPEN.patch +Patch429: libvirt-qemu-blockjob-Actually-delete-temporary-bitmap-on-failed-active-commit.patch +Patch430: libvirt-qemu-block-Remove-active-write-bitmap-even-if-there-are-no-bitmaps-to-merge.patch +Patch431: libvirt-qemuDomainBlockPivot-Rename-actions-to-bitmapactions.patch +Patch432: libvirt-qemuDomainBlockPivot-Ignore-failures-of-creating-active-layer-bitmap.patch +Patch433: libvirt-src-assume-sys-sysmacros.h-always-exists-on-Linux.patch +Patch434: libvirt-virdevmapper.c-Join-two-WITH_DEVMAPPER-sections-together.patch +Patch435: libvirt-virDevMapperGetTargetsImpl-Use-VIR_AUTOSTRINGLIST.patch +Patch436: libvirt-virdevmapper-Don-t-use-libdevmapper-to-obtain-dependencies.patch +Patch437: libvirt-virDevMapperGetTargets-Don-t-ignore-EBADF.patch Requires: libvirt-daemon = %{version}-%{release} Requires: libvirt-daemon-config-network = %{version}-%{release} @@ -2432,6 +2442,20 @@ exit 0 %changelog +* Fri Aug 7 2020 Jiri Denemark - 6.0.0-27 +- src: assume sys/sysmacros.h always exists on Linux (rhbz#1860421) +- virdevmapper.c: Join two WITH_DEVMAPPER sections together (rhbz#1860421) +- virDevMapperGetTargetsImpl: Use VIR_AUTOSTRINGLIST (rhbz#1860421) +- virdevmapper: Don't use libdevmapper to obtain dependencies (CVE-2020-14339, rhbz#1860421) +- virDevMapperGetTargets: Don't ignore EBADF (rhbz#1860421) + +* Fri Jul 24 2020 Jiri Denemark - 6.0.0-26 +- qemu: blockjob: Don't base bitmap handling of active-layer block commit on QEMU_CAPS_BLOCKDEV_REOPEN (rhbz#1857779) +- qemu: blockjob: Actually delete temporary bitmap on failed active commit (rhbz#1857779) +- qemu: block: Remove 'active-write' bitmap even if there are no bitmaps to merge (rhbz#1857779) +- qemuDomainBlockPivot: Rename 'actions' to 'bitmapactions' (rhbz#1857779) +- qemuDomainBlockPivot: Ignore failures of creating active layer bitmap (rhbz#1857779) + * Wed Jun 24 2020 Jiri Denemark - 6.0.0-25 - Upgrade components in virt:rhel module:stream for RHEL-8.3 release (rhbz#1828317) - conf: Don't format http cookies unless VIR_DOMAIN_DEF_FORMAT_SECURE is used (CVE-2020-14301)