Re: [PATCH 4/4] storage: Handle failure from refreshVol

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 09/02/2015 06:57 AM, John Ferlan wrote:
> 
> 
> On 09/02/2015 08:25 AM, Ján Tomko wrote:
>> On Tue, Sep 01, 2015 at 08:55:58PM -0400, John Ferlan wrote:
>>> In an NFS root-squash environment it was possible that if the just
>>> created volume from XML wasn't properly created with the right
>>> uid/gid and/or mode, then the followup refreshVol will fail to open
>>> the volume in order to get the allocation/capacity values. This would
>>> leave the volume still on the server and cause a libvirtd crash because
>>> 'voldef' would be in the pool list, but the cleanup code would free it.
>>>
>>
>> It would be nice to blame the commit that broke this, released in 1.2.14:
>> commit 155ca616eb231181f6978efc9e3a1eb0eb60af8a
>>     Allow creating volumes with a backing store but no capacity
>> (preferably without mentioning the author's name ;)
>>
> 
> Oh right - I did it in my writeup but not the commit message... I'll add
> before pushing. Although without patch 3, getting a failure from
> refreshVol was perhaps less likely, but not impossible.
> 
>> Also, is there a bug that can be made public and linked here?
>>
> 
> There is a bz, but it's not public (yet) - the process is ongoing.

The issue has been assigned CVE-2015-5247.  John took correct steps of
first informing the libvirt-security list where we discussed the effect
of the bug (the CVE is there mainly if you use fine-grained ACLs); and I
am now in the process of writing up a proper Libvirt Security Notice as
well as helping backport these patches to affected branches.  We'll add
signed CVE- tags to libvirt.git before all is said and done.  It missed
the 1.2.19 release, so these will be the first patches on the new
v1.2.19-maint branch.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]