1.143. libvirt

Updated libvirt packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) associated with each description below.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems.

An integer overflow flaw was found in libvirtd's RPC call handling. An attacker able to establish read-only connections to libvirtd could trigger this flaw by calling virDomainGetVcpus() with specially-crafted parameters, causing libvirtd to crash.
Bug Fixes
Previously, when the "virsh vol-create-from" command was run on an LVM (Logical Volume Manager) storage pool, performance of the command was very low and the operation consumed an excessive amount of time. This bug has been fixed in the virStorageVolCreateXMLFrom() function, and the performance problem of the command no longer occurs.
Due to a regression, libvirt used undocumented command line options, instead of the recommended ones. Consequently, the qemu-img utility used an invalid argument while creating an encrypted volume, and the process eventually failed. With this update, the bug in the backing format of the storage back end has been fixed, and encrypted volumes can now be created as expected.
Due to a bug in the qemuAuditDisk() function, hot unplug failures were never audited, and a hot unplug success was audited as a failure. This bug has been fixed, and auditing of disk hot unplug operations now works as expected.
Previously, when a debug process was being activated, the act of preparing a debug message ended up with dereferencing a UUID (universally unique identifier) prior to the NULL argument check. Consequently, an API running the debug process sometimes terminated with a segmentation fault. With this update, a patch has been provided to address this issue, and the crashes no longer occur in the described scenario.
* The libvirt library uses the "boot=on" option to mark which disk is bootable but it only uses that option if Qemu advertises its support. The qemu-kvm utility in Red Hat Enterprise Linux 6.1 removed support for that option and libvirt could not use it. As a consequence, when an IDE disk was added as the second storage with a virtio disk being set up as the first one by default, the operating system tried to boot from the IDE disk rather than the virtio disk and either failed to boot with the "No bootable disk" error message returned, or the system booted whatever operating system was on the IDE disk. With this update, the boot configuration is translated into bootindex, which provides control over which device is used for booting a guest operating system, thus fixing this bug.
All users of libvirt are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, libvirtd must be restarted ("service libvirtd restart") for this update to take effect.
Updated libvirt packages that upgrade the libvirt library to upstream version 0.8.7, fix a number of bugs, and add various enhancements and new features are now available for Red Hat Enterprise Linux 6.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remotely managing virtualized systems.
These updated packages upgrade the libvirt library for Red Hat Enterprise Linux 6 to upstream version 0.8.7, which contains many enhancements and bug fixes over the previous version. This section contains detailed information about a subset of bug fixes and enhancements that are likely to affect customers only. For a short summary of all changes see the CHANGELOG file installed to /usr/share/doc/libvirt-0.8.7 when the updated package is installed.
Bug Fixes
Guests were not required to honour the virDomainSetMemory() setting, making it impossible to set a hard limit on guest memory consumption. New virDomainGetMemoryParameters and virDomainSetMemoryParameters methods have been introduced to allow users to fine-tune and enforce memory limits.
Live migration of a guest could take an exceptionally long time to converge to the switchover point if the guest was very busy. Migration is more likely to complete if a guest's downtime setting is increased. However, libvirt was sending an incorrectly formatted request to increase the downtime setting of a guest. This update corrects the format of this request to assist in live migration completion.
Using SASL authentication with a single libvirt connection for multiple threads could result in libvirt hanging while waiting for a response from the libvirt daemon. SASL decoding has been fixed such that clients do not wait for further data while already decoded SASL data remains unprocessed, so libvirt no longer hangs in this situation.
libvirt was not careful about object locking rules when managing KVM guests, which resulted in a number of unexpected actions. If a guest shut down without notice, libvirt could crash or loop indefinitely. Locking code in libvirt has been improved to avoid accessing data outside locks, and to avoid deadlocks when multiple threads are interacting with the same domain, so libvirt no longer hangs or crashes when a guest shuts down.
The port allocation/de-allocation of the libnl library, which is used by libvirt for macvtap (for example, vepa and vnlink) interfaces, was not threadsafe and the logic was incorrect. This resulted in a failure to initialize libnl, and a subsequent failure of the associated libvirt functionality. In particular, the first guest vepa interface started on a host would work, but all subsequent vepa interfaces would fail. Port allocation/de-allocation and logic is now fixed in libnl, and the failures in libvirt no longer occur.
In previous releases, libvirt set a maximum lease limit for DHCP leases on each virtual network according to the number of addresses available on that network. However, all networks shared the same lease file, so the maximum lease limit was reached long before all networks had given out all of their addresses. This meant that some guests were unable to obtain IP addresses. With this release of libvirt, each virtual network uses its own lease file, so there is sufficient space for all configured addresses to be allocated.
When creating virtual machines via remote protocol, the client hung because the list of remote procedure calls to execute was not traversed correctly. Traversal has been corrected so that creating virtual machines remotely no longer causes libvirt to hang.
libvirt removed the managed state file (created by virsh managedsave dom) even if it failed to restore and start the domain using that file. This caused data loss. The managed state file is now removed only if the restore operation succeeds.
During migration, an application could query block information on the virtual guest being migrated. This resulted in a race condition that crashed libvirt. libvirt now verifies that a guest exists before attempting to start monitoring operations.
Memory buffer was not freed properly on domain startup and shutdown, which led to a memory leak that increased each time the domain was started or shut down. This update removes this memory leak.
The %post script (part of the libvirt-client package) started the libvirt-guests service even when the service was explicitly turned off. The libvirt-guests service is no longer started when explicitly turned off.
A deadlock occurred in the libvirt service when running concurrent bidirectional migration because certain calls did not release their local driver lock before issuing an RPC (Remote Procedure Call) call on a remote libvirt daemon. A deadlock no longer occurs between two communicating libvirt daemons.
When running virsh vcpuinfo or setting up virtual CPU pinning on a host machine that used NUMA, virsh vcpuinfo showed the incorrect number of virtual CPUs. Virtual CPU pinning could also fail because libvirt reported an incorrect number of CPU sockets per NUMA node. Virtual CPUs are now counted correctly.
An off-by-one error in a clock variable caused a virtual guest to show incorrect date and time information. This update corrects this error so that date and time information is correctly displayed.
A specification file bug caused permissions on the /var/lib/libvirt directory to change when a system was upgraded. With this update, correct permissions are assigned to the aforementioned directory.
libvirt used a non-thread friendly SELinux API (matchpathcon) to get the default security context for a specified path. This led to a memory leak upon domain startup and shutdown. libvirt now uses improved SELinux APIs, so this memory leak no longer occurs.
Device boot order could not be set more explicitly than Network, Disk, CD ROM, or Floppy. This meant that users could not select the exact boot device that they wished to use. A per-device <boot> element has been introduced, which can be used to specify the exact order of boot devices.
The MAC address of libvirt's bridges could change over time depending on which guests were currently running and connected. This caused problems in some Windows guests, which assumed that the changed MAC address indicated a new network connection, and automatically launched a configuration wizard. libvirt now creates a dummy tap device with a guaranteed lowest MAC address that will not change. This address is stored as part of network configuration so that it will persist across host reboots.
If the configuration for a virtual network only contained static address definitions, dnsmasq (the DHCP server used by libvirt) was started incorrectly and would not respond to any DHCP requests. Any guests with MAC address/IP address pairs listed in static address definitions were then unable to acquire their IP addresses. libvirt now starts up dnsmasq with the correct options so that these statically configured addresses are properly served to the guests.
The virsh freecell command could be run with an invalid (non-integer) argument without error, and the free memory for node 0 would still be printed. The validity of the argument is now checked, and an error message is now printed when an invalid value is detected.
If the virsh detach-interface command was used on a domain with multiple NICs, but a particular MAC address was not specified with --mac, virsh detached the first interface without error. The --mac option is now required where a domain has multiple NICs, and an appropriate error message has been added.
If the user did not specify a disk driver when hot-plugging a disk with virsh attach-disk, virsh set phy as the driver value by default. Because this value is not supported everywhere, the disk did not persist over domain shutdown, and could prevent domain startup. This update corrects virsh behavior such that the driver value is not set if it is not provided by the user.
libvirt incorrectly identified the virtual IB700 device (an ISA device) as a PCI device, resulting in the device being misconfigured, and preventing the virtual machine from booting until the virtual IB700 device was removed. libvirt now identifies the IB700 device correctly.
Invalid setvcpus commands resulted in unknown errors. More useful error messages have been added to this command.
A typographical error in source code that parsed and wrote SPICE auth data caused unrelated data to be overwritten, which caused a crash in libvirt. The error has been corrected, and auth can now be set without issue.
The string containing the name of libvirt's "dummy" tap interface was freed before network startup was guaranteed. This caused a segmentation fault if a problem occurred while setting the forward-delay or stp-enable parameters. The string is no longer freed prematurely, and in the event of a problem with these parameters, users receive a specific error message.
When a problem occurred while starting up a guest that used direct interfaces, an uninformative error message ("unspecified error") was printed to the log. These failures now have specific, more informative log messages.
When the certificate used for TLS authentication was rejected, libvirt displayed a log message containing a command that had misleading output (openssl x509 -in clientcert.pem -text). This command has been replaced with the following command, which gives more helpful, accurate output:
certtool -i --infile /etc/pki/libvirt/clientcert.pem
The virtual networks created and used by libvirt for virtual guest connectivity were previously limited to only IPv4 connectivity; IPv6 traffic was explicitly disallowed. Full IPv6 connectivity is now supported on libvirt's virtual networks, including autoconf address/route discovery and a DNS server listening on an IPv6 address on the network. Note, however, that because autoconf is supported, there is no support for DHCPv6.
libvirt could not determine whether a domain had crashed or been correctly shut down. This update adds recognition of the SHUTDOWN event sent by qemu when a server is shut down correctly. If this event is not received, the domain is now declared to have crashed.
An --all option has been added to the virsh freecell command to allow the command to iterate across all nodes instead of forcing users to run the command manually on each node. virsh freecell --all will list the free memory on all available nodes.
Users can now disable memory merging (KSM) on guest machines. Note however that this requires support for the underlying qemu-kvm -redhat-disable-KSM flag.
The virsh documentation has been updated to clarify usage of the cpu_shares parameter.
The virsh documentation has been updated to remove references to the deprecated virt-mem command.
The virsh documentation for the setvcpus, setmem, and setmaxmem sub-commands has been updated to correct and expand the information available for these sub-commands.
A man page is now available for libvirtd. Access it with the man libvirtd command.
All users of libvirt are advised to upgrade to these updated packages, which correct these issues and add these enhancements.
Updated libvirt packages that fix one bug are now available for Red Hat Enterprise Linux 6 Extended Update Support.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems.
Bug Fix
An application using the libvirt shared library could terminate unexpectedly with a segmentation fault when the application tried to unload the library using the dlclose() function. This could happen for example when shutting down the tog-pegasus utility while the libvirt-cim provider was in use. This update modifies linking properties of the library so that the library now prevents itself from being unloaded from memory. Applications using the libvirt shared library no longer crash in the described scenario.
All users of libvirt are advised to upgrade to these updated packages, which fix this bug. After installing these updated packages, libvirtd must be restarted. Use the "service libvirtd restart" command for this update to take effect.
Updated libvirt packages that fix one bug are now available for Red Hat Enterprise Linux 6.
The libvirt library is a C API for managing and interacting with the virtualization capabilities of Linux and other operating systems. In addition, libvirt provides tools for remote management of virtualized systems. The library provides the libvirtd daemon, which is required for virtualization management of KVM and LXC.
Bug Fixes
Due to a programming error in the initialization code of the libvirtd daemon, the QEMU driver could have failed to find the user or group ID of the qemu application on the system. As a result, libvirtd failed to start. With this update, the error has been corrected and libvirtd now works as expected.
If the QEMU driver failed to update information about currently allocated memory, installing a new virtual machine could have failed with the following error message:
ERROR cannot send monitor command '{"execute":"query-balloon"}': Connection reset by peer
With this update, the driver has been modified to not consider this behavior as fatal. Installation now proceeds and finishes as expected.
All users of libvirt are advised to upgrade to these updated packages, which fix this bug. After installing these updated packages, libvirtd must be restarted. Use the "service libvirtd restart" command for this update to take effect.