static int CVE_2013_6456_libvirt1_1_0_lxcDomainDetachDeviceHostdevMiscLive(virDomainObjPtr vm, virDomainDeviceDefPtr dev) { virLXCDomainObjPrivatePtr priv = vm->privateData; virDomainHostdevDefPtr def = NULL; int i, ret = -1; char *dst = NULL; if (!priv->initpid) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("Cannot attach disk until init PID is known")); goto cleanup; } if ((i = virDomainHostdevFind(vm->def, dev->data.hostdev, &def)) < 0) { virReportError(VIR_ERR_OPERATION_FAILED, _("hostdev %s not found"), dev->data.hostdev->source.caps.u.misc.chardev); goto cleanup; } if (virAsprintf(&dst, "/proc/%llu/root/%s", (unsigned long long)priv->initpid, def->source.caps.u.misc.chardev) < 0) { virReportOOMError(); goto cleanup; } if (!virCgroupHasController(priv->cgroup, VIR_CGROUP_CONTROLLER_DEVICES)) { virReportError(VIR_ERR_OPERATION_INVALID, "%s", _("devices cgroup isn't mounted")); goto cleanup; } VIR_DEBUG("Unlinking %s", dst); if (unlink(dst) < 0 && errno != ENOENT) { virDomainAuditHostdev(vm, def, "detach", false); virReportSystemError(errno, _("Unable to remove device %s"), dst); goto cleanup; } virDomainAuditHostdev(vm, def, "detach", true); if (virCgroupDenyDevicePath(priv->cgroup, def->source.caps.u.misc.chardev, VIR_CGROUP_DEVICE_RWM) != 0) VIR_WARN("cannot deny device %s for domain %s", def->source.caps.u.misc.chardev, vm->def->name); virDomainHostdevRemove(vm->def, i); virDomainHostdevDefFree(def); ret = 0; cleanup: VIR_FREE(dst); return ret; }
static void myCleanup(void) { size_t i; for (i = 0; i < nhostdevs; i++) { virPCIDeviceFree(dev[i]); virDomainHostdevDefFree(hostdevs[i]); } if (mgr) { virObjectUnref(mgr->activePCIHostdevs); virObjectUnref(mgr->inactivePCIHostdevs); virObjectUnref(mgr->activeUSBHostdevs); VIR_FREE(mgr->stateDir); VIR_FREE(mgr); } }
static virDomainHostdevDefPtr lxcCreateHostdevDef(int mode, int type, const char *data) { virDomainHostdevDefPtr hostdev = virDomainHostdevDefAlloc(NULL); if (!hostdev) return NULL; hostdev->mode = mode; hostdev->source.caps.type = type; if (type == VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET && VIR_STRDUP(hostdev->source.caps.u.net.iface, data) < 0) { virDomainHostdevDefFree(hostdev); hostdev = NULL; } return hostdev; }
static void myCleanup(void) { size_t i; for (i = 0; i < nhostdevs; i++) { virPCIDeviceFree(dev[i]); virDomainHostdevDefFree(hostdevs[i]); } if (mgr) { if (!getenv("LIBVIRT_SKIP_CLEANUP")) virFileDeleteTree(mgr->stateDir); virObjectUnref(mgr->activePCIHostdevs); virObjectUnref(mgr->inactivePCIHostdevs); virObjectUnref(mgr->activeUSBHostdevs); VIR_FREE(mgr->stateDir); VIR_FREE(mgr); } }
static int xenParseXLUSB(virConfPtr conf, virDomainDefPtr def) { virConfValuePtr list = virConfGetValue(conf, "usbdev"); virDomainHostdevDefPtr hostdev = NULL; if (list && list->type == VIR_CONF_LIST) { list = list->list; while (list) { char bus[3]; char device[3]; char *key; int busNum; int devNum; bus[0] = device[0] = '\0'; if ((list->type != VIR_CONF_STRING) || (list->str == NULL)) goto skipusb; /* usbdev=['hostbus=1,hostaddr=3'] */ key = list->str; while (key) { char *data; char *nextkey = strchr(key, ','); if (!(data = strchr(key, '='))) goto skipusb; data++; if (STRPREFIX(key, "hostbus=")) { int len = nextkey ? (nextkey - data) : sizeof(bus) - 1; if (virStrncpy(bus, data, len, sizeof(bus)) == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("bus %s too big for destination"), data); goto skipusb; } } else if (STRPREFIX(key, "hostaddr=")) { int len = nextkey ? (nextkey - data) : sizeof(device) - 1; if (virStrncpy(device, data, len, sizeof(device)) == NULL) { virReportError(VIR_ERR_INTERNAL_ERROR, _("device %s too big for destination"), data); goto skipusb; } } while (nextkey && (nextkey[0] == ',' || nextkey[0] == ' ' || nextkey[0] == '\t')) nextkey++; key = nextkey; } if (virStrToLong_i(bus, NULL, 16, &busNum) < 0) goto skipusb; if (virStrToLong_i(device, NULL, 16, &devNum) < 0) goto skipusb; if (!(hostdev = virDomainHostdevDefAlloc(NULL))) return -1; hostdev->managed = false; hostdev->source.subsys.type = VIR_DOMAIN_HOSTDEV_SUBSYS_TYPE_USB; hostdev->source.subsys.u.usb.bus = busNum; hostdev->source.subsys.u.usb.device = devNum; if (VIR_APPEND_ELEMENT(def->hostdevs, def->nhostdevs, hostdev) < 0) { virDomainHostdevDefFree(hostdev); return -1; } skipusb: list = list->next; } } return 0; }
static int lxcAddNetworkDefinition(lxcNetworkParseData *data) { virDomainNetDefPtr net = NULL; virDomainHostdevDefPtr hostdev = NULL; bool isPhys, isVlan = false; size_t i; if ((data->type == NULL) || STREQ(data->type, "empty") || STREQ(data->type, "") || STREQ(data->type, "none")) return 0; isPhys = STREQ(data->type, "phys"); isVlan = STREQ(data->type, "vlan"); if (data->type != NULL && (isPhys || isVlan)) { if (!data->link) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", _("Missing 'link' attribute for NIC")); goto error; } if (!(hostdev = lxcCreateHostdevDef(VIR_DOMAIN_HOSTDEV_MODE_CAPABILITIES, VIR_DOMAIN_HOSTDEV_CAPS_TYPE_NET, data->link))) goto error; /* This still requires the user to manually setup the vlan interface * on the host */ if (isVlan && data->vlanid) { VIR_FREE(hostdev->source.caps.u.net.iface); if (virAsprintf(&hostdev->source.caps.u.net.iface, "%s.%s", data->link, data->vlanid) < 0) goto error; } hostdev->source.caps.u.net.ips = data->ips; hostdev->source.caps.u.net.nips = data->nips; if (data->gateway_ipv4 && lxcAddNetworkRouteDefinition(data->gateway_ipv4, AF_INET, &hostdev->source.caps.u.net.routes, &hostdev->source.caps.u.net.nroutes) < 0) goto error; if (data->gateway_ipv6 && lxcAddNetworkRouteDefinition(data->gateway_ipv6, AF_INET6, &hostdev->source.caps.u.net.routes, &hostdev->source.caps.u.net.nroutes) < 0) goto error; if (VIR_EXPAND_N(data->def->hostdevs, data->def->nhostdevs, 1) < 0) goto error; data->def->hostdevs[data->def->nhostdevs - 1] = hostdev; } else { if (!(net = lxcCreateNetDef(data->type, data->link, data->mac, data->flag, data->macvlanmode, data->name))) goto error; net->ips = data->ips; net->nips = data->nips; if (data->gateway_ipv4 && lxcAddNetworkRouteDefinition(data->gateway_ipv4, AF_INET, &net->routes, &net->nroutes) < 0) goto error; if (data->gateway_ipv6 && lxcAddNetworkRouteDefinition(data->gateway_ipv6, AF_INET6, &net->routes, &net->nroutes) < 0) goto error; if (VIR_EXPAND_N(data->def->nets, data->def->nnets, 1) < 0) goto error; data->def->nets[data->def->nnets - 1] = net; } return 1; error: for (i = 0; i < data->nips; i++) VIR_FREE(data->ips[i]); VIR_FREE(data->ips); virDomainNetDefFree(net); virDomainHostdevDefFree(hostdev); return -1; }