[openstack-nova/el6-grizzly] Fix root disk leak in live migration
Xavier Queralt Mateu
xqueralt at fedoraproject.org
Fri Jan 24 10:51:03 UTC 2014
commit 9f57d7c75c45d591061f46fc8192dd7856f652ab
Author: Xavier Queralt <xqueralt at redhat.com>
Date: Fri Jan 24 11:48:14 2014 +0100
Fix root disk leak in live migration
Resolves: CVE-2013-7130
...e-don-t-access-the-net-when-building-docs.patch | 2 +-
...-parallel-install-versions-of-epel-packag.patch | 15 ++-
...oid-code-path-causing-qpid-exchange-leaks.patch | 2 +-
...-add-conf-for-number-of-conductor-workers.patch | 2 +-
...05-Fix-IPAddress-and-CIDR-type-decorators.patch | 2 +-
...006-ensure-we-don-t-boot-oversized-images.patch | 2 +-
...7-remove-the-s-option-on-qemu-img-convert.patch | 2 +-
...ssing-argument-max_size-in-libvirt-driver.patch | 2 +-
0009-libvirt-Fix-root-disk-leak-in-live-mig.patch | 158 ++++++++++++++++++++
openstack-nova.spec | 23 ++-
10 files changed, 193 insertions(+), 17 deletions(-)
---
diff --git a/0001-Ensure-we-don-t-access-the-net-when-building-docs.patch b/0001-Ensure-we-don-t-access-the-net-when-building-docs.patch
index 2ac4b38..12fd568 100644
--- a/0001-Ensure-we-don-t-access-the-net-when-building-docs.patch
+++ b/0001-Ensure-we-don-t-access-the-net-when-building-docs.patch
@@ -1,4 +1,4 @@
-From d5f80b1fed505beb4d721ca8c421bc7f052a12b3 Mon Sep 17 00:00:00 2001
+From 198e7c0911081a1cc16ae9687ef35a67891426bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Fri, 6 Jan 2012 12:16:34 +0000
Subject: [PATCH] Ensure we don't access the net when building docs
diff --git a/openstack-nova-newdeps.patch b/0002-Use-updated-parallel-install-versions-of-epel-packag.patch
similarity index 77%
rename from openstack-nova-newdeps.patch
rename to 0002-Use-updated-parallel-install-versions-of-epel-packag.patch
index 916cd60..0fb6dd6 100644
--- a/openstack-nova-newdeps.patch
+++ b/0002-Use-updated-parallel-install-versions-of-epel-packag.patch
@@ -1,3 +1,16 @@
+From 81db8e440da43de6205c2bfcedf9ccdff4c5dbe4 Mon Sep 17 00:00:00 2001
+From: Xavier Queralt <xqueralt at redhat.com>
+Date: Fri, 24 Jan 2014 11:46:59 +0100
+Subject: [PATCH] Use updated parallel install versions of epel package
+
+Use SQLAlchemy >= 0.6.3 WebOb >= 1.0 Routes >= 1.12.3 PasteDeploy >= 1.5.0
+and depend on the parallel installable versions of these packages to satisfy
+those requirements.
+---
+ nova/__init__.py | 30 ++++++++++++++++++++++++++++++
+ nova/db/sqlalchemy/migration.py | 8 +++++++-
+ 2 files changed, 37 insertions(+), 1 deletion(-)
+
diff --git a/nova/__init__.py b/nova/__init__.py
index a9eca48..9bf9c4d 100644
--- a/nova/__init__.py
@@ -40,7 +53,7 @@ index a9eca48..9bf9c4d 100644
import gettext
diff --git a/nova/db/sqlalchemy/migration.py b/nova/db/sqlalchemy/migration.py
-index dbc1ed4..0260be0 100644
+index 421167b..0c8b31b 100644
--- a/nova/db/sqlalchemy/migration.py
+++ b/nova/db/sqlalchemy/migration.py
@@ -56,7 +56,13 @@ if (not hasattr(migrate, '__version__') or
diff --git a/0002-avoid-code-path-causing-qpid-exchange-leaks.patch b/0003-avoid-code-path-causing-qpid-exchange-leaks.patch
similarity index 94%
rename from 0002-avoid-code-path-causing-qpid-exchange-leaks.patch
rename to 0003-avoid-code-path-causing-qpid-exchange-leaks.patch
index f674b14..e8448fa 100644
--- a/0002-avoid-code-path-causing-qpid-exchange-leaks.patch
+++ b/0003-avoid-code-path-causing-qpid-exchange-leaks.patch
@@ -1,4 +1,4 @@
-From 6f11da70b5b55594987f72d5e5df261547e1e07b Mon Sep 17 00:00:00 2001
+From 9c49edca03cf17f3f2b307ff6522e618baf58e12 Mon Sep 17 00:00:00 2001
From: Nikola Dipanov <ndipanov at redhat.com>
Date: Wed, 17 Jul 2013 18:19:14 +0200
Subject: [PATCH] avoid code path causing qpid exchange leaks
diff --git a/0003-add-conf-for-number-of-conductor-workers.patch b/0004-add-conf-for-number-of-conductor-workers.patch
similarity index 98%
rename from 0003-add-conf-for-number-of-conductor-workers.patch
rename to 0004-add-conf-for-number-of-conductor-workers.patch
index b9dd4bf..73625e1 100644
--- a/0003-add-conf-for-number-of-conductor-workers.patch
+++ b/0004-add-conf-for-number-of-conductor-workers.patch
@@ -1,4 +1,4 @@
-From ef488a7e3dd6b2b0b48f1aebb5348c538d52e7f9 Mon Sep 17 00:00:00 2001
+From 2eb6e39c2e846a5002f564437f398a263a1722dc Mon Sep 17 00:00:00 2001
From: Peter Feiner <peter at gridcentric.ca>
Date: Tue, 28 May 2013 11:31:01 -0500
Subject: [PATCH] add conf for number of conductor workers
diff --git a/0004-Fix-IPAddress-and-CIDR-type-decorators.patch b/0005-Fix-IPAddress-and-CIDR-type-decorators.patch
similarity index 96%
rename from 0004-Fix-IPAddress-and-CIDR-type-decorators.patch
rename to 0005-Fix-IPAddress-and-CIDR-type-decorators.patch
index c824542..5e02172 100644
--- a/0004-Fix-IPAddress-and-CIDR-type-decorators.patch
+++ b/0005-Fix-IPAddress-and-CIDR-type-decorators.patch
@@ -1,4 +1,4 @@
-From 341fec8da8a30119031703ac288b2389fbe465d9 Mon Sep 17 00:00:00 2001
+From dfe7b98d10bcca5f2050a3b97552626ffc586186 Mon Sep 17 00:00:00 2001
From: Roman Podolyaka <rpodolyaka at mirantis.com>
Date: Mon, 15 Jul 2013 16:47:14 +0300
Subject: [PATCH] Fix IPAddress and CIDR type decorators
diff --git a/0005-ensure-we-don-t-boot-oversized-images.patch b/0006-ensure-we-don-t-boot-oversized-images.patch
similarity index 99%
rename from 0005-ensure-we-don-t-boot-oversized-images.patch
rename to 0006-ensure-we-don-t-boot-oversized-images.patch
index e5d9c37..6717553 100644
--- a/0005-ensure-we-don-t-boot-oversized-images.patch
+++ b/0006-ensure-we-don-t-boot-oversized-images.patch
@@ -1,4 +1,4 @@
-From ea7b67375d1027d40a266e05ee3ee2cc1c24d9af Mon Sep 17 00:00:00 2001
+From 1ef18c3dbec9cd101f4a39bb1b6abced485bf43d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?P=C3=A1draig=20Brady?= <pbrady at redhat.com>
Date: Fri, 27 Sep 2013 04:07:14 +0100
Subject: [PATCH] ensure we don't boot oversized images
diff --git a/0006-remove-the-s-option-on-qemu-img-convert.patch b/0007-remove-the-s-option-on-qemu-img-convert.patch
similarity index 96%
rename from 0006-remove-the-s-option-on-qemu-img-convert.patch
rename to 0007-remove-the-s-option-on-qemu-img-convert.patch
index 1b655aa..8b2d576 100644
--- a/0006-remove-the-s-option-on-qemu-img-convert.patch
+++ b/0007-remove-the-s-option-on-qemu-img-convert.patch
@@ -1,4 +1,4 @@
-From 141e1eaee9fc9aa8e9cab8f0c707e40ea6b3a979 Mon Sep 17 00:00:00 2001
+From 5259fea42d5814b418475bc66b2f522a7a9906ea Mon Sep 17 00:00:00 2001
From: Vladan Popovic <vpopovic at redhat.com>
Date: Wed, 9 Oct 2013 15:33:33 +0200
Subject: [PATCH] remove the -s option on qemu-img convert
diff --git a/0007-Add-missing-argument-max_size-in-libvirt-driver.patch b/0008-Add-missing-argument-max_size-in-libvirt-driver.patch
similarity index 97%
rename from 0007-Add-missing-argument-max_size-in-libvirt-driver.patch
rename to 0008-Add-missing-argument-max_size-in-libvirt-driver.patch
index e30a0fc..805dc40 100644
--- a/0007-Add-missing-argument-max_size-in-libvirt-driver.patch
+++ b/0008-Add-missing-argument-max_size-in-libvirt-driver.patch
@@ -1,4 +1,4 @@
-From dc0999ec4a9e39a795568d78d4ba43dcf505c79d Mon Sep 17 00:00:00 2001
+From 18c83e0f7694374e594ef6e3d360e01573527c1e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gon=C3=A9ri=20Le=20Bouder?= <goneri.lebouder at enovance.com>
Date: Tue, 19 Nov 2013 11:30:08 +0100
Subject: [PATCH] Add missing argument max_size in libvirt driver
diff --git a/0009-libvirt-Fix-root-disk-leak-in-live-mig.patch b/0009-libvirt-Fix-root-disk-leak-in-live-mig.patch
new file mode 100644
index 0000000..348a833
--- /dev/null
+++ b/0009-libvirt-Fix-root-disk-leak-in-live-mig.patch
@@ -0,0 +1,158 @@
+From 45a243ee78a384a1e3a83bac47f6db6ed940c062 Mon Sep 17 00:00:00 2001
+From: Nikola Dipanov <ndipanov at redhat.com>
+Date: Tue, 10 Dec 2013 17:43:17 +0100
+Subject: [PATCH] libvirt: Fix root disk leak in live mig
+
+This patch makes sure that i_create_images_and_backing method of the
+libvirt driver (called in several places, but most problematic one is
+the call in the pre_live_migration method) creates all the files the
+instance needs that are not present.
+
+Prioir to this patch - the method would only attempt to download the
+image, and if it did so with the path of the ephemeral drives, it could
+expose the image to other users as an ephemeral devices. See the related
+bug for more detaiis.
+
+After this patch - we properly distinguish between image, ephemeral and
+swap files, and make sure that the imagebackend does the correct thing.
+
+Closes-bug: #1251590
+
+Co-authored-by: Loganathan Parthipan <parthipan at hp.com>
+
+This patch also includes part of commit
+65386c91910ee03d947c2b8bcc226a53c30e060a, not cherry-picked as a whole
+due to the fact that it is a trivial change, and to avoud the
+proliferation of patches needed to fix this bug.
+
+Change-Id: I78aa2f4243899db4f4941e77014a7e18e27fc63e
+(cherry picked from commit c69a619668b5f44e94a8fe1a23f3d887ba2834d7)
+
+Conflicts:
+ nova/tests/test_libvirt.py
+ nova/virt/libvirt/driver.py
+---
+ nova/tests/test_libvirt.py | 63 +++++++++++++++++++++++++++++++++++++++++++++
+ nova/virt/libvirt/driver.py | 31 +++++++++++++++-------
+ 2 files changed, 85 insertions(+), 9 deletions(-)
+
+diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
+index 75c01a8..94f17f5 100644
+--- a/nova/tests/test_libvirt.py
++++ b/nova/tests/test_libvirt.py
+@@ -2346,6 +2346,69 @@ class LibvirtConnTestCase(test.TestCase):
+
+ db.instance_destroy(self.context, instance_ref['uuid'])
+
++ def test_create_images_and_backing(self):
++ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
++ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
++ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'create_image')
++
++ libvirt_driver.libvirt_utils.create_image(mox.IgnoreArg(),
++ mox.IgnoreArg(),
++ mox.IgnoreArg())
++ conn._fetch_instance_kernel_ramdisk(self.context, self.test_instance)
++ self.mox.ReplayAll()
++
++ self.stubs.Set(os.path, 'exists', lambda *args: False)
++ disk_info_json = jsonutils.dumps([{'path': 'foo', 'type': None,
++ 'disk_size': 0,
++ 'backing_file': None}])
++ conn._create_images_and_backing(self.context, self.test_instance,
++ "/fake/instance/dir", disk_info_json)
++
++ def test_create_images_and_backing_ephemeral_gets_created(self):
++ conn = libvirt_driver.LibvirtDriver(fake.FakeVirtAPI(), False)
++ disk_info_json = jsonutils.dumps(
++ [{u'backing_file': u'fake_image_backing_file',
++ u'disk_size': 10747904,
++ u'path': u'disk_path',
++ u'type': u'qcow2',
++ u'virt_disk_size': 25165824},
++ {u'backing_file': u'ephemeral_1_default',
++ u'disk_size': 393216,
++ u'over_committed_disk_size': 1073348608,
++ u'path': u'disk_eph_path',
++ u'type': u'qcow2',
++ u'virt_disk_size': 1073741824}])
++
++ base_dir = os.path.join(CONF.instances_path, '_base')
++ ephemeral_target = os.path.join(base_dir, 'ephemeral_1_default')
++ image_target = os.path.join(base_dir, 'fake_image_backing_file')
++ self.test_instance.update({'name': 'fake_instance',
++ 'user_id': 'fake-user',
++ 'os_type': None,
++ 'project_id': 'fake-project'})
++
++ self.mox.StubOutWithMock(libvirt_driver.libvirt_utils, 'fetch_image')
++ self.mox.StubOutWithMock(conn, '_create_ephemeral')
++ self.mox.StubOutWithMock(conn, '_fetch_instance_kernel_ramdisk')
++
++ conn._create_ephemeral(
++ target=ephemeral_target,
++ ephemeral_size=self.test_instance['ephemeral_gb'],
++ max_size=mox.IgnoreArg(), os_type=mox.IgnoreArg(),
++ fs_label=mox.IgnoreArg())
++ libvirt_driver.libvirt_utils.fetch_image(context=self.context,
++ image_id=mox.IgnoreArg(),
++ user_id=mox.IgnoreArg(), project_id=mox.IgnoreArg(),
++ max_size=mox.IgnoreArg(), target=image_target)
++ conn._fetch_instance_kernel_ramdisk(
++ self.context, self.test_instance).AndReturn(None)
++
++ self.mox.ReplayAll()
++
++ conn._create_images_and_backing(self.context, self.test_instance,
++ "/fake/instance/dir",
++ disk_info_json)
++
+ def test_pre_live_migration_works_correctly_mocked(self):
+ # Creating testdata
+ vol = {'block_device_mapping': [
+diff --git a/nova/virt/libvirt/driver.py b/nova/virt/libvirt/driver.py
+index ff1117c..2be1767 100755
+--- a/nova/virt/libvirt/driver.py
++++ b/nova/virt/libvirt/driver.py
+@@ -3305,19 +3305,32 @@ class LibvirtDriver(driver.ComputeDriver):
+ elif info['backing_file']:
+ # Creating backing file follows same way as spawning instances.
+ cache_name = os.path.basename(info['backing_file'])
+- # Remove any size tags which the cache manages
+- cache_name = cache_name.split('_')[0]
+
+ image = self.image_backend.image(instance,
+ instance_disk,
+ CONF.libvirt_images_type)
+- image.cache(fetch_func=libvirt_utils.fetch_image,
+- context=ctxt,
+- filename=cache_name,
+- image_id=instance['image_ref'],
+- user_id=instance['user_id'],
+- project_id=instance['project_id'],
+- size=info['virt_disk_size'])
++ if cache_name.startswith('ephemeral'):
++ image.cache(fetch_func=self._create_ephemeral,
++ fs_label=cache_name,
++ os_type=instance["os_type"],
++ filename=cache_name,
++ size=info['virt_disk_size'],
++ ephemeral_size=instance['ephemeral_gb'])
++ elif cache_name.startswith('swap'):
++ inst_type = flavors.extract_flavor(instance)
++ swap_mb = inst_type['swap']
++ image.cache(fetch_func=self._create_swap,
++ filename="swap_%s" % swap_mb,
++ size=swap_mb * unit.Mi,
++ swap_mb=swap_mb)
++ else:
++ image.cache(fetch_func=libvirt_utils.fetch_image,
++ context=ctxt,
++ filename=cache_name,
++ image_id=instance['image_ref'],
++ user_id=instance['user_id'],
++ project_id=instance['project_id'],
++ size=info['virt_disk_size'])
+
+ # if image has kernel and ramdisk, just download
+ # following normal way.
diff --git a/openstack-nova.spec b/openstack-nova.spec
index 278518a..d36e560 100644
--- a/openstack-nova.spec
+++ b/openstack-nova.spec
@@ -2,7 +2,7 @@
Name: openstack-nova
Version: 2013.1.4
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: OpenStack Compute (nova)
Group: Applications/System
@@ -53,15 +53,16 @@ Source30: openstack-nova-novncproxy.sysconfig
# patches_base=2013.1.4
#
Patch0001: 0001-Ensure-we-don-t-access-the-net-when-building-docs.patch
-Patch0002: 0002-avoid-code-path-causing-qpid-exchange-leaks.patch
-Patch0003: 0003-add-conf-for-number-of-conductor-workers.patch
-Patch0004: 0004-Fix-IPAddress-and-CIDR-type-decorators.patch
-Patch0005: 0005-ensure-we-don-t-boot-oversized-images.patch
-Patch0006: 0006-remove-the-s-option-on-qemu-img-convert.patch
-Patch0007: 0007-Add-missing-argument-max_size-in-libvirt-driver.patch
+Patch0002: 0002-Use-updated-parallel-install-versions-of-epel-packag.patch
+Patch0003: 0003-avoid-code-path-causing-qpid-exchange-leaks.patch
+Patch0004: 0004-add-conf-for-number-of-conductor-workers.patch
+Patch0005: 0005-Fix-IPAddress-and-CIDR-type-decorators.patch
+Patch0006: 0006-ensure-we-don-t-boot-oversized-images.patch
+Patch0007: 0007-remove-the-s-option-on-qemu-img-convert.patch
+Patch0008: 0008-Add-missing-argument-max_size-in-libvirt-driver.patch
+Patch0009: 0009-libvirt-Fix-root-disk-leak-in-live-mig.patch
# This is EPEL specific and not upstream
-Patch100: openstack-nova-newdeps.patch
BuildArch: noarch
BuildRequires: intltool
@@ -428,9 +429,10 @@ This package contains documentation files for nova.
%patch0005 -p1
%patch0006 -p1
%patch0007 -p1
+%patch0008 -p1
+%patch0009 -p1
# Apply EPEL patch
-%patch100 -p1
find . \( -name .gitignore -o -name .placeholder \) -delete
@@ -877,6 +879,9 @@ fi
%endif
%changelog
+* Fri Jan 24 2014 Xavier Queralt <xqueralt@@redhat.com> - 2013.1.4-6
+- Fix root disk leak in live migration - CVE-2013-7130
+
* Tue Dec 17 2013 Xavier Queralt <xqueralt at redhat.com> - 2013.1.4-5
- Fix booting of instances with extra ephemeral or swap disks
More information about the scm-commits
mailing list