Skip to content

L
libvirt

openeuler / libvirt

通知 3
Star 0
Fork 0
L
libvirt

体验新版 GitCode,发现更多精彩内容 >>

提交 48b49a63 编写于 作者: D Daniel P. Berrange
浏览文件
操作

Serialize execution of security manager APIs 

Add locking to virSecurityManagerXXX APIs, so that use of the
security drivers is internally serialized. This avoids the need
to rely on the global driver locks to achieve serialization
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
上级 11d92665
显示空白变更内容
内联 并排
Showing with 157 addition and 45 deletion
src/qemu/qemu_conf.h
浏览文件 @ 48b49a63
...@@ -194,7 +194,7 @@ struct _virQEMUDriver { ...@@ -194,7 +194,7 @@ struct _virQEMUDriver {
/* Immutable pointer, self-locking APIs */ /* Immutable pointer, self-locking APIs */
virDomainEventStatePtr domainEventState; virDomainEventStatePtr domainEventState;
/* Immutable pointer. Unsafe APIs. XXX */ /* Immutable pointer. self-locking APIs */
virSecurityManagerPtr securityManager; virSecurityManagerPtr securityManager;
/* Immutable pointers. Requires locks to be held before /* Immutable pointers. Requires locks to be held before
......
src/security/security_manager.c
浏览文件 @ 48b49a63
...@@ -216,8 +216,13 @@ virSecurityManagerGetDriver(virSecurityManagerPtr mgr) ...@@ -216,8 +216,13 @@ virSecurityManagerGetDriver(virSecurityManagerPtr mgr)
const char * const char *
virSecurityManagerGetDOI(virSecurityManagerPtr mgr) virSecurityManagerGetDOI(virSecurityManagerPtr mgr)
{ {
if (mgr->drv->getDOI) if (mgr->drv->getDOI) {
return mgr->drv->getDOI(mgr); const char *ret;
virObjectLock(mgr);
ret = mgr->drv->getDOI(mgr);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return NULL; return NULL;
...@@ -226,8 +231,13 @@ virSecurityManagerGetDOI(virSecurityManagerPtr mgr) ...@@ -226,8 +231,13 @@ virSecurityManagerGetDOI(virSecurityManagerPtr mgr)
const char * const char *
virSecurityManagerGetModel(virSecurityManagerPtr mgr) virSecurityManagerGetModel(virSecurityManagerPtr mgr)
{ {
if (mgr->drv->getModel) if (mgr->drv->getModel) {
return mgr->drv->getModel(mgr); const char *ret;
virObjectLock(mgr);
ret = mgr->drv->getModel(mgr);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return NULL; return NULL;
...@@ -252,8 +262,13 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr, ...@@ -252,8 +262,13 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
virDomainDiskDefPtr disk) virDomainDiskDefPtr disk)
{ {
if (mgr->drv->domainRestoreSecurityImageLabel) if (mgr->drv->domainRestoreSecurityImageLabel) {
return mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainRestoreSecurityImageLabel(mgr, vm, disk);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -262,8 +277,13 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr, ...@@ -262,8 +277,13 @@ int virSecurityManagerRestoreImageLabel(virSecurityManagerPtr mgr,
int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm) virDomainDefPtr vm)
{ {
if (mgr->drv->domainSetSecurityDaemonSocketLabel) if (mgr->drv->domainSetSecurityDaemonSocketLabel) {
return mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityDaemonSocketLabel(mgr, vm);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -272,8 +292,13 @@ int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr, ...@@ -272,8 +292,13 @@ int virSecurityManagerSetDaemonSocketLabel(virSecurityManagerPtr mgr,
int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm) virDomainDefPtr vm)
{ {
if (mgr->drv->domainSetSecuritySocketLabel) if (mgr->drv->domainSetSecuritySocketLabel) {
return mgr->drv->domainSetSecuritySocketLabel(mgr, vm); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecuritySocketLabel(mgr, vm);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -282,8 +307,13 @@ int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr, ...@@ -282,8 +307,13 @@ int virSecurityManagerSetSocketLabel(virSecurityManagerPtr mgr,
int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr, int virSecurityManagerClearSocketLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm) virDomainDefPtr vm)
{ {
if (mgr->drv->domainClearSecuritySocketLabel) if (mgr->drv->domainClearSecuritySocketLabel) {
return mgr->drv->domainClearSecuritySocketLabel(mgr, vm); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainClearSecuritySocketLabel(mgr, vm);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -293,8 +323,13 @@ int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr, ...@@ -293,8 +323,13 @@ int virSecurityManagerSetImageLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
virDomainDiskDefPtr disk) virDomainDiskDefPtr disk)
{ {
if (mgr->drv->domainSetSecurityImageLabel) if (mgr->drv->domainSetSecurityImageLabel) {
return mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityImageLabel(mgr, vm, disk);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -305,8 +340,13 @@ int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr, ...@@ -305,8 +340,13 @@ int virSecurityManagerRestoreHostdevLabel(virSecurityManagerPtr mgr,
virDomainHostdevDefPtr dev, virDomainHostdevDefPtr dev,
const char *vroot) const char *vroot)
{ {
if (mgr->drv->domainRestoreSecurityHostdevLabel) if (mgr->drv->domainRestoreSecurityHostdevLabel) {
return mgr->drv->domainRestoreSecurityHostdevLabel(mgr, vm, dev, vroot); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainRestoreSecurityHostdevLabel(mgr, vm, dev, vroot);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -317,8 +357,13 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr, ...@@ -317,8 +357,13 @@ int virSecurityManagerSetHostdevLabel(virSecurityManagerPtr mgr,
virDomainHostdevDefPtr dev, virDomainHostdevDefPtr dev,
const char *vroot) const char *vroot)
{ {
if (mgr->drv->domainSetSecurityHostdevLabel) if (mgr->drv->domainSetSecurityHostdevLabel) {
return mgr->drv->domainSetSecurityHostdevLabel(mgr, vm, dev, vroot); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityHostdevLabel(mgr, vm, dev, vroot);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -328,8 +373,13 @@ int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr, ...@@ -328,8 +373,13 @@ int virSecurityManagerSetSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
const char *savefile) const char *savefile)
{ {
if (mgr->drv->domainSetSavedStateLabel) if (mgr->drv->domainSetSavedStateLabel) {
return mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSavedStateLabel(mgr, vm, savefile);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -339,8 +389,13 @@ int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr, ...@@ -339,8 +389,13 @@ int virSecurityManagerRestoreSavedStateLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
const char *savefile) const char *savefile)
{ {
if (mgr->drv->domainRestoreSavedStateLabel) if (mgr->drv->domainRestoreSavedStateLabel) {
return mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainRestoreSavedStateLabel(mgr, vm, savefile);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -360,6 +415,7 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, ...@@ -360,6 +415,7 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL) if ((sec_managers = virSecurityManagerGetNested(mgr)) == NULL)
return -1; return -1;
virObjectLock(mgr);
for (i = 0; sec_managers[i]; i++) { for (i = 0; sec_managers[i]; i++) {
seclabel = virDomainDefGetSecurityLabelDef(vm, seclabel = virDomainDefGetSecurityLabelDef(vm,
sec_managers[i]->drv->name); sec_managers[i]->drv->name);
...@@ -395,6 +451,7 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr, ...@@ -395,6 +451,7 @@ int virSecurityManagerGenLabel(virSecurityManagerPtr mgr,
} }
cleanup: cleanup:
virObjectUnlock(mgr);
VIR_FREE(sec_managers); VIR_FREE(sec_managers);
return rc; return rc;
} }
...@@ -403,8 +460,13 @@ int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr, ...@@ -403,8 +460,13 @@ int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
pid_t pid) pid_t pid)
{ {
if (mgr->drv->domainReserveSecurityLabel) if (mgr->drv->domainReserveSecurityLabel) {
return mgr->drv->domainReserveSecurityLabel(mgr, vm, pid); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainReserveSecurityLabel(mgr, vm, pid);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -413,8 +475,13 @@ int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr, ...@@ -413,8 +475,13 @@ int virSecurityManagerReserveLabel(virSecurityManagerPtr mgr,
int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr, int virSecurityManagerReleaseLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm) virDomainDefPtr vm)
{ {
if (mgr->drv->domainReleaseSecurityLabel) if (mgr->drv->domainReleaseSecurityLabel) {
return mgr->drv->domainReleaseSecurityLabel(mgr, vm); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainReleaseSecurityLabel(mgr, vm);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -424,8 +491,13 @@ int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr, ...@@ -424,8 +491,13 @@ int virSecurityManagerSetAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
const char *stdin_path) const char *stdin_path)
{ {
if (mgr->drv->domainSetSecurityAllLabel) if (mgr->drv->domainSetSecurityAllLabel) {
return mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityAllLabel(mgr, vm, stdin_path);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -435,8 +507,13 @@ int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr, ...@@ -435,8 +507,13 @@ int virSecurityManagerRestoreAllLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
int migrated) int migrated)
{ {
if (mgr->drv->domainRestoreSecurityAllLabel) if (mgr->drv->domainRestoreSecurityAllLabel) {
return mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainRestoreSecurityAllLabel(mgr, vm, migrated);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -447,8 +524,13 @@ int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr, ...@@ -447,8 +524,13 @@ int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr,
pid_t pid, pid_t pid,
virSecurityLabelPtr sec) virSecurityLabelPtr sec)
{ {
if (mgr->drv->domainGetSecurityProcessLabel) if (mgr->drv->domainGetSecurityProcessLabel) {
return mgr->drv->domainGetSecurityProcessLabel(mgr, vm, pid, sec); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainGetSecurityProcessLabel(mgr, vm, pid, sec);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -457,8 +539,13 @@ int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr, ...@@ -457,8 +539,13 @@ int virSecurityManagerGetProcessLabel(virSecurityManagerPtr mgr,
int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr, int virSecurityManagerSetProcessLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm) virDomainDefPtr vm)
{ {
if (mgr->drv->domainSetSecurityProcessLabel) if (mgr->drv->domainSetSecurityProcessLabel) {
return mgr->drv->domainSetSecurityProcessLabel(mgr, vm); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityProcessLabel(mgr, vm);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -480,8 +567,13 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr, ...@@ -480,8 +567,13 @@ int virSecurityManagerVerify(virSecurityManagerPtr mgr,
if (secdef == NULL || secdef->model == NULL) if (secdef == NULL || secdef->model == NULL)
return 0; return 0;
if (mgr->drv->domainSecurityVerify) if (mgr->drv->domainSecurityVerify) {
return mgr->drv->domainSecurityVerify(mgr, def); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSecurityVerify(mgr, def);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -491,8 +583,13 @@ int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr, ...@@ -491,8 +583,13 @@ int virSecurityManagerSetImageFDLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
int fd) int fd)
{ {
if (mgr->drv->domainSetSecurityImageFDLabel) if (mgr->drv->domainSetSecurityImageFDLabel) {
return mgr->drv->domainSetSecurityImageFDLabel(mgr, vm, fd); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityImageFDLabel(mgr, vm, fd);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -502,8 +599,13 @@ int virSecurityManagerSetTapFDLabel(virSecurityManagerPtr mgr, ...@@ -502,8 +599,13 @@ int virSecurityManagerSetTapFDLabel(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
int fd) int fd)
{ {
if (mgr->drv->domainSetSecurityTapFDLabel) if (mgr->drv->domainSetSecurityTapFDLabel) {
return mgr->drv->domainSetSecurityTapFDLabel(mgr, vm, fd); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityTapFDLabel(mgr, vm, fd);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return -1; return -1;
...@@ -512,8 +614,13 @@ int virSecurityManagerSetTapFDLabel(virSecurityManagerPtr mgr, ...@@ -512,8 +614,13 @@ int virSecurityManagerSetTapFDLabel(virSecurityManagerPtr mgr,
char *virSecurityManagerGetMountOptions(virSecurityManagerPtr mgr, char *virSecurityManagerGetMountOptions(virSecurityManagerPtr mgr,
virDomainDefPtr vm) virDomainDefPtr vm)
{ {
if (mgr->drv->domainGetSecurityMountOptions) if (mgr->drv->domainGetSecurityMountOptions) {
return mgr->drv->domainGetSecurityMountOptions(mgr, vm); char *ret;
virObjectLock(mgr);
ret = mgr->drv->domainGetSecurityMountOptions(mgr, vm);
virObjectUnlock(mgr);
return ret;
}
virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__); virReportError(VIR_ERR_NO_SUPPORT, __FUNCTION__);
return NULL; return NULL;
...@@ -542,8 +649,13 @@ int virSecurityManagerSetHugepages(virSecurityManagerPtr mgr, ...@@ -542,8 +649,13 @@ int virSecurityManagerSetHugepages(virSecurityManagerPtr mgr,
virDomainDefPtr vm, virDomainDefPtr vm,
const char *path) const char *path)
{ {
if (mgr->drv->domainSetSecurityHugepages) if (mgr->drv->domainSetSecurityHugepages) {
return mgr->drv->domainSetSecurityHugepages(mgr, vm, path); int ret;
virObjectLock(mgr);
ret = mgr->drv->domainSetSecurityHugepages(mgr, vm, path);
virObjectUnlock(mgr);
return ret;
}
return 0; return 0;
} }
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册