1. 24 4月, 2013 3 次提交
  2. 05 4月, 2013 1 次提交
    • P
      rpc: Fix connection close callback race condition and memory corruption/crash · 8ad126e6
      Peter Krempa 提交于
      The last Viktor's effort to fix the race and memory corruption unfortunately
      wasn't complete in the case the close callback was not registered in an
      connection. At that time, the trail of event's that I'll describe later could
      still happen and corrupt the memory or cause a crash of the client (including
      the daemon in case of a p2p migration).
      
      Consider the following prerequisities and trail of events:
      Let's have a remote connection to a hypervisor that doesn't have a close
      callback registered and the client is using the event loop. The crash happens in
      cooperation of 2 threads. Thread E is the event loop and thread W is the worker
      that does some stuff. R denotes the remote client.
      
      1.) W - The client finishes everything and sheds the last reference on the client
      2.) W - The virObject stuff invokes virConnectDispose that invokes doRemoteClose
      3.) W - the remote close method invokes the REMOTE_PROC_CLOSE RPC method.
      4.) W - The thread is preempted at this point.
      5.) R - The remote side receives the close and closes the socket.
      6.) E - poll() wakes up due to the closed socket and invokes the close callback
      7.) E - The event loop is preempted right before remoteClientCloseFunc is called
      8.) W - The worker now finishes, and frees the conn object.
      9.) E - The remoteClientCloseFunc accesses the now-freed conn object in the
              attempt to retrieve pointer for the real close callback.
      10.) Kaboom, corrupted memory/segfault.
      
      This patch tries to fix this by introducing a new object that survives the
      freeing of the connection object. We can't increase the reference count on the
      connection object itself or the connection would never be closed, as the
      connection is closed only when the reference count reaches zero.
      
      The new object - virConnectCloseCallbackData - is a lockable object that keeps
      the pointers to the real user registered callback and ensures that the
      connection callback is either not called if the connection was already freed or
      that the connection isn't freed while this is being called.
      8ad126e6
  3. 16 1月, 2013 1 次提交
  4. 21 12月, 2012 5 次提交
  5. 26 11月, 2012 1 次提交
    • A
      Add private data pointer to virStoragePool and virStorageVol · 2b121dbc
      Ata E Husain Bohra 提交于
      This will simplify the refactoring of the ESX storage driver to support
      a VMFS and an iSCSI backend.
      
      One of the tasks the storage driver needs to do is to decide which backend
      driver needs to be invoked for a given request. This approach extends
      virStoragePool and virStorageVol to store extra parameters:
      
      1. privateData: stores pointer to respective backend storage driver.
      2. privateDataFreeFunc: stores cleanup function pointer.
      
      virGetStoragePool and virGetStorageVol are modfied to accept these extra
      parameters as user params. virStoragePoolDispose and virStorageVolDispose
      checks for cleanup operation if available.
      
      The private data pointer allows the ESX storage driver to store a pointer
      to the used backend with each storage pool and volume. This avoids the need
      to detect the correct backend in each storage driver function call.
      2b121dbc
  6. 21 9月, 2012 1 次提交
  7. 07 8月, 2012 1 次提交
    • D
      Convert public datatypes to inherit from virObject · 46ec5f85
      Daniel P. Berrange 提交于
      This converts the following public API datatypes to use the
      virObject infrastructure:
      
        virConnectPtr
        virDomainPtr
        virDomainSnapshotPtr
        virInterfacePtr
        virNetworkPtr
        virNodeDevicePtr
        virNWFilterPtr
        virSecretPtr
        virStreamPtr
        virStorageVolPtr
        virStoragePoolPtr
      
      The code is significantly simplified, since the mutex in the
      virConnectPtr object now only needs to be held when accessing
      the per-connection virError object instance. All other operations
      are completely lock free.
      
      * src/datatypes.c, src/datatypes.h, src/libvirt.c: Convert
        public datatypes to use virObject
      * src/conf/domain_event.c, src/phyp/phyp_driver.c,
        src/qemu/qemu_command.c, src/qemu/qemu_migration.c,
        src/qemu/qemu_process.c, src/storage/storage_driver.c,
        src/vbox/vbox_tmpl.c, src/xen/xend_internal.c,
        tests/qemuxml2argvtest.c, tests/qemuxmlnstest.c,
        tests/sexpr2xmltest.c, tests/xmconfigtest.c: Convert
        to use virObjectUnref/virObjectRef
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      46ec5f85
  8. 02 8月, 2012 1 次提交
  9. 30 7月, 2012 1 次提交
  10. 27 7月, 2012 1 次提交
    • E
      maint: don't permit format strings without % · 768007ae
      Eric Blake 提交于
      Any time we have a string with no % passed through gettext, a
      translator can inject a % to cause a stack overread.  When there
      is nothing to format, it's easier to ask for a string that cannot
      be used as a formatter, by using a trivial "%s" format instead.
      
      In the past, we have used --disable-nls to catch some of the
      offenders, but that doesn't get run very often, and many more
      uses have crept in.  Syntax check to the rescue!
      
      The syntax check can catch uses such as
      virReportError(code,
                     _("split "
                       "string"));
      by using a sed script to fold context lines into one pattern
      space before checking for a string without %.
      
      This patch is just mechanical insertion of %s; there are probably
      several messages touched by this patch where we would be better
      off giving the user more information than a fixed string.
      
      * cfg.mk (sc_prohibit_diagnostic_without_format): New rule.
      * src/datatypes.c (virUnrefConnect, virGetDomain)
      (virUnrefDomain, virGetNetwork, virUnrefNetwork, virGetInterface)
      (virUnrefInterface, virGetStoragePool, virUnrefStoragePool)
      (virGetStorageVol, virUnrefStorageVol, virGetNodeDevice)
      (virGetSecret, virUnrefSecret, virGetNWFilter, virUnrefNWFilter)
      (virGetDomainSnapshot, virUnrefDomainSnapshot): Add %s wrapper.
      * src/lxc/lxc_driver.c (lxcDomainSetBlkioParameters)
      (lxcDomainGetBlkioParameters): Likewise.
      * src/conf/domain_conf.c (virSecurityDeviceLabelDefParseXML)
      (virDomainDiskDefParseXML, virDomainGraphicsDefParseXML):
      Likewise.
      * src/conf/network_conf.c (virNetworkDNSHostsDefParseXML)
      (virNetworkDefParseXML): Likewise.
      * src/conf/nwfilter_conf.c (virNWFilterIsValidChainName):
      Likewise.
      * src/conf/nwfilter_params.c (virNWFilterVarValueCreateSimple)
      (virNWFilterVarAccessParse): Likewise.
      * src/libvirt.c (virDomainSave, virDomainSaveFlags)
      (virDomainRestore, virDomainRestoreFlags)
      (virDomainSaveImageGetXMLDesc, virDomainSaveImageDefineXML)
      (virDomainCoreDump, virDomainGetXMLDesc)
      (virDomainMigrateVersion1, virDomainMigrateVersion2)
      (virDomainMigrateVersion3, virDomainMigrate, virDomainMigrate2)
      (virStreamSendAll, virStreamRecvAll)
      (virDomainSnapshotGetXMLDesc): Likewise.
      * src/nwfilter/nwfilter_dhcpsnoop.c (virNWFilterSnoopReqLeaseDel)
      (virNWFilterDHCPSnoopReq): Likewise.
      * src/openvz/openvz_driver.c (openvzUpdateDevice): Likewise.
      * src/openvz/openvz_util.c (openvzKBPerPages): Likewise.
      * src/qemu/qemu_cgroup.c (qemuSetupCgroup): Likewise.
      * src/qemu/qemu_command.c (qemuBuildHubDevStr, qemuBuildChrChardevStr)
      (qemuBuildCommandLine): Likewise.
      * src/qemu/qemu_driver.c (qemuDomainGetPercpuStats): Likewise.
      * src/qemu/qemu_hotplug.c (qemuDomainAttachNetDevice): Likewise.
      * src/rpc/virnetsaslcontext.c (virNetSASLSessionGetIdentity):
      Likewise.
      * src/rpc/virnetsocket.c (virNetSocketNewConnectUNIX)
      (virNetSocketSendFD, virNetSocketRecvFD): Likewise.
      * src/storage/storage_backend_disk.c
      (virStorageBackendDiskBuildPool): Likewise.
      * src/storage/storage_backend_fs.c
      (virStorageBackendFileSystemProbe)
      (virStorageBackendFileSystemBuild): Likewise.
      * src/storage/storage_backend_rbd.c
      (virStorageBackendRBDOpenRADOSConn): Likewise.
      * src/storage/storage_driver.c (storageVolumeResize): Likewise.
      * src/test/test_driver.c (testInterfaceChangeBegin)
      (testInterfaceChangeCommit, testInterfaceChangeRollback):
      Likewise.
      * src/vbox/vbox_tmpl.c (vboxListAllDomains): Likewise.
      * src/xenxs/xen_sxpr.c (xenFormatSxprDisk, xenFormatSxpr):
      Likewise.
      * src/xenxs/xen_xm.c (xenXMConfigGetUUID, xenFormatXMDisk)
      (xenFormatXM): Likewise.
      768007ae
  11. 23 7月, 2012 1 次提交
    • O
      Desert the FSF address in copyright · f9ce7dad
      Osier Yang 提交于
      Per the FSF address could be changed from time to time, and GNU
      recommends the following now: (http://www.gnu.org/licenses/gpl-howto.html)
      
        You should have received a copy of the GNU General Public License
        along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
      
      This patch removes the explicit FSF address, and uses above instead
      (of course, with inserting 'Lesser' before 'General').
      
      Except a bunch of files for security driver, all others are changed
      automatically, the copyright for securify files are not complete,
      that's why to do it manually:
      
        src/security/security_selinux.h
        src/security/security_driver.h
        src/security/security_selinux.c
        src/security/security_apparmor.h
        src/security/security_apparmor.c
        src/security/security_driver.c
      f9ce7dad
  12. 28 5月, 2012 1 次提交
    • D
      Santize the reporting of VIR_ERR_INVALID_ERROR · d91f3ef4
      Daniel P. Berrange 提交于
      To ensure consistent error reporting of invalid arguments,
      provide a number of predefined helper methods & macros.
      
       - An arg which must not be NULL:
      
         virCheckNonNullArgReturn(argname, retvalue)
         virCheckNonNullArgGoto(argname, label)
      
       - An arg which must be NULL
      
         virCheckNullArgGoto(argname, label)
      
       - An arg which must be positive (ie 1 or greater)
      
         virCheckPositiveArgGoto(argname, label)
      
       - An arg which must not be 0
      
         virCheckNonZeroArgGoto(argname, label)
      
       - An arg which must be zero
      
         virCheckZeroArgGoto(argname, label)
      
       - An arg which must not be negative (ie 0 or greater)
      
         virCheckNonNegativeArgGoto(argname, label)
      
      * src/libvirt.c, src/libvirt-qemu.c,
        src/nodeinfo.c, src/datatypes.c: Update to use
        virCheckXXXX macros
      * po/POTFILES.in: Add libvirt-qemu.c and virterror_internal.h
      * src/internal.h: Define macros for checking invalid args
      * src/util/virterror_internal.h: Define macros for reporting
        invalid args
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      d91f3ef4
  13. 27 3月, 2012 1 次提交
    • M
      Cleanup for a return statement in source files · 9943276f
      Martin Kletzander 提交于
      Return statements with parameter enclosed in parentheses were modified
      and parentheses were removed. The whole change was scripted, here is how:
      
      List of files was obtained using this command:
      git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' |             \
      grep -e '\.[ch]$' -e '\.py$'
      
      Found files were modified with this command:
      sed -i -e                                                                 \
      's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \
      -e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_'
      
      Then checked for nonsense.
      
      The whole command looks like this:
      git grep -l -e '\<return\s*([^()]*\(([^()]*)[^()]*\)*)\s*;' |             \
      grep -e '\.[ch]$' -e '\.py$' | xargs sed -i -e                            \
      's_^\(.*\<return\)\s*(\(\([^()]*([^()]*)[^()]*\)*\))\s*\(;.*$\)_\1 \2\4_' \
      -e 's_^\(.*\<return\)\s*(\([^()]*\))\s*\(;.*$\)_\1 \2\3_'
      9943276f
  14. 23 3月, 2012 1 次提交
    • D
      Use virURIFree instead of xmlFreeURI · c33dae31
      Daniel P. Berrange 提交于
      Since we defined a custom virURIPtr type, we should use a
      virURIFree method instead of assuming it will always be
      a typedef for xmlURIPtr
      
      * src/util/viruri.c, src/util/viruri.h, src/libvirt_private.syms:
        Add a virURIFree method
      * src/datatypes.c, src/esx/esx_driver.c, src/libvirt.c,
        src/qemu/qemu_migration.c, src/vmx/vmx.c, src/xen/xend_internal.c,
        tests/viruritest.c: s/xmlFreeURI/virURIFree/
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      c33dae31
  15. 23 6月, 2011 1 次提交
    • E
      virStorageVol: avoid PATH_MAX-sized array · aa286e53
      Eric Blake 提交于
      POSIX allows implementations where PATH_MAX is undefined, leading
      to compilation error.  Not to mention that even if it is defined,
      it is often wasteful in relation to the amount of data being stored.
      
      All clients of vol->key were audited, and found not to care about
      whether key is static or dynamic, except for these offenders:
      
      * src/datatypes.h (struct _virStorageVol): Manage key dynamically.
      * src/datatypes.c (virReleaseStorageVol): Free key.
      (virGetStorageVol): Copy key.
      aa286e53
  16. 17 4月, 2011 1 次提交
  17. 21 2月, 2011 2 次提交
    • E
      maint: kill all remaining uses of old DEBUG macro · 994e7567
      Eric Blake 提交于
      Done mechanically with:
      $ git grep -l '\bDEBUG0\? *(' | xargs -L1 sed -i 's/\bDEBUG0\? *(/VIR_&/'
      
      followed by manual deletion of qemudDebug in daemon/libvirtd.c, along
      with a single 'make syntax-check' fallout in the same file, and the
      actual deletion in src/util/logging.h.
      
      * src/util/logging.h (DEBUG, DEBUG0): Delete.
      * daemon/libvirtd.h (qemudDebug): Likewise.
      * global: Change remaining clients over to VIR_DEBUG counterpart.
      994e7567
    • D
      Remove all object hashtable caches from virConnectPtr · 2ff4c137
      Daniel P. Berrange 提交于
      The virConnectPtr struct will cache instances of all other
      objects. APIs like virDomainLookupByUUID will return a
      cached object, so if you do virDomainLookupByUUID twice in
      a row, you'll get the same exact virDomainPtr instance.
      
      This does not have any performance benefit, since the actual
      logic in virDomainLookupByUUID (and other APIs returning
      virDomainPtr, etc instances) is not short-circuited. All
      it does is to ensure there is only one single virDomainPtr
      in existance for any given UUID.
      
      The caching has a number of downsides though, all relating
      to stale data. If APIs aren't careful to always overwrite
      the 'id' field in virDomainPtr it may become out of data.
      Likewise for the name field, if a guest is renamed, or if
      a guest is deleted, and then a new one created with the
      same UUID but different name.
      
      This has been an ongoing, endless source of bugs for all
      applications using libvirt from languages with garbage
      collection, causing them to get virDomainPtr instances
      from long ago with stale data.
      
      The caching is also a waste of memory resources, since
      both applications, and language bindings often maintain
      their own hashtable caches of object instances.
      
      This patch removes all the hash table caching, so all
      APIs return brand new virDomainPtr (etc) object instances.
      
      * src/datatypes.h: Delete all hash tables.
      * src/datatypes.c: Remove all object caching code
      2ff4c137
  18. 18 2月, 2011 2 次提交
  19. 15 2月, 2011 1 次提交
    • C
      add missing error handling to virGetDomain · dad4a3f2
      Christophe Fergeau 提交于
      When creating the virDomain::snapshots hash table, virGetDomain
      wasn't checking if the creation was successful. This would then
      lead to failures in the vir*DomainSnapshot functions. Better to
      report this error early and make virGetDomain fail if the
      snapshots hash couldn't be created.
      * src/datatypes.c: report failure to make a hash table
      dad4a3f2
  20. 30 1月, 2011 1 次提交
    • E
      maint: reject raw close, popen in 'make syntax-check' · 030ce43b
      Eric Blake 提交于
      commit f1fe9671 was supposed to make sure we use files.h
      macros to avoid double close, but it didn't work.
      
      Meanwhile, virCommand is vastly superior to system(), fork(),
      and popen() (also to virExec, but we haven't completed that
      conversion), so enforce that, too.
      
      * cfg.mk (sc_prohibit_close): Fix typo that excluded close, and
      add pclose.
      (sc_prohibit_fork_wrappers): New rule, for fork, system, and popen.
      * .x-sc_prohibit_close: More exemptions.
      * .x-sc_prohibit_fork_wrappers: New file.
      * Makefile.am (syntax_check_exceptions): Ship new file.
      * src/datatypes.c (virReleaseConnect): Tweak comment to avoid
      false positive.
      * src/util/files.h (VIR_CLOSE): Likewise.
      030ce43b
  21. 19 1月, 2011 3 次提交
  22. 15 1月, 2011 1 次提交
    • E
      datatypes: avoid redundant __FUNCTION__ · d9b04947
      Eric Blake 提交于
      virLibConnError already includes __FUNCTION__ in its output, so we
      were redundant.  Furthermore, clang warns that __FUNCTION__ is not
      a string literal (at least __FUNCTION__ will never contain %, so
      it was not a security risk).
      
      * src/datatypes.c: Replace __FUNCTION__ with a descriptive string.
      d9b04947
  23. 25 11月, 2010 1 次提交
    • M
      Always close drivers when a virConnectPtr is released · d8b36749
      Matthias Bolte 提交于
      virConnectClose calls virUnrefConnect which in turn closes
      all open drivers when the refcount of that connection dropped
      to zero. This works fine when you free all other objects that
      hold a ref to the connection before you close it, because in
      this case virUnrefConnect is the one that removes the last
      ref to the connection.
      
      But it doesn't work when you close the connection first before
      freeing the other objects. This is because the other virUnref*
      functions call virReleaseConnect when they detect that the
      connection's refcount dropped to zero. In this case another
      virUnref* function (different from virUnrefConnect) removes the
      last ref to the connection. This results in not closing the
      open drivers and leaking things that should have been cleaned
      up in the driver close functions.
      
      To fix this move the driver close calls to virReleaseConnect.
      d8b36749
  24. 21 6月, 2010 4 次提交
    • J
      Misc cleanups · d147b18d
      Jiri Denemark 提交于
      - Fix documentation for virGetStorageVol: it has 'key' argument instead
        of 'uuid'.
      - Remove TODO comment from virReleaseStorageVol: we use volume key as an
        identifier instead of UUID.
      - Print human-readable UUID string in debug message in virReleaseSecret.
      d147b18d
    • J
      Do not free static buffer with UUID · 72a7f8b2
      Jiri Denemark 提交于
      As anywhere else, uuid is defined as a fixed size array inside
      _virSecret structure; we shouldn't try to free it.
      72a7f8b2
    • J
      Remove unnecessary check for non-NULL uuid · c5ec45a3
      Jiri Denemark 提交于
      The first thing we do in all these functions is to check uuid != NULL
      and fail if it isn't.
      c5ec45a3
    • J
      Index hashes by UUID instead of name · 30ec755e
      Jiri Denemark 提交于
      Per-connection hashes for domains, networks, storage pools and network
      filter pools were indexed by names which was not the best choice. UUIDs
      are better identifiers, so lets use them.
      30ec755e
  25. 13 5月, 2010 1 次提交
  26. 18 4月, 2010 1 次提交
  27. 06 4月, 2010 1 次提交