1. 14 7月, 2017 2 次提交
  2. 25 6月, 2017 1 次提交
    • J
      events: Avoid double free possibility on remote call failure · 2065499b
      John Ferlan 提交于
      If a remote call fails during event registration (more than likely from
      a network failure or remote libvirtd restart timed just right), then when
      calling the virObjectEventStateDeregisterID we don't want to call the
      registered @freecb function because that breaks our contract that we
      would only call it after succesfully returning.  If the @freecb routine
      were called, it could result in a double free from properly coded
      applications that free their opaque data on failure to register, as seen
      in the following details:
      
          Program terminated with signal 6, Aborted.
          #0  0x00007fc45cba15d7 in raise
          #1  0x00007fc45cba2cc8 in abort
          #2  0x00007fc45cbe12f7 in __libc_message
          #3  0x00007fc45cbe86d3 in _int_free
          #4  0x00007fc45d8d292c in PyDict_Fini
          #5  0x00007fc45d94f46a in Py_Finalize
          #6  0x00007fc45d960735 in Py_Main
          #7  0x00007fc45cb8daf5 in __libc_start_main
          #8  0x0000000000400721 in _start
      
      The double dereference of 'pyobj_cbData' is triggered in the following way:
      
          (1) libvirt_virConnectDomainEventRegisterAny is invoked.
          (2) the event is successfully added to the event callback list
              (virDomainEventStateRegisterClient in
              remoteConnectDomainEventRegisterAny returns 1 which means ok).
          (3) when function remoteConnectDomainEventRegisterAny is hit,
              network connection disconnected coincidently (or libvirtd is
              restarted) in the context of function 'call' then the connection
              is lost and the function 'call' failed, the branch
              virObjectEventStateDeregisterID is therefore taken.
          (4) 'pyobj_conn' is dereferenced the 1st time in
              libvirt_virConnectDomainEventFreeFunc.
          (5) 'pyobj_cbData' (refered to pyobj_conn) is dereferenced the
               2nd time in libvirt_virConnectDomainEventRegisterAny.
          (6) the double free error is triggered.
      
      Resolve this by adding a @doFreeCb boolean in order to avoid calling the
      freeCb in virObjectEventStateDeregisterID for any remote call failure in
      a remoteConnect*EventRegister* API. For remoteConnect*EventDeregister* calls,
      the passed value would be true indicating they should run the freecb if it
      exists; whereas, it's false for the remote call failure path.
      
      Patch based on the investigation and initial patch posted by
      fangying <fangying1@huawei.com>.
      2065499b
  3. 27 4月, 2017 2 次提交
  4. 10 1月, 2017 1 次提交
  5. 09 1月, 2017 2 次提交
  6. 24 6月, 2016 1 次提交
    • J
      secret: Move virStorageSecretType and rename · 1eca5f65
      John Ferlan 提交于
      Move the enum into a new src/util/virsecret.h, rename it to be
      virSecretLookupType. Add a src/util/virsecret.h in order to perform
      a couple of simple operations on the secret XML and virSecretLookupTypeDef
      for clearing and copying.
      
      This includes quite a bit of collateral damage, but the goal is to remove
      the "virStorage*" and replace with the virSecretLookupType so that it's
      easier to to add new lookups that aren't necessarily storage pool related.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      1eca5f65
  7. 16 5月, 2016 2 次提交
    • J
      secret: Alter virSecretGetSecretString · abd2272c
      John Ferlan 提交于
      Rather than returning a "char *" indicating perhaps some sized set of
      characters that is NUL terminated, alter the function to return 0 or -1
      for success/failure and add two parameters to handle returning the
      buffer and it's size.
      
      The function no longer encodes the returned secret, rather it returns
      the unencoded secret forcing callers to make the necessary adjustments.
      
      Alter the callers to handle the adjusted model.
      Signed-off-by: NJohn Ferlan <jferlan@redhat.com>
      abd2272c
    • P
      secret: util: Refactor virSecretGetSecretString · 1d632c39
      Peter Krempa 提交于
      Call the internal driver callbacks rather than the public APIs to avoid
      calling unnecessarily the error dispatching code and don't overwrite
      the error messages provided by the APIs. They are good enough to
      describe which secret is missing either by UUID or the usage (basically
      name).
      1d632c39
  8. 26 4月, 2016 9 次提交
    • J
      secret: Change virSecretDef variable names · 662bf30c
      John Ferlan 提交于
      Change 'ephemeral' to 'isephemeral' and 'private' to 'isprivate' since
      both are bools.
      662bf30c
    • J
      secret: Introduce virSecretObjGetValue and virSecretObjGetValueSize · 43d3e3c1
      John Ferlan 提交于
      Introduce the final accessor's to _virSecretObject data and move the
      structure from virsecretobj.h to virsecretobj.c
      
      The virSecretObjSetValue logic will handle setting both the secret
      value and the value_size. Some slight adjustments to the error path
      over what was in secretSetValue were made.
      
      Additionally, a slight logic change in secretGetValue where we'll
      check for the internalFlags and error out before checking for
      and erroring out for a NULL secret->value. That way, it won't be
      obvious to anyone that the secret value wasn't set rather they'll
      just know they cannot get the secret value since it's private.
      43d3e3c1
    • J
      secret: Introduce virSecretObj{Get|Set}Def · 9e1e5621
      John Ferlan 提交于
      Introduce fetch and set accessor to the secretObj->def field for usage
      by the driver to avoid the driver needing to know the format of virSecretObj
      9e1e5621
    • J
      secret: Introduce virSecretObjSave{Config|Data} · ac9ffd60
      John Ferlan 提交于
      Move and rename the secretRewriteFile, secretSaveDef, and secretSaveValue
      from secret_driver to virsecretobj
      
      Need to make some slight adjustments since the secretSave* functions
      called secretEnsureDirectory, but otherwise mostly just a move of code.
      ac9ffd60
    • J
      secret: Introduce virSecretObjDelete{Config|Data} · d467ac07
      John Ferlan 提交于
      Move and rename secretDeleteSaved from secret_driver into virsecretobj and
      split it up into two parts since there is error path code that looks to
      just delete the secret data file
      d467ac07
    • J
      secret: Move and rename secretLoadAllConfigs · 85ec94f8
      John Ferlan 提交于
      Move to secret_conf.c and rename to virSecretLoadAllConfigs. Also includes
      moving/renaming the supporting virSecretLoad, virSecretLoadValue, and
      virSecretLoadValidateUUID.
      85ec94f8
    • J
      secret: Use the hashed virSecretObjList · 993f9128
      John Ferlan 提交于
      This patch replaces most of the guts of secret_driver.c with recently
      added secret_conf.c APIs in order manage secret lists and objects
      using the hashed virSecretObjList* lookup API's.
      993f9128
    • J
      secret: Introduce virSecretUsageIDForDef · 615c8cce
      John Ferlan 提交于
      Move the driver specific secretUsageIDForDef into secret_conf.c. It could
      be more of a general purpose API.
      615c8cce
    • J
      secret: Create virsecretobj.c and virsecretconf.h · 4652b158
      John Ferlan 提交于
      Move virSecretObj from secret_driver.c to virsecretobj.h
      
      To support being able to create a hashed secrets list, move the
      virSecretObj to virsecretobj.h so that the code can at least find
      the definition.
      
      This should be a temporary situation while the virsecretobj.c code
      is patched in order to support a hashed secret object while still
      having the linked list support in secret_driver.c. Eventually, the
      goal is to move the virSecretObj into virsecretobj.c, although it
      is notable that the existing model from which virSecretObj was
      derived has virDomainObj in src/conf/domain_conf.h and virNetworkObj
      in src/conf/network_conf.h, so virSecretObj wouldn't be unique if
      it were to remain in virsecretobj.h  Still adding accessors to fetch
      and store hashed object data will be the end goal.
      
      Add definitions and infrastucture in virsecretobj.c to create and
      handle a hashed virSecretObj and virSecretObjList including the class,
      object, lock setup, and disposal API's. Nothing will call these yet.
      
      This infrastructure will replace the forward linked list logic
      within the secret_driver, eventually.
      4652b158
  9. 07 4月, 2016 1 次提交
    • J
      secret: Introduce virSecretGetSecretString · 2844de6f
      John Ferlan 提交于
      Commit id 'fb2bd208' essentially copied the qemuGetSecretString
      creating an libxlGetSecretString.  Rather than have multiple copies
      of the same code, create src/secret/secret_util.{c,h} files and
      place the common function in there.
      
      Modify the the build in order to build the module as a library
      which is then pulled in by both the qemu and libxl drivers for
      usage from both qemu_command.c and libxl_conf.c
      2844de6f
  10. 08 3月, 2016 1 次提交
  11. 01 3月, 2016 13 次提交
  12. 27 1月, 2015 2 次提交
    • D
      Removing probing of secondary drivers · 55ea7be7
      Daniel P. Berrange 提交于
      For stateless, client side drivers, it is never correct to
      probe for secondary drivers. It is only ever appropriate to
      use the secondary driver that is associated with the
      hypervisor in question. As a result the ESX & HyperV drivers
      have both been forced to do hacks where they register no-op
      drivers for the ones they don't implement.
      
      For stateful, server side drivers, we always just want to
      use the same built-in shared driver. The exception is
      virtualbox which is really a stateless driver and so wants
      to use its own server side secondary drivers. To deal with
      this virtualbox has to be built as 3 separate loadable
      modules to allow registration to work in the right order.
      
      This can all be simplified by introducing a new struct
      recording the precise set of secondary drivers each
      hypervisor driver wants
      
      struct _virConnectDriver {
          virHypervisorDriverPtr hypervisorDriver;
          virInterfaceDriverPtr interfaceDriver;
          virNetworkDriverPtr networkDriver;
          virNodeDeviceDriverPtr nodeDeviceDriver;
          virNWFilterDriverPtr nwfilterDriver;
          virSecretDriverPtr secretDriver;
          virStorageDriverPtr storageDriver;
      };
      
      Instead of registering the hypervisor driver, we now
      just register a virConnectDriver instead. This allows
      us to remove all probing of secondary drivers. Once we
      have chosen the primary driver, we immediately know the
      correct secondary drivers to use.
      Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
      55ea7be7
    • D
      Remove use of secretPrivateData from secret driver · 04101f23
      Daniel P. Berrange 提交于
      The secret driver can rely on its global state instead
      of the connect private data.
      04101f23
  13. 03 12月, 2014 1 次提交
    • J
      Replace virSecretFree with virObjectUnref · a0b13d35
      John Ferlan 提交于
      Since virSecretFree will call virObjectUnref anyway, let's just use that
      directly so as to avoid the possibility that we inadvertently clear out
      a pending error message when using the public API.
      a0b13d35
  14. 29 4月, 2014 1 次提交
    • E
      drivers: use virDirRead API · ddcf4730
      Eric Blake 提交于
      Convert all remaining clients of readdir to use the new
      interface, so that we can ensure (unlikely) errors while
      reading a directory are reported.
      
      * src/openvz/openvz_conf.c (openvzAssignUUIDs): Use new
      interface.
      * src/parallels/parallels_storage.c (parallelsFindVolumes)
      (parallelsFindVmVolumes): Report readdir failures.
      * src/qemu/qemu_driver.c (qemuDomainSnapshotLoad): Ignore readdir
      failures.
      * src/secret/secret_driver.c (loadSecrets): Likewise.
      * src/qemu/qemu_hostdev.c
      (qemuHostdevHostSupportsPassthroughVFIO): Report readdir failures.
      * src/xen/xen_inotify.c (xenInotifyOpen): Likewise.
      * src/xen/xm_internal.c (xenXMConfigCacheRefresh): Likewise.
      Signed-off-by: NEric Blake <eblake@redhat.com>
      ddcf4730
  15. 25 3月, 2014 1 次提交