Commit Graph

329 Commits

Author SHA1 Message Date
Daniel Hansel
e914dcfdaa rpc: message related sizes enlarged
We have seen an issue on s390x platform where domain XMLs larger than 1MB
were used. The define command was finished successfully. The dumpxml command
was not successful (i.e. could not encode message payload).

Enlarged message related sizes (e.g. maximum string size, message size, etc.)
to handle larger system configurations used on s390x platform.

To improve handling of the RPC message size the allocation during encode process
is changed to a dynamic one (i.e. starting with 64kB initial size and increasing
that size in steps up to 16MB if the payload data is larger).

Signed-off-by: Daniel Hansel <daniel.hansel@linux.vnet.ibm.com>
Signed-off-by: Viktor Mihajlovski <mihajlov@linux.vnet.ibm.com>
2013-05-07 13:29:58 +02:00
Guido Günther
b562d7b7e4 Fixup rpcgen code on kFreeBSD too
since it uses glibc's rpcgen.
2013-05-03 16:40:21 +02:00
Daniel P. Berrange
d6670a64e1 Fix F_DUPFD_CLOEXEC operation args
The F_DUPFD_CLOEXEC operation with fcntl() expects a single
int argument, specifying the minimum FD number for the newly
dup'd file descriptor. We were not specifying that causing
random stack data to be accessed as the FD number. Sometimes
that worked, sometimes it didn't.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-03 14:06:15 +01:00
Daniel P. Berrange
31dbbb667f Fix potential use of undefined variable in remote dispatch code
If an early dispatch check caused a jump to the 'cleanup' branch
then virTypeParamsFree() would be called with an uninitialized
'nparams' variable. Fortunately 'params' is initialized to NULL,
so the uninitialized 'nparams' variable would not be used.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-05-03 10:29:07 +01:00
Michal Privoznik
7c9a2d88cd virutil: Move string related functions to virstring.c
The source code base needs to be adapted as well. Some files
include virutil.h just for the string related functions (here,
the include is substituted to match the new file), some include
virutil.h without any need (here, the include is removed), and
some require both.
2013-05-02 16:56:55 +02:00
Daniel P. Berrange
90430791ae Make driver method names consistent with public APIs
Ensure that all drivers implementing public APIs use a
naming convention for their implementation that matches
the public API name.

eg for the public API   virDomainCreate make sure QEMU
uses qemuDomainCreate and not qemuDomainStart

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 11:00:18 +01:00
Daniel P. Berrange
07a6b9aac4 Rename 'DeviceMonitor' to 'NodeDeviceDriver'
The driver.h struct for node devices used an inconsistent
naming scheme 'DeviceMonitor' instead of the more usual
'NodeDeviceDriver'. Fix this everywhere it has leaked
out to.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:59:53 +01:00
Daniel P. Berrange
bb03636827 Make naming of remote procedures match API names exactly
A number of the remote procedure names did not match the
corresponding API names. For example, many lacked the
word 'CONNECT', others re-arranged the names. Update the
procedures so their names exactly match the API names.
Then remove the special case handling of these APIs in
the generator

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:33:10 +01:00
Daniel P. Berrange
6da982be65 Cleanup command line options in gendispatch.pl
There are many declared options in gendispatch.pl that were
no longer used. Those which were used were obscure '-b', '-k'
and '-d'. Switch to use --mode={debug|client|server}.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-24 10:32:59 +01:00
Daniel P. Berrange
a98541bfb4 Switch to a more extensible annotation system for RPC protocols
Currently the RPC protocol files can contain annotations after
the protocol enum eg

   REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES = 247, /* autogen autogen priority:high */

This is not very extensible as the number of annotations grows.
Change it to use

    /**
     * @generate: both
     * @priority: high
     */
   REMOTE_PROC_DOMAIN_SNAPSHOT_LIST_CHILDREN_NAMES = 247,

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-04-23 11:24:17 +01:00
Eric Blake
1bf25ba249 docs: fix usage of 'onto'
http://www.uhv.edu/ac/newsletters/writing/grammartip2009.07.01.htm
(and several other sites) give hints that 'onto' is best used if
you can also add 'up' just before it and still make sense. In many
cases in the code base, we really want the two-word form, or even
a simplification to just 'on' or 'to'.

* docs/hacking.html.in: Use correct 'on to'.
* python/libvirt-override.c: Likewise.
* src/lxc/lxc_controller.c: Likewise.
* src/util/virpci.c: Likewise.
* daemon/THREADS.txt: Use simpler 'on'.
* docs/formatdomain.html.in: Better usage.
* docs/internals/rpc.html.in: Likewise.
* src/conf/domain_event.c: Likewise.
* src/rpc/virnetclient.c: Likewise.
* tests/qemumonitortestutils.c: Likewise.
* HACKING: Regenerate.

Signed-off-by: Eric Blake <eblake@redhat.com>
2013-04-19 14:31:16 -06:00
Jiri Denemark
d8d4aa01d8 rpc: Fix client crash when server drops connection
Despite the comment stating virNetClientIncomingEvent handler should
never be called with either client->haveTheBuck or client->wantClose
set, there is a sequence of events that may lead to both booleans being
true when virNetClientIncomingEvent is called. However, when that
happens, we must not immediately close the socket as there are other
threads waiting for the buck and they would cause SIGSEGV once they are
woken up after the socket was closed. Another thing is we should clear
all remaining calls in the queue after closing the socket.

The situation that can lead to the crash involves three threads, one of
them running event loop and the other two calling libvirt APIs. The
event loop thread detects an event on client->sock and calls
virNetClientIncomingEvent handler. But before the handler gets a chance
to lock client, the other two threads (T1 and T2) start calling some
APIs. T1 gets the buck and detects EOF on client->sock while processing
its RPC call. Since T2 is waiting for its own call, T1 passes the buck
on to it and unlocks client. But before T2 gets the signal, the event
loop thread wakes up, does its job and closes client->sock. The crash
happens when T2 actually wakes up and tries to do its job using a closed
client->sock.
2013-03-27 09:00:38 +01:00
Guido Günther
82eec793c7 Don't fail if SELinux is diabled
but libvirt is built with --with-selinux. In this case getpeercon
returns ENOPROTOOPT so don't return an error in that case but simply
don't set seccon.
2013-03-20 21:04:57 +01:00
Daniel P. Berrange
f07f9733cb Fix typos s/HAVE_SELINUX/WITH_SELINUX/
The virNetSocket & virIdentity classes accidentally got some
conditionals using HAVE_SELINUX instead of WITH_SELINUX.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-20 13:23:40 +00:00
Olivia Yin
4755e863d1 fix TLS error with virNetServerClientCreateIdentity
Compilation error when WITH_GNUTLS is 0, introduced in commit d5e83ad.
2013-03-19 20:57:08 -06:00
Daniel P. Berrange
ebf78be4c2 Set the current client identity during API call dispatch
When dispatching an RPC API call, setup the current identity to
hold the identity of the network client associated with the
RPC message being dispatched. The setting is thread-local, so
only affects the API call in this thread

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:52:06 +00:00
Daniel P. Berrange
d5e83ad9b7 Add ability to get a virIdentity from a virNetServerClientPtr
Add APIs which allow creation of a virIdentity from the info
associated with a virNetServerClientPtr instance. This is done
based on the results of client authentication processes like
TLS, x509, SASL, SO_PEERCRED

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:52:02 +00:00
Daniel P. Berrange
51997e50fa Add APIs to get at more client security data
A socket object has various pieces of security data associated
with it, such as the SELinux context, the SASL username and
the x509 distinguished name. Add new APIs to virNetServerClient
and related modules to access this data.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-19 13:11:46 +00:00
Daniel P. Berrange
403594eb8c Fix generation of systemtap probes for RPC protocols
The naming used in the RPC protocols for the LXC monitor and
lock daemon confused the script used to generate systemtap
helper functions. Rename the LXC monitor protocol symbols to
reduce confusion. Adapt the gensystemtap.pl script to cope
with the LXC monitor / lock daemon naming conversions.

This has no functional impact on RPC wire protocol, since
names are only used in the C layer

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:22 +00:00
Daniel P. Berrange
ad9ea4a9fd Re-add DTrace probes on 'dispose' functions
When converting to virObject, the probes on the 'Free' functions
were removed on the basis that there is a probe on virObjectFree
that suffices. This puts a burden on people writing probe scripts
to identify which object is being dispose. This adds back probes
in the 'Dispose' functions and updates the rpc monitor systemtap
example to use them

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-14 12:42:21 +00:00
Daniel P. Berrange
be27de6e8d Remove hack using existance of an 'identity' string to disable auth
Currently the server determines whether authentication of clients
is complete, by checking whether an identity is set. This patch
removes that lame hack and replaces it with an explicit method
for changing the client auth code

* daemon/remote.c: Update for new APis
* src/libvirt_private.syms, src/rpc/virnetserverclient.c,
  src/rpc/virnetserverclient.h: Remove virNetServerClientGetIdentity
  and virNetServerClientSetIdentity, adding a new method
  virNetServerClientSetAuth.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-12 18:07:17 +00:00
Daniel P. Berrange
c25426dc40 Rename 'daemon' param to 'binary' in virNetClientNewUNIX
To avoid a clash with daemon() libc API, rename the
'daemon' param in the header file to 'binary'. The
source file already uses the name 'binary'.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-03-07 18:06:59 +00:00
Jiri Denemark
98b9acf5aa remote: Auto-allocate params in remoteDeserializeTypedParameters
remoteDeserializeTypedParameters can now be called with either
preallocated params array (size of which is announced by nparams) or it
can allocate params array according to the number of parameters received
from the server.
2013-02-22 17:35:58 +01:00
John Ferlan
903f43ce6d keepalive: Guard against integer overflow
Don't allow interval to be > MAX_INT/1000 in virKeepAliveStart()

Guard against possible overflow in virKeepAliveTimeout() by setting the
timeout to be MAX_INT/1000 since the math following will multiply it by 1000.
2013-02-20 16:56:59 -05:00
Sergey Fionov
1d8193ee8a Fix memory leak in virNetClientIOWriteMessage
Commit 18937c3ae0 introduced the
memory leak when client->msg.fds is copied to thecall->msg
and then never freed.
2013-02-20 17:56:35 +01:00
Jiri Denemark
921af42980 rpc: Avoid deadlock when closing client connection
We need to drop the server lock before calling virObjectUnlock(client)
since in case we had the last reference to the client, its dispose
callback would be called and that could possibly try to lock the server
and cause a deadlock. This is exactly what happens when there is only
one QEMU domain running and it is marked to be autodestroyed when the
connection dies. This results in qemuProcessAutoDestroy ->
qemuProcessStop -> virNetServerRemoveShutdownInhibition call sequence,
where the last function locks the server.
2013-02-19 10:52:37 +01:00
Osier Yang
39758e7567 remote: Wire up the remote protocol
Like virNodeDeviceCreateXML, virNodeDeviceLookupSCSIHostByWWN
has to be treated specially when generating the RPC codes. Also
new rules are added in fixup_name to keep the name SCSIHostByWWN.
2013-02-12 00:23:57 +08:00
Michal Privoznik
0d36f228a4 virCondDestroy: Lose attribute RETURN_CHECK
We are wrapping it in ignore_value() anyway.
2013-02-08 09:12:11 +01:00
John Ferlan
2792ad143e virnetttlcontext: Resolve issues found by Valgrind
Need to initialize 'usage' and 'critical' since the VIR_DEBUG will
attempt to use them.
2013-02-07 14:08:14 -05:00
John Ferlan
0ea43d177c rpc: Need to virCommandFree on error path 2013-02-05 16:51:07 -05:00
John Ferlan
1c8c819028 keepalive: Resolve Coverity complaint
The Coverity analysis emitted a BAD_SIZEOF error when doing the math
within the TRACE macro. Doing the math outside the macro keeps Coverity quiet.
2013-02-05 16:51:06 -05:00
John Ferlan
ffd61edd87 tlscontext: Make sure to get proper pointer to 'dname'
Keep Coverity happy by passing a pointer to 'dname' rather than the
array itself.  The PROBE expansion would cause a BAD_SIZEOF.
2013-02-05 16:51:06 -05:00
Peter Krempa
46532e3e8e rpc: Fix crash on error paths of message dispatching
This patch resolves CVE-2013-0170:
https://bugzilla.redhat.com/show_bug.cgi?id=893450

When reading and dispatching of a message failed the message was freed
but wasn't removed from the message queue.

After that when the connection was about to be closed the pointer for
the message was still present in the queue and it was passed to
virNetMessageFree which tried to call the callback function from an
uninitialized pointer.

This patch removes the message from the queue before it's freed.

* rpc/virnetserverclient.c: virNetServerClientDispatchRead:
    - avoid use after free of RPC messages
2013-01-28 20:00:58 +01:00
John Ferlan
dd36cc3f97 rpc: Revert Coverity tag message
Turns out the fix for VIR_FREE made this particular Coverity tag
unnecessary, so I'm removing it.
2013-01-23 15:02:06 +01:00
John Ferlan
618a5b33d4 virkeepalive: Remove erroneous VIR_FREE(msg)
The 'msg' free is handled via virNetMessageFree() already.
2013-01-22 17:29:26 +01:00
John Ferlan
9b90644e7d virnetserver: Need to initialize 'sigdata'
It was possible to call VIR_FREE in error prior to initialization
2013-01-22 17:29:25 +01:00
John Ferlan
28cd3dc40b rpc: Add coverity[dead_error_begin] tag
Coverity misses the nuance of VIR_FREE(privkey) setting privkey = NULL when
if (!(virFileExists(privkey))) is true and thus declares the code dead.
2013-01-22 16:59:45 +01:00
John Ferlan
8d3aa09283 rpc: Remove unnecessary calls
The code is not reachable as of commit id: bb85f229. Removed
virKeepAliveStop() and virObjectUnref() because 'ka' cannot be
anything but NULL at the cleanup label.
2013-01-22 14:34:11 +01:00
Jiri Denemark
de78bf604c Introduce virTypedParamsClear public API
The function is just a renamed public version of former
virTypedParameterArrayClear.
2013-01-18 15:04:00 +01:00
Daniel P. Berrange
757e3d3af6 Fix inheritance of virNetClient
When creating the virClass object for virNetClient, we specified
virObject as the parent instead of virObjectLockable

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-17 17:28:47 +00:00
Daniel P. Berrange
bba93d40da Convert all rpc classes over to virObjectLockable 2013-01-16 11:02:58 +00:00
John Ferlan
d514d7773c rpc: Check and message setsockopt()
Check status when attempting to set SO_REUSEADDR flag on outgoing connection
On failure, VIR_WARN(), but continue to connect. This code path is on the
sender side where the setting is just a hint and would only take effect if
the sender is overflowed with TCP connections.  Inability to set doesn't mean
failure to establish a connection.
2013-01-16 10:43:13 +01:00
Daniel P. Berrange
69218922e8 Allow for multi-level inheritance of virObject classes
Currently all classes must directly inherit from virObject.
This allows for arbitrarily deep hierarchy. There's not much
to this aside from chaining up the 'dispose' handlers from
each class & providing APIs to check types.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-15 19:21:31 +00:00
John Ferlan
af3262e26f rpc: Avoid resource leak of 'socks' if any object append fails 2013-01-15 14:50:02 +01:00
Daniel P. Berrange
e1e94f2ed9 Rename HAVE_LIBSSH2 to WITH_SSH2 2013-01-14 13:29:35 +00:00
Daniel P. Berrange
bccd4a8cbc Rename HAVE_GNUTLS to WITH_GNUTLS 2013-01-14 13:26:47 +00:00
Daniel P. Berrange
2de152d20d Convert HAVE_AVAHI to WITH_AVAHI
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-14 13:26:34 +00:00
Eric Blake
a18d9012a2 build: fix incomplete WITH_SASL conversion
Commit 321a7d53 missed a spot.

* src/rpc/virnetsocket.c (virNetSocketPreExecRestart): Use right
conditional.
2013-01-11 10:30:18 -07:00
Daniel P. Berrange
321a7d53f3 Convert HAVE_SASL to WITH_SASL
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-11 11:03:23 +00:00
Daniel P. Berrange
f587c27768 Make TLS support conditional
Add checks for existence of GNUTLS and automatically disable
it if not found.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2013-01-08 20:57:31 +00:00