filemon: fix watch IDs to avoid potential wraparound issues

Watch IDs are allocated from incrementing a int counter against the QFileMonitor object. In very long life QEMU processes with a huge amount of USB MTP activity creating & deleting directories it is just about conceivable that the int counter can wrap around. This would result in incorrect behaviour of the file monitor watch APIs due to clashing watch IDs. Instead of trying to detect this situation, this patch changes the way watch IDs are allocated. It is turned into an int64_t variable where the high 32 bits are set from the underlying inotify "int" ID. This gives an ID that is guaranteed unique for the directory as a whole, and we can rely on the kernel to enforce this. QFileMonitor then sets the low 32 bits from a per-directory counter. The USB MTP device only sets watches on the directory as a whole, not files within, so there is no risk of guest triggered wrap around on the low 32 bits. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
author: Daniel P. Berrangé <berrange@redhat.com> 2019-03-19 15:47:47 +0000
committer: Daniel P. Berrangé <berrange@redhat.com> 2019-04-02 13:52:02 +0100
commit: b4682a63f86ed81abcaa543ea6135e17f9e99d01 (patch)
tree: b5096dd2bc5394a56e9eeb3fee0cd268201b60e4 /util
parent: ff3dc8fefe953fd3650279e064bf63b212c5699a (diff)
3 files changed, 18 insertions, 17 deletions
diff --git a/util/filemonitor-inotify.c b/util/filemonitor-inotify.c
index 3eb29f860b..b5f4b93f3f 100644
--- a/util/filemonitor-inotify.c
+++ b/util/filemonitor-inotify.c
@@ -29,7 +29,6 @@
 
 struct QFileMonitor {
     int fd;
-    int nextid; /* watch ID counter */
     QemuMutex lock; /* protects dirs & idmap */
     GHashTable *dirs; /* dirname => QFileMonitorDir */
     GHashTable *idmap; /* inotify ID => dirname */
@@ -37,7 +36,7 @@ struct QFileMonitor {
 
 
 typedef struct {
-    int id; /* watch ID */
+    int64_t id; /* watch ID */
     char *filename; /* optional filter */
     QFileMonitorHandler cb;
     void *opaque;
@@ -46,7 +45,8 @@ typedef struct {
 
 typedef struct {
     char *path;
-    int id; /* inotify ID */
+    int inotify_id; /* inotify ID */
+    int next_file_id; /* file ID counter */
     GArray *watches; /* QFileMonitorWatch elements */
 } QFileMonitorDir;
 
@@ -126,7 +126,8 @@ static void qemu_file_monitor_watch(void *arg)
             g_assert_not_reached();
         }
 
-        trace_qemu_file_monitor_event(mon, dir->path, name, ev->mask, dir->id);
+        trace_qemu_file_monitor_event(mon, dir->path, name, ev->mask,
+                                      dir->inotify_id);
         for (i = 0; i < dir->watches->len; i++) {
             QFileMonitorWatch *watch = &g_array_index(dir->watches,
                                                       QFileMonitorWatch,
@@ -237,7 +238,7 @@ qemu_file_monitor_free(QFileMonitor *mon)
     g_idle_add((GSourceFunc)qemu_file_monitor_free_idle, mon);
 }
 
-int
+int64_t
 qemu_file_monitor_add_watch(QFileMonitor *mon,
                             const char *dirpath,
                             const char *filename,
@@ -247,7 +248,7 @@ qemu_file_monitor_add_watch(QFileMonitor *mon,
 {
     QFileMonitorDir *dir;
     QFileMonitorWatch watch;
-    int ret = -1;
+    int64_t ret = -1;
 
     qemu_mutex_lock(&mon->lock);
     dir = g_hash_table_lookup(mon->dirs, dirpath);
@@ -265,7 +266,7 @@ qemu_file_monitor_add_watch(QFileMonitor *mon,
 
         dir = g_new0(QFileMonitorDir, 1);
         dir->path = g_strdup(dirpath);
-        dir->id = rv;
+        dir->inotify_id = rv;
         dir->watches = g_array_new(FALSE, TRUE, sizeof(QFileMonitorWatch));
 
         g_hash_table_insert(mon->dirs, dir->path, dir);
@@ -276,7 +277,7 @@ qemu_file_monitor_add_watch(QFileMonitor *mon,
         }
     }
 
-    watch.id = mon->nextid++;
+    watch.id = (((int64_t)dir->inotify_id) << 32) | dir->next_file_id++;
     watch.filename = g_strdup(filename);
     watch.cb = cb;
     watch.opaque = opaque;
@@ -297,7 +298,7 @@ qemu_file_monitor_add_watch(QFileMonitor *mon,
 
 void qemu_file_monitor_remove_watch(QFileMonitor *mon,
                                     const char *dirpath,
-                                    int id)
+                                    int64_t id)
 {
     QFileMonitorDir *dir;
     gsize i;
@@ -322,10 +323,10 @@ void qemu_file_monitor_remove_watch(QFileMonitor *mon,
     }
 
     if (dir->watches->len == 0) {
-        inotify_rm_watch(mon->fd, dir->id);
-        trace_qemu_file_monitor_disable_watch(mon, dir->path, dir->id);
+        inotify_rm_watch(mon->fd, dir->inotify_id);
+        trace_qemu_file_monitor_disable_watch(mon, dir->path, dir->inotify_id);
 
-        g_hash_table_remove(mon->idmap, GINT_TO_POINTER(dir->id));
+        g_hash_table_remove(mon->idmap, GINT_TO_POINTER(dir->inotify_id));
         g_hash_table_remove(mon->dirs, dir->path);
 
         if (g_hash_table_size(mon->dirs) == 0) {
diff --git a/util/filemonitor-stub.c b/util/filemonitor-stub.c
index 48268b2bb6..2c0e97edd8 100644
--- a/util/filemonitor-stub.c
+++ b/util/filemonitor-stub.c
@@ -38,7 +38,7 @@ qemu_file_monitor_free(QFileMonitor *mon G_GNUC_UNUSED)
 }
 
 
-int
+int64_t
 qemu_file_monitor_add_watch(QFileMonitor *mon G_GNUC_UNUSED,
                             const char *dirpath G_GNUC_UNUSED,
                             const char *filename G_GNUC_UNUSED,
@@ -54,6 +54,6 @@ qemu_file_monitor_add_watch(QFileMonitor *mon G_GNUC_UNUSED,
 void
 qemu_file_monitor_remove_watch(QFileMonitor *mon G_GNUC_UNUSED,
                                const char *dirpath G_GNUC_UNUSED,
-                               int id G_GNUC_UNUSED)
+                               int64_t id G_GNUC_UNUSED)
 {
 }
diff --git a/util/trace-events b/util/trace-events
index 56c27287be..9dbd237dad 100644
--- a/util/trace-events
+++ b/util/trace-events
@@ -22,13 +22,13 @@ buffer_move(const char *buf, size_t len, const char *from) "%s: %zd bytes from %
 buffer_free(const char *buf, size_t len) "%s: capacity %zd"
 
 # filemonitor-inotify.c
-qemu_file_monitor_add_watch(void *mon, const char *dirpath, const char *filename, void *cb, void *opaque, int id) "File monitor %p add watch dir='%s' file='%s' cb=%p opaque=%p id=%u"
-qemu_file_monitor_remove_watch(void *mon, const char *dirpath, int id) "File monitor %p remove watch dir='%s' id=%u"
+qemu_file_monitor_add_watch(void *mon, const char *dirpath, const char *filename, void *cb, void *opaque, int64_t id) "File monitor %p add watch dir='%s' file='%s' cb=%p opaque=%p id=%" PRId64
+qemu_file_monitor_remove_watch(void *mon, const char *dirpath, int64_t id) "File monitor %p remove watch dir='%s' id=%" PRId64
 qemu_file_monitor_new(void *mon, int fd) "File monitor %p created fd=%d"
 qemu_file_monitor_enable_watch(void *mon, const char *dirpath, int id) "File monitor %p enable watch dir='%s' id=%u"
 qemu_file_monitor_disable_watch(void *mon, const char *dirpath, int id) "Fle monitor %p disable watch dir='%s' id=%u"
 qemu_file_monitor_event(void *mon, const char *dirpath, const char *filename, int mask, unsigned int id) "File monitor %p event dir='%s' file='%s' mask=0x%x id=%u"
-qemu_file_monitor_dispatch(void *mon, const char *dirpath, const char *filename, int ev, void *cb, void *opaque, unsigned int id) "File monitor %p dispatch dir='%s' file='%s' ev=%d cb=%p opaque=%p id=%u"
+qemu_file_monitor_dispatch(void *mon, const char *dirpath, const char *filename, int ev, void *cb, void *opaque, int64_t id) "File monitor %p dispatch dir='%s' file='%s' ev=%d cb=%p opaque=%p id=%" PRId64
 
 # qemu-coroutine.c
 qemu_aio_coroutine_enter(void *ctx, void *from, void *to, void *opaque) "ctx %p from %p to %p opaque %p"
author	Daniel P. Berrangé <berrange@redhat.com>	2019-03-19 15:47:47 +0000
committer	Daniel P. Berrangé <berrange@redhat.com>	2019-04-02 13:52:02 +0100
commit	b4682a63f86ed81abcaa543ea6135e17f9e99d01 (patch)
tree	b5096dd2bc5394a56e9eeb3fee0cd268201b60e4 /util
parent	ff3dc8fefe953fd3650279e064bf63b212c5699a (diff)