aboutsummaryrefslogtreecommitdiff
path: root/tests/test-util-sockets.c
AgeCommit message (Collapse)Author
2018-07-23monitor: Fix unsafe sharing of @cur_mon among threadsPeter Xu
@cur_mon is null unless the main thread is running monitor code, either HMP code within monitor_read(), or QMP code within monitor_qmp_dispatch(). Use of @cur_mon outside the main thread is therefore unsafe. Most of its uses are in monitor command handlers. These run in the main thread. However, there are also uses hiding elsewhere, such as in error_vprintf(), and thus error_report(), making these functions unsafe outside the main thread. No such unsafe uses are known at this time. Regardless, this is an unnecessary trap. It's an ancient trap, though. More recently, commit cf869d53172 "qmp: support out-of-band (oob) execution" spiced things up: the monitor I/O thread assigns to @cur_mon when executing commands out-of-band. Having two threads save, set and restore @cur_mon without synchronization is definitely unsafe. We can end up with @cur_mon null while the main thread runs monitor code, or non-null while it runs non-monitor code. We could fix this by making the I/O thread not mess with @cur_mon, but that would leave the trap armed and ready. Instead, make @cur_mon thread-local. It's now reliably null unless the thread is running monitor code. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> [peterx: update subject and commit message written by Markus] Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20180720033451.32710-1-peterx@redhat.com>
2018-03-13sockets: allow SocketAddress 'fd' to reference numeric file descriptorsDaniel P. Berrange
The SocketAddress 'fd' kind accepts the name of a file descriptor passed to the monitor with the 'getfd' command. This makes it impossible to use the 'fd' kind in cases where a monitor is not available. This can apply in handling command line argv at startup, or simply if internal code wants to use SocketAddress and pass a numeric FD it has acquired from elsewhere. Fortunately the 'getfd' command mandated that the FD names must not start with a leading digit. We can thus safely extend semantics of the SocketAddress 'fd' kind, to allow a purely numeric name to reference an file descriptor that QEMU already has open. There will be restrictions on when each kind can be used. In codepaths where we are handling a monitor command (ie cur_mon != NULL), we will only support use of named file descriptors as before. Use of FD numbers is still not permitted for monitor commands. In codepaths where we are not handling a monitor command (ie cur_mon == NULL), we will not support named file descriptors. Instead we can reference FD numers explicitly. This allows the app spawning QEMU to intentionally "leak" a pre-opened socket to QEMU and reference that in a SocketAddress definition, or for code inside QEMU to pass pre-opened FDs around. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2018-03-13sockets: check that the named file descriptor is a socketDaniel P. Berrange
The SocketAddress struct has an "fd" type, which references the name of a file descriptor passed over the monitor using the "getfd" command. We currently blindly assume the FD is a socket, which can lead to hard to diagnose errors later. This adds an explicit check that the FD is actually a socket to improve the error diagnosis. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2018-03-13sockets: move fd_is_socket() into common sockets codeDaniel P. Berrange
The fd_is_socket() helper method is useful in a few places, so put it in the common sockets code. Make the code more compact while moving it. Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>