Re: [libvirt] [PATCH v5 6/7] util: Add helpers for safe domain console operations

2012-02-24 Thread Eric Blake 
On 02/23/2012 07:03 AM, Peter Krempa wrote:
 This patch adds a set of functions used in creating console streams for
 domains using PTYs and ensures mutually exclusive access to the PTYs.
 
 If mutualy exclusive access is not used, two clients may open the same

s/mutualy/mutually/

 console, which results in corruption on both clients as both of them
 race to read data from the PTY.
 

 Diff to v4:
 - fixed typos (traditionally)
 - fixed configure.ac to work with automaticaly used values
 - tweaked configure output line to line up with others without
   moving them
 - using STRSKIP to skip the start of the string instead of 
   possibly skipping in the middle of a string
 - fixed whitespace problems
 - changed data type for pids to pid_t and tweaked printing formatters
 - On failure to initialise mutex in virConsoleAlloc don't skip
   to virConsoleFree
 - added comment to clarify why it's needed to unregister the callback
   handler
 - Added OOM error reporting on some error paths.

Looks better.

 
 Note to v4 review:
 I changed the default value for the path of the lock files to auto so it 
 will
 get built with /var/lock on linux machines, so no change to the spec file is
 needed.

auto should default to 'no' rather than error out on systems where we
don't know.

 +dnl UUCP style file locks for PTY consoles
 +if test $with_console_lock_files != no; then
 +  if test $with_console_lock_files = yes; then
 +AC_MSG_ERROR([console lock files requested, but no path given])
 +  elif test $with_console_lock_files = auto; then
 +dnl Default locations for platforms
 +if test $with_linux = yes; then
 +  with_console_lock_files=/var/lock
 +fi
 +  fi
 +  if test $with_console_lock_files = auto; then
 +AC_MSG_ERROR([You must specify path for the lock files on this platform])
 +  fi

I'd write this hunk as:

if test $with_console_lock_files != no; then
  case $with_console_lock_files in
  yes | auto)
dnl Default locations for platforms, or disable if unknown
if test $with_linux = yes; then
  with_console_lock_files=/var/lock
elif test $with_console_lock_files = auto
  with_console_lock_files=no
fi;;
  esac
  if test $with_console_lock_files = yes; then
AC_MSG_ERROR([You must specify path for the lock files on this
platform])
  fi

 +int virConsoleOpen(virConsolesPtr cons,
 +   const char *pty,
 +   virStreamPtr st,
 +   bool force)
 +{
 +virConsoleStreamInfoPtr cbdata = NULL;
 +virStreamPtr savedStream;
 +int ret;
 +
 +virMutexLock(cons-lock);
 +
 +if ((savedStream = virHashLookup(cons-hash, pty))) {
 +if (!force) {
 + /* entry found, console is busy */
 +virMutexUnlock(cons-lock);
 +return 1;
 +   } else {
 +   /* terminate existing connection */
 +   /* The internal close callback handler needs to lock cons-lock to
 +* remove the aborted stream from the hash. This would cause a
 +* deadlock as we would try to enter the lock twice from the very
 +* same thread. We need to unregister the callback and abort the
 +* stream manualy before we create a new console connection.

s/manualy/manually/

ACK with those changes.

-- 
Eric Blake   ebl...@redhat.com+1-919-301-3266
Libvirt virtualization library http://libvirt.org



signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH v5 6/7] util: Add helpers for safe domain console operations

2012-02-23 Thread Peter Krempa 
This patch adds a set of functions used in creating console streams for
domains using PTYs and ensures mutually exclusive access to the PTYs.

If mutualy exclusive access is not used, two clients may open the same
console, which results in corruption on both clients as both of them
race to read data from the PTY.

Two approaches are used to ensure this:
1) Internal data structure holding open PTYs.
This is used internally and enables the user to forcibly
terminate another console connection eg. when somebody leaves
the console open on another host.

2) UUCP style lock files:
This uses UUCP lock files according to the  FHS
( http://www.pathname.com/fhs/pub/fhs-2.3.html#VARLOCKLOCKFILES )
to check if other programs (like minicom) are not using the pty
device of the console.

This feature is disabled by default and may be enabled using
configure parameter
--with-console-lock-files=/path/to/lock/file/directory
or --with-console-lock-files=auto (which tries to infer the
location from OS used (currently only linux).

On usual linux systems, normal users may not write to the
/var/lock directory containing the locks. This poses problems
while in session mode. If the current user has no access to the
lockfile directory, check for presence of the file is still
done, but no lock file is created. This does NOT result in an
error.
---
Diff to v4:
- fixed typos (traditionally)
- fixed configure.ac to work with automaticaly used values
- tweaked configure output line to line up with others without
  moving them
- using STRSKIP to skip the start of the string instead of 
  possibly skipping in the middle of a string
- fixed whitespace problems
- changed data type for pids to pid_t and tweaked printing formatters
- On failure to initialise mutex in virConsoleAlloc don't skip
  to virConsoleFree
- added comment to clarify why it's needed to unregister the callback
  handler
- Added OOM error reporting on some error paths.

Note to v4 review:
I changed the default value for the path of the lock files to auto so it will
get built with /var/lock on linux machines, so no change to the spec file is
needed.
 configure.ac |   25 +++
 po/POTFILES.in   |1 +
 src/Makefile.am  |6 +-
 src/conf/virconsole.c|  408 ++
 src/conf/virconsole.h|   36 
 src/libvirt_private.syms |6 +
 6 files changed, 481 insertions(+), 1 deletions(-)
 create mode 100644 src/conf/virconsole.c
 create mode 100644 src/conf/virconsole.h

diff --git a/configure.ac b/configure.ac
index 732f4fe..a5f9105 100644
--- a/configure.ac
+++ b/configure.ac
@@ -336,6 +336,12 @@ AC_ARG_WITH([remote],
   AC_HELP_STRING([--with-remote], [add remote driver support 
@:@default=yes@:@]),[],[with_remote=yes])
 AC_ARG_WITH([libvirtd],
   AC_HELP_STRING([--with-libvirtd], [add libvirtd support 
@:@default=yes@:@]),[],[with_libvirtd=yes])
+AC_ARG_WITH([console-lock-files],
+  AC_HELP_STRING([--with-console-lock-files],
+ [location for UUCP style lock files for console PTYs
+  (use auto for default paths on some platforms)
+  @:@default=auto@:@]),
+  [],[with_console_lock_files=auto])

 dnl
 dnl in case someone want to build static binaries
@@ -1206,6 +1212,24 @@ AM_CONDITIONAL([HAVE_AUDIT], [test $with_audit = 
yes])
 AC_SUBST([AUDIT_CFLAGS])
 AC_SUBST([AUDIT_LIBS])

+dnl UUCP style file locks for PTY consoles
+if test $with_console_lock_files != no; then
+  if test $with_console_lock_files = yes; then
+AC_MSG_ERROR([console lock files requested, but no path given])
+  elif test $with_console_lock_files = auto; then
+dnl Default locations for platforms
+if test $with_linux = yes; then
+  with_console_lock_files=/var/lock
+fi
+  fi
+  if test $with_console_lock_files = auto; then
+AC_MSG_ERROR([You must specify path for the lock files on this platform])
+  fi
+  AC_DEFINE_UNQUOTED([VIR_PTY_LOCK_FILE_PATH], $with_console_lock_files,
+  [path to directory containing UUCP pty lock files])
+fi
+AM_CONDITIONAL([VIR_PTY_LOCK_FILE_PATH], [test $with_console_lock_files != 
no])
+

 dnl SELinux
 AC_ARG_WITH([selinux],
@@ -2742,6 +2766,7 @@ AC_MSG_NOTICE([   Python: $with_python])
 AC_MSG_NOTICE([   DTrace: $with_dtrace])
 AC_MSG_NOTICE([  XML Catalog: $XML_CATALOG_FILE])
 AC_MSG_NOTICE([  Init script: $with_init_script])
+AC_MSG_NOTICE([Console locks: $with_console_lock_files])
 AC_MSG_NOTICE([])
 AC_MSG_NOTICE([Privileges])
 AC_MSG_NOTICE([])
diff --git a/po/POTFILES.in b/po/POTFILES.in
index 0eff13b..16a3f9e 100644
--- a/po/POTFILES.in
+++ b/po/POTFILES.in
@@ -17,6 +17,7 @@ src/conf/nwfilter_params.c
 src/conf/secret_conf.c
 src/conf/storage_conf.c
 src/conf/storage_encryption_conf.c
+src/conf/virconsole.c
 src/cpu/cpu.c
 src/cpu/cpu_generic.c