2016-12-12 15:41:00 +00:00
|
|
|
/*
|
|
|
|
* QEMU System Emulator
|
|
|
|
*
|
|
|
|
* Copyright (c) 2003-2008 Fabrice Bellard
|
|
|
|
*
|
|
|
|
* Permission is hereby granted, free of charge, to any person obtaining a copy
|
|
|
|
* of this software and associated documentation files (the "Software"), to deal
|
|
|
|
* in the Software without restriction, including without limitation the rights
|
|
|
|
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
|
|
|
* copies of the Software, and to permit persons to whom the Software is
|
|
|
|
* furnished to do so, subject to the following conditions:
|
|
|
|
*
|
|
|
|
* The above copyright notice and this permission notice shall be included in
|
|
|
|
* all copies or substantial portions of the Software.
|
|
|
|
*
|
|
|
|
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
|
|
|
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
|
|
|
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
|
|
|
|
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
|
|
|
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
|
|
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
|
|
|
* THE SOFTWARE.
|
|
|
|
*/
|
2018-02-01 11:18:46 +00:00
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
#include "qemu/osdep.h"
|
2017-01-26 13:19:46 +00:00
|
|
|
#include "chardev/char.h"
|
2016-12-12 15:41:00 +00:00
|
|
|
#include "io/channel-socket.h"
|
|
|
|
#include "io/channel-tls.h"
|
2018-10-18 22:35:00 +00:00
|
|
|
#include "io/channel-websock.h"
|
2017-12-18 13:54:17 +00:00
|
|
|
#include "io/net-listener.h"
|
2016-12-12 15:41:00 +00:00
|
|
|
#include "qemu/error-report.h"
|
2019-05-23 14:35:07 +00:00
|
|
|
#include "qemu/module.h"
|
2018-02-01 11:18:46 +00:00
|
|
|
#include "qemu/option.h"
|
2016-12-12 15:41:00 +00:00
|
|
|
#include "qapi/error.h"
|
|
|
|
#include "qapi/clone-visitor.h"
|
2018-02-11 09:36:01 +00:00
|
|
|
#include "qapi/qapi-visit-sockets.h"
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2017-01-26 13:19:46 +00:00
|
|
|
#include "chardev/char-io.h"
|
2020-09-03 20:43:22 +00:00
|
|
|
#include "qom/object.h"
|
2016-12-12 15:41:00 +00:00
|
|
|
|
|
|
|
/***********************************************************/
|
|
|
|
/* TCP Net console */
|
|
|
|
|
|
|
|
#define TCP_MAX_FDS 16
|
|
|
|
|
2018-03-06 05:33:15 +00:00
|
|
|
typedef struct {
|
|
|
|
char buf[21];
|
|
|
|
size_t buflen;
|
|
|
|
} TCPChardevTelnetInit;
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
typedef enum {
|
|
|
|
TCP_CHARDEV_STATE_DISCONNECTED,
|
|
|
|
TCP_CHARDEV_STATE_CONNECTING,
|
|
|
|
TCP_CHARDEV_STATE_CONNECTED,
|
|
|
|
} TCPChardevState;
|
|
|
|
|
2020-09-03 20:43:22 +00:00
|
|
|
struct SocketChardev {
|
2016-12-12 15:41:00 +00:00
|
|
|
Chardev parent;
|
|
|
|
QIOChannel *ioc; /* Client I/O channel */
|
|
|
|
QIOChannelSocket *sioc; /* Client master channel */
|
2017-12-18 13:54:17 +00:00
|
|
|
QIONetListener *listener;
|
2018-01-25 13:51:29 +00:00
|
|
|
GSource *hup_source;
|
2016-12-12 15:41:00 +00:00
|
|
|
QCryptoTLSCreds *tls_creds;
|
chardev: add support for authorization for TLS clients
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certificate
from the CA before they are permitted to use the chardev server. This is
still a fairly low bar.
This adds a 'tls-authz=OBJECT-ID' option to the socket chardev backend
which takes the ID of a previously added 'QAuthZ' object instance. This
will be used to validate the client's x509 distinguished name. Clients
failing the check will not be permitted to use the chardev server.
For example to setup authorization that only allows connection from a
client whose x509 certificate distinguished name contains 'CN=fred', you
would use:
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
endpoint=server,verify-peer=yes \
-object authz-simple,id=authz0,identity=CN=laptop.example.com,,\
O=Example Org,,L=London,,ST=London,,C=GB \
-chardev socket,host=127.0.0.1,port=9000,server,\
tls-creds=tls0,tls-authz=authz0 \
...other qemu args...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-03-08 15:21:50 +00:00
|
|
|
char *tls_authz;
|
2019-02-11 18:24:37 +00:00
|
|
|
TCPChardevState state;
|
2016-12-12 15:41:00 +00:00
|
|
|
int max_size;
|
|
|
|
int do_telnetopt;
|
|
|
|
int do_nodelay;
|
|
|
|
int *read_msgfds;
|
|
|
|
size_t read_msgfds_num;
|
|
|
|
int *write_msgfds;
|
|
|
|
size_t write_msgfds_num;
|
|
|
|
|
|
|
|
SocketAddress *addr;
|
|
|
|
bool is_listen;
|
|
|
|
bool is_telnet;
|
2016-09-23 06:06:11 +00:00
|
|
|
bool is_tn3270;
|
2018-03-06 05:33:15 +00:00
|
|
|
GSource *telnet_source;
|
|
|
|
TCPChardevTelnetInit *telnet_init;
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2018-10-18 22:35:00 +00:00
|
|
|
bool is_websock;
|
|
|
|
|
2018-01-04 14:18:35 +00:00
|
|
|
GSource *reconnect_timer;
|
2016-12-12 15:41:00 +00:00
|
|
|
int64_t reconnect_time;
|
|
|
|
bool connect_err_reported;
|
chardev: fix race with client connections in tcp_chr_wait_connected
When the 'reconnect' option is given for a client connection, the
qmp_chardev_open_socket_client method will run an asynchronous
connection attempt. The QIOChannel socket executes this is a single use
background thread, so the connection will succeed immediately (assuming
the server is listening). The chardev, however, won't get the result
from this background thread until the main loop starts running and
processes idle callbacks.
Thus when tcp_chr_wait_connected is run s->ioc will be NULL, but the
state will be TCP_CHARDEV_STATE_CONNECTING, and there may already
be an established connection that will be associated with the chardev
by the pending idle callback. tcp_chr_wait_connected doesn't check the
state, only s->ioc, so attempts to establish another connection
synchronously.
If the server allows multiple connections this is unhelpful but not a
fatal problem as the duplicate connection will get ignored by the
tcp_chr_new_client method when it sees the state is already connected.
If the server only supports a single connection, however, the
tcp_chr_wait_connected method will hang forever because the server will
not accept its synchronous connection attempt until the first connection
is closed.
To deal with this tcp_chr_wait_connected needs to synchronize with the
completion of the background connection task. To do this it needs to
create the QIOTask directly and use the qio_task_wait_thread method.
This will cancel the pending idle callback and directly dispatch the
task completion callback, allowing the connection to be associated
with the chardev. If the background connection failed, it can still
attempt a new synchronous connection.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190211182442.8542-15-berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-02-11 18:24:40 +00:00
|
|
|
|
|
|
|
QIOTask *connect_task;
|
2020-09-03 20:43:22 +00:00
|
|
|
};
|
|
|
|
typedef struct SocketChardev SocketChardev;
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2020-08-31 21:07:33 +00:00
|
|
|
DECLARE_INSTANCE_CHECKER(SocketChardev, SOCKET_CHARDEV,
|
|
|
|
TYPE_CHARDEV_SOCKET)
|
2016-12-12 15:41:00 +00:00
|
|
|
|
|
|
|
static gboolean socket_reconnect_timeout(gpointer opaque);
|
2018-03-06 05:33:15 +00:00
|
|
|
static void tcp_chr_telnet_init(Chardev *chr);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
static void tcp_chr_change_state(SocketChardev *s, TCPChardevState state)
|
|
|
|
{
|
|
|
|
switch (state) {
|
|
|
|
case TCP_CHARDEV_STATE_DISCONNECTED:
|
|
|
|
break;
|
|
|
|
case TCP_CHARDEV_STATE_CONNECTING:
|
|
|
|
assert(s->state == TCP_CHARDEV_STATE_DISCONNECTED);
|
|
|
|
break;
|
|
|
|
case TCP_CHARDEV_STATE_CONNECTED:
|
|
|
|
assert(s->state == TCP_CHARDEV_STATE_CONNECTING);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
s->state = state;
|
|
|
|
}
|
|
|
|
|
2018-01-04 14:18:35 +00:00
|
|
|
static void tcp_chr_reconn_timer_cancel(SocketChardev *s)
|
|
|
|
{
|
|
|
|
if (s->reconnect_timer) {
|
|
|
|
g_source_destroy(s->reconnect_timer);
|
|
|
|
g_source_unref(s->reconnect_timer);
|
|
|
|
s->reconnect_timer = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
static void qemu_chr_socket_restart_timer(Chardev *chr)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
char *name;
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
assert(s->state == TCP_CHARDEV_STATE_DISCONNECTED);
|
chardev: fix race with client connections in tcp_chr_wait_connected
When the 'reconnect' option is given for a client connection, the
qmp_chardev_open_socket_client method will run an asynchronous
connection attempt. The QIOChannel socket executes this is a single use
background thread, so the connection will succeed immediately (assuming
the server is listening). The chardev, however, won't get the result
from this background thread until the main loop starts running and
processes idle callbacks.
Thus when tcp_chr_wait_connected is run s->ioc will be NULL, but the
state will be TCP_CHARDEV_STATE_CONNECTING, and there may already
be an established connection that will be associated with the chardev
by the pending idle callback. tcp_chr_wait_connected doesn't check the
state, only s->ioc, so attempts to establish another connection
synchronously.
If the server allows multiple connections this is unhelpful but not a
fatal problem as the duplicate connection will get ignored by the
tcp_chr_new_client method when it sees the state is already connected.
If the server only supports a single connection, however, the
tcp_chr_wait_connected method will hang forever because the server will
not accept its synchronous connection attempt until the first connection
is closed.
To deal with this tcp_chr_wait_connected needs to synchronize with the
completion of the background connection task. To do this it needs to
create the QIOTask directly and use the qio_task_wait_thread method.
This will cancel the pending idle callback and directly dispatch the
task completion callback, allowing the connection to be associated
with the chardev. If the background connection failed, it can still
attempt a new synchronous connection.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190211182442.8542-15-berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-02-11 18:24:40 +00:00
|
|
|
assert(!s->reconnect_timer);
|
2016-12-12 15:41:00 +00:00
|
|
|
name = g_strdup_printf("chardev-socket-reconnect-%s", chr->label);
|
2018-01-04 14:18:35 +00:00
|
|
|
s->reconnect_timer = qemu_chr_timeout_add_ms(chr,
|
|
|
|
s->reconnect_time * 1000,
|
|
|
|
socket_reconnect_timeout,
|
|
|
|
chr);
|
|
|
|
g_source_set_name(s->reconnect_timer, name);
|
2016-12-12 15:41:00 +00:00
|
|
|
g_free(name);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void check_report_connect_error(Chardev *chr,
|
|
|
|
Error *err)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
|
|
|
|
if (!s->connect_err_reported) {
|
2020-05-05 10:19:03 +00:00
|
|
|
error_reportf_err(err,
|
|
|
|
"Unable to connect character device %s: ",
|
|
|
|
chr->label);
|
2016-12-12 15:41:00 +00:00
|
|
|
s->connect_err_reported = true;
|
2020-06-21 21:30:17 +00:00
|
|
|
} else {
|
|
|
|
error_free(err);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
qemu_chr_socket_restart_timer(chr);
|
|
|
|
}
|
|
|
|
|
2017-12-18 13:54:17 +00:00
|
|
|
static void tcp_chr_accept(QIONetListener *listener,
|
|
|
|
QIOChannelSocket *cioc,
|
|
|
|
void *opaque);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2017-02-02 14:26:29 +00:00
|
|
|
static int tcp_chr_read_poll(void *opaque);
|
char-socket: Lock tcp_chr_disconnect() and socket_reconnect_timeout()
There's a race condition in which the tcp_chr_read() ioc handler can
close a connection that is being written to from another thread.
Running iotest 136 in a loop triggers this problem and crashes QEMU.
(gdb) bt
#0 0x00005558b842902d in object_get_class (obj=0x0) at qom/object.c:860
#1 0x00005558b84f92db in qio_channel_writev_full (ioc=0x0, iov=0x7ffc355decf0, niov=1, fds=0x0, nfds=0, errp=0x0) at io/channel.c:76
#2 0x00005558b84e0e9e in io_channel_send_full (ioc=0x0, buf=0x5558baf5beb0, len=138, fds=0x0, nfds=0) at chardev/char-io.c:123
#3 0x00005558b84e4a69 in tcp_chr_write (chr=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138) at chardev/char-socket.c:135
#4 0x00005558b84dca55 in qemu_chr_write_buffer (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, offset=0x7ffc355dedd0, write_all=false) at chardev/char.c:112
#5 0x00005558b84dcbc2 in qemu_chr_write (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, write_all=false) at chardev/char.c:147
#6 0x00005558b84dfb26 in qemu_chr_fe_write (be=0x5558ba476610, buf=0x5558baf5beb0 "...", len=138) at chardev/char-fe.c:42
#7 0x00005558b8088c86 in monitor_flush_locked (mon=0x5558ba476610) at monitor.c:406
#8 0x00005558b8088e8c in monitor_puts (mon=0x5558ba476610, str=0x5558ba921e49 "") at monitor.c:449
#9 0x00005558b8089178 in qmp_send_response (mon=0x5558ba476610, rsp=0x5558bb161600) at monitor.c:498
#10 0x00005558b808920c in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:526
#11 0x00005558b8089307 in monitor_qapi_event_queue_no_reenter (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:551
#12 0x00005558b80896c0 in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:626
#13 0x00005558b855f23b in qapi_event_send_shutdown (guest=false, reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:43
#14 0x00005558b81911ef in qemu_system_shutdown (cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at vl.c:1837
#15 0x00005558b8191308 in main_loop_should_exit () at vl.c:1885
#16 0x00005558b819140d in main_loop () at vl.c:1924
#17 0x00005558b8198c84 in main (argc=18, argv=0x7ffc355df3f8, envp=0x7ffc355df490) at vl.c:4665
This patch adds a lock to protect tcp_chr_disconnect() and
socket_reconnect_timeout()
Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Message-Id: <1565625509-404969-3-git-send-email-andrey.shinkevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-12 15:58:29 +00:00
|
|
|
static void tcp_chr_disconnect_locked(Chardev *chr);
|
2017-02-02 14:26:29 +00:00
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
/* Called with chr_write_lock held. */
|
|
|
|
static int tcp_chr_write(Chardev *chr, const uint8_t *buf, int len)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
if (s->state == TCP_CHARDEV_STATE_CONNECTED) {
|
2016-12-12 15:41:00 +00:00
|
|
|
int ret = io_channel_send_full(s->ioc, buf, len,
|
|
|
|
s->write_msgfds,
|
|
|
|
s->write_msgfds_num);
|
|
|
|
|
2018-07-04 03:36:42 +00:00
|
|
|
/* free the written msgfds in any cases
|
|
|
|
* other than ret < 0 && errno == EAGAIN
|
|
|
|
*/
|
|
|
|
if (!(ret < 0 && EAGAIN == errno)
|
|
|
|
&& s->write_msgfds_num) {
|
2016-12-12 15:41:00 +00:00
|
|
|
g_free(s->write_msgfds);
|
|
|
|
s->write_msgfds = 0;
|
|
|
|
s->write_msgfds_num = 0;
|
|
|
|
}
|
|
|
|
|
2017-02-02 14:26:29 +00:00
|
|
|
if (ret < 0 && errno != EAGAIN) {
|
|
|
|
if (tcp_chr_read_poll(chr) <= 0) {
|
char-socket: return -1 in case of disconnect during tcp_chr_write
During testing of the vhost-user-blk reconnect functionality the qemu
SIGSEGV was triggered:
start qemu as:
x86_64-softmmu/qemu-system-x86_64 -m 1024M -M q35 \
-object memory-backend-file,id=ram-node0,size=1024M,mem-path=/dev/shm/qemu,share=on \
-numa node,cpus=0,memdev=ram-node0 \
-chardev socket,id=chardev0,path=./vhost.sock,noserver,reconnect=1 \
-device vhost-user-blk-pci,chardev=chardev0,num-queues=4 --enable-kvm
start vhost-user-blk daemon:
./vhost-user-blk -s ./vhost.sock -b test-img.raw
If vhost-user-blk will be killed during the vhost initialization
process, for instance after getting VHOST_SET_VRING_CALL command, then
QEMU will fail with the following backtrace:
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x00005555559272bb in vhost_user_read (dev=0x7fffef2d53e0, msg=0x7fffffffd5b0)
at ./hw/virtio/vhost-user.c:260
260 CharBackend *chr = u->user->chr;
#0 0x00005555559272bb in vhost_user_read (dev=0x7fffef2d53e0, msg=0x7fffffffd5b0)
at ./hw/virtio/vhost-user.c:260
#1 0x000055555592acb8 in vhost_user_get_config (dev=0x7fffef2d53e0, config=0x7fffef2d5394 "", config_len=60)
at ./hw/virtio/vhost-user.c:1645
#2 0x0000555555925525 in vhost_dev_get_config (hdev=0x7fffef2d53e0, config=0x7fffef2d5394 "", config_len=60)
at ./hw/virtio/vhost.c:1490
#3 0x00005555558cc46b in vhost_user_blk_device_realize (dev=0x7fffef2d51a0, errp=0x7fffffffd8f0)
at ./hw/block/vhost-user-blk.c:429
#4 0x0000555555920090 in virtio_device_realize (dev=0x7fffef2d51a0, errp=0x7fffffffd948)
at ./hw/virtio/virtio.c:3615
#5 0x0000555555a9779c in device_set_realized (obj=0x7fffef2d51a0, value=true, errp=0x7fffffffdb88)
at ./hw/core/qdev.c:891
...
The problem is that vhost_user_write doesn't get an error after
disconnect and try to call vhost_user_read(). The tcp_chr_write()
routine should return -1 in case of disconnect. Indicate the EIO error
if this routine is called in the disconnected state.
Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <aeb7806bfc945faadf09f64dcfa30f59de3ac053.1590396396.git.dimastep@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-05-28 09:11:18 +00:00
|
|
|
/* Perform disconnect and return error. */
|
char-socket: Lock tcp_chr_disconnect() and socket_reconnect_timeout()
There's a race condition in which the tcp_chr_read() ioc handler can
close a connection that is being written to from another thread.
Running iotest 136 in a loop triggers this problem and crashes QEMU.
(gdb) bt
#0 0x00005558b842902d in object_get_class (obj=0x0) at qom/object.c:860
#1 0x00005558b84f92db in qio_channel_writev_full (ioc=0x0, iov=0x7ffc355decf0, niov=1, fds=0x0, nfds=0, errp=0x0) at io/channel.c:76
#2 0x00005558b84e0e9e in io_channel_send_full (ioc=0x0, buf=0x5558baf5beb0, len=138, fds=0x0, nfds=0) at chardev/char-io.c:123
#3 0x00005558b84e4a69 in tcp_chr_write (chr=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138) at chardev/char-socket.c:135
#4 0x00005558b84dca55 in qemu_chr_write_buffer (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, offset=0x7ffc355dedd0, write_all=false) at chardev/char.c:112
#5 0x00005558b84dcbc2 in qemu_chr_write (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, write_all=false) at chardev/char.c:147
#6 0x00005558b84dfb26 in qemu_chr_fe_write (be=0x5558ba476610, buf=0x5558baf5beb0 "...", len=138) at chardev/char-fe.c:42
#7 0x00005558b8088c86 in monitor_flush_locked (mon=0x5558ba476610) at monitor.c:406
#8 0x00005558b8088e8c in monitor_puts (mon=0x5558ba476610, str=0x5558ba921e49 "") at monitor.c:449
#9 0x00005558b8089178 in qmp_send_response (mon=0x5558ba476610, rsp=0x5558bb161600) at monitor.c:498
#10 0x00005558b808920c in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:526
#11 0x00005558b8089307 in monitor_qapi_event_queue_no_reenter (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:551
#12 0x00005558b80896c0 in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:626
#13 0x00005558b855f23b in qapi_event_send_shutdown (guest=false, reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:43
#14 0x00005558b81911ef in qemu_system_shutdown (cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at vl.c:1837
#15 0x00005558b8191308 in main_loop_should_exit () at vl.c:1885
#16 0x00005558b819140d in main_loop () at vl.c:1924
#17 0x00005558b8198c84 in main (argc=18, argv=0x7ffc355df3f8, envp=0x7ffc355df490) at vl.c:4665
This patch adds a lock to protect tcp_chr_disconnect() and
socket_reconnect_timeout()
Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Message-Id: <1565625509-404969-3-git-send-email-andrey.shinkevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-12 15:58:29 +00:00
|
|
|
tcp_chr_disconnect_locked(chr);
|
2017-02-02 14:26:29 +00:00
|
|
|
} /* else let the read handler finish it properly */
|
|
|
|
}
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
return ret;
|
|
|
|
} else {
|
char-socket: return -1 in case of disconnect during tcp_chr_write
During testing of the vhost-user-blk reconnect functionality the qemu
SIGSEGV was triggered:
start qemu as:
x86_64-softmmu/qemu-system-x86_64 -m 1024M -M q35 \
-object memory-backend-file,id=ram-node0,size=1024M,mem-path=/dev/shm/qemu,share=on \
-numa node,cpus=0,memdev=ram-node0 \
-chardev socket,id=chardev0,path=./vhost.sock,noserver,reconnect=1 \
-device vhost-user-blk-pci,chardev=chardev0,num-queues=4 --enable-kvm
start vhost-user-blk daemon:
./vhost-user-blk -s ./vhost.sock -b test-img.raw
If vhost-user-blk will be killed during the vhost initialization
process, for instance after getting VHOST_SET_VRING_CALL command, then
QEMU will fail with the following backtrace:
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x00005555559272bb in vhost_user_read (dev=0x7fffef2d53e0, msg=0x7fffffffd5b0)
at ./hw/virtio/vhost-user.c:260
260 CharBackend *chr = u->user->chr;
#0 0x00005555559272bb in vhost_user_read (dev=0x7fffef2d53e0, msg=0x7fffffffd5b0)
at ./hw/virtio/vhost-user.c:260
#1 0x000055555592acb8 in vhost_user_get_config (dev=0x7fffef2d53e0, config=0x7fffef2d5394 "", config_len=60)
at ./hw/virtio/vhost-user.c:1645
#2 0x0000555555925525 in vhost_dev_get_config (hdev=0x7fffef2d53e0, config=0x7fffef2d5394 "", config_len=60)
at ./hw/virtio/vhost.c:1490
#3 0x00005555558cc46b in vhost_user_blk_device_realize (dev=0x7fffef2d51a0, errp=0x7fffffffd8f0)
at ./hw/block/vhost-user-blk.c:429
#4 0x0000555555920090 in virtio_device_realize (dev=0x7fffef2d51a0, errp=0x7fffffffd948)
at ./hw/virtio/virtio.c:3615
#5 0x0000555555a9779c in device_set_realized (obj=0x7fffef2d51a0, value=true, errp=0x7fffffffdb88)
at ./hw/core/qdev.c:891
...
The problem is that vhost_user_write doesn't get an error after
disconnect and try to call vhost_user_read(). The tcp_chr_write()
routine should return -1 in case of disconnect. Indicate the EIO error
if this routine is called in the disconnected state.
Signed-off-by: Dima Stepanov <dimastep@yandex-team.ru>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <aeb7806bfc945faadf09f64dcfa30f59de3ac053.1590396396.git.dimastep@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-05-28 09:11:18 +00:00
|
|
|
/* Indicate an error. */
|
|
|
|
errno = EIO;
|
|
|
|
return -1;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tcp_chr_read_poll(void *opaque)
|
|
|
|
{
|
|
|
|
Chardev *chr = CHARDEV(opaque);
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(opaque);
|
2019-02-11 18:24:37 +00:00
|
|
|
if (s->state != TCP_CHARDEV_STATE_CONNECTED) {
|
2016-12-12 15:41:00 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
s->max_size = qemu_chr_be_can_write(chr);
|
|
|
|
return s->max_size;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void tcp_chr_process_IAC_bytes(Chardev *chr,
|
|
|
|
SocketChardev *s,
|
|
|
|
uint8_t *buf, int *size)
|
|
|
|
{
|
2016-09-23 06:06:11 +00:00
|
|
|
/* Handle any telnet or tn3270 client's basic IAC options.
|
|
|
|
* For telnet options, it satisfies char by char mode with no echo.
|
|
|
|
* For tn3270 options, it satisfies binary mode with EOR.
|
|
|
|
* All IAC options will be removed from the buf and the do_opt
|
|
|
|
* pointer will be used to track the state of the width of the
|
|
|
|
* IAC information.
|
2016-12-12 15:41:00 +00:00
|
|
|
*
|
2016-09-23 06:06:11 +00:00
|
|
|
* RFC854: "All TELNET commands consist of at least a two byte sequence.
|
|
|
|
* The commands dealing with option negotiation are three byte sequences,
|
|
|
|
* the third byte being the code for the option referenced."
|
|
|
|
* "IAC BREAK", "IAC IP", "IAC NOP" and the double IAC are two bytes.
|
|
|
|
* "IAC SB", "IAC SE" and "IAC EOR" are saved to split up data boundary
|
|
|
|
* for tn3270.
|
|
|
|
* NOP, Break and Interrupt Process(IP) might be encountered during a TN3270
|
|
|
|
* session, and NOP and IP need to be done later.
|
2016-12-12 15:41:00 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
int i;
|
|
|
|
int j = 0;
|
|
|
|
|
|
|
|
for (i = 0; i < *size; i++) {
|
|
|
|
if (s->do_telnetopt > 1) {
|
|
|
|
if ((unsigned char)buf[i] == IAC && s->do_telnetopt == 2) {
|
|
|
|
/* Double IAC means send an IAC */
|
|
|
|
if (j != i) {
|
|
|
|
buf[j] = buf[i];
|
|
|
|
}
|
|
|
|
j++;
|
|
|
|
s->do_telnetopt = 1;
|
|
|
|
} else {
|
|
|
|
if ((unsigned char)buf[i] == IAC_BREAK
|
|
|
|
&& s->do_telnetopt == 2) {
|
|
|
|
/* Handle IAC break commands by sending a serial break */
|
|
|
|
qemu_chr_be_event(chr, CHR_EVENT_BREAK);
|
|
|
|
s->do_telnetopt++;
|
2016-09-23 06:06:11 +00:00
|
|
|
} else if (s->is_tn3270 && ((unsigned char)buf[i] == IAC_EOR
|
|
|
|
|| (unsigned char)buf[i] == IAC_SB
|
|
|
|
|| (unsigned char)buf[i] == IAC_SE)
|
|
|
|
&& s->do_telnetopt == 2) {
|
|
|
|
buf[j++] = IAC;
|
|
|
|
buf[j++] = buf[i];
|
|
|
|
s->do_telnetopt++;
|
|
|
|
} else if (s->is_tn3270 && ((unsigned char)buf[i] == IAC_IP
|
|
|
|
|| (unsigned char)buf[i] == IAC_NOP)
|
|
|
|
&& s->do_telnetopt == 2) {
|
|
|
|
/* TODO: IP and NOP need to be implemented later. */
|
|
|
|
s->do_telnetopt++;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
s->do_telnetopt++;
|
|
|
|
}
|
|
|
|
if (s->do_telnetopt >= 4) {
|
|
|
|
s->do_telnetopt = 1;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if ((unsigned char)buf[i] == IAC) {
|
|
|
|
s->do_telnetopt = 2;
|
|
|
|
} else {
|
|
|
|
if (j != i) {
|
|
|
|
buf[j] = buf[i];
|
|
|
|
}
|
|
|
|
j++;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
*size = j;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tcp_get_msgfds(Chardev *chr, int *fds, int num)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
|
|
|
|
int to_copy = (s->read_msgfds_num < num) ? s->read_msgfds_num : num;
|
|
|
|
|
|
|
|
assert(num <= TCP_MAX_FDS);
|
|
|
|
|
|
|
|
if (to_copy) {
|
|
|
|
int i;
|
|
|
|
|
|
|
|
memcpy(fds, s->read_msgfds, to_copy * sizeof(int));
|
|
|
|
|
|
|
|
/* Close unused fds */
|
|
|
|
for (i = to_copy; i < s->read_msgfds_num; i++) {
|
|
|
|
close(s->read_msgfds[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
g_free(s->read_msgfds);
|
|
|
|
s->read_msgfds = 0;
|
|
|
|
s->read_msgfds_num = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return to_copy;
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tcp_set_msgfds(Chardev *chr, int *fds, int num)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
|
|
|
|
/* clear old pending fd array */
|
|
|
|
g_free(s->write_msgfds);
|
|
|
|
s->write_msgfds = NULL;
|
|
|
|
s->write_msgfds_num = 0;
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
|
2016-12-12 15:41:00 +00:00
|
|
|
!qio_channel_has_feature(s->ioc,
|
|
|
|
QIO_CHANNEL_FEATURE_FD_PASS)) {
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (num) {
|
|
|
|
s->write_msgfds = g_new(int, num);
|
|
|
|
memcpy(s->write_msgfds, fds, num * sizeof(int));
|
|
|
|
}
|
|
|
|
|
|
|
|
s->write_msgfds_num = num;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static ssize_t tcp_chr_recv(Chardev *chr, char *buf, size_t len)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
struct iovec iov = { .iov_base = buf, .iov_len = len };
|
|
|
|
int ret;
|
|
|
|
size_t i;
|
|
|
|
int *msgfds = NULL;
|
|
|
|
size_t msgfds_num = 0;
|
|
|
|
|
|
|
|
if (qio_channel_has_feature(s->ioc, QIO_CHANNEL_FEATURE_FD_PASS)) {
|
|
|
|
ret = qio_channel_readv_full(s->ioc, &iov, 1,
|
|
|
|
&msgfds, &msgfds_num,
|
|
|
|
NULL);
|
|
|
|
} else {
|
|
|
|
ret = qio_channel_readv_full(s->ioc, &iov, 1,
|
|
|
|
NULL, NULL,
|
|
|
|
NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ret == QIO_CHANNEL_ERR_BLOCK) {
|
|
|
|
errno = EAGAIN;
|
|
|
|
ret = -1;
|
|
|
|
} else if (ret == -1) {
|
|
|
|
errno = EIO;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (msgfds_num) {
|
|
|
|
/* close and clean read_msgfds */
|
|
|
|
for (i = 0; i < s->read_msgfds_num; i++) {
|
|
|
|
close(s->read_msgfds[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (s->read_msgfds_num) {
|
|
|
|
g_free(s->read_msgfds);
|
|
|
|
}
|
|
|
|
|
|
|
|
s->read_msgfds = msgfds;
|
|
|
|
s->read_msgfds_num = msgfds_num;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (i = 0; i < s->read_msgfds_num; i++) {
|
|
|
|
int fd = s->read_msgfds[i];
|
|
|
|
if (fd < 0) {
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* O_NONBLOCK is preserved across SCM_RIGHTS so reset it */
|
|
|
|
qemu_set_block(fd);
|
|
|
|
|
|
|
|
#ifndef MSG_CMSG_CLOEXEC
|
|
|
|
qemu_set_cloexec(fd);
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
static GSource *tcp_chr_add_watch(Chardev *chr, GIOCondition cond)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
return qio_channel_create_watch(s->ioc, cond);
|
|
|
|
}
|
|
|
|
|
2018-08-17 13:52:23 +00:00
|
|
|
static void remove_hup_source(SocketChardev *s)
|
|
|
|
{
|
|
|
|
if (s->hup_source != NULL) {
|
|
|
|
g_source_destroy(s->hup_source);
|
|
|
|
g_source_unref(s->hup_source);
|
|
|
|
s->hup_source = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
static void tcp_chr_free_connection(Chardev *chr)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (s->read_msgfds_num) {
|
|
|
|
for (i = 0; i < s->read_msgfds_num; i++) {
|
|
|
|
close(s->read_msgfds[i]);
|
|
|
|
}
|
|
|
|
g_free(s->read_msgfds);
|
|
|
|
s->read_msgfds = NULL;
|
|
|
|
s->read_msgfds_num = 0;
|
|
|
|
}
|
|
|
|
|
2018-08-17 13:52:23 +00:00
|
|
|
remove_hup_source(s);
|
2018-01-25 13:51:29 +00:00
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
tcp_set_msgfds(chr, NULL, 0);
|
2017-04-19 01:15:32 +00:00
|
|
|
remove_fd_in_watch(chr);
|
2016-12-12 15:41:00 +00:00
|
|
|
object_unref(OBJECT(s->sioc));
|
|
|
|
s->sioc = NULL;
|
|
|
|
object_unref(OBJECT(s->ioc));
|
|
|
|
s->ioc = NULL;
|
|
|
|
g_free(chr->filename);
|
|
|
|
chr->filename = NULL;
|
2019-02-11 18:24:37 +00:00
|
|
|
tcp_chr_change_state(s, TCP_CHARDEV_STATE_DISCONNECTED);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
2018-10-18 22:34:59 +00:00
|
|
|
static const char *qemu_chr_socket_protocol(SocketChardev *s)
|
2016-12-12 15:41:00 +00:00
|
|
|
{
|
2018-10-18 22:34:59 +00:00
|
|
|
if (s->is_telnet) {
|
|
|
|
return "telnet";
|
|
|
|
}
|
2018-10-18 22:35:00 +00:00
|
|
|
return s->is_websock ? "websocket" : "tcp";
|
2018-10-18 22:34:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static char *qemu_chr_socket_address(SocketChardev *s, const char *prefix)
|
|
|
|
{
|
|
|
|
switch (s->addr->type) {
|
2017-04-26 07:36:41 +00:00
|
|
|
case SOCKET_ADDRESS_TYPE_INET:
|
2016-12-12 15:41:00 +00:00
|
|
|
return g_strdup_printf("%s%s:%s:%s%s", prefix,
|
2018-10-18 22:34:59 +00:00
|
|
|
qemu_chr_socket_protocol(s),
|
|
|
|
s->addr->u.inet.host,
|
|
|
|
s->addr->u.inet.port,
|
|
|
|
s->is_listen ? ",server" : "");
|
2016-12-12 15:41:00 +00:00
|
|
|
break;
|
2017-04-26 07:36:41 +00:00
|
|
|
case SOCKET_ADDRESS_TYPE_UNIX:
|
2016-12-12 15:41:00 +00:00
|
|
|
return g_strdup_printf("%sunix:%s%s", prefix,
|
2018-10-18 22:34:59 +00:00
|
|
|
s->addr->u.q_unix.path,
|
|
|
|
s->is_listen ? ",server" : "");
|
2016-12-12 15:41:00 +00:00
|
|
|
break;
|
2017-04-26 07:36:41 +00:00
|
|
|
case SOCKET_ADDRESS_TYPE_FD:
|
2018-10-18 22:34:59 +00:00
|
|
|
return g_strdup_printf("%sfd:%s%s", prefix, s->addr->u.fd.str,
|
|
|
|
s->is_listen ? ",server" : "");
|
2016-12-12 15:41:00 +00:00
|
|
|
break;
|
2017-04-26 07:36:41 +00:00
|
|
|
case SOCKET_ADDRESS_TYPE_VSOCK:
|
char: Fix socket with "type": "vsock" address
Watch this:
$ qemu-system-x86_64 -nodefaults -S -display none -qmp stdio
{"QMP": {"version": {"qemu": {"micro": 91, "minor": 8, "major": 2}, "package": " (v2.8.0-1195-gf84141e-dirty)"}, "capabilities": []}}
{ "execute": "qmp_capabilities" }
{"return": {}}
{ "execute": "chardev-add", "arguments": { "id": "chr0", "backend": { "type": "socket", "data": { "addr": { "type": "vsock", "data": { "cid": "CID", "port": "P" }}}}}}
Aborted (core dumped)
Crashes because SocketAddress_to_str() is blissfully unaware of
SOCKET_ADDRESS_KIND_VSOCK. Fix that. Pick the output format to match
socket_parse(), just like the existing formats.
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Message-id: 1490895797-29094-3-git-send-email-armbru@redhat.com
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2017-03-30 17:43:10 +00:00
|
|
|
return g_strdup_printf("%svsock:%s:%s", prefix,
|
2018-10-18 22:34:59 +00:00
|
|
|
s->addr->u.vsock.cid,
|
|
|
|
s->addr->u.vsock.port);
|
2016-12-12 15:41:00 +00:00
|
|
|
default:
|
|
|
|
abort();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-12-20 14:32:31 +00:00
|
|
|
static void update_disconnected_filename(SocketChardev *s)
|
|
|
|
{
|
|
|
|
Chardev *chr = CHARDEV(s);
|
|
|
|
|
|
|
|
g_free(chr->filename);
|
chardev: avoid crash if no associated address
A socket chardev may not have associated address (when adding client
fd manually for example). But on disconnect, updating socket filename
expects an address and may lead to this crash:
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555d8c70c in SocketAddress_to_str (prefix=0x555556043062 "disconnected:", addr=0x0, is_listen=false, is_telnet=false) at /home/elmarco/src/qq/chardev/char-socket.c:388
388 switch (addr->type) {
(gdb) bt
#0 0x0000555555d8c70c in SocketAddress_to_str (prefix=0x555556043062 "disconnected:", addr=0x0, is_listen=false, is_telnet=false) at /home/elmarco/src/qq/chardev/char-socket.c:388
#1 0x0000555555d8c8aa in update_disconnected_filename (s=0x555556b1ed00) at /home/elmarco/src/qq/chardev/char-socket.c:419
#2 0x0000555555d8c959 in tcp_chr_disconnect (chr=0x555556b1ed00) at /home/elmarco/src/qq/chardev/char-socket.c:438
#3 0x0000555555d8cba1 in tcp_chr_hup (channel=0x555556b75690, cond=G_IO_HUP, opaque=0x555556b1ed00) at /home/elmarco/src/qq/chardev/char-socket.c:482
#4 0x0000555555da596e in qio_channel_fd_source_dispatch (source=0x555556bb68b0, callback=0x555555d8cb58 <tcp_chr_hup>, user_data=0x555556b1ed00) at /home/elmarco/src/qq/io/channel-watch.c:84
Replace filename with a generic "disconnected:socket" in this case.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2017-07-04 16:53:35 +00:00
|
|
|
if (s->addr) {
|
2018-10-18 22:34:59 +00:00
|
|
|
chr->filename = qemu_chr_socket_address(s, "disconnected:");
|
chardev: avoid crash if no associated address
A socket chardev may not have associated address (when adding client
fd manually for example). But on disconnect, updating socket filename
expects an address and may lead to this crash:
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault.
0x0000555555d8c70c in SocketAddress_to_str (prefix=0x555556043062 "disconnected:", addr=0x0, is_listen=false, is_telnet=false) at /home/elmarco/src/qq/chardev/char-socket.c:388
388 switch (addr->type) {
(gdb) bt
#0 0x0000555555d8c70c in SocketAddress_to_str (prefix=0x555556043062 "disconnected:", addr=0x0, is_listen=false, is_telnet=false) at /home/elmarco/src/qq/chardev/char-socket.c:388
#1 0x0000555555d8c8aa in update_disconnected_filename (s=0x555556b1ed00) at /home/elmarco/src/qq/chardev/char-socket.c:419
#2 0x0000555555d8c959 in tcp_chr_disconnect (chr=0x555556b1ed00) at /home/elmarco/src/qq/chardev/char-socket.c:438
#3 0x0000555555d8cba1 in tcp_chr_hup (channel=0x555556b75690, cond=G_IO_HUP, opaque=0x555556b1ed00) at /home/elmarco/src/qq/chardev/char-socket.c:482
#4 0x0000555555da596e in qio_channel_fd_source_dispatch (source=0x555556bb68b0, callback=0x555555d8cb58 <tcp_chr_hup>, user_data=0x555556b1ed00) at /home/elmarco/src/qq/io/channel-watch.c:84
Replace filename with a generic "disconnected:socket" in this case.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2017-07-04 16:53:35 +00:00
|
|
|
} else {
|
|
|
|
chr->filename = g_strdup("disconnected:socket");
|
|
|
|
}
|
2016-12-20 14:32:31 +00:00
|
|
|
}
|
|
|
|
|
2017-10-05 15:50:57 +00:00
|
|
|
/* NB may be called even if tcp_chr_connect has not been
|
|
|
|
* reached, due to TLS or telnet initialization failure,
|
2019-02-11 18:24:37 +00:00
|
|
|
* so can *not* assume s->state == TCP_CHARDEV_STATE_CONNECTED
|
char-socket: Lock tcp_chr_disconnect() and socket_reconnect_timeout()
There's a race condition in which the tcp_chr_read() ioc handler can
close a connection that is being written to from another thread.
Running iotest 136 in a loop triggers this problem and crashes QEMU.
(gdb) bt
#0 0x00005558b842902d in object_get_class (obj=0x0) at qom/object.c:860
#1 0x00005558b84f92db in qio_channel_writev_full (ioc=0x0, iov=0x7ffc355decf0, niov=1, fds=0x0, nfds=0, errp=0x0) at io/channel.c:76
#2 0x00005558b84e0e9e in io_channel_send_full (ioc=0x0, buf=0x5558baf5beb0, len=138, fds=0x0, nfds=0) at chardev/char-io.c:123
#3 0x00005558b84e4a69 in tcp_chr_write (chr=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138) at chardev/char-socket.c:135
#4 0x00005558b84dca55 in qemu_chr_write_buffer (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, offset=0x7ffc355dedd0, write_all=false) at chardev/char.c:112
#5 0x00005558b84dcbc2 in qemu_chr_write (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, write_all=false) at chardev/char.c:147
#6 0x00005558b84dfb26 in qemu_chr_fe_write (be=0x5558ba476610, buf=0x5558baf5beb0 "...", len=138) at chardev/char-fe.c:42
#7 0x00005558b8088c86 in monitor_flush_locked (mon=0x5558ba476610) at monitor.c:406
#8 0x00005558b8088e8c in monitor_puts (mon=0x5558ba476610, str=0x5558ba921e49 "") at monitor.c:449
#9 0x00005558b8089178 in qmp_send_response (mon=0x5558ba476610, rsp=0x5558bb161600) at monitor.c:498
#10 0x00005558b808920c in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:526
#11 0x00005558b8089307 in monitor_qapi_event_queue_no_reenter (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:551
#12 0x00005558b80896c0 in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:626
#13 0x00005558b855f23b in qapi_event_send_shutdown (guest=false, reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:43
#14 0x00005558b81911ef in qemu_system_shutdown (cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at vl.c:1837
#15 0x00005558b8191308 in main_loop_should_exit () at vl.c:1885
#16 0x00005558b819140d in main_loop () at vl.c:1924
#17 0x00005558b8198c84 in main (argc=18, argv=0x7ffc355df3f8, envp=0x7ffc355df490) at vl.c:4665
This patch adds a lock to protect tcp_chr_disconnect() and
socket_reconnect_timeout()
Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Message-Id: <1565625509-404969-3-git-send-email-andrey.shinkevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-12 15:58:29 +00:00
|
|
|
* This must be called with chr->chr_write_lock held.
|
2017-10-05 15:50:57 +00:00
|
|
|
*/
|
char-socket: Lock tcp_chr_disconnect() and socket_reconnect_timeout()
There's a race condition in which the tcp_chr_read() ioc handler can
close a connection that is being written to from another thread.
Running iotest 136 in a loop triggers this problem and crashes QEMU.
(gdb) bt
#0 0x00005558b842902d in object_get_class (obj=0x0) at qom/object.c:860
#1 0x00005558b84f92db in qio_channel_writev_full (ioc=0x0, iov=0x7ffc355decf0, niov=1, fds=0x0, nfds=0, errp=0x0) at io/channel.c:76
#2 0x00005558b84e0e9e in io_channel_send_full (ioc=0x0, buf=0x5558baf5beb0, len=138, fds=0x0, nfds=0) at chardev/char-io.c:123
#3 0x00005558b84e4a69 in tcp_chr_write (chr=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138) at chardev/char-socket.c:135
#4 0x00005558b84dca55 in qemu_chr_write_buffer (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, offset=0x7ffc355dedd0, write_all=false) at chardev/char.c:112
#5 0x00005558b84dcbc2 in qemu_chr_write (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, write_all=false) at chardev/char.c:147
#6 0x00005558b84dfb26 in qemu_chr_fe_write (be=0x5558ba476610, buf=0x5558baf5beb0 "...", len=138) at chardev/char-fe.c:42
#7 0x00005558b8088c86 in monitor_flush_locked (mon=0x5558ba476610) at monitor.c:406
#8 0x00005558b8088e8c in monitor_puts (mon=0x5558ba476610, str=0x5558ba921e49 "") at monitor.c:449
#9 0x00005558b8089178 in qmp_send_response (mon=0x5558ba476610, rsp=0x5558bb161600) at monitor.c:498
#10 0x00005558b808920c in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:526
#11 0x00005558b8089307 in monitor_qapi_event_queue_no_reenter (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:551
#12 0x00005558b80896c0 in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:626
#13 0x00005558b855f23b in qapi_event_send_shutdown (guest=false, reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:43
#14 0x00005558b81911ef in qemu_system_shutdown (cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at vl.c:1837
#15 0x00005558b8191308 in main_loop_should_exit () at vl.c:1885
#16 0x00005558b819140d in main_loop () at vl.c:1924
#17 0x00005558b8198c84 in main (argc=18, argv=0x7ffc355df3f8, envp=0x7ffc355df490) at vl.c:4665
This patch adds a lock to protect tcp_chr_disconnect() and
socket_reconnect_timeout()
Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Message-Id: <1565625509-404969-3-git-send-email-andrey.shinkevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-12 15:58:29 +00:00
|
|
|
static void tcp_chr_disconnect_locked(Chardev *chr)
|
2016-12-12 15:41:00 +00:00
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
2019-02-11 18:24:37 +00:00
|
|
|
bool emit_close = s->state == TCP_CHARDEV_STATE_CONNECTED;
|
2016-12-12 15:41:00 +00:00
|
|
|
|
|
|
|
tcp_chr_free_connection(chr);
|
|
|
|
|
2017-12-18 13:54:17 +00:00
|
|
|
if (s->listener) {
|
2018-03-06 05:33:14 +00:00
|
|
|
qio_net_listener_set_client_func_full(s->listener, tcp_chr_accept,
|
|
|
|
chr, NULL, chr->gcontext);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
2016-12-20 14:32:31 +00:00
|
|
|
update_disconnected_filename(s);
|
2017-10-05 15:50:57 +00:00
|
|
|
if (emit_close) {
|
|
|
|
qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
|
|
|
|
}
|
2020-05-22 02:55:54 +00:00
|
|
|
if (s->reconnect_time && !s->reconnect_timer) {
|
2016-12-12 15:41:00 +00:00
|
|
|
qemu_chr_socket_restart_timer(chr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
char-socket: Lock tcp_chr_disconnect() and socket_reconnect_timeout()
There's a race condition in which the tcp_chr_read() ioc handler can
close a connection that is being written to from another thread.
Running iotest 136 in a loop triggers this problem and crashes QEMU.
(gdb) bt
#0 0x00005558b842902d in object_get_class (obj=0x0) at qom/object.c:860
#1 0x00005558b84f92db in qio_channel_writev_full (ioc=0x0, iov=0x7ffc355decf0, niov=1, fds=0x0, nfds=0, errp=0x0) at io/channel.c:76
#2 0x00005558b84e0e9e in io_channel_send_full (ioc=0x0, buf=0x5558baf5beb0, len=138, fds=0x0, nfds=0) at chardev/char-io.c:123
#3 0x00005558b84e4a69 in tcp_chr_write (chr=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138) at chardev/char-socket.c:135
#4 0x00005558b84dca55 in qemu_chr_write_buffer (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, offset=0x7ffc355dedd0, write_all=false) at chardev/char.c:112
#5 0x00005558b84dcbc2 in qemu_chr_write (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, write_all=false) at chardev/char.c:147
#6 0x00005558b84dfb26 in qemu_chr_fe_write (be=0x5558ba476610, buf=0x5558baf5beb0 "...", len=138) at chardev/char-fe.c:42
#7 0x00005558b8088c86 in monitor_flush_locked (mon=0x5558ba476610) at monitor.c:406
#8 0x00005558b8088e8c in monitor_puts (mon=0x5558ba476610, str=0x5558ba921e49 "") at monitor.c:449
#9 0x00005558b8089178 in qmp_send_response (mon=0x5558ba476610, rsp=0x5558bb161600) at monitor.c:498
#10 0x00005558b808920c in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:526
#11 0x00005558b8089307 in monitor_qapi_event_queue_no_reenter (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:551
#12 0x00005558b80896c0 in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:626
#13 0x00005558b855f23b in qapi_event_send_shutdown (guest=false, reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:43
#14 0x00005558b81911ef in qemu_system_shutdown (cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at vl.c:1837
#15 0x00005558b8191308 in main_loop_should_exit () at vl.c:1885
#16 0x00005558b819140d in main_loop () at vl.c:1924
#17 0x00005558b8198c84 in main (argc=18, argv=0x7ffc355df3f8, envp=0x7ffc355df490) at vl.c:4665
This patch adds a lock to protect tcp_chr_disconnect() and
socket_reconnect_timeout()
Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Message-Id: <1565625509-404969-3-git-send-email-andrey.shinkevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-12 15:58:29 +00:00
|
|
|
static void tcp_chr_disconnect(Chardev *chr)
|
|
|
|
{
|
|
|
|
qemu_mutex_lock(&chr->chr_write_lock);
|
|
|
|
tcp_chr_disconnect_locked(chr);
|
|
|
|
qemu_mutex_unlock(&chr->chr_write_lock);
|
|
|
|
}
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
static gboolean tcp_chr_read(QIOChannel *chan, GIOCondition cond, void *opaque)
|
|
|
|
{
|
|
|
|
Chardev *chr = CHARDEV(opaque);
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(opaque);
|
|
|
|
uint8_t buf[CHR_READ_BUF_LEN];
|
|
|
|
int len, size;
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
if ((s->state != TCP_CHARDEV_STATE_CONNECTED) ||
|
|
|
|
s->max_size <= 0) {
|
2016-12-12 15:41:00 +00:00
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
len = sizeof(buf);
|
|
|
|
if (len > s->max_size) {
|
|
|
|
len = s->max_size;
|
|
|
|
}
|
|
|
|
size = tcp_chr_recv(chr, (void *)buf, len);
|
2018-02-22 12:13:51 +00:00
|
|
|
if (size == 0 || (size == -1 && errno != EAGAIN)) {
|
2016-12-12 15:41:00 +00:00
|
|
|
/* connection closed */
|
|
|
|
tcp_chr_disconnect(chr);
|
|
|
|
} else if (size > 0) {
|
|
|
|
if (s->do_telnetopt) {
|
|
|
|
tcp_chr_process_IAC_bytes(chr, s, buf, &size);
|
|
|
|
}
|
|
|
|
if (size > 0) {
|
|
|
|
qemu_chr_be_write(chr, buf, size);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
|
2018-01-25 13:51:29 +00:00
|
|
|
static gboolean tcp_chr_hup(QIOChannel *channel,
|
|
|
|
GIOCondition cond,
|
|
|
|
void *opaque)
|
|
|
|
{
|
|
|
|
Chardev *chr = CHARDEV(opaque);
|
|
|
|
tcp_chr_disconnect(chr);
|
|
|
|
return G_SOURCE_REMOVE;
|
|
|
|
}
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
static int tcp_chr_sync_read(Chardev *chr, const uint8_t *buf, int len)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
int size;
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
if (s->state != TCP_CHARDEV_STATE_CONNECTED) {
|
2016-12-12 15:41:00 +00:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2017-07-06 17:03:53 +00:00
|
|
|
qio_channel_set_blocking(s->ioc, true, NULL);
|
2016-12-12 15:41:00 +00:00
|
|
|
size = tcp_chr_recv(chr, (void *) buf, len);
|
2020-04-19 09:51:40 +00:00
|
|
|
if (s->state != TCP_CHARDEV_STATE_DISCONNECTED) {
|
|
|
|
qio_channel_set_blocking(s->ioc, false, NULL);
|
|
|
|
}
|
2016-12-12 15:41:00 +00:00
|
|
|
if (size == 0) {
|
|
|
|
/* connection closed */
|
|
|
|
tcp_chr_disconnect(chr);
|
|
|
|
}
|
|
|
|
|
|
|
|
return size;
|
|
|
|
}
|
|
|
|
|
2018-10-18 22:34:59 +00:00
|
|
|
static char *qemu_chr_compute_filename(SocketChardev *s)
|
2016-12-12 15:41:00 +00:00
|
|
|
{
|
2018-10-18 22:34:59 +00:00
|
|
|
struct sockaddr_storage *ss = &s->sioc->localAddr;
|
|
|
|
struct sockaddr_storage *ps = &s->sioc->remoteAddr;
|
|
|
|
socklen_t ss_len = s->sioc->localAddrLen;
|
|
|
|
socklen_t ps_len = s->sioc->remoteAddrLen;
|
2016-12-12 15:41:00 +00:00
|
|
|
char shost[NI_MAXHOST], sserv[NI_MAXSERV];
|
|
|
|
char phost[NI_MAXHOST], pserv[NI_MAXSERV];
|
|
|
|
const char *left = "", *right = "";
|
|
|
|
|
|
|
|
switch (ss->ss_family) {
|
|
|
|
#ifndef _WIN32
|
|
|
|
case AF_UNIX:
|
|
|
|
return g_strdup_printf("unix:%s%s",
|
|
|
|
((struct sockaddr_un *)(ss))->sun_path,
|
2018-10-18 22:34:59 +00:00
|
|
|
s->is_listen ? ",server" : "");
|
2016-12-12 15:41:00 +00:00
|
|
|
#endif
|
|
|
|
case AF_INET6:
|
|
|
|
left = "[";
|
|
|
|
right = "]";
|
|
|
|
/* fall through */
|
|
|
|
case AF_INET:
|
|
|
|
getnameinfo((struct sockaddr *) ss, ss_len, shost, sizeof(shost),
|
|
|
|
sserv, sizeof(sserv), NI_NUMERICHOST | NI_NUMERICSERV);
|
|
|
|
getnameinfo((struct sockaddr *) ps, ps_len, phost, sizeof(phost),
|
|
|
|
pserv, sizeof(pserv), NI_NUMERICHOST | NI_NUMERICSERV);
|
|
|
|
return g_strdup_printf("%s:%s%s%s:%s%s <-> %s%s%s:%s",
|
2018-10-18 22:34:59 +00:00
|
|
|
qemu_chr_socket_protocol(s),
|
2016-12-12 15:41:00 +00:00
|
|
|
left, shost, right, sserv,
|
2018-10-18 22:34:59 +00:00
|
|
|
s->is_listen ? ",server" : "",
|
2016-12-12 15:41:00 +00:00
|
|
|
left, phost, right, pserv);
|
|
|
|
|
|
|
|
default:
|
|
|
|
return g_strdup_printf("unknown");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-08-17 13:52:23 +00:00
|
|
|
static void update_ioc_handlers(SocketChardev *s)
|
|
|
|
{
|
|
|
|
Chardev *chr = CHARDEV(s);
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
if (s->state != TCP_CHARDEV_STATE_CONNECTED) {
|
2018-08-17 13:52:23 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
remove_fd_in_watch(chr);
|
|
|
|
chr->gsource = io_add_watch_poll(chr, s->ioc,
|
|
|
|
tcp_chr_read_poll,
|
|
|
|
tcp_chr_read, chr,
|
|
|
|
chr->gcontext);
|
|
|
|
|
|
|
|
remove_hup_source(s);
|
|
|
|
s->hup_source = qio_channel_create_watch(s->ioc, G_IO_HUP);
|
|
|
|
g_source_set_callback(s->hup_source, (GSourceFunc)tcp_chr_hup,
|
|
|
|
chr, NULL);
|
|
|
|
g_source_attach(s->hup_source, chr->gcontext);
|
|
|
|
}
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
static void tcp_chr_connect(void *opaque)
|
|
|
|
{
|
|
|
|
Chardev *chr = CHARDEV(opaque);
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(opaque);
|
|
|
|
|
|
|
|
g_free(chr->filename);
|
2018-10-18 22:34:59 +00:00
|
|
|
chr->filename = qemu_chr_compute_filename(s);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTED);
|
2018-08-17 13:52:23 +00:00
|
|
|
update_ioc_handlers(s);
|
2016-12-14 11:23:02 +00:00
|
|
|
qemu_chr_be_event(chr, CHR_EVENT_OPENED);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
2018-03-06 05:33:15 +00:00
|
|
|
static void tcp_chr_telnet_destroy(SocketChardev *s)
|
|
|
|
{
|
|
|
|
if (s->telnet_source) {
|
|
|
|
g_source_destroy(s->telnet_source);
|
|
|
|
g_source_unref(s->telnet_source);
|
|
|
|
s->telnet_source = NULL;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-09-21 06:35:54 +00:00
|
|
|
static void tcp_chr_update_read_handler(Chardev *chr)
|
2016-12-12 15:41:00 +00:00
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
|
2019-02-20 14:33:27 +00:00
|
|
|
if (s->listener && s->state == TCP_CHARDEV_STATE_DISCONNECTED) {
|
2018-03-06 05:33:14 +00:00
|
|
|
/*
|
|
|
|
* It's possible that chardev context is changed in
|
|
|
|
* qemu_chr_be_update_read_handlers(). Reset it for QIO net
|
|
|
|
* listener if there is.
|
|
|
|
*/
|
|
|
|
qio_net_listener_set_client_func_full(s->listener, tcp_chr_accept,
|
|
|
|
chr, NULL, chr->gcontext);
|
|
|
|
}
|
|
|
|
|
2018-03-06 05:33:15 +00:00
|
|
|
if (s->telnet_source) {
|
|
|
|
tcp_chr_telnet_init(CHARDEV(s));
|
|
|
|
}
|
|
|
|
|
2018-08-17 13:52:23 +00:00
|
|
|
update_ioc_handlers(s);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static gboolean tcp_chr_telnet_init_io(QIOChannel *ioc,
|
|
|
|
GIOCondition cond G_GNUC_UNUSED,
|
|
|
|
gpointer user_data)
|
|
|
|
{
|
2018-03-06 05:33:15 +00:00
|
|
|
SocketChardev *s = user_data;
|
|
|
|
Chardev *chr = CHARDEV(s);
|
|
|
|
TCPChardevTelnetInit *init = s->telnet_init;
|
2016-12-12 15:41:00 +00:00
|
|
|
ssize_t ret;
|
|
|
|
|
2018-03-06 05:33:15 +00:00
|
|
|
assert(init);
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
ret = qio_channel_write(ioc, init->buf, init->buflen, NULL);
|
|
|
|
if (ret < 0) {
|
|
|
|
if (ret == QIO_CHANNEL_ERR_BLOCK) {
|
|
|
|
ret = 0;
|
|
|
|
} else {
|
2018-03-06 05:33:15 +00:00
|
|
|
tcp_chr_disconnect(chr);
|
2018-03-01 08:44:24 +00:00
|
|
|
goto end;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
init->buflen -= ret;
|
|
|
|
|
|
|
|
if (init->buflen == 0) {
|
2018-03-06 05:33:15 +00:00
|
|
|
tcp_chr_connect(chr);
|
2018-03-01 08:44:24 +00:00
|
|
|
goto end;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
memmove(init->buf, init->buf + ret, init->buflen);
|
|
|
|
|
2018-03-01 08:44:24 +00:00
|
|
|
return G_SOURCE_CONTINUE;
|
|
|
|
|
|
|
|
end:
|
2018-03-06 05:33:15 +00:00
|
|
|
g_free(s->telnet_init);
|
|
|
|
s->telnet_init = NULL;
|
|
|
|
g_source_unref(s->telnet_source);
|
|
|
|
s->telnet_source = NULL;
|
2018-03-01 08:44:24 +00:00
|
|
|
return G_SOURCE_REMOVE;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static void tcp_chr_telnet_init(Chardev *chr)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
2018-03-06 05:33:15 +00:00
|
|
|
TCPChardevTelnetInit *init;
|
2016-12-12 15:41:00 +00:00
|
|
|
size_t n = 0;
|
|
|
|
|
2018-03-06 05:33:15 +00:00
|
|
|
/* Destroy existing task */
|
|
|
|
tcp_chr_telnet_destroy(s);
|
|
|
|
|
|
|
|
if (s->telnet_init) {
|
|
|
|
/* We are possibly during a handshake already */
|
|
|
|
goto cont;
|
|
|
|
}
|
|
|
|
|
|
|
|
s->telnet_init = g_new0(TCPChardevTelnetInit, 1);
|
|
|
|
init = s->telnet_init;
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
#define IACSET(x, a, b, c) \
|
|
|
|
do { \
|
|
|
|
x[n++] = a; \
|
|
|
|
x[n++] = b; \
|
|
|
|
x[n++] = c; \
|
|
|
|
} while (0)
|
|
|
|
|
2016-09-23 06:06:11 +00:00
|
|
|
if (!s->is_tn3270) {
|
|
|
|
init->buflen = 12;
|
|
|
|
/* Prep the telnet negotion to put telnet in binary,
|
|
|
|
* no echo, single char mode */
|
|
|
|
IACSET(init->buf, 0xff, 0xfb, 0x01); /* IAC WILL ECHO */
|
|
|
|
IACSET(init->buf, 0xff, 0xfb, 0x03); /* IAC WILL Suppress go ahead */
|
|
|
|
IACSET(init->buf, 0xff, 0xfb, 0x00); /* IAC WILL Binary */
|
|
|
|
IACSET(init->buf, 0xff, 0xfd, 0x00); /* IAC DO Binary */
|
|
|
|
} else {
|
|
|
|
init->buflen = 21;
|
|
|
|
/* Prep the TN3270 negotion based on RFC1576 */
|
|
|
|
IACSET(init->buf, 0xff, 0xfd, 0x19); /* IAC DO EOR */
|
|
|
|
IACSET(init->buf, 0xff, 0xfb, 0x19); /* IAC WILL EOR */
|
|
|
|
IACSET(init->buf, 0xff, 0xfd, 0x00); /* IAC DO BINARY */
|
|
|
|
IACSET(init->buf, 0xff, 0xfb, 0x00); /* IAC WILL BINARY */
|
|
|
|
IACSET(init->buf, 0xff, 0xfd, 0x18); /* IAC DO TERMINAL TYPE */
|
|
|
|
IACSET(init->buf, 0xff, 0xfa, 0x18); /* IAC SB TERMINAL TYPE */
|
|
|
|
IACSET(init->buf, 0x01, 0xff, 0xf0); /* SEND IAC SE */
|
|
|
|
}
|
2016-12-12 15:41:00 +00:00
|
|
|
|
|
|
|
#undef IACSET
|
|
|
|
|
2018-03-06 05:33:15 +00:00
|
|
|
cont:
|
|
|
|
s->telnet_source = qio_channel_add_watch_source(s->ioc, G_IO_OUT,
|
|
|
|
tcp_chr_telnet_init_io,
|
|
|
|
s, NULL,
|
|
|
|
chr->gcontext);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-10-18 22:35:00 +00:00
|
|
|
static void tcp_chr_websock_handshake(QIOTask *task, gpointer user_data)
|
|
|
|
{
|
|
|
|
Chardev *chr = user_data;
|
|
|
|
SocketChardev *s = user_data;
|
|
|
|
|
|
|
|
if (qio_task_propagate_error(task, NULL)) {
|
|
|
|
tcp_chr_disconnect(chr);
|
|
|
|
} else {
|
|
|
|
if (s->do_telnetopt) {
|
|
|
|
tcp_chr_telnet_init(chr);
|
|
|
|
} else {
|
|
|
|
tcp_chr_connect(chr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void tcp_chr_websock_init(Chardev *chr)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
QIOChannelWebsock *wioc = NULL;
|
|
|
|
gchar *name;
|
|
|
|
|
|
|
|
wioc = qio_channel_websock_new_server(s->ioc);
|
|
|
|
|
|
|
|
name = g_strdup_printf("chardev-websocket-server-%s", chr->label);
|
|
|
|
qio_channel_set_name(QIO_CHANNEL(wioc), name);
|
|
|
|
g_free(name);
|
|
|
|
object_unref(OBJECT(s->ioc));
|
|
|
|
s->ioc = QIO_CHANNEL(wioc);
|
|
|
|
|
|
|
|
qio_channel_websock_handshake(wioc, tcp_chr_websock_handshake, chr, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
static void tcp_chr_tls_handshake(QIOTask *task,
|
|
|
|
gpointer user_data)
|
|
|
|
{
|
|
|
|
Chardev *chr = user_data;
|
|
|
|
SocketChardev *s = user_data;
|
|
|
|
|
|
|
|
if (qio_task_propagate_error(task, NULL)) {
|
|
|
|
tcp_chr_disconnect(chr);
|
|
|
|
} else {
|
2018-10-18 22:35:00 +00:00
|
|
|
if (s->is_websock) {
|
|
|
|
tcp_chr_websock_init(chr);
|
|
|
|
} else if (s->do_telnetopt) {
|
2016-12-12 15:41:00 +00:00
|
|
|
tcp_chr_telnet_init(chr);
|
|
|
|
} else {
|
|
|
|
tcp_chr_connect(chr);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void tcp_chr_tls_init(Chardev *chr)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
QIOChannelTLS *tioc;
|
|
|
|
gchar *name;
|
|
|
|
|
|
|
|
if (s->is_listen) {
|
|
|
|
tioc = qio_channel_tls_new_server(
|
|
|
|
s->ioc, s->tls_creds,
|
chardev: add support for authorization for TLS clients
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certificate
from the CA before they are permitted to use the chardev server. This is
still a fairly low bar.
This adds a 'tls-authz=OBJECT-ID' option to the socket chardev backend
which takes the ID of a previously added 'QAuthZ' object instance. This
will be used to validate the client's x509 distinguished name. Clients
failing the check will not be permitted to use the chardev server.
For example to setup authorization that only allows connection from a
client whose x509 certificate distinguished name contains 'CN=fred', you
would use:
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
endpoint=server,verify-peer=yes \
-object authz-simple,id=authz0,identity=CN=laptop.example.com,,\
O=Example Org,,L=London,,ST=London,,C=GB \
-chardev socket,host=127.0.0.1,port=9000,server,\
tls-creds=tls0,tls-authz=authz0 \
...other qemu args...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-03-08 15:21:50 +00:00
|
|
|
s->tls_authz,
|
2020-06-30 09:03:28 +00:00
|
|
|
NULL);
|
2016-12-12 15:41:00 +00:00
|
|
|
} else {
|
|
|
|
tioc = qio_channel_tls_new_client(
|
|
|
|
s->ioc, s->tls_creds,
|
2017-04-26 07:36:41 +00:00
|
|
|
s->addr->u.inet.host,
|
2020-06-30 09:03:28 +00:00
|
|
|
NULL);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
if (tioc == NULL) {
|
|
|
|
tcp_chr_disconnect(chr);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
name = g_strdup_printf("chardev-tls-%s-%s",
|
|
|
|
s->is_listen ? "server" : "client",
|
|
|
|
chr->label);
|
|
|
|
qio_channel_set_name(QIO_CHANNEL(tioc), name);
|
|
|
|
g_free(name);
|
|
|
|
object_unref(OBJECT(s->ioc));
|
|
|
|
s->ioc = QIO_CHANNEL(tioc);
|
|
|
|
|
|
|
|
qio_channel_tls_handshake(tioc,
|
|
|
|
tcp_chr_tls_handshake,
|
|
|
|
chr,
|
2018-03-05 06:43:24 +00:00
|
|
|
NULL,
|
2018-03-06 05:33:19 +00:00
|
|
|
chr->gcontext);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void tcp_chr_set_client_ioc_name(Chardev *chr,
|
|
|
|
QIOChannelSocket *sioc)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
char *name;
|
|
|
|
name = g_strdup_printf("chardev-tcp-%s-%s",
|
|
|
|
s->is_listen ? "server" : "client",
|
|
|
|
chr->label);
|
|
|
|
qio_channel_set_name(QIO_CHANNEL(sioc), name);
|
|
|
|
g_free(name);
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
static int tcp_chr_new_client(Chardev *chr, QIOChannelSocket *sioc)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
if (s->state != TCP_CHARDEV_STATE_CONNECTING) {
|
2016-12-12 15:41:00 +00:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
s->ioc = QIO_CHANNEL(sioc);
|
|
|
|
object_ref(OBJECT(sioc));
|
|
|
|
s->sioc = sioc;
|
|
|
|
object_ref(OBJECT(sioc));
|
|
|
|
|
|
|
|
qio_channel_set_blocking(s->ioc, false, NULL);
|
|
|
|
|
|
|
|
if (s->do_nodelay) {
|
|
|
|
qio_channel_set_delay(s->ioc, false);
|
|
|
|
}
|
2017-12-18 13:54:17 +00:00
|
|
|
if (s->listener) {
|
2018-03-06 05:33:14 +00:00
|
|
|
qio_net_listener_set_client_func_full(s->listener, NULL, NULL,
|
|
|
|
NULL, chr->gcontext);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if (s->tls_creds) {
|
|
|
|
tcp_chr_tls_init(chr);
|
2018-10-18 22:35:00 +00:00
|
|
|
} else if (s->is_websock) {
|
|
|
|
tcp_chr_websock_init(chr);
|
|
|
|
} else if (s->do_telnetopt) {
|
|
|
|
tcp_chr_telnet_init(chr);
|
2016-12-12 15:41:00 +00:00
|
|
|
} else {
|
2018-10-18 22:35:00 +00:00
|
|
|
tcp_chr_connect(chr);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int tcp_chr_add_client(Chardev *chr, int fd)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
QIOChannelSocket *sioc;
|
2019-02-11 18:24:37 +00:00
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
|
|
|
|
if (s->state != TCP_CHARDEV_STATE_DISCONNECTED) {
|
|
|
|
return -1;
|
|
|
|
}
|
2016-12-12 15:41:00 +00:00
|
|
|
|
|
|
|
sioc = qio_channel_socket_new_fd(fd, NULL);
|
|
|
|
if (!sioc) {
|
|
|
|
return -1;
|
|
|
|
}
|
2019-02-11 18:24:37 +00:00
|
|
|
tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTING);
|
2016-12-12 15:41:00 +00:00
|
|
|
tcp_chr_set_client_ioc_name(chr, sioc);
|
|
|
|
ret = tcp_chr_new_client(chr, sioc);
|
|
|
|
object_unref(OBJECT(sioc));
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2017-12-18 13:54:17 +00:00
|
|
|
static void tcp_chr_accept(QIONetListener *listener,
|
|
|
|
QIOChannelSocket *cioc,
|
|
|
|
void *opaque)
|
2016-12-12 15:41:00 +00:00
|
|
|
{
|
|
|
|
Chardev *chr = CHARDEV(opaque);
|
2019-02-11 18:24:37 +00:00
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTING);
|
2017-12-18 13:54:17 +00:00
|
|
|
tcp_chr_set_client_ioc_name(chr, cioc);
|
|
|
|
tcp_chr_new_client(chr, cioc);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
2019-02-11 18:24:35 +00:00
|
|
|
|
|
|
|
static int tcp_chr_connect_client_sync(Chardev *chr, Error **errp)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
QIOChannelSocket *sioc = qio_channel_socket_new();
|
2019-02-11 18:24:37 +00:00
|
|
|
tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTING);
|
2019-02-11 18:24:35 +00:00
|
|
|
tcp_chr_set_client_ioc_name(chr, sioc);
|
|
|
|
if (qio_channel_socket_connect_sync(sioc, s->addr, errp) < 0) {
|
2019-02-11 18:24:37 +00:00
|
|
|
tcp_chr_change_state(s, TCP_CHARDEV_STATE_DISCONNECTED);
|
2019-02-11 18:24:35 +00:00
|
|
|
object_unref(OBJECT(sioc));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
tcp_chr_new_client(chr, sioc);
|
|
|
|
object_unref(OBJECT(sioc));
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void tcp_chr_accept_server_sync(Chardev *chr)
|
2016-12-12 15:41:00 +00:00
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
QIOChannelSocket *sioc;
|
2019-02-11 18:24:35 +00:00
|
|
|
info_report("QEMU waiting for connection on: %s",
|
|
|
|
chr->filename);
|
2019-02-11 18:24:37 +00:00
|
|
|
tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTING);
|
2019-02-11 18:24:35 +00:00
|
|
|
sioc = qio_net_listener_wait_client(s->listener);
|
|
|
|
tcp_chr_set_client_ioc_name(chr, sioc);
|
|
|
|
tcp_chr_new_client(chr, sioc);
|
|
|
|
object_unref(OBJECT(sioc));
|
|
|
|
}
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2019-02-11 18:24:35 +00:00
|
|
|
static int tcp_chr_wait_connected(Chardev *chr, Error **errp)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
2019-02-11 18:24:39 +00:00
|
|
|
const char *opts[] = { "telnet", "tn3270", "websock", "tls-creds" };
|
|
|
|
bool optset[] = { s->is_telnet, s->is_tn3270, s->is_websock, s->tls_creds };
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
QEMU_BUILD_BUG_ON(G_N_ELEMENTS(opts) != G_N_ELEMENTS(optset));
|
|
|
|
for (i = 0; i < G_N_ELEMENTS(opts); i++) {
|
|
|
|
if (optset[i]) {
|
|
|
|
error_setg(errp,
|
|
|
|
"'%s' option is incompatible with waiting for "
|
|
|
|
"connection completion", opts[i]);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
chardev: fix race with client connections in tcp_chr_wait_connected
When the 'reconnect' option is given for a client connection, the
qmp_chardev_open_socket_client method will run an asynchronous
connection attempt. The QIOChannel socket executes this is a single use
background thread, so the connection will succeed immediately (assuming
the server is listening). The chardev, however, won't get the result
from this background thread until the main loop starts running and
processes idle callbacks.
Thus when tcp_chr_wait_connected is run s->ioc will be NULL, but the
state will be TCP_CHARDEV_STATE_CONNECTING, and there may already
be an established connection that will be associated with the chardev
by the pending idle callback. tcp_chr_wait_connected doesn't check the
state, only s->ioc, so attempts to establish another connection
synchronously.
If the server allows multiple connections this is unhelpful but not a
fatal problem as the duplicate connection will get ignored by the
tcp_chr_new_client method when it sees the state is already connected.
If the server only supports a single connection, however, the
tcp_chr_wait_connected method will hang forever because the server will
not accept its synchronous connection attempt until the first connection
is closed.
To deal with this tcp_chr_wait_connected needs to synchronize with the
completion of the background connection task. To do this it needs to
create the QIOTask directly and use the qio_task_wait_thread method.
This will cancel the pending idle callback and directly dispatch the
task completion callback, allowing the connection to be associated
with the chardev. If the background connection failed, it can still
attempt a new synchronous connection.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190211182442.8542-15-berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-02-11 18:24:40 +00:00
|
|
|
tcp_chr_reconn_timer_cancel(s);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We expect states to be as follows:
|
|
|
|
*
|
|
|
|
* - server
|
|
|
|
* - wait -> CONNECTED
|
|
|
|
* - nowait -> DISCONNECTED
|
|
|
|
* - client
|
|
|
|
* - reconnect == 0 -> CONNECTED
|
|
|
|
* - reconnect != 0 -> CONNECTING
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
if (s->state == TCP_CHARDEV_STATE_CONNECTING) {
|
|
|
|
if (!s->connect_task) {
|
|
|
|
error_setg(errp,
|
|
|
|
"Unexpected 'connecting' state without connect task "
|
|
|
|
"while waiting for connection completion");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
/*
|
|
|
|
* tcp_chr_wait_connected should only ever be run from the
|
|
|
|
* main loop thread associated with chr->gcontext, otherwise
|
|
|
|
* qio_task_wait_thread has a dangerous race condition with
|
|
|
|
* free'ing of the s->connect_task object.
|
|
|
|
*
|
|
|
|
* Acquiring the main context doesn't 100% prove we're in
|
|
|
|
* the main loop thread, but it does at least guarantee
|
|
|
|
* that the main loop won't be executed by another thread
|
|
|
|
* avoiding the race condition with the task idle callback.
|
|
|
|
*/
|
|
|
|
g_main_context_acquire(chr->gcontext);
|
|
|
|
qio_task_wait_thread(s->connect_task);
|
|
|
|
g_main_context_release(chr->gcontext);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The completion callback (qemu_chr_socket_connected) for
|
|
|
|
* s->connect_task should have set this to NULL by the time
|
|
|
|
* qio_task_wait_thread has returned.
|
|
|
|
*/
|
|
|
|
assert(!s->connect_task);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* NB we are *not* guaranteed to have "s->state == ..CONNECTED"
|
|
|
|
* at this point as this first connect may be failed, so
|
|
|
|
* allow the next loop to run regardless.
|
|
|
|
*/
|
|
|
|
}
|
|
|
|
|
|
|
|
while (s->state != TCP_CHARDEV_STATE_CONNECTED) {
|
2016-12-12 15:41:00 +00:00
|
|
|
if (s->is_listen) {
|
2019-02-11 18:24:35 +00:00
|
|
|
tcp_chr_accept_server_sync(chr);
|
2016-12-12 15:41:00 +00:00
|
|
|
} else {
|
2019-02-11 18:24:38 +00:00
|
|
|
Error *err = NULL;
|
|
|
|
if (tcp_chr_connect_client_sync(chr, &err) < 0) {
|
|
|
|
if (s->reconnect_time) {
|
|
|
|
error_free(err);
|
|
|
|
g_usleep(s->reconnect_time * 1000ULL * 1000ULL);
|
|
|
|
} else {
|
|
|
|
error_propagate(errp, err);
|
|
|
|
return -1;
|
|
|
|
}
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void char_socket_finalize(Object *obj)
|
|
|
|
{
|
|
|
|
Chardev *chr = CHARDEV(obj);
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(obj);
|
|
|
|
|
|
|
|
tcp_chr_free_connection(chr);
|
2018-01-04 14:18:35 +00:00
|
|
|
tcp_chr_reconn_timer_cancel(s);
|
2016-12-12 15:41:00 +00:00
|
|
|
qapi_free_SocketAddress(s->addr);
|
2018-03-06 05:33:15 +00:00
|
|
|
tcp_chr_telnet_destroy(s);
|
|
|
|
g_free(s->telnet_init);
|
2017-12-18 13:54:17 +00:00
|
|
|
if (s->listener) {
|
2018-03-06 05:33:14 +00:00
|
|
|
qio_net_listener_set_client_func_full(s->listener, NULL, NULL,
|
|
|
|
NULL, chr->gcontext);
|
2017-12-18 13:54:17 +00:00
|
|
|
object_unref(OBJECT(s->listener));
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
if (s->tls_creds) {
|
|
|
|
object_unref(OBJECT(s->tls_creds));
|
|
|
|
}
|
chardev: add support for authorization for TLS clients
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certificate
from the CA before they are permitted to use the chardev server. This is
still a fairly low bar.
This adds a 'tls-authz=OBJECT-ID' option to the socket chardev backend
which takes the ID of a previously added 'QAuthZ' object instance. This
will be used to validate the client's x509 distinguished name. Clients
failing the check will not be permitted to use the chardev server.
For example to setup authorization that only allows connection from a
client whose x509 certificate distinguished name contains 'CN=fred', you
would use:
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
endpoint=server,verify-peer=yes \
-object authz-simple,id=authz0,identity=CN=laptop.example.com,,\
O=Example Org,,L=London,,ST=London,,C=GB \
-chardev socket,host=127.0.0.1,port=9000,server,\
tls-creds=tls0,tls-authz=authz0 \
...other qemu args...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-03-08 15:21:50 +00:00
|
|
|
g_free(s->tls_authz);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
|
|
|
qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void qemu_chr_socket_connected(QIOTask *task, void *opaque)
|
|
|
|
{
|
|
|
|
QIOChannelSocket *sioc = QIO_CHANNEL_SOCKET(qio_task_get_source(task));
|
|
|
|
Chardev *chr = CHARDEV(opaque);
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
Error *err = NULL;
|
|
|
|
|
chardev: fix race with client connections in tcp_chr_wait_connected
When the 'reconnect' option is given for a client connection, the
qmp_chardev_open_socket_client method will run an asynchronous
connection attempt. The QIOChannel socket executes this is a single use
background thread, so the connection will succeed immediately (assuming
the server is listening). The chardev, however, won't get the result
from this background thread until the main loop starts running and
processes idle callbacks.
Thus when tcp_chr_wait_connected is run s->ioc will be NULL, but the
state will be TCP_CHARDEV_STATE_CONNECTING, and there may already
be an established connection that will be associated with the chardev
by the pending idle callback. tcp_chr_wait_connected doesn't check the
state, only s->ioc, so attempts to establish another connection
synchronously.
If the server allows multiple connections this is unhelpful but not a
fatal problem as the duplicate connection will get ignored by the
tcp_chr_new_client method when it sees the state is already connected.
If the server only supports a single connection, however, the
tcp_chr_wait_connected method will hang forever because the server will
not accept its synchronous connection attempt until the first connection
is closed.
To deal with this tcp_chr_wait_connected needs to synchronize with the
completion of the background connection task. To do this it needs to
create the QIOTask directly and use the qio_task_wait_thread method.
This will cancel the pending idle callback and directly dispatch the
task completion callback, allowing the connection to be associated
with the chardev. If the background connection failed, it can still
attempt a new synchronous connection.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190211182442.8542-15-berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-02-11 18:24:40 +00:00
|
|
|
s->connect_task = NULL;
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
if (qio_task_propagate_error(task, &err)) {
|
2019-02-11 18:24:37 +00:00
|
|
|
tcp_chr_change_state(s, TCP_CHARDEV_STATE_DISCONNECTED);
|
2016-12-12 15:41:00 +00:00
|
|
|
check_report_connect_error(chr, err);
|
|
|
|
goto cleanup;
|
|
|
|
}
|
|
|
|
|
|
|
|
s->connect_err_reported = false;
|
|
|
|
tcp_chr_new_client(chr, sioc);
|
|
|
|
|
|
|
|
cleanup:
|
|
|
|
object_unref(OBJECT(sioc));
|
|
|
|
}
|
|
|
|
|
chardev: fix race with client connections in tcp_chr_wait_connected
When the 'reconnect' option is given for a client connection, the
qmp_chardev_open_socket_client method will run an asynchronous
connection attempt. The QIOChannel socket executes this is a single use
background thread, so the connection will succeed immediately (assuming
the server is listening). The chardev, however, won't get the result
from this background thread until the main loop starts running and
processes idle callbacks.
Thus when tcp_chr_wait_connected is run s->ioc will be NULL, but the
state will be TCP_CHARDEV_STATE_CONNECTING, and there may already
be an established connection that will be associated with the chardev
by the pending idle callback. tcp_chr_wait_connected doesn't check the
state, only s->ioc, so attempts to establish another connection
synchronously.
If the server allows multiple connections this is unhelpful but not a
fatal problem as the duplicate connection will get ignored by the
tcp_chr_new_client method when it sees the state is already connected.
If the server only supports a single connection, however, the
tcp_chr_wait_connected method will hang forever because the server will
not accept its synchronous connection attempt until the first connection
is closed.
To deal with this tcp_chr_wait_connected needs to synchronize with the
completion of the background connection task. To do this it needs to
create the QIOTask directly and use the qio_task_wait_thread method.
This will cancel the pending idle callback and directly dispatch the
task completion callback, allowing the connection to be associated
with the chardev. If the background connection failed, it can still
attempt a new synchronous connection.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190211182442.8542-15-berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-02-11 18:24:40 +00:00
|
|
|
|
|
|
|
static void tcp_chr_connect_client_task(QIOTask *task,
|
|
|
|
gpointer opaque)
|
|
|
|
{
|
|
|
|
QIOChannelSocket *ioc = QIO_CHANNEL_SOCKET(qio_task_get_source(task));
|
|
|
|
SocketAddress *addr = opaque;
|
|
|
|
Error *err = NULL;
|
|
|
|
|
|
|
|
qio_channel_socket_connect_sync(ioc, addr, &err);
|
|
|
|
|
|
|
|
qio_task_set_error(task, err);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-02-11 18:24:35 +00:00
|
|
|
static void tcp_chr_connect_client_async(Chardev *chr)
|
2018-03-06 05:33:17 +00:00
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
QIOChannelSocket *sioc;
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
tcp_chr_change_state(s, TCP_CHARDEV_STATE_CONNECTING);
|
2018-03-06 05:33:17 +00:00
|
|
|
sioc = qio_channel_socket_new();
|
|
|
|
tcp_chr_set_client_ioc_name(chr, sioc);
|
chardev: fix race with client connections in tcp_chr_wait_connected
When the 'reconnect' option is given for a client connection, the
qmp_chardev_open_socket_client method will run an asynchronous
connection attempt. The QIOChannel socket executes this is a single use
background thread, so the connection will succeed immediately (assuming
the server is listening). The chardev, however, won't get the result
from this background thread until the main loop starts running and
processes idle callbacks.
Thus when tcp_chr_wait_connected is run s->ioc will be NULL, but the
state will be TCP_CHARDEV_STATE_CONNECTING, and there may already
be an established connection that will be associated with the chardev
by the pending idle callback. tcp_chr_wait_connected doesn't check the
state, only s->ioc, so attempts to establish another connection
synchronously.
If the server allows multiple connections this is unhelpful but not a
fatal problem as the duplicate connection will get ignored by the
tcp_chr_new_client method when it sees the state is already connected.
If the server only supports a single connection, however, the
tcp_chr_wait_connected method will hang forever because the server will
not accept its synchronous connection attempt until the first connection
is closed.
To deal with this tcp_chr_wait_connected needs to synchronize with the
completion of the background connection task. To do this it needs to
create the QIOTask directly and use the qio_task_wait_thread method.
This will cancel the pending idle callback and directly dispatch the
task completion callback, allowing the connection to be associated
with the chardev. If the background connection failed, it can still
attempt a new synchronous connection.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190211182442.8542-15-berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-02-11 18:24:40 +00:00
|
|
|
/*
|
|
|
|
* Normally code would use the qio_channel_socket_connect_async
|
|
|
|
* method which uses a QIOTask + qio_task_set_error internally
|
|
|
|
* to avoid blocking. The tcp_chr_wait_connected method, however,
|
|
|
|
* needs a way to synchronize with completion of the background
|
|
|
|
* connect task which can't be done with the QIOChannelSocket
|
|
|
|
* async APIs. Thus we must use QIOTask directly to implement
|
|
|
|
* the non-blocking concept locally.
|
|
|
|
*/
|
|
|
|
s->connect_task = qio_task_new(OBJECT(sioc),
|
|
|
|
qemu_chr_socket_connected,
|
2020-04-20 11:20:12 +00:00
|
|
|
object_ref(OBJECT(chr)),
|
|
|
|
(GDestroyNotify)object_unref);
|
chardev: fix race with client connections in tcp_chr_wait_connected
When the 'reconnect' option is given for a client connection, the
qmp_chardev_open_socket_client method will run an asynchronous
connection attempt. The QIOChannel socket executes this is a single use
background thread, so the connection will succeed immediately (assuming
the server is listening). The chardev, however, won't get the result
from this background thread until the main loop starts running and
processes idle callbacks.
Thus when tcp_chr_wait_connected is run s->ioc will be NULL, but the
state will be TCP_CHARDEV_STATE_CONNECTING, and there may already
be an established connection that will be associated with the chardev
by the pending idle callback. tcp_chr_wait_connected doesn't check the
state, only s->ioc, so attempts to establish another connection
synchronously.
If the server allows multiple connections this is unhelpful but not a
fatal problem as the duplicate connection will get ignored by the
tcp_chr_new_client method when it sees the state is already connected.
If the server only supports a single connection, however, the
tcp_chr_wait_connected method will hang forever because the server will
not accept its synchronous connection attempt until the first connection
is closed.
To deal with this tcp_chr_wait_connected needs to synchronize with the
completion of the background connection task. To do this it needs to
create the QIOTask directly and use the qio_task_wait_thread method.
This will cancel the pending idle callback and directly dispatch the
task completion callback, allowing the connection to be associated
with the chardev. If the background connection failed, it can still
attempt a new synchronous connection.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20190211182442.8542-15-berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-02-11 18:24:40 +00:00
|
|
|
qio_task_run_in_thread(s->connect_task,
|
|
|
|
tcp_chr_connect_client_task,
|
|
|
|
s->addr,
|
|
|
|
NULL,
|
|
|
|
chr->gcontext);
|
2018-03-06 05:33:17 +00:00
|
|
|
}
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
static gboolean socket_reconnect_timeout(gpointer opaque)
|
|
|
|
{
|
|
|
|
Chardev *chr = CHARDEV(opaque);
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(opaque);
|
|
|
|
|
char-socket: Lock tcp_chr_disconnect() and socket_reconnect_timeout()
There's a race condition in which the tcp_chr_read() ioc handler can
close a connection that is being written to from another thread.
Running iotest 136 in a loop triggers this problem and crashes QEMU.
(gdb) bt
#0 0x00005558b842902d in object_get_class (obj=0x0) at qom/object.c:860
#1 0x00005558b84f92db in qio_channel_writev_full (ioc=0x0, iov=0x7ffc355decf0, niov=1, fds=0x0, nfds=0, errp=0x0) at io/channel.c:76
#2 0x00005558b84e0e9e in io_channel_send_full (ioc=0x0, buf=0x5558baf5beb0, len=138, fds=0x0, nfds=0) at chardev/char-io.c:123
#3 0x00005558b84e4a69 in tcp_chr_write (chr=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138) at chardev/char-socket.c:135
#4 0x00005558b84dca55 in qemu_chr_write_buffer (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, offset=0x7ffc355dedd0, write_all=false) at chardev/char.c:112
#5 0x00005558b84dcbc2 in qemu_chr_write (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, write_all=false) at chardev/char.c:147
#6 0x00005558b84dfb26 in qemu_chr_fe_write (be=0x5558ba476610, buf=0x5558baf5beb0 "...", len=138) at chardev/char-fe.c:42
#7 0x00005558b8088c86 in monitor_flush_locked (mon=0x5558ba476610) at monitor.c:406
#8 0x00005558b8088e8c in monitor_puts (mon=0x5558ba476610, str=0x5558ba921e49 "") at monitor.c:449
#9 0x00005558b8089178 in qmp_send_response (mon=0x5558ba476610, rsp=0x5558bb161600) at monitor.c:498
#10 0x00005558b808920c in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:526
#11 0x00005558b8089307 in monitor_qapi_event_queue_no_reenter (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:551
#12 0x00005558b80896c0 in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:626
#13 0x00005558b855f23b in qapi_event_send_shutdown (guest=false, reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:43
#14 0x00005558b81911ef in qemu_system_shutdown (cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at vl.c:1837
#15 0x00005558b8191308 in main_loop_should_exit () at vl.c:1885
#16 0x00005558b819140d in main_loop () at vl.c:1924
#17 0x00005558b8198c84 in main (argc=18, argv=0x7ffc355df3f8, envp=0x7ffc355df490) at vl.c:4665
This patch adds a lock to protect tcp_chr_disconnect() and
socket_reconnect_timeout()
Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Message-Id: <1565625509-404969-3-git-send-email-andrey.shinkevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-12 15:58:29 +00:00
|
|
|
qemu_mutex_lock(&chr->chr_write_lock);
|
2018-01-04 14:18:35 +00:00
|
|
|
g_source_unref(s->reconnect_timer);
|
|
|
|
s->reconnect_timer = NULL;
|
char-socket: Lock tcp_chr_disconnect() and socket_reconnect_timeout()
There's a race condition in which the tcp_chr_read() ioc handler can
close a connection that is being written to from another thread.
Running iotest 136 in a loop triggers this problem and crashes QEMU.
(gdb) bt
#0 0x00005558b842902d in object_get_class (obj=0x0) at qom/object.c:860
#1 0x00005558b84f92db in qio_channel_writev_full (ioc=0x0, iov=0x7ffc355decf0, niov=1, fds=0x0, nfds=0, errp=0x0) at io/channel.c:76
#2 0x00005558b84e0e9e in io_channel_send_full (ioc=0x0, buf=0x5558baf5beb0, len=138, fds=0x0, nfds=0) at chardev/char-io.c:123
#3 0x00005558b84e4a69 in tcp_chr_write (chr=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138) at chardev/char-socket.c:135
#4 0x00005558b84dca55 in qemu_chr_write_buffer (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, offset=0x7ffc355dedd0, write_all=false) at chardev/char.c:112
#5 0x00005558b84dcbc2 in qemu_chr_write (s=0x5558ba460380, buf=0x5558baf5beb0 "...", len=138, write_all=false) at chardev/char.c:147
#6 0x00005558b84dfb26 in qemu_chr_fe_write (be=0x5558ba476610, buf=0x5558baf5beb0 "...", len=138) at chardev/char-fe.c:42
#7 0x00005558b8088c86 in monitor_flush_locked (mon=0x5558ba476610) at monitor.c:406
#8 0x00005558b8088e8c in monitor_puts (mon=0x5558ba476610, str=0x5558ba921e49 "") at monitor.c:449
#9 0x00005558b8089178 in qmp_send_response (mon=0x5558ba476610, rsp=0x5558bb161600) at monitor.c:498
#10 0x00005558b808920c in monitor_qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:526
#11 0x00005558b8089307 in monitor_qapi_event_queue_no_reenter (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:551
#12 0x00005558b80896c0 in qapi_event_emit (event=QAPI_EVENT_SHUTDOWN, qdict=0x5558bb161600) at monitor.c:626
#13 0x00005558b855f23b in qapi_event_send_shutdown (guest=false, reason=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at qapi/qapi-events-run-state.c:43
#14 0x00005558b81911ef in qemu_system_shutdown (cause=SHUTDOWN_CAUSE_HOST_QMP_QUIT) at vl.c:1837
#15 0x00005558b8191308 in main_loop_should_exit () at vl.c:1885
#16 0x00005558b819140d in main_loop () at vl.c:1924
#17 0x00005558b8198c84 in main (argc=18, argv=0x7ffc355df3f8, envp=0x7ffc355df490) at vl.c:4665
This patch adds a lock to protect tcp_chr_disconnect() and
socket_reconnect_timeout()
Signed-off-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Message-Id: <1565625509-404969-3-git-send-email-andrey.shinkevich@virtuozzo.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-08-12 15:58:29 +00:00
|
|
|
qemu_mutex_unlock(&chr->chr_write_lock);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
|
|
|
if (chr->be_open) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2019-02-11 18:24:35 +00:00
|
|
|
tcp_chr_connect_client_async(chr);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2019-02-11 18:24:29 +00:00
|
|
|
|
2019-02-11 18:24:36 +00:00
|
|
|
static int qmp_chardev_open_socket_server(Chardev *chr,
|
|
|
|
bool is_telnet,
|
|
|
|
bool is_waitconnect,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
char *name;
|
|
|
|
if (is_telnet) {
|
|
|
|
s->do_telnetopt = 1;
|
|
|
|
}
|
|
|
|
s->listener = qio_net_listener_new();
|
|
|
|
|
|
|
|
name = g_strdup_printf("chardev-tcp-listener-%s", chr->label);
|
|
|
|
qio_net_listener_set_name(s->listener, name);
|
|
|
|
g_free(name);
|
|
|
|
|
2019-08-19 16:08:21 +00:00
|
|
|
if (qio_net_listener_open_sync(s->listener, s->addr, 1, errp) < 0) {
|
2019-02-11 18:24:36 +00:00
|
|
|
object_unref(OBJECT(s->listener));
|
|
|
|
s->listener = NULL;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
qapi_free_SocketAddress(s->addr);
|
|
|
|
s->addr = socket_local_address(s->listener->sioc[0]->fd, errp);
|
|
|
|
update_disconnected_filename(s);
|
|
|
|
|
|
|
|
if (is_waitconnect) {
|
|
|
|
tcp_chr_accept_server_sync(chr);
|
|
|
|
} else {
|
|
|
|
qio_net_listener_set_client_func_full(s->listener,
|
|
|
|
tcp_chr_accept,
|
|
|
|
chr, NULL,
|
|
|
|
chr->gcontext);
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int qmp_chardev_open_socket_client(Chardev *chr,
|
|
|
|
int64_t reconnect,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
|
|
|
|
if (reconnect > 0) {
|
|
|
|
s->reconnect_time = reconnect;
|
|
|
|
tcp_chr_connect_client_async(chr);
|
|
|
|
return 0;
|
|
|
|
} else {
|
|
|
|
return tcp_chr_connect_client_sync(chr, errp);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-02-11 18:24:29 +00:00
|
|
|
static bool qmp_chardev_validate_socket(ChardevSocket *sock,
|
|
|
|
SocketAddress *addr,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
/* Validate any options which have a dependency on address type */
|
|
|
|
switch (addr->type) {
|
|
|
|
case SOCKET_ADDRESS_TYPE_FD:
|
|
|
|
if (sock->has_reconnect) {
|
|
|
|
error_setg(errp,
|
|
|
|
"'reconnect' option is incompatible with "
|
|
|
|
"'fd' address type");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
if (sock->has_tls_creds &&
|
|
|
|
!(sock->has_server && sock->server)) {
|
|
|
|
error_setg(errp,
|
|
|
|
"'tls_creds' option is incompatible with "
|
|
|
|
"'fd' address type as client");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SOCKET_ADDRESS_TYPE_UNIX:
|
|
|
|
if (sock->has_tls_creds) {
|
|
|
|
error_setg(errp,
|
|
|
|
"'tls_creds' option is incompatible with "
|
|
|
|
"'unix' address type");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SOCKET_ADDRESS_TYPE_INET:
|
|
|
|
break;
|
|
|
|
|
|
|
|
case SOCKET_ADDRESS_TYPE_VSOCK:
|
|
|
|
if (sock->has_tls_creds) {
|
|
|
|
error_setg(errp,
|
|
|
|
"'tls_creds' option is incompatible with "
|
|
|
|
"'vsock' address type");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
chardev: add support for authorization for TLS clients
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certificate
from the CA before they are permitted to use the chardev server. This is
still a fairly low bar.
This adds a 'tls-authz=OBJECT-ID' option to the socket chardev backend
which takes the ID of a previously added 'QAuthZ' object instance. This
will be used to validate the client's x509 distinguished name. Clients
failing the check will not be permitted to use the chardev server.
For example to setup authorization that only allows connection from a
client whose x509 certificate distinguished name contains 'CN=fred', you
would use:
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
endpoint=server,verify-peer=yes \
-object authz-simple,id=authz0,identity=CN=laptop.example.com,,\
O=Example Org,,L=London,,ST=London,,C=GB \
-chardev socket,host=127.0.0.1,port=9000,server,\
tls-creds=tls0,tls-authz=authz0 \
...other qemu args...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-03-08 15:21:50 +00:00
|
|
|
if (sock->has_tls_authz && !sock->has_tls_creds) {
|
|
|
|
error_setg(errp, "'tls_authz' option requires 'tls_creds' option");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2019-02-11 18:24:29 +00:00
|
|
|
/* Validate any options which have a dependancy on client vs server */
|
2019-02-11 18:24:30 +00:00
|
|
|
if (!sock->has_server || sock->server) {
|
|
|
|
if (sock->has_reconnect) {
|
|
|
|
error_setg(errp,
|
|
|
|
"'reconnect' option is incompatible with "
|
|
|
|
"socket in server listen mode");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
} else {
|
2019-02-11 18:24:29 +00:00
|
|
|
if (sock->has_websocket && sock->websocket) {
|
|
|
|
error_setg(errp, "%s", "Websocket client is not implemented");
|
|
|
|
return false;
|
|
|
|
}
|
2019-02-11 18:24:31 +00:00
|
|
|
if (sock->has_wait) {
|
2019-04-15 16:33:36 +00:00
|
|
|
warn_report("'wait' option is deprecated with "
|
|
|
|
"socket in client connect mode");
|
|
|
|
if (sock->wait) {
|
|
|
|
error_setg(errp, "%s",
|
|
|
|
"'wait' option is incompatible with "
|
|
|
|
"socket in client connect mode");
|
|
|
|
return false;
|
|
|
|
}
|
2019-02-11 18:24:31 +00:00
|
|
|
}
|
2019-02-11 18:24:29 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
static void qmp_chardev_open_socket(Chardev *chr,
|
|
|
|
ChardevBackend *backend,
|
|
|
|
bool *be_opened,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(chr);
|
|
|
|
ChardevSocket *sock = backend->u.socket.data;
|
|
|
|
bool do_nodelay = sock->has_nodelay ? sock->nodelay : false;
|
|
|
|
bool is_listen = sock->has_server ? sock->server : true;
|
|
|
|
bool is_telnet = sock->has_telnet ? sock->telnet : false;
|
2016-09-23 06:06:11 +00:00
|
|
|
bool is_tn3270 = sock->has_tn3270 ? sock->tn3270 : false;
|
2016-12-12 15:41:00 +00:00
|
|
|
bool is_waitconnect = sock->has_wait ? sock->wait : false;
|
2018-10-18 22:35:00 +00:00
|
|
|
bool is_websock = sock->has_websocket ? sock->websocket : false;
|
2016-12-12 15:41:00 +00:00
|
|
|
int64_t reconnect = sock->has_reconnect ? sock->reconnect : 0;
|
2017-04-26 07:36:41 +00:00
|
|
|
SocketAddress *addr;
|
2016-12-12 15:41:00 +00:00
|
|
|
|
|
|
|
s->is_listen = is_listen;
|
|
|
|
s->is_telnet = is_telnet;
|
2016-09-23 06:06:11 +00:00
|
|
|
s->is_tn3270 = is_tn3270;
|
2018-10-18 22:35:00 +00:00
|
|
|
s->is_websock = is_websock;
|
2016-12-12 15:41:00 +00:00
|
|
|
s->do_nodelay = do_nodelay;
|
|
|
|
if (sock->tls_creds) {
|
|
|
|
Object *creds;
|
|
|
|
creds = object_resolve_path_component(
|
|
|
|
object_get_objects_root(), sock->tls_creds);
|
|
|
|
if (!creds) {
|
|
|
|
error_setg(errp, "No TLS credentials with id '%s'",
|
|
|
|
sock->tls_creds);
|
2019-02-11 18:24:34 +00:00
|
|
|
return;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
s->tls_creds = (QCryptoTLSCreds *)
|
|
|
|
object_dynamic_cast(creds,
|
|
|
|
TYPE_QCRYPTO_TLS_CREDS);
|
|
|
|
if (!s->tls_creds) {
|
|
|
|
error_setg(errp, "Object with id '%s' is not TLS credentials",
|
|
|
|
sock->tls_creds);
|
2019-02-11 18:24:34 +00:00
|
|
|
return;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
object_ref(OBJECT(s->tls_creds));
|
|
|
|
if (is_listen) {
|
|
|
|
if (s->tls_creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
|
|
|
|
error_setg(errp, "%s",
|
|
|
|
"Expected TLS credentials for server endpoint");
|
2019-02-11 18:24:34 +00:00
|
|
|
return;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if (s->tls_creds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT) {
|
|
|
|
error_setg(errp, "%s",
|
|
|
|
"Expected TLS credentials for client endpoint");
|
2019-02-11 18:24:34 +00:00
|
|
|
return;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
chardev: add support for authorization for TLS clients
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certificate
from the CA before they are permitted to use the chardev server. This is
still a fairly low bar.
This adds a 'tls-authz=OBJECT-ID' option to the socket chardev backend
which takes the ID of a previously added 'QAuthZ' object instance. This
will be used to validate the client's x509 distinguished name. Clients
failing the check will not be permitted to use the chardev server.
For example to setup authorization that only allows connection from a
client whose x509 certificate distinguished name contains 'CN=fred', you
would use:
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
endpoint=server,verify-peer=yes \
-object authz-simple,id=authz0,identity=CN=laptop.example.com,,\
O=Example Org,,L=London,,ST=London,,C=GB \
-chardev socket,host=127.0.0.1,port=9000,server,\
tls-creds=tls0,tls-authz=authz0 \
...other qemu args...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-03-08 15:21:50 +00:00
|
|
|
s->tls_authz = g_strdup(sock->tls_authz);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2017-04-26 07:36:41 +00:00
|
|
|
s->addr = addr = socket_address_flatten(sock->addr);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2019-02-11 18:24:29 +00:00
|
|
|
if (!qmp_chardev_validate_socket(sock, addr, errp)) {
|
2019-02-11 18:24:34 +00:00
|
|
|
return;
|
2018-07-17 12:31:45 +00:00
|
|
|
}
|
2019-02-11 18:24:29 +00:00
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
qemu_chr_set_feature(chr, QEMU_CHAR_FEATURE_RECONNECTABLE);
|
2017-03-30 17:43:09 +00:00
|
|
|
/* TODO SOCKET_ADDRESS_FD where fd has AF_UNIX */
|
2017-04-26 07:36:41 +00:00
|
|
|
if (addr->type == SOCKET_ADDRESS_TYPE_UNIX) {
|
2016-12-12 15:41:00 +00:00
|
|
|
qemu_chr_set_feature(chr, QEMU_CHAR_FEATURE_FD_PASS);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* be isn't opened until we get a connection */
|
|
|
|
*be_opened = false;
|
|
|
|
|
2016-12-20 14:32:31 +00:00
|
|
|
update_disconnected_filename(s);
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2019-02-11 18:24:36 +00:00
|
|
|
if (s->is_listen) {
|
|
|
|
if (qmp_chardev_open_socket_server(chr, is_telnet || is_tn3270,
|
|
|
|
is_waitconnect, errp) < 0) {
|
|
|
|
return;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
2018-08-17 13:52:22 +00:00
|
|
|
} else {
|
2019-02-11 18:24:36 +00:00
|
|
|
if (qmp_chardev_open_socket_client(chr, reconnect, errp) < 0) {
|
2019-02-11 18:24:34 +00:00
|
|
|
return;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
const char *path = qemu_opt_get(opts, "path");
|
|
|
|
const char *host = qemu_opt_get(opts, "host");
|
|
|
|
const char *port = qemu_opt_get(opts, "port");
|
char: allow passing pre-opened socket file descriptor at startup
When starting QEMU management apps will usually setup a monitor socket, and
then open it immediately after startup. If not using QEMU's own -daemonize
arg, this process can be troublesome to handle correctly. The mgmt app will
need to repeatedly call connect() until it succeeds, because it does not
know when QEMU has created the listener socket. If can't retry connect()
forever though, because an error might have caused QEMU to exit before it
even creates the monitor.
The obvious way to fix this kind of problem is to just pass in a pre-opened
socket file descriptor for the QEMU monitor to listen on. The management
app can now immediately call connect() just once. If connect() fails it
knows that QEMU has exited with an error.
The SocketAddress(Legacy) structs allow for FD passing via the monitor, and
now via inherited file descriptors from the process that spawned QEMU. The
final missing piece is adding a 'fd' parameter in the socket chardev
options.
This allows both HMP usage, pass any FD number with SCM_RIGHTS, then
running HMP commands:
getfd myfd
chardev-add socket,fd=myfd
Note that numeric FDs cannot be referenced directly in HMP, only named FDs.
And also CLI usage, by leak FD 3 from parent by clearing O_CLOEXEC, then
spawning QEMU with
-chardev socket,fd=3,id=mon
-mon chardev=mon,mode=control
Note that named FDs cannot be referenced in CLI args, only numeric FDs.
We do not wire this up in the legacy chardev syntax, so you cannot use FD
passing with '-qmp', you must use the modern '-mon' + '-chardev' pair.
When passing pre-opened FDs there is a restriction on use of TLS encryption.
It can be used on a server socket chardev, but cannot be used for a client
socket chardev. This is because when validating a server's certificate, the
client needs to have a hostname available to match against the certificate
identity.
An illustrative example of usage is:
#!/usr/bin/perl
use IO::Socket::UNIX;
use Fcntl;
unlink "/tmp/qmp";
my $srv = IO::Socket::UNIX->new(
Type => SOCK_STREAM(),
Local => "/tmp/qmp",
Listen => 1,
);
my $flags = fcntl $srv, F_GETFD, 0;
fcntl $srv, F_SETFD, $flags & ~FD_CLOEXEC;
my $fd = $srv->fileno();
exec "qemu-system-x86_64", \
"-chardev", "socket,fd=$fd,server,nowait,id=mon", \
"-mon", "chardev=mon,mode=control";
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-12-21 12:57:54 +00:00
|
|
|
const char *fd = qemu_opt_get(opts, "fd");
|
2020-05-16 03:13:25 +00:00
|
|
|
bool tight = qemu_opt_get_bool(opts, "tight", true);
|
|
|
|
bool abstract = qemu_opt_get_bool(opts, "abstract", false);
|
2017-04-26 07:36:39 +00:00
|
|
|
SocketAddressLegacy *addr;
|
2016-12-12 15:41:00 +00:00
|
|
|
ChardevSocket *sock;
|
|
|
|
|
char: allow passing pre-opened socket file descriptor at startup
When starting QEMU management apps will usually setup a monitor socket, and
then open it immediately after startup. If not using QEMU's own -daemonize
arg, this process can be troublesome to handle correctly. The mgmt app will
need to repeatedly call connect() until it succeeds, because it does not
know when QEMU has created the listener socket. If can't retry connect()
forever though, because an error might have caused QEMU to exit before it
even creates the monitor.
The obvious way to fix this kind of problem is to just pass in a pre-opened
socket file descriptor for the QEMU monitor to listen on. The management
app can now immediately call connect() just once. If connect() fails it
knows that QEMU has exited with an error.
The SocketAddress(Legacy) structs allow for FD passing via the monitor, and
now via inherited file descriptors from the process that spawned QEMU. The
final missing piece is adding a 'fd' parameter in the socket chardev
options.
This allows both HMP usage, pass any FD number with SCM_RIGHTS, then
running HMP commands:
getfd myfd
chardev-add socket,fd=myfd
Note that numeric FDs cannot be referenced directly in HMP, only named FDs.
And also CLI usage, by leak FD 3 from parent by clearing O_CLOEXEC, then
spawning QEMU with
-chardev socket,fd=3,id=mon
-mon chardev=mon,mode=control
Note that named FDs cannot be referenced in CLI args, only numeric FDs.
We do not wire this up in the legacy chardev syntax, so you cannot use FD
passing with '-qmp', you must use the modern '-mon' + '-chardev' pair.
When passing pre-opened FDs there is a restriction on use of TLS encryption.
It can be used on a server socket chardev, but cannot be used for a client
socket chardev. This is because when validating a server's certificate, the
client needs to have a hostname available to match against the certificate
identity.
An illustrative example of usage is:
#!/usr/bin/perl
use IO::Socket::UNIX;
use Fcntl;
unlink "/tmp/qmp";
my $srv = IO::Socket::UNIX->new(
Type => SOCK_STREAM(),
Local => "/tmp/qmp",
Listen => 1,
);
my $flags = fcntl $srv, F_GETFD, 0;
fcntl $srv, F_SETFD, $flags & ~FD_CLOEXEC;
my $fd = $srv->fileno();
exec "qemu-system-x86_64", \
"-chardev", "socket,fd=$fd,server,nowait,id=mon", \
"-mon", "chardev=mon,mode=control";
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-12-21 12:57:54 +00:00
|
|
|
if ((!!path + !!fd + !!host) != 1) {
|
2017-12-22 13:20:40 +00:00
|
|
|
error_setg(errp,
|
char: allow passing pre-opened socket file descriptor at startup
When starting QEMU management apps will usually setup a monitor socket, and
then open it immediately after startup. If not using QEMU's own -daemonize
arg, this process can be troublesome to handle correctly. The mgmt app will
need to repeatedly call connect() until it succeeds, because it does not
know when QEMU has created the listener socket. If can't retry connect()
forever though, because an error might have caused QEMU to exit before it
even creates the monitor.
The obvious way to fix this kind of problem is to just pass in a pre-opened
socket file descriptor for the QEMU monitor to listen on. The management
app can now immediately call connect() just once. If connect() fails it
knows that QEMU has exited with an error.
The SocketAddress(Legacy) structs allow for FD passing via the monitor, and
now via inherited file descriptors from the process that spawned QEMU. The
final missing piece is adding a 'fd' parameter in the socket chardev
options.
This allows both HMP usage, pass any FD number with SCM_RIGHTS, then
running HMP commands:
getfd myfd
chardev-add socket,fd=myfd
Note that numeric FDs cannot be referenced directly in HMP, only named FDs.
And also CLI usage, by leak FD 3 from parent by clearing O_CLOEXEC, then
spawning QEMU with
-chardev socket,fd=3,id=mon
-mon chardev=mon,mode=control
Note that named FDs cannot be referenced in CLI args, only numeric FDs.
We do not wire this up in the legacy chardev syntax, so you cannot use FD
passing with '-qmp', you must use the modern '-mon' + '-chardev' pair.
When passing pre-opened FDs there is a restriction on use of TLS encryption.
It can be used on a server socket chardev, but cannot be used for a client
socket chardev. This is because when validating a server's certificate, the
client needs to have a hostname available to match against the certificate
identity.
An illustrative example of usage is:
#!/usr/bin/perl
use IO::Socket::UNIX;
use Fcntl;
unlink "/tmp/qmp";
my $srv = IO::Socket::UNIX->new(
Type => SOCK_STREAM(),
Local => "/tmp/qmp",
Listen => 1,
);
my $flags = fcntl $srv, F_GETFD, 0;
fcntl $srv, F_SETFD, $flags & ~FD_CLOEXEC;
my $fd = $srv->fileno();
exec "qemu-system-x86_64", \
"-chardev", "socket,fd=$fd,server,nowait,id=mon", \
"-mon", "chardev=mon,mode=control";
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-12-21 12:57:54 +00:00
|
|
|
"Exactly one of 'path', 'fd' or 'host' required");
|
2017-12-22 13:20:40 +00:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2019-02-11 18:24:29 +00:00
|
|
|
if (host && !port) {
|
|
|
|
error_setg(errp, "chardev: socket: no port given");
|
|
|
|
return;
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
2019-02-11 18:24:29 +00:00
|
|
|
backend->type = CHARDEV_BACKEND_KIND_SOCKET;
|
2016-12-12 15:41:00 +00:00
|
|
|
sock = backend->u.socket.data = g_new0(ChardevSocket, 1);
|
|
|
|
qemu_chr_parse_common(opts, qapi_ChardevSocket_base(sock));
|
|
|
|
|
2019-02-11 18:24:32 +00:00
|
|
|
sock->has_nodelay = qemu_opt_get(opts, "delay");
|
|
|
|
sock->nodelay = !qemu_opt_get_bool(opts, "delay", true);
|
|
|
|
/*
|
|
|
|
* We have different default to QMP for 'server', hence
|
|
|
|
* we can't just check for existence of 'server'
|
|
|
|
*/
|
2016-12-12 15:41:00 +00:00
|
|
|
sock->has_server = true;
|
2019-02-11 18:24:32 +00:00
|
|
|
sock->server = qemu_opt_get_bool(opts, "server", false);
|
|
|
|
sock->has_telnet = qemu_opt_get(opts, "telnet");
|
|
|
|
sock->telnet = qemu_opt_get_bool(opts, "telnet", false);
|
|
|
|
sock->has_tn3270 = qemu_opt_get(opts, "tn3270");
|
|
|
|
sock->tn3270 = qemu_opt_get_bool(opts, "tn3270", false);
|
|
|
|
sock->has_websocket = qemu_opt_get(opts, "websocket");
|
|
|
|
sock->websocket = qemu_opt_get_bool(opts, "websocket", false);
|
2019-02-11 18:24:31 +00:00
|
|
|
/*
|
|
|
|
* We have different default to QMP for 'wait' when 'server'
|
|
|
|
* is set, hence we can't just check for existence of 'wait'
|
|
|
|
*/
|
2019-02-11 18:24:32 +00:00
|
|
|
sock->has_wait = qemu_opt_find(opts, "wait") || sock->server;
|
|
|
|
sock->wait = qemu_opt_get_bool(opts, "wait", true);
|
2018-07-17 12:43:51 +00:00
|
|
|
sock->has_reconnect = qemu_opt_find(opts, "reconnect");
|
2019-02-11 18:24:32 +00:00
|
|
|
sock->reconnect = qemu_opt_get_number(opts, "reconnect", 0);
|
|
|
|
sock->has_tls_creds = qemu_opt_get(opts, "tls-creds");
|
|
|
|
sock->tls_creds = g_strdup(qemu_opt_get(opts, "tls-creds"));
|
chardev: add support for authorization for TLS clients
Currently any client which can complete the TLS handshake is able to use
a chardev server. The server admin can turn on the 'verify-peer' option
for the x509 creds to require the client to provide a x509
certificate. This means the client will have to acquire a certificate
from the CA before they are permitted to use the chardev server. This is
still a fairly low bar.
This adds a 'tls-authz=OBJECT-ID' option to the socket chardev backend
which takes the ID of a previously added 'QAuthZ' object instance. This
will be used to validate the client's x509 distinguished name. Clients
failing the check will not be permitted to use the chardev server.
For example to setup authorization that only allows connection from a
client whose x509 certificate distinguished name contains 'CN=fred', you
would use:
$QEMU -object tls-creds-x509,id=tls0,dir=/home/berrange/qemutls,\
endpoint=server,verify-peer=yes \
-object authz-simple,id=authz0,identity=CN=laptop.example.com,,\
O=Example Org,,L=London,,ST=London,,C=GB \
-chardev socket,host=127.0.0.1,port=9000,server,\
tls-creds=tls0,tls-authz=authz0 \
...other qemu args...
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2019-03-08 15:21:50 +00:00
|
|
|
sock->has_tls_authz = qemu_opt_get(opts, "tls-authz");
|
|
|
|
sock->tls_authz = g_strdup(qemu_opt_get(opts, "tls-authz"));
|
2016-12-12 15:41:00 +00:00
|
|
|
|
2017-04-26 07:36:39 +00:00
|
|
|
addr = g_new0(SocketAddressLegacy, 1);
|
2016-12-12 15:41:00 +00:00
|
|
|
if (path) {
|
|
|
|
UnixSocketAddress *q_unix;
|
2017-04-26 07:36:39 +00:00
|
|
|
addr->type = SOCKET_ADDRESS_LEGACY_KIND_UNIX;
|
2016-12-12 15:41:00 +00:00
|
|
|
q_unix = addr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
|
|
|
|
q_unix->path = g_strdup(path);
|
sockets: Fix default of UnixSocketAddress member @tight
An optional bool member of a QAPI struct can be false, true, or absent.
The previous commit demonstrated that socket_listen() and
socket_connect() are broken for absent @tight, and indeed QMP chardev-
add also defaults absent member @tight to false instead of true.
In C, QAPI members are represented by two fields, has_MEMBER and MEMBER.
We have:
has_MEMBER MEMBER
false true false
true true true
absent false false/ignore
When has_MEMBER is false, MEMBER should be set to false on write, and
ignored on read.
For QMP, the QAPI visitors handle absent @tight by setting both
@has_tight and @tight to false. unix_listen_saddr() and
unix_connect_saddr() however use @tight only, disregarding @has_tight.
This is wrong and means that absent @tight defaults to false whereas it
should default to true.
The same is true for @has_abstract, though @abstract defaults to
false and therefore has the same behavior for all of QMP, HMP and CLI.
Fix unix_listen_saddr() and unix_connect_saddr() to check
@has_abstract/@has_tight, and to default absent @tight to true.
However, this is only half of the story. HMP chardev-add and CLI
-chardev so far correctly defaulted @tight to true, but defaults to
false again with the above fix for HMP and CLI. In fact, the "tight"
and "abstract" options now break completely.
Digging deeper, we find that qemu_chr_parse_socket() also ignores
@has_tight, leaving it false when it sets @tight. That is also wrong,
but the two wrongs cancelled out. Fix qemu_chr_parse_socket() to set
@has_tight and @has_abstract; writing testcases for HMP and CLI is left
for another day.
Fixes: 776b97d3605ed0fc94443048fdf988c7725e38a9
Reported-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-11-02 09:44:18 +00:00
|
|
|
q_unix->has_tight = true;
|
2020-05-16 03:13:25 +00:00
|
|
|
q_unix->tight = tight;
|
sockets: Fix default of UnixSocketAddress member @tight
An optional bool member of a QAPI struct can be false, true, or absent.
The previous commit demonstrated that socket_listen() and
socket_connect() are broken for absent @tight, and indeed QMP chardev-
add also defaults absent member @tight to false instead of true.
In C, QAPI members are represented by two fields, has_MEMBER and MEMBER.
We have:
has_MEMBER MEMBER
false true false
true true true
absent false false/ignore
When has_MEMBER is false, MEMBER should be set to false on write, and
ignored on read.
For QMP, the QAPI visitors handle absent @tight by setting both
@has_tight and @tight to false. unix_listen_saddr() and
unix_connect_saddr() however use @tight only, disregarding @has_tight.
This is wrong and means that absent @tight defaults to false whereas it
should default to true.
The same is true for @has_abstract, though @abstract defaults to
false and therefore has the same behavior for all of QMP, HMP and CLI.
Fix unix_listen_saddr() and unix_connect_saddr() to check
@has_abstract/@has_tight, and to default absent @tight to true.
However, this is only half of the story. HMP chardev-add and CLI
-chardev so far correctly defaulted @tight to true, but defaults to
false again with the above fix for HMP and CLI. In fact, the "tight"
and "abstract" options now break completely.
Digging deeper, we find that qemu_chr_parse_socket() also ignores
@has_tight, leaving it false when it sets @tight. That is also wrong,
but the two wrongs cancelled out. Fix qemu_chr_parse_socket() to set
@has_tight and @has_abstract; writing testcases for HMP and CLI is left
for another day.
Fixes: 776b97d3605ed0fc94443048fdf988c7725e38a9
Reported-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-11-02 09:44:18 +00:00
|
|
|
q_unix->has_abstract = true;
|
2020-05-16 03:13:25 +00:00
|
|
|
q_unix->abstract = abstract;
|
2017-12-22 13:20:40 +00:00
|
|
|
} else if (host) {
|
2017-04-26 07:36:39 +00:00
|
|
|
addr->type = SOCKET_ADDRESS_LEGACY_KIND_INET;
|
2016-12-12 15:41:00 +00:00
|
|
|
addr->u.inet.data = g_new(InetSocketAddress, 1);
|
|
|
|
*addr->u.inet.data = (InetSocketAddress) {
|
|
|
|
.host = g_strdup(host),
|
|
|
|
.port = g_strdup(port),
|
|
|
|
.has_to = qemu_opt_get(opts, "to"),
|
|
|
|
.to = qemu_opt_get_number(opts, "to", 0),
|
|
|
|
.has_ipv4 = qemu_opt_get(opts, "ipv4"),
|
|
|
|
.ipv4 = qemu_opt_get_bool(opts, "ipv4", 0),
|
|
|
|
.has_ipv6 = qemu_opt_get(opts, "ipv6"),
|
|
|
|
.ipv6 = qemu_opt_get_bool(opts, "ipv6", 0),
|
|
|
|
};
|
char: allow passing pre-opened socket file descriptor at startup
When starting QEMU management apps will usually setup a monitor socket, and
then open it immediately after startup. If not using QEMU's own -daemonize
arg, this process can be troublesome to handle correctly. The mgmt app will
need to repeatedly call connect() until it succeeds, because it does not
know when QEMU has created the listener socket. If can't retry connect()
forever though, because an error might have caused QEMU to exit before it
even creates the monitor.
The obvious way to fix this kind of problem is to just pass in a pre-opened
socket file descriptor for the QEMU monitor to listen on. The management
app can now immediately call connect() just once. If connect() fails it
knows that QEMU has exited with an error.
The SocketAddress(Legacy) structs allow for FD passing via the monitor, and
now via inherited file descriptors from the process that spawned QEMU. The
final missing piece is adding a 'fd' parameter in the socket chardev
options.
This allows both HMP usage, pass any FD number with SCM_RIGHTS, then
running HMP commands:
getfd myfd
chardev-add socket,fd=myfd
Note that numeric FDs cannot be referenced directly in HMP, only named FDs.
And also CLI usage, by leak FD 3 from parent by clearing O_CLOEXEC, then
spawning QEMU with
-chardev socket,fd=3,id=mon
-mon chardev=mon,mode=control
Note that named FDs cannot be referenced in CLI args, only numeric FDs.
We do not wire this up in the legacy chardev syntax, so you cannot use FD
passing with '-qmp', you must use the modern '-mon' + '-chardev' pair.
When passing pre-opened FDs there is a restriction on use of TLS encryption.
It can be used on a server socket chardev, but cannot be used for a client
socket chardev. This is because when validating a server's certificate, the
client needs to have a hostname available to match against the certificate
identity.
An illustrative example of usage is:
#!/usr/bin/perl
use IO::Socket::UNIX;
use Fcntl;
unlink "/tmp/qmp";
my $srv = IO::Socket::UNIX->new(
Type => SOCK_STREAM(),
Local => "/tmp/qmp",
Listen => 1,
);
my $flags = fcntl $srv, F_GETFD, 0;
fcntl $srv, F_SETFD, $flags & ~FD_CLOEXEC;
my $fd = $srv->fileno();
exec "qemu-system-x86_64", \
"-chardev", "socket,fd=$fd,server,nowait,id=mon", \
"-mon", "chardev=mon,mode=control";
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2017-12-21 12:57:54 +00:00
|
|
|
} else if (fd) {
|
|
|
|
addr->type = SOCKET_ADDRESS_LEGACY_KIND_FD;
|
|
|
|
addr->u.fd.data = g_new(String, 1);
|
|
|
|
addr->u.fd.data->str = g_strdup(fd);
|
2017-12-22 13:20:40 +00:00
|
|
|
} else {
|
|
|
|
g_assert_not_reached();
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
sock->addr = addr;
|
|
|
|
}
|
|
|
|
|
2016-12-21 11:26:38 +00:00
|
|
|
static void
|
|
|
|
char_socket_get_addr(Object *obj, Visitor *v, const char *name,
|
|
|
|
void *opaque, Error **errp)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(obj);
|
|
|
|
|
|
|
|
visit_type_SocketAddress(v, name, &s->addr, errp);
|
|
|
|
}
|
|
|
|
|
2016-12-21 14:43:46 +00:00
|
|
|
static bool
|
|
|
|
char_socket_get_connected(Object *obj, Error **errp)
|
|
|
|
{
|
|
|
|
SocketChardev *s = SOCKET_CHARDEV(obj);
|
|
|
|
|
2019-02-11 18:24:37 +00:00
|
|
|
return s->state == TCP_CHARDEV_STATE_CONNECTED;
|
2016-12-21 14:43:46 +00:00
|
|
|
}
|
|
|
|
|
2016-12-12 15:41:00 +00:00
|
|
|
static void char_socket_class_init(ObjectClass *oc, void *data)
|
|
|
|
{
|
|
|
|
ChardevClass *cc = CHARDEV_CLASS(oc);
|
|
|
|
|
|
|
|
cc->parse = qemu_chr_parse_socket;
|
|
|
|
cc->open = qmp_chardev_open_socket;
|
|
|
|
cc->chr_wait_connected = tcp_chr_wait_connected;
|
|
|
|
cc->chr_write = tcp_chr_write;
|
|
|
|
cc->chr_sync_read = tcp_chr_sync_read;
|
|
|
|
cc->chr_disconnect = tcp_chr_disconnect;
|
|
|
|
cc->get_msgfds = tcp_get_msgfds;
|
|
|
|
cc->set_msgfds = tcp_set_msgfds;
|
|
|
|
cc->chr_add_client = tcp_chr_add_client;
|
|
|
|
cc->chr_add_watch = tcp_chr_add_watch;
|
|
|
|
cc->chr_update_read_handler = tcp_chr_update_read_handler;
|
2016-12-21 11:26:38 +00:00
|
|
|
|
|
|
|
object_class_property_add(oc, "addr", "SocketAddress",
|
|
|
|
char_socket_get_addr, NULL,
|
qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.
Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent. Parentage is
also under program control, so this is a programming error, too.
We have a bit over 500 callers. Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.
The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.
Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call. ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.
When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.
Drop parameter @errp and assert the preconditions instead.
There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification". Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-15-armbru@redhat.com>
[Two semantic rebase conflicts resolved]
2020-05-05 15:29:22 +00:00
|
|
|
NULL, NULL);
|
2016-12-21 14:43:46 +00:00
|
|
|
|
|
|
|
object_class_property_add_bool(oc, "connected", char_socket_get_connected,
|
qom: Drop parameter @errp of object_property_add() & friends
The only way object_property_add() can fail is when a property with
the same name already exists. Since our property names are all
hardcoded, failure is a programming error, and the appropriate way to
handle it is passing &error_abort.
Same for its variants, except for object_property_add_child(), which
additionally fails when the child already has a parent. Parentage is
also under program control, so this is a programming error, too.
We have a bit over 500 callers. Almost half of them pass
&error_abort, slightly fewer ignore errors, one test case handles
errors, and the remaining few callers pass them to their own callers.
The previous few commits demonstrated once again that ignoring
programming errors is a bad idea.
Of the few ones that pass on errors, several violate the Error API.
The Error ** argument must be NULL, &error_abort, &error_fatal, or a
pointer to a variable containing NULL. Passing an argument of the
latter kind twice without clearing it in between is wrong: if the
first call sets an error, it no longer points to NULL for the second
call. ich9_pm_add_properties(), sparc32_ledma_realize(),
sparc32_dma_realize(), xilinx_axidma_realize(), xilinx_enet_realize()
are wrong that way.
When the one appropriate choice of argument is &error_abort, letting
users pick the argument is a bad idea.
Drop parameter @errp and assert the preconditions instead.
There's one exception to "duplicate property name is a programming
error": the way object_property_add() implements the magic (and
undocumented) "automatic arrayification". Don't drop @errp there.
Instead, rename object_property_add() to object_property_try_add(),
and add the obvious wrapper object_property_add().
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20200505152926.18877-15-armbru@redhat.com>
[Two semantic rebase conflicts resolved]
2020-05-05 15:29:22 +00:00
|
|
|
NULL);
|
2016-12-12 15:41:00 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
static const TypeInfo char_socket_type_info = {
|
|
|
|
.name = TYPE_CHARDEV_SOCKET,
|
|
|
|
.parent = TYPE_CHARDEV,
|
|
|
|
.instance_size = sizeof(SocketChardev),
|
|
|
|
.instance_finalize = char_socket_finalize,
|
|
|
|
.class_init = char_socket_class_init,
|
|
|
|
};
|
|
|
|
|
|
|
|
static void register_types(void)
|
|
|
|
{
|
|
|
|
type_register_static(&char_socket_type_info);
|
|
|
|
}
|
|
|
|
|
|
|
|
type_init(register_types);
|