[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 89382c: sockets: factor out a new try_bind()
From: |
GitHub |
Subject: |
[Qemu-commits] [qemu/qemu] 89382c: sockets: factor out a new try_bind() function |
Date: |
Tue, 17 Oct 2017 05:08:59 -0700 |
Branch: refs/heads/master
Home: https://github.com/qemu/qemu
Commit: 89382c3de5bc2250b1dad1c42c1f73d5ec6febda
https://github.com/qemu/qemu/commit/89382c3de5bc2250b1dad1c42c1f73d5ec6febda
Author: Knut Omang <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M util/qemu-sockets.c
Log Message:
-----------
sockets: factor out a new try_bind() function
A refactoring step to prepare for the problem
exposed by the test-listen test in the previous commit.
Simplify and reorganize the IPv6 specific extra
measures and move it out of the for loop to increase
code readability. No semantic changes.
Signed-off-by: Knut Omang <address@hidden>
Reviewed-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 39f80521df1e7f1252960d1ada2bd1a41d4d2cd3
https://github.com/qemu/qemu/commit/39f80521df1e7f1252960d1ada2bd1a41d4d2cd3
Author: Knut Omang <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M util/qemu-sockets.c
Log Message:
-----------
sockets: factor out create_fast_reuse_socket
Another refactoring step to prepare for fixing the problem
exposed with the test-listen test in the previous commit
Signed-off-by: Knut Omang <address@hidden>
Reviewed-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 9cf961bba74d433db76a110917ac70aecc2ebcc4
https://github.com/qemu/qemu/commit/9cf961bba74d433db76a110917ac70aecc2ebcc4
Author: Knut Omang <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M util/qemu-sockets.c
Log Message:
-----------
sockets: Handle race condition between binds to the same port
If an offset of ports is specified to the inet_listen_saddr function(),
and two or more processes tries to bind from these ports at the same time,
occasionally more than one process may be able to bind to the same
port. The condition is detected by listen() but too late to avoid a failure.
This function is called by socket_listen() and used
by all socket listening code in QEMU, so all cases where any form of dynamic
port selection is used should be subject to this issue.
Add code to close and re-establish the socket when this
condition is observed, hiding the race condition from the user.
Also clean up some issues with error handling to allow more
accurate reporting of the cause of an error.
This has been developed and tested by means of the
test-listen unit test in the previous commit.
Enable the test for make check now that it passes.
Reviewed-by: Bhavesh Davda <address@hidden>
Reviewed-by: Yuval Shaia <address@hidden>
Reviewed-by: Girish Moodalbail <address@hidden>
Signed-off-by: Knut Omang <address@hidden>
Reviewed-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: a7b20a8efa28e5f22c26c06cd06c2f12bc863493
https://github.com/qemu/qemu/commit/a7b20a8efa28e5f22c26c06cd06c2f12bc863493
Author: Daniel P. Berrange <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M io/channel-websock.c
Log Message:
-----------
io: monitor encoutput buffer size from websocket GSource
The websocket GSource is monitoring the size of the rawoutput
buffer to determine if the channel can accepts more writes.
The rawoutput buffer, however, is merely a temporary staging
buffer before data is copied into the encoutput buffer. Thus
its size will always be zero when the GSource runs.
This flaw causes the encoutput buffer to grow without bound
if the other end of the underlying data channel doesn't
read data being sent. This can be seen with VNC if a client
is on a slow WAN link and the guest OS is sending many screen
updates. A malicious VNC client can act like it is on a slow
link by playing a video in the guest and then reading data
very slowly, causing QEMU host memory to expand arbitrarily.
This issue is assigned CVE-2017-15268, publically reported in
https://bugs.launchpad.net/qemu/+bug/1718964
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 57b0cdf152b7266e68bfa3e84635d4bdb64ef2cd
https://github.com/qemu/qemu/commit/57b0cdf152b7266e68bfa3e84635d4bdb64ef2cd
Author: Daniel P. Berrange <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M include/io/channel-websock.h
M io/channel-websock.c
Log Message:
-----------
io: simplify websocket ping reply handling
We must ensure we don't get flooded with ping replies if the outbound
channel is slow. Currently we do this by keeping the ping reply in a
separate temporary buffer and only writing it if the encoutput buffer
is completely empty. This is overly pessimistic, as it is reasonable
to add a ping reply to the encoutput buffer even if it has previous
data in it, as long as that previous data doesn't include a ping
reply.
To track this better, put the ping reply directly into the encoutput
buffer, and then record the size of encoutput at this time in
pong_remain. As we write encoutput to the underlying channel, we
can decrement the pong_remain counter. Once it hits zero, we can
accept further ping replies for transmission.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: bac6c95415788c03590542eb244c723a18d0771c
https://github.com/qemu/qemu/commit/bac6c95415788c03590542eb244c723a18d0771c
Author: Daniel P. Berrange <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M io/channel-websock.c
Log Message:
-----------
io: get rid of qio_channel_websock_encode helper method
The qio_channel_websock_encode method is only used in one place,
everything else calls qio_channel_websock_encode_buffer directly.
It can also be pushed up a level into the qio_channel_websock_writev
method, since every other caller of qio_channel_websock_write_wire
has already filled encoutput.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: fb74e5903914b9ec8c80b6f7a35da000f9f92ae7
https://github.com/qemu/qemu/commit/fb74e5903914b9ec8c80b6f7a35da000f9f92ae7
Author: Daniel P. Berrange <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M io/channel-websock.c
Log Message:
-----------
io: pass a struct iovec into qio_channel_websock_encode
Instead of requiring use of another Buffer, pass a struct iovec
into qio_channel_websock_encode, which gives callers more
flexibility in how they process data.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 8dfd5f96515ca20c4eb109cb0ee28e2bb32fc505
https://github.com/qemu/qemu/commit/8dfd5f96515ca20c4eb109cb0ee28e2bb32fc505
Author: Daniel P. Berrange <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M include/io/channel-websock.h
M io/channel-websock.c
Log Message:
-----------
io: get rid of bounce buffering in websock write path
Currently most outbound I/O on the websock channel gets copied into the
rawoutput buffer, and then immediately copied again into the encoutput
buffer, with a header prepended. Now that qio_channel_websock_encode
accepts a struct iovec, we can trivially remove this bounce buffering
and write directly to encoutput.
In doing so, we also now correctly validate the encoutput size against
the QIO_CHANNEL_WEBSOCK_MAX_BUFFER limit.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 6d5d23b00709510d55711661c7ca41408fd9934e
https://github.com/qemu/qemu/commit/6d5d23b00709510d55711661c7ca41408fd9934e
Author: Daniel P. Berrange <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M io/channel-websock.c
Log Message:
-----------
io: cope with websock 'Connection' header having multiple values
The noVNC server sends a header "Connection: keep-alive, Upgrade" which
fails our simple equality test. Split the header on ',', trim whitespace
and then check for 'upgrade' token.
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 0efd6c9ec19a1ea6c413424fbea54e1dfe471026
https://github.com/qemu/qemu/commit/0efd6c9ec19a1ea6c413424fbea54e1dfe471026
Author: Daniel P. Berrange <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M io/channel-websock.c
M io/trace-events
Log Message:
-----------
io: add trace points for websocket HTTP protocol headers
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: 7fc3fcefe2fc5966c6aa1ef4f10e9740d8d73bf2
https://github.com/qemu/qemu/commit/7fc3fcefe2fc5966c6aa1ef4f10e9740d8d73bf2
Author: Daniel P. Berrange <address@hidden>
Date: 2017-10-16 (Mon, 16 Oct 2017)
Changed paths:
M io/channel-websock.c
Log Message:
-----------
io: fix mem leak in websock error path
Coverity pointed out the 'date' is not free()d in the error
path
Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>
Commit: dabc50e4c68c1be046d4a42908af0f9df69f910a
https://github.com/qemu/qemu/commit/dabc50e4c68c1be046d4a42908af0f9df69f910a
Author: Peter Maydell <address@hidden>
Date: 2017-10-17 (Tue, 17 Oct 2017)
Changed paths:
M include/io/channel-websock.h
M io/channel-websock.c
M io/trace-events
M util/qemu-sockets.c
Log Message:
-----------
Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-2017-10-16-1'
into staging
Merge QIO 2017/10/16 v1
# gpg: Signature made Mon 16 Oct 2017 17:10:54 BST
# gpg: using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <address@hidden>"
# gpg: aka "Daniel P. Berrange <address@hidden>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange/tags/pull-qio-2017-10-16-1:
io: fix mem leak in websock error path
io: add trace points for websocket HTTP protocol headers
io: cope with websock 'Connection' header having multiple values
io: get rid of bounce buffering in websock write path
io: pass a struct iovec into qio_channel_websock_encode
io: get rid of qio_channel_websock_encode helper method
io: simplify websocket ping reply handling
io: monitor encoutput buffer size from websocket GSource
sockets: Handle race condition between binds to the same port
sockets: factor out create_fast_reuse_socket
sockets: factor out a new try_bind() function
Signed-off-by: Peter Maydell <address@hidden>
Compare: https://github.com/qemu/qemu/compare/9f99c85c4a36...dabc50e4c68c
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 89382c: sockets: factor out a new try_bind() function,
GitHub <=