throttle_config() cancels the timers of the calling BlockBackend. This
doesn't make sense because other BlockBackends in the group remain
untouched. There's no need to cancel the timers in the one specific
BlockBackend so let's not do that. Throttled requests will run as
scheduled and future requests will follow the new configuration. This
also allows a throttle group's configuration to be changed even when it
has no members.
Signed-off-by: Manos Pitsidianakis <el13635@mail.ntua.gr>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Clock type in throttling is currently inferred by the ThrottleTimer's
clock type even though it is a per-ThrottleGroup property; it doesn't
make sense to have different clock types in the same group. Moving this
to a field in ThrottleGroup can simplify some of the throttle functions.
Signed-off-by: Manos Pitsidianakis <el13635@mail.ntua.gr>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
In mapped security modes, files are created with very restrictive
permissions (600 for files and 700 for directories). This makes
file sharing between virtual machines and users on the host rather
complicated. Imagine eg. a group of users that need to access data
produced by processes on a virtual machine. Giving those users access
to the data will be difficult since the group access mode is always 0.
This patch makes the default mode for both files and directories
configurable. Existing setups that don't know about the new parameters
keep using the current secure behavior.
Signed-off-by: Tobias Schramm <tobleminer@gmail.com>
Signed-off-by: Greg Kurz <groug@kaod.org>
The utimensat() and futimens() syscalls have been around for ages (ie,
glibc 2.6 and linux 2.6.22), and the decision was already taken to
switch to utimensat() anyway when fixing CVE-2016-9602 in 2.9.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Since chroot() doesn't change the current directory, it is indeed a good
practice to chdir() to the target directory and then then chroot(), or
to chroot() to the target directory and then chdir("/").
The current code does neither of them actually. Let's go for the latter.
This doesn't fix any security issue since all of this takes place before
the helper begins to process requests.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
The code only uses well known format strings. An unknown format token is a
bug.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
This patch removes the redundant throttle code that was present in
block and fsdev device files. Now the common code is moved
to a single file.
Signed-off-by: Pradeep Jagadeesh <pradeep.jagadeesh@huawei.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
(fix indent nit, Greg Kurz)
Signed-off-by: Greg Kurz <groug@kaod.org>
This patchset adds the throttle support for the 9p-local driver.
For now this functionality can be enabled only through qemu cli options.
QMP interface and support to other drivers need further extensions.
To make it simple for other 9p drivers, the throttle code has been put in
separate files.
Signed-off-by: Pradeep Jagadeesh <pradeep.jagadeesh@huawei.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
(pass extra NULL CoMutex * argument to qemu_co_queue_wait(),
added options to qemu-options.hx, Greg Kurz)
Signed-off-by: Greg Kurz <groug@kaod.org>
Currently, the backend of VirtFS doesn't have a cleanup
function. This will lead resource leak issues if the backed
driver allocates resources. This patch addresses this issue.
Signed-off-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Greg Kurz <groug@kaod.org>
If a guest sends an empty string paramater to any 9P operation, the current
code unmarshals it into a V9fsString equal to { .size = 0, .data = NULL }.
This is unfortunate because it can cause NULL pointer dereference to happen
at various locations in the 9pfs code. And we don't want to check str->data
everywhere we pass it to strcmp() or any other function which expects a
dereferenceable pointer.
This patch enforces the allocation of genuine C empty strings instead, so
callers don't have to bother.
Out of all v9fs_iov_vunmarshal() users, only v9fs_xattrwalk() checks if
the returned string is empty. It now uses v9fs_string_size() since
name.data cannot be NULL anymore.
Signed-off-by: Li Qiang <liqiang6-s@360.cn>
[groug, rewritten title and changelog,
fix empty string check in v9fs_xattrwalk()]
Signed-off-by: Greg Kurz <groug@kaod.org>
The v9fs_string_null() function just calls v9fs_string_free(). Also it
only has 4 users, whereas v9fs_string_free() has 87.
This patch converts users to call directly v9fs_string_free() and drops
the useless function.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJXhP1vAAoJEDhwtADrkYZTSnsP/050pn1Zeo8tF7+C9Sj/8mu1
Peuaz7f+QkGzvkteoVu8W2dDNebUnjZI1InsBFcpJab8TCjnk+A2UipalTyWlX2U
QQbgqgLKTJgewVPMje+7B96D2Eyr4IhnhiaJDP7zBtx5tW+mO9NDqly7j9VJajbO
cBC9SBFLNEk3wQqiQMv4Ig6qi3a4jfU56Zhazt6ci7lJRKJwPnbhZjEWCKliRjzT
TjZsV8mlKm5Sp3wmahxGiWuUI+JnbneEnjLLvRBot5mUGZsA9oU4mgmzFBn+/uvp
rzvae41tfw1Td/S7nRBwTxZqRo8qiRSC5vNc90piBKkj7H1TaKnZUVBskkexZl4x
ibFOAVPx3yJredtCgjJZun2gc/EBpIQtcV9WNqY9qjwldczjim93ua/lM7BcTrbN
4rdNP63a81KYOkgL3rSd9zVarGybHIrhd96KUhX8j6SKbc7z4gVn90uMnAPsapk/
I39HR3smMvgNK3x6gZ4pU3Ghr2hmmWMah+gQ2ErczmoYArAixR8lDqFO+c2eoqfe
bHfZM6gsZickrJSL1t3/FXB0oXfcNifUzF5g2hDQY9WKDjFee4tb2+UGHcrb7PW8
Uq3eYqigNitj1COMksjijG0iBAfCqtJNPJDA4M0SLhuYVnH+cSGWYg3UWgETwu8q
nYZHU/nNqI9p3BNFkILR
=Zct/
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/armbru/tags/pull-include-2016-07-12' into staging
Clean up #include "..." vs <...> and header guards
# gpg: Signature made Tue 12 Jul 2016 15:23:43 BST
# gpg: using RSA key 0x3870B400EB918653
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>"
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-include-2016-07-12:
cris: Fix broken header guard in hw/cris/boot.h
Clean up decorations and whitespace around header guards
Clean up ill-advised or unusual header guards
libdecnumber: Don't error out on decNumberLocal.h re-inclusion
libdecnumber: Don't fool around with guards to avoid #include
Clean up header guards that don't match their file name
Drop Emacs local variables lists redundant with .dir-locals.el
spapr_pci: Include spapr.h instead of playing games with #error
tcg: Clean up tcg-target.h header guards
linux-user: Fix broken header guard in syscall_defs.h
linux-user: Clean up hostdep.h header guards
linux-user: Clean up target_structs.h header guards
linux-user: Clean up target_signal.h header guards
linux-user: Clean up target_cpu.h header guards
linux-user: Clean up target_syscall.h header guards
target-*: Clean up cpu.h header guards
scripts: New clean-header-guards.pl
Use #include "..." for our own headers, <...> for others
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Header guard symbols should match their file name to make guard
collisions less likely. Offenders found with
scripts/clean-header-guards.pl -vn.
Cleaned up with scripts/clean-header-guards.pl, followed by some
renaming of new guard symbols picked by the script to better ones.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <rth@twiddle.net>
Don't use the cpu_to_*w() functions, which we are trying to deprecate.
Instead just use cpu_to_*() to do the byteswap, which brings the
code in the marshal function in line with that in the unmarshal.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id: 1467908460-27048-2-git-send-email-peter.maydell@linaro.org
The <sys/uio.h> system header doesn't exist on all host platforms. Code
should include "qemu/osdep.h" instead to avoid build breaks on plafforms
that don't define CONFIG_IOVEC (like win32, if it is to support 9p one day).
Acked-by: Cédric Le Goater <clg@kaod.org>
Acked-by: Michael Fritscher <michael@fritscher.net>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Remove glib.h includes, as it is provided by osdep.h.
This commit was created with scripts/clean-includes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Tested-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
This patch changes the 9p code to use readdir() again instead of
readdir_r(), which is deprecated in glibc 2.24.
All the locking was put in place by a previous patch.
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Most of the 9p code is now virtio agnostic. This patch does a final cleanup:
- drop references to Virtio from the header comments
- fix includes
Also drop a couple of leading empty lines while here.
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
The only remaining users of machine_init() only call
qemu_add_opts(). Rename machine_init() to opts_init() and move it
closer to the qemu_add_opts() calls on vl.c.
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Marcel Apfelbaum <marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.
This commit was created with scripts/clean-includes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
There was a 'capbilities' typo in this man page. This commit
reformulates the sentence the typo was in to make it easier to grasp.
This is based on a suggestion from Eric Blake.
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Clean up includes so that osdep.h is included first and headers
which it implies are not included manually.
This commit was created with scripts/clean-includes.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 1453832250-766-18-git-send-email-peter.maydell@linaro.org
* NBD fix from Denis
* condvar fix from Dave
* kvm_stat and dump-guest-memory almost rewrite
* mem-prealloc fix from Luiz
* manpage style improvement
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iQEcBAABAgAGBQJWp4mKAAoJEL/70l94x66DersH/iUfwRTL7tmGOiUX73Qm32da
QseRiC5E5OaTLOGm+Q0Aehjq6Q18zgdiz/+/wSTPjnLmOiSDn6Sr6yB/URSMwhOE
+JVX3+UOpfHpQ1KHlBesIjS/WBSS1691ND1OPcHbHHa6UYbwEUTEc00hus8nVx6J
wyeteUoBryZA177rjVNb9sH7ncNFuuiQDfkr5pmC5f5JEsDiSK9hDmlg9sFnTWrO
XIVqQb0PD+EbOuufR4z3PTLIgbZEXegEgWOsE1FLBTVY/CZAkujynccOENIujFVv
CEhHJrGWo2NU0yeVJ1UlHREQyK+suIHgsiJlQKvAW8ZyFNqpy3+sWSEo7ZBpB6U=
=bVe7
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging
* chardev support for TLS and leak fix
* NBD fix from Denis
* condvar fix from Dave
* kvm_stat and dump-guest-memory almost rewrite
* mem-prealloc fix from Luiz
* manpage style improvement
# gpg: Signature made Tue 26 Jan 2016 14:58:18 GMT using RSA key ID 78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>"
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>"
* remotes/bonzini/tags/for-upstream: (49 commits)
scripts/dump-guest-memory.py: Fix module docstring
scripts/dump-guest-memory.py: Introduce multi-arch support
scripts/dump-guest-memory.py: Cleanup functions
scripts/dump-guest-memory.py: Improve python 3 compatibility
scripts/dump-guest-memory.py: Make methods functions
scripts/dump-guest-memory.py: Move constants to the top
nbd: add missed aio_context_acquire in nbd_export_new
memory: exit when hugepage allocation fails if mem-prealloc
cpus: use broadcast on qemu_pause_cond
scripts/kvm/kvm_stat: Add optparse description
scripts/kvm/kvm_stat: Add interactive filtering
scripts/kvm/kvm_stat: Fixup filtering
scripts/kvm/kvm_stat: Fix rlimit for unprivileged users
scripts/kvm/kvm_stat: Read event values as u64
scripts/kvm/kvm_stat: Cleanup and pre-init perf_event_attr
scripts/kvm/kvm_stat: Fix output formatting
scripts/kvm/kvm_stat: Make tui function a class
scripts/kvm/kvm_stat: Remove unneeded X86_EXIT_REASONS
scripts/kvm/kvm_stat: Group arch specific data
scripts/kvm/kvm_stat: Cleanup of Event class
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Factor out v9fs_iov_v{,un}marshal. Implement pdu_{,un}marshal with those
functions.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
And rename v9fs_marshal to v9fs_iov_marshal, v9fs_unmarshal to
v9fs_iov_unmarshal.
The rationale behind this change is that, this marshalling interface is
used both by virtio and proxy helper. Renaming files and functions to
reflect the true nature of this interface.
Xen transport is going to have its own marshalling interface.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Break out some generic functions for marshaling 9p state. Pure code
motion plus minor fixes for build system.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Those two files are not virtio specific. Rename them to use generic
names.
Fix includes in various C files. Change define guards and comments
in header files.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
There is a minor time of check/time of use race between statfs and chroot.
It can be fixed easily by stat-ing the root after it has been changed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
Signed-off-by: Greg Kurz <gkurz@linux.vnet.ibm.com>
A number of files were including dirent.h but not using any
of the functions it provides
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Replace the assertion check with graceful failure when the socket path
is too long. Programs should not crash on invalid input. Print an
error message and exit properly.
Cc: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
The getopt_long(3) long options array must have a zeroed terminator.
This patch solves a segmentation fault when an unknown command-line
option is encountered:
$ fsdev/virtfs-proxy-helper --help
Segmentation fault (core dumped)
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
It's detected by coverity. The socket name specified
should fit in the sockadd_un.sun_path. If not abort.
Signed-off-by: Shannon Zhao <zhaoshenglong@huawei.com>
Signed-off-by: Shannon Zhao <shannon.zhao@linaro.org>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
The current code calls accept() without initializing the size parameter
which means the accept call might write too much to the stack.
URL: https://bugs.gentoo.org/486714
Signed-off-by: Tim Comer <comer0@gmail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
After commit ba1183da9a we are including
hw/Makefile.objs directly from Makefile.target. Make sure hw/Makefile.objs
rules doesn't depend on variable defined in Makefile.objs
Tested-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
readlink() returns the number of bytes written to the buffer, and it
doesn't write a terminating null byte. do_readlink() writes it
itself. Overruns the buffer when readlink() filled it completely.
Fix by reserving space for the null byte when calling readlink(), like
we do elsewhere.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
This leak was reported by cppcheck.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: M. Mohan Kumar <mohan@in.ibm.com>
Message-id: 1371376960-18192-1-git-send-email-sw@weilnetz.de
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
extra-obj-y is somewhat complicated to understand. Replace it with a
special CONFIG_ALL symbol that is defined only at toplevel.
This limits the case of directories defining more than one
*-obj-y target.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
The setfsuid and setfsgid system calls are obscure and they complicate
the error checking (that glibc's warn_unused_result "feature" forces
us to do). Switch to the standard setresuid and setresgid functions.
Signed-off-by: Paolo Bonzini <pbonini@redhat.com
Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>