[Qemu-commits] [qemu/qemu] 89382c: sockets: factor out a new try

qemu-commits
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 89382c: sockets: factor out a new try_bind()

From:	GitHub
Subject:	[Qemu-commits] [qemu/qemu] 89382c: sockets: factor out a new try_bind() function
Date:	Tue, 17 Oct 2017 05:08:59 -0700
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 89382c3de5bc2250b1dad1c42c1f73d5ec6febda
      
https://github.com/qemu/qemu/commit/89382c3de5bc2250b1dad1c42c1f73d5ec6febda
  Author: Knut Omang <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M util/qemu-sockets.c

  Log Message:
  -----------
  sockets: factor out a new try_bind() function

A refactoring step to prepare for the problem
exposed by the test-listen test in the previous commit.

Simplify and reorganize the IPv6 specific extra
measures and move it out of the for loop to increase
code readability. No semantic changes.

Signed-off-by: Knut Omang <address@hidden>
Reviewed-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 39f80521df1e7f1252960d1ada2bd1a41d4d2cd3
      
https://github.com/qemu/qemu/commit/39f80521df1e7f1252960d1ada2bd1a41d4d2cd3
  Author: Knut Omang <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M util/qemu-sockets.c

  Log Message:
  -----------
  sockets: factor out create_fast_reuse_socket

Another refactoring step to prepare for fixing the problem
exposed with the test-listen test in the previous commit

Signed-off-by: Knut Omang <address@hidden>
Reviewed-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 9cf961bba74d433db76a110917ac70aecc2ebcc4
      
https://github.com/qemu/qemu/commit/9cf961bba74d433db76a110917ac70aecc2ebcc4
  Author: Knut Omang <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M util/qemu-sockets.c

  Log Message:
  -----------
  sockets: Handle race condition between binds to the same port

If an offset of ports is specified to the inet_listen_saddr function(),
and two or more processes tries to bind from these ports at the same time,
occasionally more than one process may be able to bind to the same
port. The condition is detected by listen() but too late to avoid a failure.

This function is called by socket_listen() and used
by all socket listening code in QEMU, so all cases where any form of dynamic
port selection is used should be subject to this issue.

Add code to close and re-establish the socket when this
condition is observed, hiding the race condition from the user.

Also clean up some issues with error handling to allow more
accurate reporting of the cause of an error.

This has been developed and tested by means of the
test-listen unit test in the previous commit.
Enable the test for make check now that it passes.

Reviewed-by: Bhavesh Davda <address@hidden>
Reviewed-by: Yuval Shaia <address@hidden>
Reviewed-by: Girish Moodalbail <address@hidden>
Signed-off-by: Knut Omang <address@hidden>
Reviewed-by: Daniel P. Berrange <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: a7b20a8efa28e5f22c26c06cd06c2f12bc863493
      
https://github.com/qemu/qemu/commit/a7b20a8efa28e5f22c26c06cd06c2f12bc863493
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M io/channel-websock.c

  Log Message:
  -----------
  io: monitor encoutput buffer size from websocket GSource

The websocket GSource is monitoring the size of the rawoutput
buffer to determine if the channel can accepts more writes.
The rawoutput buffer, however, is merely a temporary staging
buffer before data is copied into the encoutput buffer. Thus
its size will always be zero when the GSource runs.

This flaw causes the encoutput buffer to grow without bound
if the other end of the underlying data channel doesn't
read data being sent. This can be seen with VNC if a client
is on a slow WAN link and the guest OS is sending many screen
updates. A malicious VNC client can act like it is on a slow
link by playing a video in the guest and then reading data
very slowly, causing QEMU host memory to expand arbitrarily.

This issue is assigned CVE-2017-15268, publically reported in

  https://bugs.launchpad.net/qemu/+bug/1718964

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 57b0cdf152b7266e68bfa3e84635d4bdb64ef2cd
      
https://github.com/qemu/qemu/commit/57b0cdf152b7266e68bfa3e84635d4bdb64ef2cd
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M include/io/channel-websock.h
    M io/channel-websock.c

  Log Message:
  -----------
  io: simplify websocket ping reply handling

We must ensure we don't get flooded with ping replies if the outbound
channel is slow. Currently we do this by keeping the ping reply in a
separate temporary buffer and only writing it if the encoutput buffer
is completely empty. This is overly pessimistic, as it is reasonable
to add a ping reply to the encoutput buffer even if it has previous
data in it, as long as that previous data doesn't include a ping
reply.

To track this better, put the ping reply directly into the encoutput
buffer, and then record the size of encoutput at this time in
pong_remain. As we write encoutput to the underlying channel, we
can decrement the pong_remain counter. Once it hits zero, we can
accept further ping replies for transmission.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: bac6c95415788c03590542eb244c723a18d0771c
      
https://github.com/qemu/qemu/commit/bac6c95415788c03590542eb244c723a18d0771c
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M io/channel-websock.c

  Log Message:
  -----------
  io: get rid of qio_channel_websock_encode helper method

The qio_channel_websock_encode method is only used in one place,
everything else calls qio_channel_websock_encode_buffer directly.
It can also be pushed up a level into the qio_channel_websock_writev
method, since every other caller of qio_channel_websock_write_wire
has already filled encoutput.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: fb74e5903914b9ec8c80b6f7a35da000f9f92ae7
      
https://github.com/qemu/qemu/commit/fb74e5903914b9ec8c80b6f7a35da000f9f92ae7
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M io/channel-websock.c

  Log Message:
  -----------
  io: pass a struct iovec into qio_channel_websock_encode

Instead of requiring use of another Buffer, pass a struct iovec
into qio_channel_websock_encode, which gives callers more
flexibility in how they process data.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 8dfd5f96515ca20c4eb109cb0ee28e2bb32fc505
      
https://github.com/qemu/qemu/commit/8dfd5f96515ca20c4eb109cb0ee28e2bb32fc505
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M include/io/channel-websock.h
    M io/channel-websock.c

  Log Message:
  -----------
  io: get rid of bounce buffering in websock write path

Currently most outbound I/O on the websock channel gets copied into the
rawoutput buffer, and then immediately copied again into the encoutput
buffer, with a header prepended. Now that qio_channel_websock_encode
accepts a struct iovec, we can trivially remove this bounce buffering
and write directly to encoutput.

In doing so, we also now correctly validate the encoutput size against
the QIO_CHANNEL_WEBSOCK_MAX_BUFFER limit.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 6d5d23b00709510d55711661c7ca41408fd9934e
      
https://github.com/qemu/qemu/commit/6d5d23b00709510d55711661c7ca41408fd9934e
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M io/channel-websock.c

  Log Message:
  -----------
  io: cope with websock 'Connection' header having multiple values

The noVNC server sends a header "Connection: keep-alive, Upgrade" which
fails our simple equality test. Split the header on ',', trim whitespace
and then check for 'upgrade' token.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 0efd6c9ec19a1ea6c413424fbea54e1dfe471026
      
https://github.com/qemu/qemu/commit/0efd6c9ec19a1ea6c413424fbea54e1dfe471026
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M io/channel-websock.c
    M io/trace-events

  Log Message:
  -----------
  io: add trace points for websocket HTTP protocol headers

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 7fc3fcefe2fc5966c6aa1ef4f10e9740d8d73bf2
      
https://github.com/qemu/qemu/commit/7fc3fcefe2fc5966c6aa1ef4f10e9740d8d73bf2
  Author: Daniel P. Berrange <address@hidden>
  Date:   2017-10-16 (Mon, 16 Oct 2017)

  Changed paths:
    M io/channel-websock.c

  Log Message:
  -----------
  io: fix mem leak in websock error path

Coverity pointed out the 'date' is not free()d in the error
path

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: dabc50e4c68c1be046d4a42908af0f9df69f910a
      
https://github.com/qemu/qemu/commit/dabc50e4c68c1be046d4a42908af0f9df69f910a
  Author: Peter Maydell <address@hidden>
  Date:   2017-10-17 (Tue, 17 Oct 2017)

  Changed paths:
    M include/io/channel-websock.h
    M io/channel-websock.c
    M io/trace-events
    M util/qemu-sockets.c

  Log Message:
  -----------
  Merge remote-tracking branch 'remotes/berrange/tags/pull-qio-2017-10-16-1' 
into staging

Merge QIO 2017/10/16 v1

# gpg: Signature made Mon 16 Oct 2017 17:10:54 BST
# gpg:                using RSA key 0xBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <address@hidden>"
# gpg:                 aka "Daniel P. Berrange <address@hidden>"
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/pull-qio-2017-10-16-1:
  io: fix mem leak in websock error path
  io: add trace points for websocket HTTP protocol headers
  io: cope with websock 'Connection' header having multiple values
  io: get rid of bounce buffering in websock write path
  io: pass a struct iovec into qio_channel_websock_encode
  io: get rid of qio_channel_websock_encode helper method
  io: simplify websocket ping reply handling
  io: monitor encoutput buffer size from websocket GSource
  sockets: Handle race condition between binds to the same port
  sockets: factor out create_fast_reuse_socket
  sockets: factor out a new try_bind() function

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/9f99c85c4a36...dabc50e4c68c
[Prev in Thread]
Current Thread
[Next in Thread]
[Qemu-commits] [qemu/qemu] 89382c: sockets: factor out a new try_bind() function, GitHub <=
Prev by Date: [Qemu-commits] [qemu/qemu] 7bd927: 9pfs: use g_malloc0 to allocate space for xattr
Next by Date: [Qemu-commits] [qemu/qemu] 326c4c: qemu-doc.texi: remove trailing whitespace
Previous by thread: [Qemu-commits] [qemu/qemu] 7bd927: 9pfs: use g_malloc0 to allocate space for xattr
Next by thread: [Qemu-commits] [qemu/qemu] 326c4c: qemu-doc.texi: remove trailing whitespace
Index(es):
- Date
- Thread