Re: [libvirt] [PATCH 04/40] Simplify opening of Xen drivers
On Fri, May 03, 2013 at 04:12:29PM -0600, Jim Fehlig wrote:
Daniel P. Berrange wrote:
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 2ecb86f..b7f1ad4 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -86,14 +86,9 @@ static struct xenUnifiedDriver const * const
drivers[XEN_UNIFIED_NR_DRIVERS] = {
[XEN_UNIFIED_XEND_OFFSET] = xenDaemonDriver,
[XEN_UNIFIED_XS_OFFSET] = xenStoreDriver,
[XEN_UNIFIED_XM_OFFSET] = xenXMDriver,
-#if WITH_XEN_INOTIFY
-[XEN_UNIFIED_INOTIFY_OFFSET] = xenInotifyDriver,
-#endif
Looks like this was never used, so just removing it right? But there are
a lot of loops in this file with 'drivers[i]-', where it might be
possible that i == XEN_UNIFIED_INOTIFY_OFFSET?
The xenInotifyDriver table had one callback in it - the 'close' method.
Since we directly call xenInotifyClose, we don't need this in the
driver table anymore.
static int
-xenUnifiedStateInitialize(bool privileged ATTRIBUTE_UNUSED,
+xenUnifiedStateInitialize(bool privileged,
virStateInhibitCallback callback
ATTRIBUTE_UNUSED,
void *opaque ATTRIBUTE_UNUSED)
{
-inside_daemon = true;
+/* Don't allow driver to work in non-root libvirtd */
+if (privileged)
+inside_daemon = true;
Seems the name 'inside_daemon' is no longer appropriate. Should it be
something like 'is_privileged'?
Yep, ok.
+VIR_DEBUG(Trying XS sub-driver);
+if (xenStoreOpen(conn, auth, flags) 0)
+goto error;
+VIR_DEBUG(Activated XS sub-driver);
+priv-opened[XEN_UNIFIED_XS_OFFSET] = 1;
xenNumaInit(conn);
if (!(priv-caps = xenHypervisorMakeCapabilities(conn))) {
-VIR_DEBUG(Failed to make capabilities);
-goto fail;
+VIR_DEBUG(Errored to make capabilities);
Maybe one too many instances of 'fail' replaced with 'error'? I think
Failed to make capabilities is better than Errored to make
capabilities :).
Hah, yes, search + replace gone too far.
+goto error;
}
if (!(priv-xmlopt = xenDomainXMLConfInit()))
-goto fail;
+goto error;
#if WITH_XEN_INOTIFY
-if (xenHavePrivilege()) {
-VIR_DEBUG(Trying Xen inotify sub-driver);
-if (xenInotifyOpen(conn, auth, flags) == VIR_DRV_OPEN_SUCCESS) {
-VIR_DEBUG(Activated Xen inotify sub-driver);
-priv-opened[XEN_UNIFIED_INOTIFY_OFFSET] = 1;
-}
-}
+VIR_DEBUG(Trying Xen inotify sub-driver);
+if (xenInotifyOpen(conn, auth, flags) 0)
+goto error;
The old code silently continued on if xenInotifyOpen() didn't return
success.
I've audited the xenInotifyOpen method and the only reasons
it would return -1 are all genuine fatal errors which we
should having been honouring.
Regards,
Daniel
--
|: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 04/40] Simplify opening of Xen drivers
Daniel P. Berrange wrote:
From: Daniel P. Berrange berra...@redhat.com
Since the Xen driver was changed to only execute inside libvirtd,
there is no scenario in which it will be opened from a non-privileged
context. This all the code dealing with opening the sub-drivers can
s/This/Thus/ ?
be simplified to assume that they are always privileged.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/xen/xen_driver.c | 148
+--
src/xen/xen_driver.h | 1 -
src/xen/xen_hypervisor.c | 9 ++-
src/xen/xen_hypervisor.h | 2 +-
src/xen/xen_inotify.c| 8 +--
src/xen/xen_inotify.h| 11 ++--
src/xen/xend_internal.c | 9 ++-
src/xen/xend_internal.h | 4 +-
src/xen/xm_internal.c| 5 +-
src/xen/xm_internal.h| 4 +-
src/xen/xs_internal.c| 5 +-
src/xen/xs_internal.h| 2 +-
12 files changed, 91 insertions(+), 117 deletions(-)
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 2ecb86f..b7f1ad4 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -86,14 +86,9 @@ static struct xenUnifiedDriver const * const
drivers[XEN_UNIFIED_NR_DRIVERS] = {
[XEN_UNIFIED_XEND_OFFSET] = xenDaemonDriver,
[XEN_UNIFIED_XS_OFFSET] = xenStoreDriver,
[XEN_UNIFIED_XM_OFFSET] = xenXMDriver,
-#if WITH_XEN_INOTIFY
-[XEN_UNIFIED_INOTIFY_OFFSET] = xenInotifyDriver,
-#endif
Looks like this was never used, so just removing it right? But there are
a lot of loops in this file with 'drivers[i]-', where it might be
possible that i == XEN_UNIFIED_INOTIFY_OFFSET?
};
-#if defined WITH_LIBVIRTD || defined __sun
static bool inside_daemon = false;
-#endif
/**
* xenNumaInit:
@@ -200,14 +195,14 @@ done:
return res;
}
-#ifdef WITH_LIBVIRTD
-
static int
-xenUnifiedStateInitialize(bool privileged ATTRIBUTE_UNUSED,
+xenUnifiedStateInitialize(bool privileged,
virStateInhibitCallback callback ATTRIBUTE_UNUSED,
void *opaque ATTRIBUTE_UNUSED)
{
-inside_daemon = true;
+/* Don't allow driver to work in non-root libvirtd */
+if (privileged)
+inside_daemon = true;
Seems the name 'inside_daemon' is no longer appropriate. Should it be
something like 'is_privileged'?
return 0;
}
@@ -216,8 +211,6 @@ static virStateDriver state_driver = {
.stateInitialize = xenUnifiedStateInitialize,
};
-#endif
-
/*- Dispatch functions. -*/
/* These dispatch functions follow the model used historically
@@ -298,18 +291,15 @@ xenDomainXMLConfInit(void)
static virDrvOpenStatus
xenUnifiedConnectOpen(virConnectPtr conn, virConnectAuthPtr auth, unsigned
int flags)
{
-int i, ret = VIR_DRV_OPEN_DECLINED;
xenUnifiedPrivatePtr priv;
char ebuf[1024];
-#ifdef __sun
/*
* Only the libvirtd instance can open this driver.
* Everything else falls back to the remote driver.
*/
if (!inside_daemon)
return VIR_DRV_OPEN_DECLINED;
-#endif
if (conn-uri == NULL) {
if (!xenUnifiedProbe())
@@ -379,110 +369,108 @@ xenUnifiedConnectOpen(virConnectPtr conn,
virConnectAuthPtr auth, unsigned int f
priv-xshandle = NULL;
-/* Hypervisor is only run with privilege required to succeed */
-if (xenHavePrivilege()) {
-VIR_DEBUG(Trying hypervisor sub-driver);
-if (xenHypervisorOpen(conn, auth, flags) == VIR_DRV_OPEN_SUCCESS) {
-VIR_DEBUG(Activated hypervisor sub-driver);
-priv-opened[XEN_UNIFIED_HYPERVISOR_OFFSET] = 1;
-} else {
-goto fail;
-}
-}
+/* Hypervisor required to succeed */
+VIR_DEBUG(Trying hypervisor sub-driver);
+if (xenHypervisorOpen(conn, auth, flags) 0)
+goto error;
+VIR_DEBUG(Activated hypervisor sub-driver);
+priv-opened[XEN_UNIFIED_HYPERVISOR_OFFSET] = 1;
-/* XenD is required to succeed if privileged */
+/* XenD is required to succeed */
VIR_DEBUG(Trying XenD sub-driver);
-if (xenDaemonOpen(conn, auth, flags) == VIR_DRV_OPEN_SUCCESS) {
-VIR_DEBUG(Activated XenD sub-driver);
-priv-opened[XEN_UNIFIED_XEND_OFFSET] = 1;
-
-/* XenD is active, so try the xm xs drivers too, both requird to
- * succeed if root, optional otherwise */
-if (priv-xendConfigVersion = XEND_CONFIG_VERSION_3_0_3) {
-VIR_DEBUG(Trying XM sub-driver);
-if (xenXMOpen(conn, auth, flags) == VIR_DRV_OPEN_SUCCESS) {
-VIR_DEBUG(Activated XM sub-driver);
-priv-opened[XEN_UNIFIED_XM_OFFSET] = 1;
-}
-}
-VIR_DEBUG(Trying XS sub-driver);
-if (xenStoreOpen(conn, auth, flags) == VIR_DRV_OPEN_SUCCESS) {
-VIR_DEBUG(Activated XS sub-driver);
-priv-opened[XEN_UNIFIED_XS_OFFSET] = 1;
-}
[libvirt] [PATCH 04/40] Simplify opening of Xen drivers
From: Daniel P. Berrange berra...@redhat.com
Since the Xen driver was changed to only execute inside libvirtd,
there is no scenario in which it will be opened from a non-privileged
context. This all the code dealing with opening the sub-drivers can
be simplified to assume that they are always privileged.
Signed-off-by: Daniel P. Berrange berra...@redhat.com
---
src/xen/xen_driver.c | 148 +--
src/xen/xen_driver.h | 1 -
src/xen/xen_hypervisor.c | 9 ++-
src/xen/xen_hypervisor.h | 2 +-
src/xen/xen_inotify.c| 8 +--
src/xen/xen_inotify.h| 11 ++--
src/xen/xend_internal.c | 9 ++-
src/xen/xend_internal.h | 4 +-
src/xen/xm_internal.c| 5 +-
src/xen/xm_internal.h| 4 +-
src/xen/xs_internal.c| 5 +-
src/xen/xs_internal.h| 2 +-
12 files changed, 91 insertions(+), 117 deletions(-)
diff --git a/src/xen/xen_driver.c b/src/xen/xen_driver.c
index 2ecb86f..b7f1ad4 100644
--- a/src/xen/xen_driver.c
+++ b/src/xen/xen_driver.c
@@ -86,14 +86,9 @@ static struct xenUnifiedDriver const * const
drivers[XEN_UNIFIED_NR_DRIVERS] = {
[XEN_UNIFIED_XEND_OFFSET] = xenDaemonDriver,
[XEN_UNIFIED_XS_OFFSET] = xenStoreDriver,
[XEN_UNIFIED_XM_OFFSET] = xenXMDriver,
-#if WITH_XEN_INOTIFY
-[XEN_UNIFIED_INOTIFY_OFFSET] = xenInotifyDriver,
-#endif
};
-#if defined WITH_LIBVIRTD || defined __sun
static bool inside_daemon = false;
-#endif
/**
* xenNumaInit:
@@ -200,14 +195,14 @@ done:
return res;
}
-#ifdef WITH_LIBVIRTD
-
static int
-xenUnifiedStateInitialize(bool privileged ATTRIBUTE_UNUSED,
+xenUnifiedStateInitialize(bool privileged,
virStateInhibitCallback callback ATTRIBUTE_UNUSED,
void *opaque ATTRIBUTE_UNUSED)
{
-inside_daemon = true;
+/* Don't allow driver to work in non-root libvirtd */
+if (privileged)
+inside_daemon = true;
return 0;
}
@@ -216,8 +211,6 @@ static virStateDriver state_driver = {
.stateInitialize = xenUnifiedStateInitialize,
};
-#endif
-
/*- Dispatch functions. -*/
/* These dispatch functions follow the model used historically
@@ -298,18 +291,15 @@ xenDomainXMLConfInit(void)
static virDrvOpenStatus
xenUnifiedConnectOpen(virConnectPtr conn, virConnectAuthPtr auth, unsigned int
flags)
{
-int i, ret = VIR_DRV_OPEN_DECLINED;
xenUnifiedPrivatePtr priv;
char ebuf[1024];
-#ifdef __sun
/*
* Only the libvirtd instance can open this driver.
* Everything else falls back to the remote driver.
*/
if (!inside_daemon)
return VIR_DRV_OPEN_DECLINED;
-#endif
if (conn-uri == NULL) {
if (!xenUnifiedProbe())
@@ -379,110 +369,108 @@ xenUnifiedConnectOpen(virConnectPtr conn,
virConnectAuthPtr auth, unsigned int f
priv-xshandle = NULL;
-/* Hypervisor is only run with privilege required to succeed */
-if (xenHavePrivilege()) {
-VIR_DEBUG(Trying hypervisor sub-driver);
-if (xenHypervisorOpen(conn, auth, flags) == VIR_DRV_OPEN_SUCCESS) {
-VIR_DEBUG(Activated hypervisor sub-driver);
-priv-opened[XEN_UNIFIED_HYPERVISOR_OFFSET] = 1;
-} else {
-goto fail;
-}
-}
+/* Hypervisor required to succeed */
+VIR_DEBUG(Trying hypervisor sub-driver);
+if (xenHypervisorOpen(conn, auth, flags) 0)
+goto error;
+VIR_DEBUG(Activated hypervisor sub-driver);
+priv-opened[XEN_UNIFIED_HYPERVISOR_OFFSET] = 1;
-/* XenD is required to succeed if privileged */
+/* XenD is required to succeed */
VIR_DEBUG(Trying XenD sub-driver);
-if (xenDaemonOpen(conn, auth, flags) == VIR_DRV_OPEN_SUCCESS) {
-VIR_DEBUG(Activated XenD sub-driver);
-priv-opened[XEN_UNIFIED_XEND_OFFSET] = 1;
-
-/* XenD is active, so try the xm xs drivers too, both requird to
- * succeed if root, optional otherwise */
-if (priv-xendConfigVersion = XEND_CONFIG_VERSION_3_0_3) {
-VIR_DEBUG(Trying XM sub-driver);
-if (xenXMOpen(conn, auth, flags) == VIR_DRV_OPEN_SUCCESS) {
-VIR_DEBUG(Activated XM sub-driver);
-priv-opened[XEN_UNIFIED_XM_OFFSET] = 1;
-}
-}
-VIR_DEBUG(Trying XS sub-driver);
-if (xenStoreOpen(conn, auth, flags) == VIR_DRV_OPEN_SUCCESS) {
-VIR_DEBUG(Activated XS sub-driver);
-priv-opened[XEN_UNIFIED_XS_OFFSET] = 1;
-} else {
-if (xenHavePrivilege())
-goto fail; /* XS is mandatory when privileged */
-}
-} else {
-if (xenHavePrivilege()) {
-goto fail; /* XenD is mandatory when privileged */
-} else {
-VIR_DEBUG(Handing off for remote driver);
-ret = VIR_DRV_OPEN_DECLINED; /* Let remote_driver try instead */
-goto clean;
-}
-}
+if (xenDaemonOpen(conn, auth, flags) 0)
+
