November 2019 - Libguestfs - Libguestfs List Archives

[PATCH libnbd] api: Allow NBD URIs to be restricted.

by Richard W.M. Jones

Previous discussion: https://www.redhat.com/archives/libguestfs/2019-August/msg00102.html Last night I experimentally added support for URIs that contain the query parameter tls-psk-file, as part of rewriting the tests to cover more of the URI code. So you can now have a URI like: nbds://alice@localhost/?tls-psk-file=keys.psk However there's an obvious security problem here because now any libnbd program which takes URIs from less trusted sources will open a local file under the user's control. So it's time to restrict what can appear in URIs. I've added three new APIs for this purpose, see generator/generator in this patch for documentation. The defaults are fairly liberal, except we do prevent opening local files (except socket) by default. Rich.

4 years, 6 months

2
3
0 / 0

[PATCH libnbd] lib: Use GCC hints to move debug and error handling code out of hot paths.

by Richard W.M. Jones

--- generator/generator | 6 +++--- lib/crypto.c | 2 +- lib/internal.h | 14 +++++++++++++- 3 files changed, 17 insertions(+), 5 deletions(-) diff --git a/generator/generator b/generator/generator index c2ff0db..eb3408d 100755 --- a/generator/generator +++ b/generator/generator @@ -4512,7 +4512,7 @@ let generate_lib_api_c () = let value = match errcode with | Some value -> value | None -> assert false in - pr " if (!%s_in_permitted_state (h)) {\n" name; + pr " if (unlikely (!%s_in_permitted_state (h))) {\n" name; pr " ret = %s;\n" value; pr " goto out;\n"; pr " }\n"; @@ -4525,7 +4525,7 @@ let generate_lib_api_c () = | Some value -> value | None -> assert false in let mask = List.fold_left (lor) 0 (List.map snd flags) in - pr " if ((%s & ~%d) != 0) {\n" n mask; + pr " if (unlikely ((%s & ~%d) != 0)) {\n" n mask; pr " set_error (EINVAL, \"%%s: invalid value for flag: %%d\",\n"; pr " \"%s\", %s);\n" n n; pr " ret = %s;\n" value; @@ -4658,7 +4658,7 @@ let generate_lib_api_c () = pr ");\n" (* Print the trace when we leave a call with debugging enabled. *) and print_trace_leave ret = - pr " if (h->debug) {\n"; + pr " if_debug (h) {\n"; let errcode = errcode_of_ret ret in (match errcode with | Some r -> diff --git a/lib/crypto.c b/lib/crypto.c index 07d06c0..8d86911 100644 --- a/lib/crypto.c +++ b/lib/crypto.c @@ -676,7 +676,7 @@ nbd_internal_crypto_handshake (struct nbd_handle *h) void nbd_internal_crypto_debug_tls_enabled (struct nbd_handle *h) { - if (h->debug) { + if_debug (h) { const gnutls_session_t session = h->sock->u.tls.session; const gnutls_cipher_algorithm_t cipher = gnutls_cipher_get (session); const gnutls_kx_algorithm_t kx = gnutls_kx_get (session); diff --git a/lib/internal.h b/lib/internal.h index 50c0a9b..894e437 100644 --- a/lib/internal.h +++ b/lib/internal.h @@ -40,6 +40,18 @@ #include "states.h" #include "unlocked.h" +/* Define unlikely macro, but only for GCC. These are used to move + * debug and error handling code out of hot paths, making the hot path + * into common functions use less instruction cache. + */ +#if defined(__GNUC__) +#define unlikely(x) __builtin_expect (!!(x), 0) +#define if_debug(h) if (unlikely ((h)->debug)) +#else +#define unlikely(x) (x) +#define if_debug(h) if ((h)->debug) +#endif + /* MSG_MORE is an optimization. If not present, ignore it. */ #ifndef MSG_MORE #define MSG_MORE 0 @@ -329,7 +341,7 @@ extern void nbd_internal_crypto_debug_tls_enabled (struct nbd_handle *); extern void nbd_internal_debug (struct nbd_handle *h, const char *fs, ...); #define debug(h, fs, ...) \ do { \ - if ((h)->debug) \ + if_debug ((h)) \ nbd_internal_debug ((h), (fs), ##__VA_ARGS__); \ } while (0) -- 2.23.0

4 years, 6 months

2
1
0 / 0

[PATCH nbdkit 0/3] server: Fix crash on close.

by Richard W.M. Jones

This fixes the long-standing crash on close when nbdkit exits. I did try first to fix threads so we're using a proper thread pool, but that's difficult to implement. So this does the minimal change needed to fix the crash instead. There are still two segfaults that happen during running the test suite. One is deliberately caused (tests/test-captive.sh). The other appears to be an assertion failure bug in the new finalize code: Thread 2 (Thread 0x7f12b820fa40 (LWP 231456)): #0 0x00007f12b8783a1f in __GI___poll (fds=0x55771f18c550, nfds=nfds@entry=2, timeout=timeout@entry=-1) at ../sysdeps/unix/sysv/linux/poll.c:29 #1 0x00005577156b9646 in poll (__timeout=-1, __nfds=2, __fds=<optimized out>) at /usr/include/bits/poll2.h:46 #2 check_sockets_and_quit_fd (nr_socks=1, socks=0x55771f18c2e0) at sockets.c:466 #3 accept_incoming_connections (socks=0x55771f18c2e0, nr_socks=1) at sockets.c:494 #4 0x00005577156ac6ac in start_serving () at main.c:914 #5 main (argc=<optimized out>, argv=0x7ffd0bcb15d8) at main.c:685 Thread 1 (Thread 0x7f12b820e700 (LWP 231469)): #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007f12b86b28d9 in __GI_abort () at abort.c:79 #2 0x00007f12b86b27a9 in __assert_fail_base (fmt=0x7f12b881db18 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5577156bb09d "h->state & HANDLE_CONNECTED", file=0x5577156bb064 "backend.c", line=240, function=<optimized out>) at assert.c:92 #3 0x00007f12b86c1a66 in __GI___assert_fail (assertion=assertion@entry=0x5577156bb09d "h->state & HANDLE_CONNECTED", file=file@entry=0x5577156bb064 "backend.c", line=line@entry=240, function=function@entry=0x5577156bb880 <__PRETTY_FUNCTION__.6528> "backend_finalize") at assert.c:101 #4 0x00005577156ad04e in backend_finalize (b=<optimized out>, conn=conn@entry=0x55771f1ac710) at backend.c:240 #5 0x00005577156b6ea8 in negotiate_handshake_newstyle_options (conn=<optimized out>) at protocol-handshake-newstyle.c:484 #6 protocol_handshake_newstyle (conn=0x55771f1ac710) at protocol-handshake-newstyle.c:762 #7 0x00005577156b5705 in protocol_handshake (conn=conn@entry=0x55771f1ac710) at protocol-handshake.c:55 #8 0x00005577156af73a in handle_single_connection (sockin=<optimized out>, sockout=15) at connections.c:167 #9 0x00005577156b8a48 in start_thread (datav=0x55771f18c620) at sockets.c:356 #10 0x00007f12b885f4e2 in start_thread (arg=<optimized out>) at pthread_create.c:479 #11 0x00007f12b878e643 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 Rich.

4 years, 6 months

1
3
0 / 0

[PATCH nbdkit 0/2] Implement fuzzing using Clang's libFuzzer.

by Richard W.M. Jones

libFuzzer is Clang's fuzzer, and alternative to using AFL: https://llvm.org/docs/LibFuzzer.html I implemented an alternative method of fuzzing for libnbd earlier today and it's pretty simple: https://github.com/libguestfs/libnbd/commit/c19a6fbae9a21a7d4693418706c59... However it's considerably more difficult to use libFuzzer with non-library code -- in this case nbdkit. I think the first patch in this series has some merit on its own. The second patch does a lot of pretty ugly stuff to turn nbdkit into a long-running process as required by libFuzzer. It does kind of work, although it leaks a few MB of memory for each minute that you run the fuzzer which is less than ideal. Rich.

4 years, 6 months

1
2
0 / 0

Re: [Libguestfs] [PATCH] fish: add option --blocksize for disks

by Richard W.M. Jones

I'm at the KVM Forum at the moment, and next week I'm at another conference, so don't have time to review this patch right now. Maybe others will comment. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW

4 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

Libguestfs November 2019