[PATCH 02/11] security_manager: Rework metadata locking

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Trying to use virlockd to lock metadata turns out to be too big
gun. Since we will always spawn a separate process for relabeling
we are safe to use thread unsafe POSIX locks and take out
virtlockd completely out of the picture.

Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
 src/security/security_dac.c     |   6 +-
 src/security/security_manager.c | 193 ++++++++++++++++++----------------------
 src/security/security_manager.h |  17 ++--
 src/security/security_selinux.c |   6 +-
 4 files changed, 102 insertions(+), 120 deletions(-)

diff --git a/src/security/security_dac.c b/src/security/security_dac.c
index 21db3b9684..b2a8e7fe88 100644
--- a/src/security/security_dac.c
+++ b/src/security/security_dac.c
@@ -204,6 +204,7 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
                              void *opaque)
 {
     virSecurityDACChownListPtr list = opaque;
+    virSecurityManagerMetadataLockStatePtr state;
     const char **paths = NULL;
     size_t npaths = 0;
     size_t i;
@@ -223,7 +224,7 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
         VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p);
     }
 
-    if (virSecurityManagerMetadataLock(list->manager, paths, npaths) < 0)
+    if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths)))
         goto cleanup;
 
     for (i = 0; i < list->nItems; i++) {
@@ -246,8 +247,7 @@ virSecurityDACTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
             break;
     }
 
-    if (virSecurityManagerMetadataUnlock(list->manager, paths, npaths) < 0)
-        goto cleanup;
+    virSecurityManagerMetadataUnlock(list->manager, &state);
 
     if (rv < 0)
         goto cleanup;
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index c6c80e6165..a0c81fa5d6 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -21,6 +21,10 @@
  */
 #include <config.h>
 
+#include <sys/types.h>
+#include <sys/stat.h>
+#include <fcntl.h>
+
 #include "security_driver.h"
 #include "security_stack.h"
 #include "security_dac.h"
@@ -30,14 +34,11 @@
 #include "virlog.h"
 #include "locking/lock_manager.h"
 #include "virfile.h"
-#include "virtime.h"
 
 #define VIR_FROM_THIS VIR_FROM_SECURITY
 
 VIR_LOG_INIT("security.security_manager");
 
-virMutex lockManagerMutex = VIR_MUTEX_INITIALIZER;
-
 struct _virSecurityManager {
     virObjectLockable parent;
 
@@ -47,10 +48,6 @@ struct _virSecurityManager {
     void *privateData;
 
     virLockManagerPluginPtr lockPlugin;
-    /* This is a FD that represents a connection to virtlockd so
-     * that connection is kept open in between MetdataLock() and
-     * MetadataUnlock() calls. */
-    int clientfd;
 };
 
 static virClassPtr virSecurityManagerClass;
@@ -66,7 +63,6 @@ void virSecurityManagerDispose(void *obj)
         mgr->drv->close(mgr);
 
     virObjectUnref(mgr->lockPlugin);
-    VIR_FORCE_CLOSE(mgr->clientfd);
 
     VIR_FREE(mgr->privateData);
 }
@@ -119,7 +115,6 @@ virSecurityManagerNewDriver(virSecurityDriverPtr drv,
     mgr->flags = flags;
     mgr->virtDriver = virtDriver;
     VIR_STEAL_PTR(mgr->privateData, privateData);
-    mgr->clientfd = -1;
 
     if (drv->open(mgr) < 0)
         goto error;
@@ -1276,129 +1271,111 @@ virSecurityManagerRestoreTPMLabels(virSecurityManagerPtr mgr,
 }
 
 
-static virLockManagerPtr
-virSecurityManagerNewLockManager(virSecurityManagerPtr mgr,
-                                 const char * const *paths,
-                                 size_t npaths)
+struct _virSecurityManagerMetadataLockState {
+    size_t nfds;
+    int *fds;
+};
+
+
+static int
+cmpstringp(const void *p1, const void *p2)
 {
-    virLockManagerPtr lock;
-    virLockManagerParam params[] = {
-        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UUID,
-            .key = "uuid",
-        },
-        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_STRING,
-            .key = "name",
-            .value = { .cstr = "libvirtd-sec" },
-        },
-        { .type = VIR_LOCK_MANAGER_PARAM_TYPE_UINT,
-            .key = "pid",
-            .value = { .iv = getpid() },
-        },
-    };
-    const unsigned int flags = 0;
-    size_t i;
-
-    if (virGetHostUUID(params[0].value.uuid) < 0)
-        return NULL;
-
-    if (!(lock = virLockManagerNew(virLockManagerPluginGetDriver(mgr->lockPlugin),
-                                   VIR_LOCK_MANAGER_OBJECT_TYPE_DAEMON,
-                                   ARRAY_CARDINALITY(params),
-                                   params,
-                                   flags)))
-        return NULL;
-
-    for (i = 0; i < npaths; i++) {
-        if (virLockManagerAddResource(lock,
-                                      VIR_LOCK_MANAGER_RESOURCE_TYPE_METADATA,
-                                      paths[i], 0, NULL, 0) < 0)
-            goto error;
-    }
-
-    return lock;
- error:
-    virLockManagerFree(lock);
-    return NULL;
+    /* from man 3 qsort */
+    return strcmp(* (char * const *) p1, * (char * const *) p2);
 }
 
+#define METADATA_OFFSET 1
+#define METADATA_LEN 1
 
-/* How many seconds should we try to acquire the lock before
- * giving up. */
-#define LOCK_ACQUIRE_TIMEOUT 60
-
-int
-virSecurityManagerMetadataLock(virSecurityManagerPtr mgr,
-                               const char * const *paths,
+/**
+ * virSecurityManagerMetadataLock:
+ * @mgr: security manager object
+ * @paths: paths to lock
+ * @npaths: number of items in @paths array
+ *
+ * Lock passed @paths for metadata change. The returned state
+ * should be passed to virSecurityManagerMetadataUnlock.
+ *
+ * NOTE: this function is not thread safe (because of usage of
+ * POSIX locks).
+ *
+ * Returns: state on success,
+ *          NULL on failure.
+ */
+virSecurityManagerMetadataLockStatePtr
+virSecurityManagerMetadataLock(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                               const char **paths,
                                size_t npaths)
 {
-    virLockManagerPtr lock;
-    virTimeBackOffVar timebackoff;
-    int fd = -1;
-    int rv = -1;
-    int ret = -1;
+    size_t i = 0;
+    int *fds = NULL;
+    virSecurityManagerMetadataLockStatePtr ret = NULL;
 
-    virMutexLock(&lockManagerMutex);
+    if (VIR_ALLOC_N(fds, npaths) < 0)
+        return NULL;
 
-    if (!(lock = virSecurityManagerNewLockManager(mgr, paths, npaths)))
-        goto cleanup;
+    /* Sort paths to lock in order to avoid deadlocks. */
+    qsort(paths, npaths, sizeof(*paths), cmpstringp);
 
-    if (virTimeBackOffStart(&timebackoff, 1, LOCK_ACQUIRE_TIMEOUT * 1000) < 0)
-        goto cleanup;
-    while (virTimeBackOffWait(&timebackoff)) {
-        rv = virLockManagerAcquire(lock, NULL,
-                                   VIR_LOCK_MANAGER_ACQUIRE_ROLLBACK,
-                                   VIR_DOMAIN_LOCK_FAILURE_DEFAULT, &fd);
+    for (i = 0; i < npaths; i++) {
+        if ((fds[i] = open(paths[i], O_RDWR)) < 0) {
+            virReportSystemError(errno,
+                                 _("unable to open %s"),
+                                 paths[i]);
+            goto cleanup;
+        }
 
-        if (rv >= 0)
-            break;
-
-        if (virGetLastErrorCode() == VIR_ERR_RESOURCE_BUSY)
-            continue;
-
-        goto cleanup;
+        if (virFileLock(fds[i], false,
+                        METADATA_OFFSET, METADATA_LEN, true) < 0) {
+            virReportSystemError(errno,
+                                 _("unable to lock %s for metadata change"),
+                                 paths[i]);
+            VIR_FORCE_CLOSE(fds[i]);
+            goto cleanup;
+        }
     }
 
-    if (rv < 0)
+    if (VIR_ALLOC(ret) < 0)
         goto cleanup;
 
-    mgr->clientfd = fd;
-    fd = -1;
+    VIR_STEAL_PTR(ret->fds, fds);
+    ret->nfds = i;
+    i = 0;
 
-    ret = 0;
  cleanup:
-    virLockManagerFree(lock);
-    VIR_FORCE_CLOSE(fd);
-    if (ret < 0)
-        virMutexUnlock(&lockManagerMutex);
+    for (; i > 0; i--)
+        VIR_FORCE_CLOSE(fds[i - 1]);
+    VIR_FREE(fds);
     return ret;
 }
 
 
-int
-virSecurityManagerMetadataUnlock(virSecurityManagerPtr mgr,
-                                 const char * const *paths,
-                                 size_t npaths)
+void
+virSecurityManagerMetadataUnlock(virSecurityManagerPtr mgr ATTRIBUTE_UNUSED,
+                                 virSecurityManagerMetadataLockStatePtr *state)
 {
-    virLockManagerPtr lock;
-    int fd;
-    int ret = -1;
+    size_t i;
 
-    /* lockManagerMutex acquired from previous
-     * virSecurityManagerMetadataLock() call. */
+    if (!state)
+        return;
 
-    fd = mgr->clientfd;
-    mgr->clientfd = -1;
+    for (i = 0; i < (*state)->nfds; i++) {
+        char ebuf[1024];
+        int fd = (*state)->fds[i];
 
-    if (!(lock = virSecurityManagerNewLockManager(mgr, paths, npaths)))
-        goto cleanup;
+        /* Technically, unlock is not needed because it will
+         * happen on VIR_CLOSE() anyway. But let's play it nice. */
+        if (virFileUnlock(fd, METADATA_OFFSET, METADATA_LEN) < 0) {
+            VIR_WARN("Unable to unlock fd %d: %s",
+                     fd, virStrerror(errno, ebuf, sizeof(ebuf)));
+        }
 
-    if (virLockManagerRelease(lock, NULL, 0) < 0)
-        goto cleanup;
+        if (VIR_CLOSE(fd) < 0) {
+            VIR_WARN("Unable to close fd %d: %s",
+                     fd, virStrerror(errno, ebuf, sizeof(ebuf)));
+        }
+    }
 
-    ret = 0;
- cleanup:
-    virLockManagerFree(lock);
-    VIR_FORCE_CLOSE(fd);
-    virMutexUnlock(&lockManagerMutex);
-    return ret;
+    VIR_FREE((*state)->fds);
+    VIR_FREE(*state);
 }
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index 10ebe5cc29..fe8a1b4a24 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -199,11 +199,16 @@ int virSecurityManagerSetTPMLabels(virSecurityManagerPtr mgr,
 int virSecurityManagerRestoreTPMLabels(virSecurityManagerPtr mgr,
                                        virDomainDefPtr vm);
 
-int virSecurityManagerMetadataLock(virSecurityManagerPtr mgr,
-                                   const char * const *paths,
-                                   size_t npaths);
-int virSecurityManagerMetadataUnlock(virSecurityManagerPtr mgr,
-                                     const char * const *paths,
-                                     size_t npaths);
+typedef struct _virSecurityManagerMetadataLockState virSecurityManagerMetadataLockState;
+typedef virSecurityManagerMetadataLockState *virSecurityManagerMetadataLockStatePtr;
+
+virSecurityManagerMetadataLockStatePtr
+virSecurityManagerMetadataLock(virSecurityManagerPtr mgr,
+                               const char **paths,
+                               size_t npaths);
+
+void
+virSecurityManagerMetadataUnlock(virSecurityManagerPtr mgr,
+                                 virSecurityManagerMetadataLockStatePtr *state);
 
 #endif /* VIR_SECURITY_MANAGER_H__ */
diff --git a/src/security/security_selinux.c b/src/security/security_selinux.c
index 3c847d8dcb..b3de70fd8f 100644
--- a/src/security/security_selinux.c
+++ b/src/security/security_selinux.c
@@ -214,6 +214,7 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
                                  void *opaque)
 {
     virSecuritySELinuxContextListPtr list = opaque;
+    virSecurityManagerMetadataLockStatePtr state;
     bool privileged = virSecurityManagerGetPrivileged(list->manager);
     const char **paths = NULL;
     size_t npaths = 0;
@@ -233,7 +234,7 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
         VIR_APPEND_ELEMENT_COPY_INPLACE(paths, npaths, p);
     }
 
-    if (virSecurityManagerMetadataLock(list->manager, paths, npaths) < 0)
+    if (!(state = virSecurityManagerMetadataLock(list->manager, paths, npaths)))
         goto cleanup;
 
     rv = 0;
@@ -250,8 +251,7 @@ virSecuritySELinuxTransactionRun(pid_t pid ATTRIBUTE_UNUSED,
         }
     }
 
-    if (virSecurityManagerMetadataUnlock(list->manager, paths, npaths) < 0)
-        goto cleanup;
+    virSecurityManagerMetadataUnlock(list->manager, &state);
 
     if (rv < 0)
         goto cleanup;
-- 
2.16.4

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux