| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Coverity-ID: 1055277
Signed-off-by: Matthew Daley <mattjd@gmail.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Poll() can support more file descriptors than select(). We've done this for
xenconsoled, now do this for cxenstored as well.
The code is taken from xenconsoled and modified to adapt to cxenstored.
Note that poll() semantic is a bit different from select(). In Linux, if a fd
is set in IN/OUT fd_set and error occurs inside select(), this fd is still
considered readable / writable, and it is set in the returned IN/OUT fd_set.
So in later handle_input / handle_output, the connection will eventually be
talloc_free'ed(). After switching to poll(), we should take care of any error
right away, making the code clearer.
Signed-off-by: Wei Liu <wei.liu2@citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The xenstore header xs.h is producing conflicts with other software[1].
xs is a too short identifier and does not matche the library. Renaming
the headers to xenstore.h and xenstore_lib.h is the easiest way to make
them easy recognizable and prevent furthe problems.
[1]: http://bugs.debian.org/668550
[ Also update QEMU_TAG, to bring in corresponding change to
qemu-xen-traditional. -iwj ]
Signed-off-by: Bastian Blank <waldi@debian.org>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
--HG--
rename : tools/xenstore/xs.h => tools/xenstore/xenstore.h
rename : tools/xenstore/xs_lib.h => tools/xenstore/xenstore_lib.h
|
|
|
|
|
|
|
|
|
|
|
|
| |
This parameter identifies an alternative service domain which has
superuser access to the xenstore database, which is currently required
to set up a new domain's xenstore entries.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This centralizes all the permission checking for privileged domains in
preparation for allowing domains other than dom0 to be privileged.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When xenstored is run in a minios domain, it needs a bootstrap
connection to dom0 so that additional domain introduce messages can be
sent to it.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A previous versions of this patch has been sent to xen-devel. See
http://lists.xensource.com/archives/html/xen-devel/2009-03/msg01655.html
Signed-off-by: Diego Ongaro <diego.ongaro@citrix.com>
Signed-off-by: Alex Zeffertt <alex.zeffertt@eu.citrix.com>
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add option for compiling xenstored without unix sockets to support
running on mini-OS
Signed-off-by: Diego Ongaro <diego.ongaro@citrix.com>
Signed-off-by: Alex Zeffertt <alex.zeffertt@eu.citrix.com>
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Cc: Ian Jackson <ian.jackson@eu.citrix.com>
Cc: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
When a message with zero length is sent to xenstore, the body of the
message was not processed until the socket or ring had more data to
read; this will cause deadlocks if the requestor is waiting on a
response to continue.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During kexec all old watches have to be removed, otherwise the new
kernel will receive unexpected events. Allow a guest to reset itself
and cleanup all of its watches and transactions.
Add a new XS_RESET_WATCHES command to do the reset on behalf of the
guest.
(Changes by iwj: specify the argument to be a single nul byte. Permit
read-only clients to use the new command.)
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
| |
The usage printed for xenstored was not in sync with the parameters
defined in the code.
Signed-off-by: juergen.gross@ts.fujitsu.com
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This makes the interface consistent with the changes made to the main
interface in 21483:779c0ef9682c.
Also fix some references to "struct xc_interface" which should have
been simply "xc_interface" in tools/xenpaging, and update QEMU_TAG to
pull in the corresponding qemu change.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Problem: Handling requests for one connection can not only zap the
connection itself, due to socket disconnects for example. It can also
zap *other* connections, due to domain release requests. Especially
it can zap the connection we have saved a pointer to in the "next"
variable.
From: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
|
|
|
|
|
| |
proper prototypes for others as required.
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a connection is dropped with pending input and output data then the
connection will be dereferenced by both handle_input and handle_output
resulting in a double free when the main loop dereferences the
connection.
Fix this issue by taking/releasing a reference over the calls to
handle_input and handle_output separately and checking the result of
talloc_free to see if the connection went away.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
|
|
|
| |
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
|
|
|
|
|
|
|
| |
Add USDT probes for significant xenstore operations to allow dynamic
tracing.
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Stubdomains (and probably other domain disagregation elements too)
need to be able to tinker with another domain. This adds
XS_SET_TARGET so that XenStore allows domains to have permissions on
files on which the "target" has permissions. This also adds
xs_set_target, called by the domain builder when the 'target' option
is used in the configuration.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Documents the existing 4kby size limit on xenstore message payloads
* Causes xs.c in libxenstore to fail locally rather than violating
said limit (which is good because xenstored kills the client
connection if it's exceeded).
* Introduces some limits on path lengths in xenstored. I trust
no-one is using path lengths >2kby. This is good because currently
a domain client can create a 4kby relative path that the dom0 tools
cannot access since they'd have to specify the somewhat longer
absolute path.
* Removes uses of the host's PATH_MAX (!)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The attached patch adds a new text file docs/misc/xenstore.txt which
describes the actual protocol implemented by xenstored. This was
reverse-engineered from the actual code in tools/xenstore.
I didn't bother making any automatic arrangements to ensure that the
implemented and documented protocols are kept in step (for example,
automatic code generation, etc.) The protocol is rather messy
unfortunately and unsuitable for an xdr approach, and in any case is
not likely to change very quickly.
Also in this patch are a couple of comments for xenstored_core.c which
help clarify the behaviour of some payload parsing helper functions.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
|
|
|
| |
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
|
|
|
|
|
|
| |
The dup2() calls had their arguments reversed. Also remove the
unnecessary close() calls.
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
| |
implemented as variables on all systems.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
| |
This fixes client reader-thread deaths in which a 'garbage string' was
being read instead of a well-formed message header.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
| |
*should* in fact cause the connection to be destroyed. Fix this with a
little extra code in the readfd() handler.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
| |
1. readfd/writefd account for EINTR/EAGAIN errno returns.
2. Handle zero return from ->read() and ->write() handlers
symmetrically.
3. Fix some indentation issues (use hard tabs).
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
| |
Avoids total starvation under some workloads.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
| |
Suggested by Pavel Kankovsky <peak@argo.troja.mff.cuni.cz>.
Signed-off-by: Steven Hand <steven@xensource.com>
|
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
|
|
| |
This clears the shutdown flag for a domain in xenstore, allowing
subsequent shutdowns of the same domain to fire the appropriate
watches.
Signed-off-by: Brendan Cully <brendan@cs.ubc.ca>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the guest but deleted by dom0 were remaining accounted against the guest,
which meant that the guest would eventually run out of quota.
This patch also prevents unprivileged domains from changing the owner of a
node. One guest could attack another by creating nodes and then transferring
them to the ownership of another, and though the accounting could be made to
work properly in this case, domains should never be transferring nodes in any
case, so it seems safer just to disallow the operation entirely.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In certain cases, when a client doesn't have enough permissions, the
errno variable is not set in xenstored_core.c before its value is
reported back. As a result, the client can learn about the errno of
the last failed request to xenstored (which could have come from
another client). (An unintended information channel! :-)
From: Magnus Carlsson <magnus@galois.com>
Signed-off-by: Keir Fraser <keir@xensource.com>
|
|
|
|
|
|
| |
Additionally, on Solaris, tell the kernel when xenstored is running.
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
| |
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
|
|
|
|
| |
browsing the list of transaction each time
Bump the default to 10, and make it configurable through the command line.
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
|
|
|
| |
No longer open the device as non-blocking: all reads immediately follow
a select() on the device indicating it's ready to read.
Signed-off-by: John Levon <john.levon@sun.com>
|
|
|
|
|
| |
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
|
|
|
|
| |
functions are checked to avoid some bugs, a few warnings pop up and
become errors due to -Werror. Attached checks the return codes
(or at least stores them to a dummy variable).
Signed-off-by: Jeremy Katz <katzj@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
|
|
| |
tdb_store fails.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
|
|
|
|
| |
us greater confidence that our talloc implementation is "known good". Remove
the OOM handling from consider_message: talloc_set_fail_handler is no longer
supported.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
|
|
|
|
|
|
|
|
|
| |
- Build -O2 rather than -O3
- Build with -Wstrict-prototypes
- Move target-specific generic compiler switches to Config.mk
Signed-off-by: Keir Fraser <keir@xensource.com>
|