| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Coverity-ID: 1055997
Signed-off-by: Matthew Daley <mattjd@gmail.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
XenStore puts in queued watch events via a thread and notifies the user.
Sometimes xs_unwatch is called before all related message is read. The use
case is non-threaded libevent, we have two event A and B:
- Event A will destroy something and call xs_unwatch;
- Event B is used to notify that a node has changed in XenStore.
As the event is called one by one, event A can be handled before event B.
So on next xs_watch_read the user could retrieve an unwatch token and
a segfault occured if the token store the pointer of the structure
(ie: "backend:0xcafe").
To avoid problem with previous application using libXenStore, this behaviour
will only be enabled if XS_UNWATCH_FILTER is given to xs_open.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Signed-off-by: Julien Grall <julien.grall@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Redefine usage of pthread_cleanup_push and _pop, to explicitly call free for
heap objects in error paths.
By the way, set a suitable errno value for an error path that had none.
Signed-off-by: Andres Lagar-Cavilla <andres@lagarcavilla.org>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
xs_watch() creates a thread to wake watchers using default attributes. The
stacksize can be quite large (8 MB on Linux), applications that link against
xenstore end up having a larger memory footprint than necessary.
Signed-off-by: Simon Rowe <simon.rowe@eu.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
The thread created to wakeup watchers is not intended to handle signals
(and a later patch will reduce it's stack size which makes it unsuitable
for doing so).
Signed-off-by: Simon Rowe <simon.rowe@eu.citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The xenstore header xs.h is producing conflicts with other software[1].
xs is a too short identifier and does not matche the library. Renaming
the headers to xenstore.h and xenstore_lib.h is the easiest way to make
them easy recognizable and prevent furthe problems.
[1]: http://bugs.debian.org/668550
[ Also update QEMU_TAG, to bring in corresponding change to
qemu-xen-traditional. -iwj ]
Signed-off-by: Bastian Blank <waldi@debian.org>
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
Acked-by: Ian Jackson <ian.jackson@eu.citrix.com>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
--HG--
rename : tools/xenstore/xs.h => tools/xenstore/xenstore.h
rename : tools/xenstore/xs_lib.h => tools/xenstore/xenstore_lib.h
|
| |
|
|
|
|
|
|
|
| |
This utility function compares two paths, textually and reports
whether one is a subpath (a child path) of the other.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Event-driven programs want to wait until the xs_fileno triggers for
reading, and then repeatedly call xs_check_watch.
Also xs_read_watch exposes a useless "num" out parameter, which should
always (if things aren't going hideously wrong) be at least 2 and
which the caller shouldn't be interested in. So xs_check_watch
doesn't have one of those.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Committed-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
| |
In order to read keys from xenstore, the xenstore libraries need to
write the request to the xenbus socket. This means that the socket
cannot be opened read-only.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Committed-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "-s" option to xenstore-ls is used by the xencommons startup
script to check whether xenstored is already running, before starting
it.
Since 22498:a40455ae9ad3, "-s" has been a no-op, and libxenstore will
always fall back to using xenbus. The combined effect is that the
xencommons script deadlocks: xenstore-ls hangs waiting for xenstored,
which isn't started by xencommons because xencommons is waiting for
xenstore-ls.
In this patch, we:
* Introduce a new XS_OPEN_SOCKETONLY flag which disables the
fallback behaviour;
* Make the xenstore command line tools use the new xs_open call
rather than the old, deprecated xs_open_* calls (which are
now identical).
* Plumb the xenstore command line tools "-s" option to set the
XS_OPEN_SOCKETONLY flag.
* Change the type of the XS_OPEN_* flags so that they naturally have
type unsigned long.
The "-s" option to xenstore-ls et al, and the XS_OPEN_SOCKETONLY flag,
are intended for use by toolstack infrastructure and should not
normally be used by higher-level code.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
interface (xs_domain_open) when the socket interface (xs_daemon_opn)
fails.
Signed-off-by: Mihir Nanavati <mihirn@cs.ubc.ca>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
Signed-off-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
committer: Stefano Stabellini <stefano.stabellini@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a multithreaded caller creates a thread which calls xs_read_watch,
before it has set any watches with xs_watch, the thread in
xs_read_watch will enter read_message and sit reading the xenstored fd
without the appropriate locks held. Other threads can then
concurrently read the xenstored fd, which naturally does not work very
well.
Symptoms of this bug which I have been able to reproduce include
failure of xend startup to finish, due to a deadlock; results could
also include reading corrupted data from xenstore.
In this patch we arrange for xs_read_watch to always rely on the
reader thread created by xs_watch. If no watches have been set, then
xs_read_watch will block until one has been. If the library is
compiled non-threaded xs_read_watch unconditionally does the reading
in the current thread.
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
Acked-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The return value of read_message needs to be checked in order to avoid
waiting forever for a message if there is an error on the communication
channel with xenstore. Currently, this is only checked if USE_PTHREAD is
defined (by checking for read thread exit), and that path is prone to
deadlock if request_mutex is held while waiting.
Since the failure of read_message leaves the socket in an undefined
state, close the socket and force all threads waiting on a read to return.
This also fixes xs_read_watch in the case where a read thread is not
running (in particular, this will happen if !USE_PTHREAD) by having it
read from the communication channel in the same way as read_reply.
Signed-off-by: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
| |
The OCaml xenstored supports the XS_RESTRICT operation, which
deprivileges a dom0 xenstore connection so it can only affect one
domain's entries. Add the relevant definitions to the C libraries
so that callers can use it.
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
|
| |
|
|
|
|
|
| |
the connection, rather than getting stuck forever.
Patch from: Steven Smith <steven.smith@eu.citrix.com>
Signed-off-by: Tim Deegan <Tim.Deegan@citrix.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir.fraser@citrix.com>
|
| |
|
|
|
|
|
|
|
|
| |
Doing a pthread_cancel and join on the reader thread while holding all
the request/reply/watch mutexes can deadlock if the thread needs to
take any of those mutexes to exit. Kill off the reader thread before
taking any mutexes (which should be redundant if we're
single-threaded at that point).
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
|
| |
|
|
|
|
|
|
|
| |
cancelled
If the read thread is terminated with pthread cancel, it must make
sure all memory is freed and mutexes are unlocked.
Signed-off-by: Jeremy Fitzhardinge <jeremy.fitzhardinge@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Provide a new function xs_daemon_destroy_postfork which can be called
by a libxenstore user who has called fork, to close the fd for the
connection to xenstored and free the memory, without trying to do
anything to any threads which libxenstore may have created.
Use this new function in libxl_fork, to avoid accidental use of a
xenstore connection in both parent and child.
Also, fix the doc comment for libxl_spawn_spawn to have the success
return codes the right way round.
Signed-off-by: Ian Jackson <Ian.Jackson@eu.citrix.com>
|
| |
|
|
|
|
| |
/var/lib/xen/suspend_evtchn_lock.d to protect the access.
Signed-off-by: Jiang Yunhong <yunhong.jiang@intel.com>
|
| |
|
|
| |
Signed-off-by: Konrad Rzeszutek <konrad@virtualiron.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This removes threading from libxenstore.a (but not libxenstore.so)
since pthreads is incompatible with static linking and none of the
command line clients require threads anyway.
It is now possible to build these utilities statically with a uclibc
toolchain which is useful for small userspace utility domains.
Signed-off-by: Ian Campbell <ian.campbell@citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Stubdomains (and probably other domain disagregation elements too)
need to be able to tinker with another domain. This adds
XS_SET_TARGET so that XenStore allows domains to have permissions on
files on which the "target" has permissions. This also adds
xs_set_target, called by the domain builder when the 'target' option
is used in the configuration.
Signed-off-by: Samuel Thibault <samuel.thibault@eu.citrix.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Documents the existing 4kby size limit on xenstore message payloads
* Causes xs.c in libxenstore to fail locally rather than violating
said limit (which is good because xenstored kills the client
connection if it's exceeded).
* Introduces some limits on path lengths in xenstored. I trust
no-one is using path lengths >2kby. This is good because currently
a domain client can create a 4kby relative path that the dom0 tools
cannot access since they'd have to specify the somewhat longer
absolute path.
* Removes uses of the host's PATH_MAX (!)
Signed-off-by: Ian Jackson <ian.jackson@eu.citrix.com>
|
| |
|
|
| |
Signed-off-by: Christoph Egger <Christoph.Egger@amd.com>
|
| |
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
| |
This clears the shutdown flag for a domain in xenstore, allowing
subsequent shutdowns of the same domain to fire the appropriate
watches.
Signed-off-by: Brendan Cully <brendan@cs.ubc.ca>
|
| |
|
|
|
| |
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
|
| |
|
|
|
|
| |
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
| |
|
|
|
| |
Signed-off-by: Vincent Hanquez <vincent@xensource.com>
|
| |
|
|
|
|
|
| |
using this value at the moment -- it's only there for use by future clients.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
whether a domain has been introduced to the store. Added a separate message
XS_IS_DOMAIN_INTRODUCED and API for that (xs_is_domain_introduced) to determine
whether the domain has really been introduced. This change means that the
tools can determine the correct domain path earlier in the domain creation
process, which is particularly a factor with live migration, as it allows us
to create the devices earlier in the process, and unpause the new domain before
performing the introduce. Until recently we already had these features, but
the simplification of the interface between xend and xenstored caused breakage.
No longer clear out the domain path when a domain is introduced -- this was a
hack to work around the recent problematic semantics of GetDomainPath.
Do not write the contents of the info block to the store. All the configuration
info is written to the /vm path, and anything else in the info block is either
dealt with explicitly or is ephemeral and has no place in the store.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that loop completely -- the xc_init_store, initDomainStore calls can all go.
Have xenstored understand where the local domain information goes. Xend no
longer has to generate a path and pass it to xenstored through
xs_introduce_domain -- we just allow xenstored to generate the path, and then
call GetDomainPath later. There is still some work required to tidy this up.
Change the uuid module to generate uuids as lists of bytes, not in the
stringified form. Added a unit test for that module.
Change the semantics of Xend restart, relying on these changes to the
xenstored semantics and earlier changes to add an opaque handle to the
hypervisor's domain-specific data block. The semantics are now clearer, as
Xend can validate whether the details in the store match the current live
domain.
Added a usage statement to xenstored.
Some of this code is by Steven Hand.
Signed-off-by: Ewan Mellor <ewan@xensource.com>
|
| |
|
|
|
|
|
|
| |
use stdint-format bitsize types (uint32_t and friends).
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
time a watch is registered. Before this it is fine for
caller threads to read the comms channel directly as no
async messages will be received.
This avoids various user tools needlessly creating three
threads where one will do the job.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
connection, plus interleaving of transactional and
non-transactional accesses. A transaction identifier is added
to the xsd_sockmsg header structure (0 means 'not in context
of a transaction'). The user and kernel xs interfaces accept
a pointer to a transaction handle where appropriate --
currently this is directly cast to an integer identifier in
the client library / kernel driver, but will allow for keeping
extra dynamic client-side state in future if we need to.
The transaction mutex has now gone. It's replaced with a
read-write mutex, but this is only acquired for exclusive
access during suspend/resume, to ensure there are no in-progress
transactions.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
| |
handle on appropriate operations. Next step is to plug this
through to the store daemon and get rid of the nasty serialisation
mutex for transactions.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
| |
to fire concurrently with request/reply pairs. Remove
watch_ack message: no longer needed.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
| |
thread to read messages from the comms channel.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
which defines aspects of the 'wire' protocol between
xs daemon and clients in user and kernel land, is now
xs_wire.h and moved to xen's public/io directory. From there
it is more easily accessible by kernels.
Signed-off-by: Keir Fraser <keir@xensource.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
kernel).
Add index macros (XS_WATCH_*) for accessing the array to allow for future
expansion.
Signed-off-by: Anthony Liguori <aliguori@us.ibm.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Transactions no longer take root dir, no longer lock & block: commit can fail spuriously with EAGAIN, not ETIMEDOUT.
Speeds up transactions by over 1000 times, should be NFS safe.
New program: xs_tdb_dump to dump raw TDB contents.
Don't do failure testing: we are no longer robust against all ENOMEM 8(
Introduce "struct node" which contains perms, children and data.
Make struct xs_permissions unpadded, so we can write to tdb w/o valgrind complaints.
Gently modify TDB to use talloc, not do alloc on tdb_delete.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
| |
|
|
|
|
|
|
|
|
| |
xs_write with O_CREAT|O_EXCL causes problems over daemon restarts, since
it's not idempotent.
It turns out noone really needs the flags word at all, so get rid of it.
It's now as if everyone specified "O_CREAT".
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When modifying libxenstore to transparently restart when the daemon dies,
it became apparent that life is simpler when all commands can simply be
restarted. So this patch makes a slight semantic change to xs_rm and xs_mkdir:
xs_rm now succeeds if the file doesn't exist (as long as the parent exists),
and xs_mkdir succeeds if the directory already exists.
Noone should notice.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
|
| |
|
|
|
|
|
| |
Detect if we're connecting to a socket or to the domain device and
open accordingly.
Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
|
| |
|
|
|
|
|
|
| |
Check boundaries so we can recover if userspace dies.
Also simplifies libxenstore.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Christian Limpach <Christian.Limpach@cl.cam.ac.uk>
|
| |
|
|
|
| |
Signed-off-by: Keir Fraser <keir@xensource.com>
|
