[libvirt] [PATCH 0/8] Don't hold both monitor and agent jobs at the same time
Michal Privoznik
mprivozn at redhat.com
Thu Dec 12 14:47:15 UTC 2019
On 12/5/19 5:08 PM, Jonathon Jongsma wrote:
> We have to assume that the guest agent may be malicious, so we don't want to
> allow any agent queries to block any other libvirt API. By holding a monitor
> job and an agent job while we're querying the agent, any other threads will be
> blocked from using the monitor while the agent is unresponsive. Because libvirt
> waits forever for an agent response, this makes us vulnerable to a denial of
> service from a malicious (or simply buggy) guest agent.
>
> This series of patches attempts to remove any cases where we were holding both
> jobs at the same time, removes a convenience function which allows us to grab
> both jobs at once, and updates documentation regarding this issue.
>
> Jonathon Jongsma (8):
> qemu: don't take agent and monitor job for shutdown
> qemu: don't hold a monitor and agent job for reboot
> qemu: don't hold both jobs for suspend
> qemu: don't hold monitor and agent job when setting time
> qemu: don't hold monitor job for fsinfo
> qemu: don't hold monitor job for GetGuestInfo()
> qemu: remove use of qemuDomainObjBeginJobWithAgent()
> qemu: remove qemuDomainObjBegin/EndJobWithAgent()
>
> src/qemu/THREADS.txt | 58 +-----
> src/qemu/qemu_domain.c | 56 +-----
> src/qemu/qemu_domain.h | 7 -
> src/qemu/qemu_driver.c | 405 +++++++++++++++++++++++++----------------
> 4 files changed, 258 insertions(+), 268 deletions(-)
>
ACK to all but 5/8 and 6/8. Also, I'm pushing patches 1-4 and 7. I'd
push 8/8 also but we can't remove the function while it's still use :-D
Michal
More information about the libvir-list
mailing list