[libvirt] [PATCH 0/5] server-side filtering of domain events

Eric Blake eblake at redhat.com
Wed Jan 15 23:23:01 UTC 2014

This work was originally done with the thought that the fix
for CVE-2014-0028 would require server-side filtering to
make the check of connect:search_domains conditional on
whether the user passed NULL or a domain when registering
for an event.  The final version of the CVE fix no longer
needs the conditional behavior, so there is no longer a rush
to get this in to 1.2.1; but for 1.2.2, the code changes
offer a nice efficiency gain for the use case of libvirtd
managing lots of domains while a client only cares about
events from a small subset of domains.

While this will not be in 1.2.1 proper, I also tested that
the entire series can be backported without breaking the .so
versioning, if any downstream distro wants to include the
efficiency gain as part of their value added maintenance of
an older version.

Eric Blake (5):
  event: dynamically manage server-side RPC domain events
  event: server RPC protocol tweaks for domain lifecycle events
  event: prepare client to track domain callbackID
  event: client RPC protocol tweaks for domain lifecycle events
  event: convert remaining domain events to new style

 daemon/libvirtd.h               |   3 +-
 daemon/remote.c                 | 801 +++++++++++++++++++++++++++++-----------
 src/conf/domain_event.c         |  78 +++-
 src/conf/domain_event.h         |  22 ++
 src/conf/network_event.c        |   6 +-
 src/conf/object_event.c         |  31 +-
 src/conf/object_event_private.h |   6 +-
 src/libvirt_internal.h          |   7 +-
 src/remote/remote_driver.c      | 784 ++++++++++++++++++++++++++++++++-------
 src/remote/remote_protocol.x    | 192 +++++++++-
 src/remote_protocol-structs     |  92 +++++
 11 files changed, 1649 insertions(+), 373 deletions(-)


More information about the libvir-list mailing list