[libvirt] [PATCH 2/2] qemu: Set identity for the reconnect all thread
Peter Krempa
pkrempa at redhat.com
Mon Nov 12 06:42:27 UTC 2018
On Fri, Nov 09, 2018 at 19:39:37 -0500, John Ferlan wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1631622
>
> If polkit authentication is enabled, an attempt to open
> the connection failed during virAccessDriverPolkitGetCaller
> when the call to virIdentityGetCurrent returned NULL resulting
> in the errors:
>
> virAccessDriverPolkitGetCaller:87 : access denied from:
> Policy kit denied action org.libvirt.api.connect.getattr from <anonymous>
>
> virAccessManagerSanitizeError:204 : access denied from: nwfilter
>
> Because qemuProcessReconnect runs in a thread during
> daemonRunStateInit processing it doesn't have the thread
> local identity. Thus when the virGetConnectNWFilter is
> called as part of the qemuProcessFiltersInstantiate when
> virDomainConfNWFilterInstantiate is run the attempt to get
> the idenity fails and results in the anonymous error above.
>
> To fix this, let's grab/use the virIdenityPtr of the process
> that will be creating the thread, e.g. what daemonRunStateInit
> has set and use that for our thread. That way any other similar
> processing that uses/requires an identity for any other call
> that would have previously been successfully run won't fail in
> a similar manner.
>
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
> src/qemu/qemu_process.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
> index 06a65b44e4..93f6a2279a 100644
> --- a/src/qemu/qemu_process.c
> +++ b/src/qemu/qemu_process.c
> @@ -81,6 +81,7 @@
> #include "netdev_bandwidth_conf.h"
> #include "virresctrl.h"
> #include "virvsock.h"
> +#include "viridentity.h"
>
> #define VIR_FROM_THIS VIR_FROM_QEMU
>
> @@ -7716,6 +7717,7 @@ qemuProcessRefreshCPU(virQEMUDriverPtr driver,
> struct qemuProcessReconnectData {
> virQEMUDriverPtr driver;
> virDomainObjPtr obj;
> + virIdentityPtr identity;
> };
> /*
> * Open an existing VM's monitor, re-detect VCPU threads
> @@ -7753,6 +7755,7 @@ qemuProcessReconnect(void *opaque)
> bool retry = true;
> bool tryMonReconn = false;
>
> + virIdentitySetCurrent(data->identity);
This takes it's own reference to the identity. The reference in
data->identity is then leaked.
> VIR_FREE(data);
>
> qemuDomainObjRestoreJob(obj, &oldjob);
> @@ -7979,6 +7982,7 @@ qemuProcessReconnect(void *opaque)
> virObjectUnref(cfg);
> virObjectUnref(caps);
> virNWFilterUnlockFilterUpdates();
> + virIdentitySetCurrent(NULL);
> return;
>
> error:
> @@ -8022,6 +8026,7 @@ qemuProcessReconnectHelper(virDomainObjPtr obj,
>
> memcpy(data, src, sizeof(*data));
> data->obj = obj;
> + data->identity = virIdentityGetCurrent();
In addition to the leak from the thread, the reference is also leaked if
the thread creation fails.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20181112/683c9bcb/attachment-0001.sig>
More information about the libvir-list
mailing list