From nobody Mon Apr 29 12:16:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1506439483892272.728108055549;
 Tue, 26 Sep 2017 08:24:43 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 854AB2C973D;
	Tue, 26 Sep 2017 15:24:42 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B2753785C2;
	Tue, 26 Sep 2017 15:24:41 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 976BD410B2;
	Tue, 26 Sep 2017 15:24:40 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com
	[10.5.11.15])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id v8QFDfk3031952 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 26 Sep 2017 11:13:41 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 2244969ADF; Tue, 26 Sep 2017 15:13:41 +0000 (UTC)
Received: from antique-work.brq.redhat.com (unknown [10.43.2.152])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 9DC806B6C1
	for <libvir-list@redhat.com>; Tue, 26 Sep 2017 15:13:38 +0000 (UTC)
DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 854AB2C973D
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
 dmarc=none (p=none dis=none) header.from=redhat.com
Authentication-Results: ext-mx05.extmail.prod.ext.phx2.redhat.com;
 spf=fail smtp.mailfrom=libvir-list-bounces@redhat.com
From: Pavel Hrdina <phrdina@redhat.com>
To: libvir-list@redhat.com
Date: Tue, 26 Sep 2017 17:13:37 +0200
Message-Id: 
 <de6f9bafc0b30e5d71658aabe6f4432c02ee0397.1506438631.git.phrdina@redhat.com>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-loop: libvir-list@redhat.com
Subject: [libvirt] [PATCH] rpc: for messages with FDs always decode count of
	FDs from the message
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.29]);
 Tue, 26 Sep 2017 15:24:43 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

The packet with passed FD has the following format:

    --------------------------
    | len | header | payload |
    --------------------------

where "payload" has an additional count of FDs before the actual data:

    ------------------
    | nfds | payload |
    ------------------

When the packet is received we parse the "header", which as a side
effect updates msg->bufferOffset to point to the beginning of "payload".
If the message call contains FDs, we need to also parse the count of
FDs, which also updates the msg->bufferOffset.

The issue here is that when we attempt to read the FDs data from the
socket and we receive EAGAIN we finish the reading and call poll()
to wait for the data the we need.  When the data arrives we already have
the packet in our buffer so we read the "header" again but this time
we don't read the count of FDs because we already have it stored.

That means that the msg->bufferOffset is not updated to point to the
actual beginning of the payload data, but it points to the count of
FDs.  After all FDs are processed we dispatch the message to process
it and decode the payload.  Since the msg->bufferOffset points to wrong
data, we decode the wrong payload and the API call fails with
error messages:

    Domain not found: no domain with matching uuid '67656e65-7269-6300-0c87=
-5003ca6941f2' ()

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/rpc/virnetclient.c       |  3 +--
 src/rpc/virnetmessage.c      | 12 +++++++-----
 src/rpc/virnetserverclient.c |  3 +--
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/rpc/virnetclient.c b/src/rpc/virnetclient.c
index 95cd9a6c7e..eb46e34301 100644
--- a/src/rpc/virnetclient.c
+++ b/src/rpc/virnetclient.c
@@ -1428,8 +1428,7 @@ virNetClientIOHandleInput(virNetClientPtr client)
                 if (client->msg.header.type =3D=3D VIR_NET_REPLY_WITH_FDS)=
 {
                     size_t i;
=20
-                    if (client->msg.nfds =3D=3D 0 &&
-                        virNetMessageDecodeNumFDs(&client->msg) < 0)
+                    if (virNetMessageDecodeNumFDs(&client->msg) < 0)
                         return -1;
=20
                     for (i =3D client->msg.donefds; i < client->msg.nfds; =
i++) {
diff --git a/src/rpc/virnetmessage.c b/src/rpc/virnetmessage.c
index 5908b074a8..94c4c89e4f 100644
--- a/src/rpc/virnetmessage.c
+++ b/src/rpc/virnetmessage.c
@@ -327,11 +327,13 @@ int virNetMessageDecodeNumFDs(virNetMessagePtr msg)
         goto cleanup;
     }
=20
-    msg->nfds =3D numFDs;
-    if (VIR_ALLOC_N(msg->fds, msg->nfds) < 0)
-        goto cleanup;
-    for (i =3D 0; i < msg->nfds; i++)
-        msg->fds[i] =3D -1;
+    if (msg->nfds =3D=3D 0) {
+        msg->nfds =3D numFDs;
+        if (VIR_ALLOC_N(msg->fds, msg->nfds) < 0)
+            goto cleanup;
+        for (i =3D 0; i < msg->nfds; i++)
+            msg->fds[i] =3D -1;
+    }
=20
     VIR_DEBUG("Got %zu FDs from peer", msg->nfds);
=20
diff --git a/src/rpc/virnetserverclient.c b/src/rpc/virnetserverclient.c
index fa4e5daabb..6e086b7b4e 100644
--- a/src/rpc/virnetserverclient.c
+++ b/src/rpc/virnetserverclient.c
@@ -1189,8 +1189,7 @@ static void virNetServerClientDispatchRead(virNetServ=
erClientPtr client)
         /* Now figure out if we need to read more data to get some
          * file descriptors */
         if (msg->header.type =3D=3D VIR_NET_CALL_WITH_FDS) {
-            if (msg->nfds =3D=3D 0 &&
-                virNetMessageDecodeNumFDs(msg) < 0) {
+            if (virNetMessageDecodeNumFDs(msg) < 0) {
                 virNetMessageQueueServe(&client->rx);
                 virNetMessageFree(msg);
                 client->wantClose =3D true;
--=20
2.13.5

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list