From nobody Tue May  7 05:58:20 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1562582378; cv=none;
	d=zoho.com; s=zohoarc;
	b=hWSc5UyB1FX/wuVAxjPK14XxAin/6R827cZfcqz6nfR1IM91lko7qnmcfmgQdFXhh8zv2FbQ4Hd6wcJzI2UwV3qVGX5TKDWjb1JtGyP3fC9B1GglS5SjTMP+3+e6/wuppOKkC5Zo99Vsc6J7BwHx6iCRs+XZHj/lY0OKLKlI5T8=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zoho.com;
 s=zohoarc;
	t=1562582378;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To:ARC-Authentication-Results;
	bh=+b8vK87QBk/KNjKZjvJEm9Yg8us0hSclsdOsXM4dXtI=;
	b=TljbpfuvD9DWv/i6prfSQDFi5JBNHBCPlv7FNn0J0n8wZtCU46IrDeyfyAKVzUBz7XsqRZmdKhibwBxsbhKAs8D1zDoFLhSHO8cVTACHbdtuZkwnrsHpH3bIJhScJTAI38pBHNhRCQFKcXDRDkFAUfZlEnjukkozms0Y9eFDdCI=
ARC-Authentication-Results: i=1; mx.zoho.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
 header.from=<berrange@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1562582378835121.41132708287023;
 Mon, 8 Jul 2019 03:39:38 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 4068B5946F;
	Mon,  8 Jul 2019 10:39:30 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id B99611001B03;
	Mon,  8 Jul 2019 10:39:25 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 94EB118184A5;
	Mon,  8 Jul 2019 10:39:22 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id x68AdLiD016042 for <libvir-list@listman.util.phx.redhat.com>;
	Mon, 8 Jul 2019 06:39:21 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 1CA5E2B1BA; Mon,  8 Jul 2019 10:39:21 +0000 (UTC)
Received: from dhcp-17-95.lcy.redhat.com (unknown [10.42.17.95])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 4A4A4BAB1;
	Mon,  8 Jul 2019 10:39:17 +0000 (UTC)
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Date: Mon,  8 Jul 2019 11:39:16 +0100
Message-Id: <20190708103916.25325-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
Cc: Michal Privoznik <mprivozn@redhat.com>,
	Sahid Orentino Ferdjaoui <sahid.ferdjaoui@canonical.com>
Subject: [libvirt] [PATCH] rpc: ensure thread safe initialization of SASL
	library
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]);
 Mon, 08 Jul 2019 10:39:36 +0000 (UTC)

Neither the sasl_client_init or sasl_server_init methods are even
remotely threadsafe. They do a bunch of one-time initialization and
merely use a simple integer counter to avoid repeated work, not even
using atomic increment/reads on the counter. This can easily race in a
threaded program. Protect the calls using a virOnce initializer function
which is guaranteed threadsafe at least from libvirt's POV.

If the application using libvirt also uses another library that makes
use of SASL then the race still exists. It is impossible to fix that
fully except in SASL code itself.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/rpc/virnetsaslcontext.c | 50 ++++++++++++++++++++++++-------------
 1 file changed, 33 insertions(+), 17 deletions(-)

diff --git a/src/rpc/virnetsaslcontext.c b/src/rpc/virnetsaslcontext.c
index f49340f033..62b103a428 100644
--- a/src/rpc/virnetsaslcontext.c
+++ b/src/rpc/virnetsaslcontext.c
@@ -77,22 +77,46 @@ VIR_ONCE_GLOBAL_INIT(virNetSASLContext);
 VIR_WARNINGS_NO_DEPRECATED
 #endif
=20
-virNetSASLContextPtr virNetSASLContextNewClient(void)
+static int virNetSASLContextClientOnceInit(void)
 {
-    virNetSASLContextPtr ctxt;
-    int err;
+    int err =3D sasl_client_init(NULL);
+    if (err !=3D SASL_OK) {
+        virReportError(VIR_ERR_AUTH_FAILED,
+                       _("failed to initialize SASL library: %d (%s)"),
+                       err, sasl_errstring(err, NULL, NULL));
+        return -1;
+    }
+
+    return 0;
+}
+
+VIR_ONCE_GLOBAL_INIT(virNetSASLContextClient);
=20
-    if (virNetSASLContextInitialize() < 0)
-        return NULL;
=20
-    err =3D sasl_client_init(NULL);
+static int virNetSASLContextServerOnceInit(void)
+{
+    int err =3D sasl_server_init(NULL, "libvirt");
     if (err !=3D SASL_OK) {
         virReportError(VIR_ERR_AUTH_FAILED,
                        _("failed to initialize SASL library: %d (%s)"),
                        err, sasl_errstring(err, NULL, NULL));
-        return NULL;
+        return -1;
     }
=20
+    return 0;
+}
+
+VIR_ONCE_GLOBAL_INIT(virNetSASLContextServer);
+
+
+virNetSASLContextPtr virNetSASLContextNewClient(void)
+{
+    virNetSASLContextPtr ctxt;
+
+    if (virNetSASLContextInitialize() < 0 ||
+        virNetSASLContextClientInitialize() < 0)
+        return NULL;
+
     if (!(ctxt =3D virObjectLockableNew(virNetSASLContextClass)))
         return NULL;
=20
@@ -102,19 +126,11 @@ virNetSASLContextPtr virNetSASLContextNewClient(void)
 virNetSASLContextPtr virNetSASLContextNewServer(const char *const*username=
Whitelist)
 {
     virNetSASLContextPtr ctxt;
-    int err;
=20
-    if (virNetSASLContextInitialize() < 0)
+    if (virNetSASLContextInitialize() < 0 ||
+        virNetSASLContextServerInitialize() < 0)
         return NULL;
=20
-    err =3D sasl_server_init(NULL, "libvirt");
-    if (err !=3D SASL_OK) {
-        virReportError(VIR_ERR_AUTH_FAILED,
-                       _("failed to initialize SASL library: %d (%s)"),
-                       err, sasl_errstring(err, NULL, NULL));
-        return NULL;
-    }
-
     if (!(ctxt =3D virObjectLockableNew(virNetSASLContextClass)))
         return NULL;
=20
--=20
2.21.0

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list