Commit Graph

29 Commits

Author SHA1 Message Date
Marek Marczykowski-Górecki
3e0c5a74d2 New qrexec protocol
Use separate vchan to pass I/O for each process, which greatly simplify
protocol implementation (eg. no flow control needed).
2014-11-19 15:10:58 +01:00
Marek Marczykowski
08f6f18af7 qrexec-lib: prevent deadlock on vchan
It can happen that we already cleared libvchan_fd pending state via
libvchan_wait, but data arrived later. This is especially true just
after connection, when client send unsolicited notification to server,
which can confuse it with some requested notification.
2014-11-19 15:10:58 +01:00
Marek Marczykowski
a91a8c8312 Update for new vchan API, remove code not needed anymore
Remove some vchan wrappers, which are not necessary now.
2014-11-19 15:10:58 +01:00
Davíð Steinn Geirsson
bc75b6559b Use xenstore.h when xen >= 4.2 2014-07-23 04:32:46 +02:00
Marek Marczykowski-Górecki
821a1c2fe9 qrexec-lib: use _exit in child process to not fire atexit hooks
Otherwise it would remove qrexec socket.
2014-05-19 16:52:27 +02:00
Marek Marczykowski-Górecki
b8b4e105c0 qrexec-lib: return unsigned where only non-negative value is returned 2014-02-19 20:52:24 +01:00
Marek Marczykowski-Górecki
b12f1539a4 Add -Wextra -Werror to all C code
Not only the security-critical one.
2014-02-16 11:10:38 +01:00
Marek Marczykowski-Górecki
12a9049cfe Fix some more -Wextra warnings 2014-02-16 11:10:31 +01:00
Vincent Penquerc'h
03c9cb1388 Add a few consts where appropriate 2014-02-16 11:08:22 +01:00
Vincent Penquerc'h
9f3a74fd77 unpack: prevent ability to bypass the byte limit
By passing an empty file with a declared negative size,
a hostile VM can decrease the total bytes counter, while
not have do supply a huge amount of data, thus disabing
the byte size check, and potentially filling the target
filesystem.
2014-02-15 14:14:20 +01:00
Marek Marczykowski-Górecki
516815a266 qrexec-lib: make it shared library 2014-02-07 05:29:59 +01:00
Marek Marczykowski-Górecki
113826aa1a qrexec-lib: use registered callbacks
...instead of exported symbols of certain name. This is first step to
use change it to shared libraries.
2014-02-07 05:27:29 +01:00
Marek Marczykowski-Górecki
1c6f44d7fa qrexec-lib: fix compile warnings 2014-02-07 05:26:52 +01:00
Vincent Penquerc'h
f7e943f7ec txrx-vchan: guard against invalid buffer sizes from libvchan
These APIs can now return -1 when invalid indices are detected.
2014-01-21 20:57:20 +01:00
Marek Marczykowski-Górecki
e36f03db2d unix-server: do not check for unlink() error when creating socket
The socket most likely do not exists yet.
2014-01-07 00:27:57 +01:00
Vincent Penquerc'h
a2e4f9a8aa ioall: do not reset file flags when they're already as requested
This was changed on a copy of that file elsewhere, might as well
keep this in sync too.
2014-01-06 14:40:57 +01:00
Vincent Penquerc'h
3a39c65e3e linux-utils: misc const/prototype fixups 2014-01-06 14:40:57 +01:00
Vincent Penquerc'h
af78e8d9e8 unpack: count directory and symlink sizes
Also do not rely on unpack being called just once if we don't
have to and initialize counts.

Since we don't know directory size before populating with files,
we just accumulate the size on the second pass, but do not actually
check for the limit being reached. If there's any file after that,
that'll trip the check.
2014-01-06 14:40:57 +01:00
Vincent Penquerc'h
77d34c3096 unix-server: guard against buffer overflow
sun_path is fairly small, and while the input is a smaller constant,
you never know how that might change.
2014-01-06 14:40:56 +01:00
Vincent Penquerc'h
21154a3e6b unix-server: some error checking 2014-01-06 14:40:56 +01:00
Vincent Penquerc'h
9192aa041d buffer.c: guard against bad input
The byte limit would be hit if adding one byte to a buffer
that's half the limit, due to the temporary double copy.
Not sure if that's something that's worth changing.
2014-01-06 14:40:56 +01:00
Marek Marczykowski-Górecki
21612bfadf qrexec-lib: add support for verbose mode (echo just processed file) 2013-11-13 10:35:47 +01:00
Marek Marczykowski-Górecki
761305bc8b qrexec-lib: check files limit before processing the file
Off-by-one error.
2013-11-13 10:35:23 +01:00
Marek Marczykowski-Górecki
2ee40f16c2 qrexec-lib: fail peer_client_init call when domain dies
Don't wait indefinitely.
2013-10-27 16:06:26 +01:00
Marek Marczykowski-Górecki
2739340559 qrexec-lib: fix memory leak
If xs_read returns pointer to empty string (len==0), then it was leaked.
2013-10-27 16:05:32 +01:00
Marek Marczykowski-Górecki
a73be3f126 qubes-rpc/filecopy: send last processed filename for diagnostic purposes
This will ease solving transfer problems - sender will known at which
file it failed.
2013-08-14 21:28:50 +02:00
Marek Marczykowski-Górecki
5131810265 qubes-rpc/filecopy: use explicit struct alignment
This is much more readable, than guessing exact struct packing done by
gcc on x86_64.
2013-08-14 21:26:37 +02:00
Marek Marczykowski-Górecki
138d7899d9 Remove duplicated filecopy.h header
The same also exists as libqubes-rpc-filecopy.h.
2013-08-14 21:25:30 +02:00
Marek Marczykowski
42e133b753 Qrexec common code, qubes.Filecopy common code, udev scripts 2013-03-20 06:27:32 +01:00