From: Anthony Liguori <anthony@codemonkey.ws>
To: Avi Kivity <avi@redhat.com>
Cc: Mark McLoughlin <markmc@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 3/5] Add getfd and closefd monitor commands
Date: Wed, 08 Jul 2009 13:50:37 -0500 [thread overview]
Message-ID: <4A54EA7D.4040602@codemonkey.ws> (raw)
In-Reply-To: <4A54E64E.8090100@redhat.com>
Avi Kivity wrote:
> On 07/08/2009 09:21 PM, Anthony Liguori wrote:
>> Then someone can connect to the monitor and consume an arbitrary
>> number of fds? I'd be very concerned about the potential to leak fds
>> within QEMU from a poorly written client. Seems like a very easy
>> mistake to make.
>
> Well, that's intrinsic to the getfd command. We could limit it by
> saying we support a set number of fds, or even give them fixed names.
So what's the set number and why isn't 1 a reasonable fixed number?
>>> Nothing prevents the client from sending two getfd commands in a
>>> single packet. We can either support it or start writing detailed
>>> documentation and handle the bug reports when people don't read it.
>>
>> What would a client do that would result in this happening? It's
>> really a contrived example when you think about it pragmatically (at
>> least given today's monitor).
>
> I am in fact thinking of tomorrow's monitor.
Indeed, I figured as much :-)
> If indeed we follow an rpc model, it should be quite easy to have
> multiple threads (each doing an unrelated task) each issuing a series
> of commands and processing the replies. There would be a lock
> protecting the socket, but there would be no reason to limit the
> number of outstanding commands. I think that's a perfectly reasonable
> way to write a client.
You can't just use a lock on the socket for transmit because you have to
deal with partial transmissions and the subsequent queuing. You need a
single queue mechanism shared by all writers and you need writers to
submit the full rpcs so that they can be queued in the proper order.
When we get to the point of the RPC model though, we'll have one monitor
state for each asynchronous message we're processing. I contend that we
only ever want to pass a single fd per command so if we stick with
queueing 1 fd per monitor today, it'll map quite nicely to how we would
handle things in the RPC model.
> If the client is written in a high level language it's also reasonable
> that some buffering would take place and you'd see a single packet
> containing multiple commands, or a command split into multiple
> packets. Therefore I'd like to avoid any assumptions in this area.
That misses the point though. We process one command at a time in the
monitor so we only need to buffer one fd at a time. When we start to
process multiple commands at once in the monitor, we'll do so with
multiple monitor states and we'll want to have one fd per monitor state.
Message boundaries really don't matter.
Regards,
Anthony Liguori
next prev parent reply other threads:[~2009-07-08 18:50 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-07-06 17:30 [Qemu-devel] [PATCH 0/3] Allow host_net_add monitor command accept file descriptors Mark McLoughlin
2009-07-06 17:30 ` [Qemu-devel] [PATCH 1/3] Make tcp_chr_read() use recvmsg() Mark McLoughlin
2009-07-06 17:31 ` [Qemu-devel] [PATCH 2/3] Add SCM_RIGHTS support to unix socket character devices Mark McLoughlin
2009-07-06 17:32 ` [Qemu-devel] [PATCH 3/3] Add support for fd=msgfd for tap and socket networking Mark McLoughlin
2009-07-07 5:28 ` [Qemu-devel] [PATCH 0/3] Allow host_net_add monitor command accept file descriptors Avi Kivity
2009-07-07 7:43 ` Mark McLoughlin
2009-07-07 7:52 ` Avi Kivity
2009-07-07 8:13 ` Mark McLoughlin
2009-07-07 9:03 ` Avi Kivity
2009-07-07 10:06 ` Daniel P. Berrange
2009-07-08 14:56 ` Mark McLoughlin
2009-07-08 14:57 ` [Qemu-devel] [PATCH 1/5] Make tcp_chr_read() use recvmsg() Mark McLoughlin
2009-07-08 14:57 ` [Qemu-devel] [PATCH 2/5] Add SCM_RIGHTS support to unix socket character devices Mark McLoughlin
2009-07-08 14:57 ` [Qemu-devel] [PATCH 3/5] Add getfd and closefd monitor commands Mark McLoughlin
2009-07-08 14:57 ` [Qemu-devel] [PATCH 4/5] Add monitor_get_fd() command for fetching named fds Mark McLoughlin
2009-07-08 14:57 ` [Qemu-devel] [PATCH 5/5] Add support for fd=name to tap and socket networking Mark McLoughlin
2009-07-08 15:26 ` [Qemu-devel] [PATCH 3/5] Add getfd and closefd monitor commands Avi Kivity
2009-07-08 16:03 ` Mark McLoughlin
2009-07-08 16:15 ` Avi Kivity
2009-07-08 18:08 ` Anthony Liguori
2009-07-08 18:11 ` Avi Kivity
2009-07-08 18:21 ` Anthony Liguori
2009-07-08 18:32 ` Avi Kivity
2009-07-08 18:50 ` Anthony Liguori [this message]
2009-07-08 19:52 ` Avi Kivity
2009-07-11 1:12 ` Jamie Lokier
2009-07-21 16:40 ` Mark McLoughlin
2009-07-21 16:53 ` [Qemu-devel] [PATCH] Make tcp_chr_read() use recvmsg() Mark McLoughlin
2009-07-21 17:13 ` Blue Swirl
2009-07-22 0:00 ` Jamie Lokier
2009-07-22 8:10 ` Mark McLoughlin
2009-07-22 8:11 ` [Qemu-devel] [PATCH 1/5] " Mark McLoughlin
2009-07-22 8:11 ` [Qemu-devel] [PATCH 2/5] Add SCM_RIGHTS support to unix socket character devices Mark McLoughlin
2009-08-13 16:20 ` Cam Macdonell
2009-08-14 6:38 ` Mark McLoughlin
2009-07-22 8:11 ` [Qemu-devel] [PATCH 3/5] Add getfd and closefd monitor commands Mark McLoughlin
2009-07-22 8:11 ` [Qemu-devel] [PATCH 4/5] Add monitor_get_fd() command for fetching named fds Mark McLoughlin
2009-07-22 8:11 ` [Qemu-devel] [PATCH 5/5] Add support for fd=name to tap and socket networking Mark McLoughlin
2009-07-23 13:37 ` Mark McLoughlin
2009-07-21 16:53 ` [Qemu-devel] [PATCH] Add SCM_RIGHTS support to unix socket character devices Mark McLoughlin
2009-07-21 16:53 ` [Qemu-devel] [PATCH] Add getfd and closefd monitor commands Mark McLoughlin
2009-07-21 16:53 ` [Qemu-devel] [PATCH] Add monitor_get_fd() command for fetching named fds Mark McLoughlin
2009-07-21 16:53 ` [Qemu-devel] [PATCH] Add support for fd=name to tap and socket networking Mark McLoughlin
2009-07-22 2:20 ` [Qemu-devel] [PATCH 3/5] Add getfd and closefd monitor commands Anthony Liguori
2009-07-22 8:09 ` Mark McLoughlin
2009-07-23 7:00 ` [Qemu-devel] " Jan Kiszka
2009-07-23 7:51 ` Mark McLoughlin
2009-07-08 15:25 ` [Qemu-devel] [PATCH 2/5] Add SCM_RIGHTS support to unix socket character devices Avi Kivity
2009-07-08 16:04 ` Mark McLoughlin
2009-07-08 16:17 ` Avi Kivity
2009-07-08 18:11 ` Anthony Liguori
2009-07-08 18:17 ` Avi Kivity
2009-07-11 1:15 ` Jamie Lokier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A54EA7D.4040602@codemonkey.ws \
--to=anthony@codemonkey.ws \
--cc=avi@redhat.com \
--cc=markmc@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.