From: Michael Roth <mdroth@linux.vnet.ibm.com>
To: Jes Sorensen <Jes.Sorensen@redhat.com>
Cc: agl@linux.vnet.ibm.com, stefanha@linux.vnet.ibm.com,
abeekhof@redhat.com, qemu-devel@nongnu.org,
aliguori@linux.vnet.ibm.com, ryanh@us.ibm.com
Subject: [Qemu-devel] Re: [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command
Date: Thu, 09 Dec 2010 15:12:59 -0600 [thread overview]
Message-ID: <4D01465B.9040200@linux.vnet.ibm.com> (raw)
In-Reply-To: <4CFE4406.4010209@redhat.com>
On 12/07/2010 08:26 AM, Jes Sorensen wrote:
> On 12/03/10 19:03, Michael Roth wrote:
>> Utilize the getfile RPC to provide a means to view text files in the
>> guest. Getfile can handle binary files as well but we don't advertise
>> that here due to the special handling requiring to store it and provide
>> it back to the user (base64 encoding it for instance). Hence the
>> otherwise confusing "viewfile" as opposed to "getfile".
>>
>> Signed-off-by: Michael Roth<mdroth@linux.vnet.ibm.com>
>> ---
>> hmp-commands.hx | 16 +++++++++
>> monitor.c | 1 +
>> qmp-commands.hx | 33 +++++++++++++++++++
>> virtagent.c | 96 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> virtagent.h | 3 ++
>> 5 files changed, 149 insertions(+), 0 deletions(-)
>>
>> diff --git a/hmp-commands.hx b/hmp-commands.hx
>> index e5585ba..423c752 100644
>> --- a/hmp-commands.hx
>> +++ b/hmp-commands.hx
>> @@ -1212,6 +1212,22 @@ show available trace events and their state
>> ETEXI
>> #endif
>>
>> + {
>> + .name = "agent_viewfile",
>> + .args_type = "filepath:s",
>> + .params = "filepath",
>> + .help = "Echo a file from the guest filesystem",
>> + .user_print = do_agent_viewfile_print,
>> + .mhandler.cmd_async = do_agent_viewfile,
>> + .flags = MONITOR_CMD_ASYNC,
>> + },
>> +
>> +STEXI
>> +@item agent_viewfile @var{filepath}
>> +@findex agent_viewfile
>> +Echo the file identified by @var{filepath} on the guest filesystem
>> +ETEXI
>> +
>> STEXI
>> @end table
>> ETEXI
>> diff --git a/monitor.c b/monitor.c
>> index 8cee35d..145895d 100644
>> --- a/monitor.c
>> +++ b/monitor.c
>> @@ -56,6 +56,7 @@
>> #include "json-parser.h"
>> #include "osdep.h"
>> #include "exec-all.h"
>> +#include "virtagent.h"
>> #ifdef CONFIG_SIMPLE_TRACE
>> #include "trace.h"
>> #endif
>> diff --git a/qmp-commands.hx b/qmp-commands.hx
>> index 793cf1c..efa2137 100644
>> --- a/qmp-commands.hx
>> +++ b/qmp-commands.hx
>> @@ -738,6 +738,39 @@ Example:
>> EQMP
>>
>> {
>> + .name = "agent_viewfile",
>> + .args_type = "filepath:s",
>> + .params = "filepath",
>> + .help = "Echo a file from the guest filesystem",
>> + .user_print = monitor_user_noop,
>> + .mhandler.cmd_async = do_agent_viewfile,
>> + .flags = MONITOR_CMD_ASYNC,
>> + },
>> +
>> +STEXI
>> +@item agent_viewfile @var{filepath}
>> +@findex agent_viewfile
>> +Echo the file identified by @var{filepath} on the guest filesystem
>> +ETEXI
>> +SQMP
>> +agent_viewfile
>> +--------
>> +
>> +Echo the file identified by @var{filepath} from the guest filesystem.
>> +
>> +Arguments:
>> +
>> +- "filepath": Full guest path of the desired file
>> +
>> +Example:
>> +
>> +-> { "execute": "agent_viewfile",
>> + "arguments": { "filepath": "/sys/kernel/kexec_loaded" } }
>> +<- { "return": { "contents": "0" } }
>> +
>> +EQMP
>> +
>> + {
>> .name = "qmp_capabilities",
>> .args_type = "",
>> .params = "",
>> diff --git a/virtagent.c b/virtagent.c
>> index 34d8545..4a4dc8a 100644
>> --- a/virtagent.c
>> +++ b/virtagent.c
>> @@ -139,3 +139,99 @@ out_free:
>> out:
>> return ret;
>> }
>> +
>> +/* QMP/HMP RPC client functions */
>> +
>> +void do_agent_viewfile_print(Monitor *mon, const QObject *data)
>> +{
>> + QDict *qdict;
>> + const char *contents = NULL;
>> + int i;
>> +
>> + qdict = qobject_to_qdict(data);
>> + if (!qdict_haskey(qdict, "contents")) {
>> + return;
>> + }
>> +
>> + contents = qdict_get_str(qdict, "contents");
>> + if (contents != NULL) {
>> + /* monitor_printf truncates so do it in chunks. also, file_contents
>> + * may not be null-termed at proper location so explicitly calc
>> + * last chunk sizes */
>> + for (i = 0; i< strlen(contents); i += 1024) {
>> + monitor_printf(mon, "%.1024s", contents + i);
>> + }
>> + }
>> + monitor_printf(mon, "\n");
>> +}
>> +
>> +static void do_agent_viewfile_cb(const char *resp_data,
>> + size_t resp_data_len,
>> + MonitorCompletion *mon_cb,
>> + void *mon_data)
>> +{
>> + xmlrpc_value *resp = NULL;
>> + char *file_contents = NULL;
>> + size_t file_size;
>> + int ret;
>> + xmlrpc_env env;
>> + QDict *qdict = qdict_new();
>> +
>> + if (resp_data == NULL) {
>> + LOG("error handling RPC request");
>> + goto out_no_resp;
>> + }
>> +
>> + xmlrpc_env_init(&env);
>> + resp = xmlrpc_parse_response(&env, resp_data, resp_data_len);
>> + if (va_rpc_has_error(&env)) {
>> + ret = -1;
>> + goto out_no_resp;
>> + }
>> +
>> + xmlrpc_parse_value(&env, resp, "6",&file_contents,&file_size);
>> + if (va_rpc_has_error(&env)) {
>> + ret = -1;
>> + goto out;
>
> I believe this suffers from the same architectural problem I mentioned
> in my comment to 07/21 - you don't restrict the file size, so it could
> blow up the QEMU process on the host trying to view the wrong file.
It's restricted on the guest side:
virtagent-server.c:va_getfile():
while ((ret = read(fd, buf, VA_FILEBUF_LEN)) > 0) {
file_contents = qemu_realloc(file_contents, count +
VA_FILEBUF_LEN);
memcpy(file_contents + count, buf, ret);
count += ret;
if (count > VA_GETFILE_MAX) {
xmlrpc_faultf(env, "max file size (%d bytes) exceeded",
VA_GETFILE_MAX);
goto EXIT_CLOSE_BAD;
}
}
There are additional limits at the transport layer well to deal with a
potentially malicious/buggy agent as well:
virtagent-common.c:va_http_read_handler():
} else if (s->content_len > VA_CONTENT_LEN_MAX) {
LOG("http content length too long");
goto out_bad;
}
And configurable limits enforced by the xmlrpc-c library on the host and
guest side, which I haven't been explicitly setting or keeping
consistent with the other various limits. I'll address this for the next
round.
>
> I really think it is a bad idea to put this kind of command into the
> monitor.
>
> Jes
>
next prev parent reply other threads:[~2010-12-09 21:13 UTC|newest]
Thread overview: 74+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-12-03 18:03 [Qemu-devel] [RFC][PATCH v5 00/21] virtagent: host/guest RPC communication agent Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 01/21] Move code related to fd handlers into utility functions Michael Roth
2010-12-07 13:31 ` [Qemu-devel] " Jes Sorensen
2010-12-07 14:48 ` Michael Roth
2010-12-07 15:02 ` Jes Sorensen
2010-12-08 9:15 ` Stefan Hajnoczi
2010-12-08 9:17 ` Jes Sorensen
2010-12-08 9:23 ` Stefan Hajnoczi
2010-12-08 9:29 ` Jes Sorensen
2010-12-08 14:24 ` Anthony Liguori
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 02/21] Add qemu_set_fd_handler() wrappers to qemu-tools.c Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 03/21] virtagent: common code for managing client/server rpc jobs Michael Roth
2010-12-06 21:54 ` [Qemu-devel] " Adam Litke
2010-12-06 22:15 ` Michael Roth
2010-12-06 21:57 ` Adam Litke
2010-12-06 22:24 ` Michael Roth
2010-12-07 13:38 ` Jes Sorensen
2010-12-07 15:02 ` Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 04/21] virtagent: transport definitions and job callbacks Michael Roth
2010-12-06 22:02 ` [Qemu-devel] " Adam Litke
2010-12-06 22:34 ` Michael Roth
2010-12-07 13:44 ` Jes Sorensen
2010-12-07 17:19 ` Michael Roth
2010-12-08 19:16 ` Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 05/21] virtagent: base client definitions Michael Roth
2010-12-07 14:04 ` [Qemu-devel] " Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 06/21] virtagent: base server definitions Michael Roth
2010-12-07 14:07 ` [Qemu-devel] " Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 07/21] virtagent: add va.getfile RPC Michael Roth
2010-12-06 22:06 ` [Qemu-devel] " Adam Litke
2010-12-06 23:23 ` Michael Roth
2010-12-07 14:18 ` Jes Sorensen
2010-12-07 16:00 ` Adam Litke
2010-12-08 19:19 ` Jes Sorensen
2010-12-09 14:40 ` Adam Litke
2010-12-09 21:04 ` Michael Roth
2010-12-10 6:38 ` Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 08/21] virtagent: add agent_viewfile qmp/hmp command Michael Roth
2010-12-06 22:08 ` [Qemu-devel] " Adam Litke
2010-12-06 23:20 ` Michael Roth
2010-12-07 14:09 ` Michael Roth
2010-12-07 14:26 ` Jes Sorensen
2010-12-09 21:12 ` Michael Roth [this message]
2010-12-10 6:43 ` Jes Sorensen
2010-12-10 17:09 ` Michael Roth
2010-12-13 8:29 ` Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 09/21] virtagent: add va.getdmesg RPC Michael Roth
2010-12-06 22:25 ` [Qemu-devel] " Adam Litke
2010-12-07 14:37 ` Jes Sorensen
2010-12-07 17:32 ` Michael Roth
2010-12-08 19:22 ` Jes Sorensen
2010-12-09 21:15 ` Michael Roth
2010-12-10 6:46 ` Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 10/21] virtagent: add agent_viewdmesg qmp/hmp commands Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 11/21] virtagent: add va.shutdown RPC Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 12/21] virtagent: add agent_shutdown qmp/hmp commands Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 13/21] virtagent: add va.ping RPC Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 14/21] virtagent: add agent_ping qmp/hmp commands Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 15/21] virtagent: add agent_capabilities " Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 16/21] virtagent: add client capabilities init function Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 17/21] virtagent: add va.hello RPC Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 18/21] virtagent: add "hello" notification function for guest agent Michael Roth
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 19/21] virtagent: add virtagent guest daemon Michael Roth
2010-12-06 22:26 ` [Qemu-devel] " Adam Litke
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 20/21] virtagent: integrate virtagent server/client via chardev Michael Roth
2010-12-07 14:44 ` [Qemu-devel] " Jes Sorensen
2010-12-03 18:03 ` [Qemu-devel] [RFC][PATCH v5 21/21] virtagent: various bits to build QEMU with virtagent Michael Roth
2010-12-07 10:24 ` [Qemu-devel] Re: [RFC][PATCH v5 00/21] virtagent: host/guest RPC communication agent Jes Sorensen
2010-12-07 14:29 ` Michael Roth
2010-12-08 10:10 ` [Qemu-devel] " Stefan Hajnoczi
2010-12-09 20:45 ` Michael Roth
2010-12-09 21:03 ` Anthony Liguori
2010-12-10 9:42 ` Stefan Hajnoczi
2010-12-10 10:03 ` Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4D01465B.9040200@linux.vnet.ibm.com \
--to=mdroth@linux.vnet.ibm.com \
--cc=Jes.Sorensen@redhat.com \
--cc=abeekhof@redhat.com \
--cc=agl@linux.vnet.ibm.com \
--cc=aliguori@linux.vnet.ibm.com \
--cc=qemu-devel@nongnu.org \
--cc=ryanh@us.ibm.com \
--cc=stefanha@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).