Hi.
On 2021/7/8 1:20, Steve Sistare wrote:
> Save accepted socket fds in the environment before cprsave, and look for
> fds in the environment after cprload. Reject cprexec if a socket enables
> the TLS or websocket option. Allow a monitor socket by closing it on exec.
>
> Signed-off-by: Mark Kanda <mark.ka...@oracle.com>
> Signed-off-by: Steve Sistare <steven.sist...@oracle.com>
> ---
> chardev/char-socket.c | 31 +++++++++++++++++++++++++++++++
> monitor/hmp.c | 3 +++
> monitor/qmp.c | 3 +++
> 3 files changed, 37 insertions(+)
>
> diff --git a/chardev/char-socket.c b/chardev/char-socket.c
> index d0fb545..dc9da8c 100644
> --- a/chardev/char-socket.c
> +++ b/chardev/char-socket.c
> @@ -27,7 +27,9 @@
> #include "io/channel-socket.h"
> #include "io/channel-tls.h"
> #include "io/channel-websock.h"
> +#include "qemu/env.h"
> #include "io/net-listener.h"
> +#include "qemu/env.h"
duplicated include.
> #include "qemu/error-report.h"
> #include "qemu/module.h"
> #include "qemu/option.h"
> @@ -414,6 +416,7 @@ static void tcp_chr_free_connection(Chardev *chr)
> SocketChardev *s = SOCKET_CHARDEV(chr);
> int i;
>
> + unsetenv_fd(chr->label);
> if (s->read_msgfds_num) {
> for (i = 0; i < s->read_msgfds_num; i++) {
> close(s->read_msgfds[i]);
> @@ -976,6 +979,10 @@ static void tcp_chr_accept(QIONetListener *listener,
> QIO_CHANNEL(cioc));
> }
> tcp_chr_new_client(chr, cioc);
> +
> + if (s->sioc && !chr->close_on_cpr) {
> + setenv_fd(chr->label, s->sioc->fd);
> + }
> }
>
>
> @@ -1231,6 +1238,24 @@ static gboolean socket_reconnect_timeout(gpointer
> opaque)
> return false;
> }
>
> +static void load_char_socket_fd(Chardev *chr, Error **errp)
> +{
> + SocketChardev *sockchar = SOCKET_CHARDEV(chr);
> + QIOChannelSocket *sioc;
> + int fd = getenv_fd(chr->label);
> +
> + if (fd != -1) {
> + sockchar = SOCKET_CHARDEV(chr);
> + sioc = qio_channel_socket_new_fd(fd, errp);
> + if (sioc) {
> + tcp_chr_accept(sockchar->listener, sioc, chr);
> + object_unref(OBJECT(sioc));
> + } else {
> + error_setg(errp, "error: could not restore socket for %s",
> + chr->label);
> + }
> + }
> +}
>
> static int qmp_chardev_open_socket_server(Chardev *chr,
> bool is_telnet,
> @@ -1435,6 +1460,10 @@ static void qmp_chardev_open_socket(Chardev *chr,
> }
> s->registered_yank = true;
>
> + if (!s->tls_creds && !s->is_websock) {
> + qemu_chr_set_feature(chr, QEMU_CHAR_FEATURE_CPR);
> + }
> +
> /* be isn't opened until we get a connection */
> *be_opened = false;
>
> @@ -1450,6 +1479,8 @@ static void qmp_chardev_open_socket(Chardev *chr,
> return;
> }
> }
> +
> + load_char_socket_fd(chr, errp);
> }
>
> static void qemu_chr_parse_socket(QemuOpts *opts, ChardevBackend *backend,
> diff --git a/monitor/hmp.c b/monitor/hmp.c
> index 6c0b33a..63700b3 100644
> --- a/monitor/hmp.c
> +++ b/monitor/hmp.c
> @@ -1451,4 +1451,7 @@ void monitor_init_hmp(Chardev *chr, bool use_readline,
> Error **errp)
> qemu_chr_fe_set_handlers(&mon->common.chr, monitor_can_read,
> monitor_read,
> monitor_event, NULL, &mon->common, NULL, true);
> monitor_list_append(&mon->common);
> +
> + /* monitor cannot yet be preserved across cpr */
> + chr->close_on_cpr = true;
> }
> diff --git a/monitor/qmp.c b/monitor/qmp.c
> index 092c527..21a90bf 100644
> --- a/monitor/qmp.c
> +++ b/monitor/qmp.c
> @@ -535,4 +535,7 @@ void monitor_init_qmp(Chardev *chr, bool pretty, Error
> **errp)
> NULL, &mon->common, NULL, true);
> monitor_list_append(&mon->common);
> }
> +
> + /* Monitor cannot yet be preserved across cpr */
> + chr->close_on_cpr = true;
> }
>
--
Regards.
Chuan
