11:46 a.m.
From: "Daniel P. Berrange" <berrange(a)redhat.com>
To enable locking to be introduced to the security manager
objects later, turn virSecurityManager into a virObjectLockable
class
Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
---
src/lxc/lxc_controller.c | 2 +-
src/lxc/lxc_driver.c | 4 ++--
src/qemu/qemu_conf.h | 2 +-
src/qemu/qemu_driver.c | 6 +++---
src/security/security_manager.c | 47 ++++++++++++++++++++++++++++++++---------
src/security/security_manager.h | 2 --
src/security/security_stack.c | 2 +-
tests/seclabeltest.c | 2 +-
8 files changed, 46 insertions(+), 21 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index aa70481..15aa334 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -258,7 +258,7 @@ static void virLXCControllerFree(virLXCControllerPtr ctrl)
virLXCControllerStopInit(ctrl);
- virSecurityManagerFree(ctrl->securityManager);
+ virObjectUnref(ctrl->securityManager);
for (i = 0 ; i < ctrl->nveths ; i++)
VIR_FREE(ctrl->veths[i]);
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index f07ce14..f136df2 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1399,7 +1399,7 @@ lxcSecurityInit(virLXCDriverPtr driver)
error:
VIR_ERROR(_("Failed to initialize security drivers"));
- virSecurityManagerFree(mgr);
+ virObjectUnref(mgr);
return -1;
}
@@ -1560,7 +1560,7 @@ static int lxcShutdown(void)
virLXCProcessAutoDestroyShutdown(lxc_driver);
virObjectUnref(lxc_driver->caps);
- virSecurityManagerFree(lxc_driver->securityManager);
+ virObjectUnref(lxc_driver->securityManager);
VIR_FREE(lxc_driver->configDir);
VIR_FREE(lxc_driver->autostartDir);
VIR_FREE(lxc_driver->stateDir);
diff --git a/src/qemu/qemu_conf.h b/src/qemu/qemu_conf.h
index 9ff1c5a..d4ec0f7 100644
--- a/src/qemu/qemu_conf.h
+++ b/src/qemu/qemu_conf.h
@@ -213,7 +213,7 @@ struct _virQEMUDriver {
/* Immutable pointer, lockless APIs*/
virSysinfoDefPtr hostsysinfo;
- /* Immutable pointer. XXX check safety */
+ /* Immutable pointer. lockless access */
virLockManagerPluginPtr lockManager;
/* Immutable pointer. Unsafe APIs. XXX */
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index 14dc43e..e94227e 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -409,8 +409,8 @@ qemuSecurityInit(virQEMUDriverPtr driver)
error:
VIR_ERROR(_("Failed to initialize security drivers"));
- virSecurityManagerFree(stack);
- virSecurityManagerFree(mgr);
+ virObjectUnref(stack);
+ virObjectUnref(mgr);
virObjectUnref(cfg);
return -1;
}
@@ -1005,7 +1005,7 @@ qemuShutdown(void) {
VIR_FREE(qemu_driver->qemuImgBinary);
- virSecurityManagerFree(qemu_driver->securityManager);
+ virObjectUnref(qemu_driver->securityManager);
ebtablesContextFree(qemu_driver->ebtables);
diff --git a/src/security/security_manager.c b/src/security/security_manager.c
index 593c00b..a3f8669 100644
--- a/src/security/security_manager.c
+++ b/src/security/security_manager.c
@@ -28,19 +28,40 @@
#include "security_dac.h"
#include "virerror.h"
#include "viralloc.h"
+#include "virobject.h"
#include "virlog.h"
#define VIR_FROM_THIS VIR_FROM_SECURITY
struct _virSecurityManager {
+ virObjectLockable parent;
+
virSecurityDriverPtr drv;
bool allowDiskFormatProbing;
bool defaultConfined;
bool requireConfined;
const char *virtDriver;
+ void *privateData;
};
+static virClassPtr virSecurityManagerClass;
+
+static void virSecurityManagerDispose(void *obj);
+
+static int virSecurityManagerOnceInit(void)
+{
+ if (!(virSecurityManagerClass = virClassNew(virClassForObjectLockable(),
+ "virSecurityManagerClass",
+ sizeof(virSecurityManager),
+ virSecurityManagerDispose)))
+ return -1;
+
+ return 0;
+}
+
+VIR_ONCE_GLOBAL_INIT(virSecurityManager);
+
static virSecurityManagerPtr virSecurityManagerNewDriver(virSecurityDriverPtr drv,
const char *virtDriver,
bool allowDiskFormatProbing,
@@ -48,6 +69,10 @@ static virSecurityManagerPtr
virSecurityManagerNewDriver(virSecurityDriverPtr dr
bool requireConfined)
{
virSecurityManagerPtr mgr;
+ char *privateData;
+
+ if (virSecurityManagerInitialize() < 0)
+ return NULL;
VIR_DEBUG("drv=%p (%s) virtDriver=%s allowDiskFormatProbing=%d "
"defaultConfined=%d requireConfined=%d",
@@ -55,19 +80,25 @@ static virSecurityManagerPtr
virSecurityManagerNewDriver(virSecurityDriverPtr dr
allowDiskFormatProbing, defaultConfined,
requireConfined);
- if (VIR_ALLOC_VAR(mgr, char, drv->privateDataLen) < 0) {
+ if (VIR_ALLOC_N(privateData, drv->privateDataLen) < 0) {
virReportOOMError();
return NULL;
}
+ if (!(mgr = virObjectLockableNew(virSecurityManagerClass))) {
+ VIR_FREE(privateData);
+ return NULL;
+ }
+
mgr->drv = drv;
mgr->allowDiskFormatProbing = allowDiskFormatProbing;
mgr->defaultConfined = defaultConfined;
mgr->requireConfined = requireConfined;
mgr->virtDriver = virtDriver;
+ mgr->privateData = privateData;
if (drv->open(mgr) < 0) {
- virSecurityManagerFree(mgr);
+ virObjectUnref(mgr);
return NULL;
}
@@ -163,21 +194,17 @@ virSecurityManagerPtr virSecurityManagerNew(const char *name,
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr)
{
- /* This accesses the memory just beyond mgr, which was allocated
- * via VIR_ALLOC_VAR earlier. */
- return mgr + 1;
+ return mgr->privateData;
}
-void virSecurityManagerFree(virSecurityManagerPtr mgr)
+static void virSecurityManagerDispose(void *obj)
{
- if (!mgr)
- return;
+ virSecurityManagerPtr mgr = obj;
if (mgr->drv->close)
mgr->drv->close(mgr);
-
- VIR_FREE(mgr);
+ VIR_FREE(mgr->privateData);
}
const char *
diff --git a/src/security/security_manager.h b/src/security/security_manager.h
index dc09c7c..4d4dc73 100644
--- a/src/security/security_manager.h
+++ b/src/security/security_manager.h
@@ -48,8 +48,6 @@ virSecurityManagerPtr virSecurityManagerNewDAC(const char *virtDriver,
void *virSecurityManagerGetPrivateData(virSecurityManagerPtr mgr);
-void virSecurityManagerFree(virSecurityManagerPtr mgr);
-
const char *virSecurityManagerGetDriver(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetDOI(virSecurityManagerPtr mgr);
const char *virSecurityManagerGetModel(virSecurityManagerPtr mgr);
diff --git a/src/security/security_stack.c b/src/security/security_stack.c
index 8e1e5f9..e2d0b1d 100644
--- a/src/security/security_stack.c
+++ b/src/security/security_stack.c
@@ -93,7 +93,7 @@ virSecurityStackClose(virSecurityManagerPtr mgr)
while (item) {
next = item->next;
- virSecurityManagerFree(item->securityManager);
+ virObjectUnref(item->securityManager);
VIR_FREE(item);
item = next;
}
diff --git a/tests/seclabeltest.c b/tests/seclabeltest.c
index 7033293..93b4902 100644
--- a/tests/seclabeltest.c
+++ b/tests/seclabeltest.c
@@ -39,7 +39,7 @@ main(int argc ATTRIBUTE_UNUSED, char **argv ATTRIBUTE_UNUSED)
exit(EXIT_FAILURE);
}
- virSecurityManagerFree(mgr);
+ virObjectUnref(mgr);
return 0;
}
--
1.8.1