search for: crypto_close

...think attached is a better version of this patch. In particular it avoids setting the per-connection data until we're at the very end of the initialization function. Technically this is not part of the fix for the memory leak, but nevertheless this avoids any possible case where we might call crypto_close without a valid session along some error path. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers...

...ssion@entry=0x55c5cf561620, type=type@entry=GNUTLS_ALERT, data=data@entry=0x0, data_size=data_size@entry=0, seq=seq@entry=0x0, ms=0) at record.c:1773 #7 0x00007f30b333b703 in gnutls_bye (session=session@entry=0x55c5cf561620, how=how@entry=GNUTLS_SHUT_RDWR) at record.c:312 #8 0x000055c5c57af171 in crypto_close () at crypto.c:407 #9 0x000055c5c57aea58 in free_connection (conn=0x55c5cf560500) at connections.c:339 #10 handle_single_connection (sockin=<optimized out>, sockout=<optimized out>) at connections.c:230 #11 0x000055c5c57b73e8 in start_thread (datav=0x55c5cf541550) at sockets.c:356 #12...

...g an easy way for clients to blow up nbdkit servers if they enable TLS support. Ooops. Found by valgrind. --- src/crypto.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/crypto.c b/src/crypto.c index 948e79e..c2f9971 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -391,6 +391,10 @@ crypto_close (struct connection *conn) close (sockin); if (sockout >= 0 && sockin != sockout) close (sockout); + + gnutls_deinit (*session); + free (session); + connection_set_crypto_session (conn, NULL); } /* Upgrade an existing connection to TLS. Also this should do access @@ -...

...* close, so this function ignores errors. */ @@ -504,6 +522,7 @@ crypto_negotiate_tls (struct connection *conn, int sockin, int sockout) */ conn->crypto_session = session; conn->recv = crypto_recv; + conn->cork = crypto_cork; conn->send = crypto_send; conn->close = crypto_close; return 0; -- 2.20.1

...d (conn->sockout); } diff --git a/server/crypto.c b/server/crypto.c index 9cd1bb0..6f97f2c 100644 --- a/server/crypto.c +++ b/server/crypto.c @@ -47,6 +47,7 @@ #include <assert.h> #include "internal.h" +#include "utils.h" #ifdef HAVE_GNUTLS @@ -404,9 +405,9 @@ crypto_close (struct connection *conn) gnutls_bye (session, GNUTLS_SHUT_RDWR); if (sockin >= 0) - close (sockin); + close_or_nullify_fd (sockin); if (sockout >= 0 && sockin != sockout) - close (sockout); + close_or_nullify_fd (sockout); gnutls_deinit (session); conn-...

I worked out why valgrind wasn't being applied to nbdkit when run by many of the tests (patches 1-2). Unfortunately I'm not able to make it actually fail tests when valgrind fails. Although the situation is marginally improved in that you can now manually examine the *.log files and find valgrind failures that way. Also adds valgrinding of the Python plugin (patch 3). Along the way I

These are a couple of patches in preparation for the Block Status implementation. While the patches (especially the second one) are very large they are really just elementary code motion. Rich.

Slightly RFC, as I need more time to investigate why Unix sockets appeared to degrade with this patch. But as TCP sockets (over loopback to localhost) and TLS sessions (regardless of underlying Unix or TCP) both showed improvements, this looks like a worthwhile series. Eric Blake (2): server: Add support for corking server: Cork around grouped transmission send()s server/internal.h | 3

...{ + struct connection *conn = GET_CONN; gnutls_session_t session = conn->crypto_session; const char *buf = vbuf; ssize_t r; @@ -392,8 +394,9 @@ crypto_send (struct connection *conn, const void *vbuf, size_t len, int flags) * close, so this function ignores errors. */ static void -crypto_close (struct connection *conn) +crypto_close (void) { + struct connection *conn = GET_CONN; gnutls_session_t session = conn->crypto_session; int sockin, sockout; @@ -417,8 +420,9 @@ crypto_close (struct connection *conn) * only be called once per connection. */ int -crypto_negotiate_tl...

v1 was here: https://www.redhat.com/archives/libguestfs/2020-February/msg00081.html v2 replaces struct connection *conn = GET_CONN; with GET_CONN; which sets conn implicitly and asserts that it is non-NULL. If we actually want to test if conn is non-NULL or behave differently, then you must use threadlocal_get_conn() instead, and some existing uses do that. Rich.

The third patch is a large but mechanical change which gets rid of passing around struct connection * entirely within the server, preferring instead to reference the connection through thread-local storage. I hope this is a gateway to simplifying other parts of the code. Rich.

Also available here: https://github.com/rwmjones/nbdkit/tree/2020-windows-mingw This is the port to Windows using native Windows APIs (not MSYS or Cygwin). This patch series is at the point where it basically now works. I can run the server with the memory plugin, and access it remotely using guestfish, creating filesystems and so on without any apparent problems. Nevertheless there are many

Also available here: https://github.com/rwmjones/nbdkit/tree/2020-windows-mingw-nolib After a lot of work I have made the port to Windows work without using a separate library. Instead, on Windows only, we build an "import library" (library of stubs) which resolves references to nbdkit_* functions in the main program and fixes up the plugin, basically the first technique outlined in