Oliver Kurth [Wed, 10 Apr 2019 21:14:53 +0000 (14:14 -0700)]
Asyncsocket in low latency send mode may write into freed memory
Blast service encounters access violation exception during scale tests
in AsyncTCPSocketSend() at bora\lib\asyncsocket\asyncsocket.c.
Root cause is asock refcount is not incremented before the inline
invocation of AsyncTCPSocketSendCallback() in the low latency send
mode and asock is accessed right after this invocation to decrement
inLowLatencySendCb counter. AsyncTCPSocketSendCallback() on error
would invoke error handler which in turn could close the asock
leading to freeing of asock.
Issue wouldn't happen if AsyncWebSocket impl guarded all of its
transport->send(transport) calls with AsyncSocketAddRef(transport)
and AsyncSocketRelease(transport) but isn't the case currently.
Fix is to add and release asock reference around the inline
invocation of AsyncTCPSocketSendCallback().
Oliver Kurth [Wed, 10 Apr 2019 21:14:52 +0000 (14:14 -0700)]
InitiateFileTransferToGuest fails when uploading file to root directory
File upload to '/' on Linux fails the directory exists check.
This is caused by the file dirname being an empty string when parsed from
the guest file path name per the documented behavior of File_GetPathName.
The caller of File_GetPathName needs to handle the expected empty dirname
string when dealing with file path in the root ('/') filesystem on Linux.
Proposed fix is to replace the dirname string with the root path ('/') when:
A. dirname obtained from File_GetPathName call is an empty string AND
B. the original file path name starts with the path separator ('/') on
Linux (or *nix like) GOSes
This allows for the directory checks to inspect the root folder before
proceeding with the file transfer.
Oliver Kurth [Wed, 10 Apr 2019 21:14:49 +0000 (14:14 -0700)]
InitiateFileTransferToGuest fails when uploading file to root directory
File upload to '/' on Linux fails the directory exists check.
This is caused by the file dirname being an empty string when parsed from the guest file path name per the documented behavior of File_GetPathName.
The caller of File_GetPathName needs to handle the expected empty dirname string when dealing with file path in the root ('/') filesystem on Linux.
Proposed fix is to replace the dirname string with the root path ('/') when:
A. dirname obtained from File_GetPathName call is an empty string AND
B. the original file path name starts with the path separator ('/') on Linux (or *nix like) GOSes
This allows for the directory checks to inspect the root folder before proceedeing with the file transfer.
Oliver Kurth [Thu, 28 Mar 2019 19:43:00 +0000 (12:43 -0700)]
Remove the /etc/security directory from the guest vm-support bundle.
This directory contains sensitive guest side data that we should not
expose to the host side.
Although running the vm-support requires the root privilege in the guest,
the guest admin might not be aware of the ramification of running the script.
Therefore, better be cautious.
No file from the /etc/security has been needed in the past. If any file is
needed in the future, that need will be evaluated case-by-case at that time.
Oliver Kurth [Thu, 28 Mar 2019 19:42:59 +0000 (12:42 -0700)]
Fix a memory leak in vmbackup.
Note: vm_free() is called here because GuestApp_GetConfPath() is calling
Util_SafeStrdup() to allocate the memory. Both GuestApp_GetConfPath and
vm_free are implemented inside libvmtools.so.
Oliver Kurth [Thu, 28 Mar 2019 19:42:59 +0000 (12:42 -0700)]
Fix memory leak in GetFormattedCommandLine() function (linuxDeployment.c)
1. There are malloc() calls happening in a loop; this function returns
NULL when one of malloc fails. If a malloc call fails in the loop,
all memory allocated in previous iterations should be freed before
the return NULL.
2. Clear allocated resources before return NULL in this file.
3. Add NULL check following malloc calls in this file.
4. Encapsulate %s in () only if %s is strerror(errno), otherwise encapsulate
%s in single quotes.
5. End with \n in sLog.
Oliver Kurth [Wed, 27 Feb 2019 22:39:58 +0000 (14:39 -0800)]
Remove dead code in vmtoolsConfig.c
There is a lot code in vmtoolsConfig.c that handles the 'tools upgrades'
from legacy tools versions.
But as per
https://docs.vmware.com/en/VMware-Tools/10.1/rn/vmware-tools-1010-release-notes.html#installupgrade,
legacy tools versions (prior to 9.4.x) must be first upgraded to 10.1.0 before
upgrading to the latest tools versions. Hence, removed all the code which is
no longer applicable for the 'latest tools version'.
Oliver Kurth [Wed, 27 Feb 2019 22:39:57 +0000 (14:39 -0800)]
Tools Vix Plugin: minor cleanup remove unnecessary undefs
A minor cleanup remove unnecessary undefs and fixing a misspelling in
a function header. The function header somehow got removed from the
previous clean up so here it is again anyway, with the addition of the
spelling correction.
Oliver Kurth [Wed, 27 Feb 2019 22:39:57 +0000 (14:39 -0800)]
Linux DeployPkg should provide a configurable timeout for the spanning
customization process.
Change the upper limit of the timeout value in tools.conf to 3600 instead
of MAX_UINT16. Revise the log message displayed when an invalid value
is configured in tools.conf.
Oliver Kurth [Wed, 27 Feb 2019 22:39:55 +0000 (14:39 -0800)]
GCC 9 caught several misaligned accesses and a format overflow.
GCC 9 generated several instances of "Werror=address-of-packed-member"
in HGFS Fuse support code and hgfsmounter. There is also one instance of
"Werror=format-overflow" generated in util_misc.c.
According to stackoverflow discussion -
https://stackoverflow.com/questions/8568432/is-gccs-attribute-packed-pragma-pack-unsafe,
x86 hardware handles misaligned access and does not exhibit any real
issues. However, GCC 9 generates misaligned access warning
("Werror=address-of-packed-member) for all architectures. In case of
open-vm-tools build we treat warnings as errors and also we want code
to be as portable as possible in general unless there is a reason not
to do so.
Oliver Kurth [Tue, 19 Feb 2019 20:51:33 +0000 (12:51 -0800)]
Hgfs Server Manager Tools: fix a memory leak
The Hgfs server manager interface assumes that it is called only once
for each application that uses it. However, in the tools services there
are multiple clients. Hence, the initialization is done multiple times
and causes the previous initializations which allocate resources to be
overwritten and lost. Thus memory is being leaked.
Initialize the policy shares once on the first register and cleanup
the policy shares on final unregister by introducing a reference count.
The channel is already reference counted and initializes the channel once.
However it is necessary to call the channel init on each register
and exit on each unregister as it saves a channel reference in the data manager
object passed to it by the caller for subsequent retrieval.
Add an additional log to the policy init and cleanup calls for tracking purposes.
Oliver Kurth [Tue, 19 Feb 2019 20:51:32 +0000 (12:51 -0800)]
Fix the missing IP aliases in the guest info.
IP aliases were missing in the guest info when libdnet is not used.
Previously tried to use the MAC address as the key to identify the IP aliases
on Linux. However, that didn't work for vlan devices which share the same
MAC as the parent NIC. The previous attempt was backed out.
Ideally, need to find a way to map the label name to the NIC name, but
have not been able to find a simple solution for this. There might be a
netlink based solution but it is way too costly to do.
After more investigation, found out that a valid IP alias name must start
with the original NIC name followed by a colon. Even though the ip addr allows
any string as the start of the NIC name, configuration file requires the colon.
In addition, ifconfig would error out when the name is not of the standard:
ens192wwwww: error fetching interface information: Device not found
Therefore, a correctly configured system should use eth0:1, ens192:2 etc.
A lookup of libdnet source revealed the same assumption in the libdnet code.
/* Get addresses for this interface. */
for (ifr = intf->ifc.ifc_req; ifr < lifr && (ap + 1) < lap;
ifr = NEXTIFR(ifr)) {
/* XXX - Linux, Solaris ifaliases */
if ((p = strchr(ifr->ifr_name, ':')) != NULL)
*p = '\0';
Therefore, doing just the same. Look for the colon, then trim it, and then
compare it with the NIC name.
Oliver Kurth [Tue, 19 Feb 2019 20:51:32 +0000 (12:51 -0800)]
GuestOS: Improve the guest OS identification code
Now that we often have an explicit, unambiguous version string for
a distro, use it. In the rare case we don't have one, search the
distro string for a digit and use that. If we can't find anything,
note this and let the code fall into the default appropriate to the
distro.
With this change, we stop using strings and so are no longer confused
by things like "7.5". For a few of the distros, we now no longer care
about the upper bound, we can report what we find. Anything above what
the release supports will be fixed by the GuestMapper.
Oliver Kurth [Tue, 19 Feb 2019 20:51:32 +0000 (12:51 -0800)]
Fix the missing IP aliases in the guest info.
IP aliases were missing in the guest info when the libdnet is not used.
ESX does not seem to support IP aliases, so the ESX code path is kept logically
the same as before.
On Linux, for each IP entry, get the label name, and use ioctl to get its MAC.
Use the MAC to match the current device MAC.
The getifaddrs() call ensures that the ifa_name is not NULL, so there is no
need to check for NULL pointers.
Oliver Kurth [Tue, 19 Feb 2019 20:51:31 +0000 (12:51 -0800)]
Include vmware/tools/log.h to define g_info.
A recent change added a call to g_info from syncManifest.c. This
in turn is causing open-vm-tools builds to fail because g_info is
not available on SLES 12sp1.
To fix the problem, include vmware/tools/log.h in syncManifest.c.
log.h defines g_info as a macro.
Oliver Kurth [Tue, 19 Feb 2019 20:51:31 +0000 (12:51 -0800)]
Always send VMBACKUP_EVENT_GENERIC_MANIFEST during quiesced snapshots.
vSphere 6.7 added a host-side interface that allows VMTools to send
a "generic" backup manifest during a quiesced snapshot on Linux guests.
VMTools 10.2.0 or later tries to notify the host of the backup manifest
file through a vmbackup event message VMBACKUP_EVENT_GENERIC_MANIFEST.
If the host is unable to field the message, then VMTools logs the
failure and then continues with the quiesced snapshot in the older
fashion, without the backup manifest.
An earlier change attempted to reduce the amount of logging done when
running on older hosts that don't support VMBACKUP_EVENT_GENERIC_MANIFEST
by detecting when sending VMBACKUP_EVENT_GENERIC_MANIFEST fails and
not sending the message again for subsequent quiesced snapshots.
However, subsequent stress testing has uncovered problems with this
approach when running on newer hosts; specifically, errors may sometimes
be encountered on newer hosts when sending VMBACKUP_EVENT_GENERIC_MANIFEST.
Therefore this change backs out that earlier change.
Note that the need to solve the problem that that earlier change was
intended to solve has been reduced because support for
VMBACKUP_EVENT_GENERIC_MANIFEST has been backported to vSphere 6.5
P03, which is available, and vSphere 6.0 P08, which is scheduled for
release later this year. ESXi 5.5 is out of general support.
This change also addresses an issue that surfaced when testing on a
host without support for VMBACKUP_EVENT_GENERIC_MANIFEST.
If VMTools fails to send VMBACKUP_EVENT_GENERIC_MANIFEST, the quiesced
snapshot operation will be aborted rather than continuing as it should.
To address this, create a new function, VmBackup_SendEventNoAbort,
which does not abort the quiesced snapshot on failure, and call that
function rather than VmBackup_SendEvent when sending
VMBACKUP_EVENT_GENERIC_MANIFEST.
Oliver Kurth [Tue, 19 Feb 2019 20:51:31 +0000 (12:51 -0800)]
Linux DeployPkg should provide a configurable timeout for the spanning
customization process. Right now it is hard-coded to 100 seconds.
Sources to provide "timeout" value:
1. Clients such as vCenter and SRM can pack timeout value in cab header
via API func "DeployPkg_SetProcessTimeout(uint16 timeout)". this timeout
value will be implemented during the package deployment process.
2. Package deployment engines:
- tools deployPkg plugin:
Add "process-timeout" in tools.conf. The tools deployPkg plugin will use
that value to control the time period of the package deployment.
- linuxDeployPkg:
Add "-t <timeout>" as optional argument in linuxDeployPkg
Usage: ./linuxDeployPkg -d <cabfile> -t <timeout> --skip-reboot
3. Default value in deployPkg is 100s. If both the client and package
deployment engines don't provid this value, then the default value of
100s will be used.
4. The "timeout" value from clients will overwrite the value from the
deployment engines when both of them provid this value.
Oliver Kurth [Tue, 19 Feb 2019 20:51:30 +0000 (12:51 -0800)]
Use the LSB and os-release data to find the best guest identification
Historically, we have the LSB to describe a Linux distro. More
recently, the os-release standard was added. Change our guest
identification code to attempt to use both data - when available - and
make a value judgement as to which is better.
Oliver Kurth [Tue, 19 Feb 2019 20:51:30 +0000 (12:51 -0800)]
[Part 2] GuestLib support for 64bit memory shares.
MEMSCHED_SHARES_MAX is currently set to MAX_PPN and will not fit in
32-bit soon. 'memshares' property which is currently available in GuestSDK
is an unsigned 32bit value. Starting from ESX 7.0, this value is available
only if it can be fit in an unsigned 32-bit data type.
'memShares64' is the new unsigned 64-bit property added in GuestSDK for the
memory shares.
Added necessary APIs to retrieve the memshares64 value. The new API
VMGuestLib_GetMemShares64 will first try to retrieve the memShares64 property.
If the underlying host is an older one, then the API will return the memShares
property.
Updated the vmGuestLibTest code to retrieve and print the new memShares64 value.
Oliver Kurth [Tue, 19 Feb 2019 20:51:30 +0000 (12:51 -0800)]
Update seamless window's copyright year as 1998-2019
1. Changing the COPYRIGHT_YEARS in vm_legal.h to 1998-2019
2. COPYRIGHT_YEARS is used by UTF8_COPYRIGHT_STRING_BASE and
UTF16_COPYRIGHT_STRING for win32 UTF-16 version.
Oliver Kurth [Tue, 19 Feb 2019 20:51:30 +0000 (12:51 -0800)]
[Part 1] GuestLib support for 64bit memory shares.
MEMSCHED_SHARES_MAX is currently set to MAX_PPN and will not fit in 32-bit soon.
Changed the datatype of 'memshares' property to uint64 for the future support.
'memshares' is exposed in GuestLib as unsigned 32-bit value.
Modified the ESX code to set this property only if the vaulue can be fit in
a uint32 type. Else, the value is not set and 'valid' bit set is set to FALSE.
Added a new property "memShares64" (as uint64) in GuestLib for the new
64-bit memory shares.
This CLN implements only the necessary changes on ESX side.
Oliver Kurth [Tue, 19 Feb 2019 20:51:29 +0000 (12:51 -0800)]
Security issue with the intermediate staging directory used for DnD and CnP
Problem:
/tmp/VMwareDnD is a staging directory used for DnD and CnP. It should be
a regular directory, but malicious code or user may create the /tmp/VMwareDnD
as a symbolic link which points to the home directory of the current desktop
user before the staging directory is created. Later when the desktop user
initiates a DnD or CnP operation, the permission of that user's home directory
will be changed allowing the malicious user full access to the desktop user's
home directory.
Solution:
Do not set the permission of the staging directory if that directory already
exists and has the wrong permission. The permission of the directory will
be 1777 if it is created by VMTools. If that is not the case, the directory
has been created or modified by malicious code or user; just cancel the host
to guest DnD or CnP operation.
projects / thirdparty / open-vm-tools.git / log
