-
Notifications
You must be signed in to change notification settings - Fork 282
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CA-85761: distinguish between unguessable uuids and references and those which are merely unique #756
Conversation
djs55/xen-api@0a73c20 ⇒ 880a717: Merge and build failed.Failed when executing:
|
djs55/xen-api@0a73c20 ⇒ 2a9f119: Merge and build failed.Failed when executing:
|
djs55/xen-api@0a73c20 ⇒ 79545c2: Merge and build failed.Failed when executing: |
djs55/xen-api@0a73c20 ⇒ 341dcc5: Merge and build failed.Failed when executing: |
djs55/xen-api@0a73c20 ⇒ a656e99: Merge and build failed.Failed when executing: |
djs55/xen-api@0a73c20 ⇒ 9dff6ec: Merge and build failed.Failed when executing: |
This needs to be merged at the same time as |
djs55/xen-api@3a67f03 ⇒ 9dff6ec: Merge and build failed.Failed when executing:
|
djs55/xen-api@3a67f03 ⇒ aa8a298: Merge and build failed.Failed when executing:
|
djs55/xen-api@3a67f03 ⇒ 92907f8: Merge and build failed.Failed when executing:
|
djs55/xen-api@3a67f03 ⇒ 4d86e2d: Merge and build failed.Failed when executing:
|
djs55/xen-api@3a67f03 ⇒ 4bfc9cd: Merge and build failed.Failed when executing:
|
djs55/xen-api@3a67f03 ⇒ 4436181: Merge and build failed.Failed when executing:
|
djs55/xen-api@3a67f03 ⇒ 8e0794a: Merge and build failed.Failed when executing:
|
djs55/xen-api@3a67f03 ⇒ 1e7055c: Merge and build failed.Failed when executing:
|
djs55/xen-api@3a67f03 ⇒ 0d15255: Merge and build failed.Failed when executing: |
djs55/xen-api@3a67f03 ⇒ 3b22ab6: Merge and build failed.Failed when executing: |
Signed-off-by: David Scott <dave.scott@eu.citrix.com>
…/dev/urandom We only need /dev/{u,}random when the results have to be unguessable. In the vast majority of cases we only require the UUIDs to be Unique. When we need an unguessable UUID we use Uuid.secure() and when we need only a unique UUID we use Uuid.insecure() In particular, we still need unguessable UUIDs for anything to do with * session generation * secrets Signed-off-by: David Scott <dave.scott@eu.citrix.com>
Rebased following a reindent? |
…dev/urandom Just like with UUIDs, the vast majority of the time we only need Refs to be Unique, not unguessable. Whenever we want an unguessable ref, we call Ref.secure() and whenever we only need a unique ref, we call Ref.insecure() In particular, we still need unguessable UUIDs for anything to do with * session generation * secrets Signed-off-by: David Scott <dave.scott@eu.citrix.com>
djs55/xen-api@eedc738 ⇒ 3b22ab6: Merge and build failed.Failed when executing:
|
Signed-off-by: David Scott <dave.scott@eu.citrix.com>
djs55/xen-api@9939238 ⇒ 3b22ab6: Merge and build failed.Failed when executing:
|
djs55/xen-api@9939238 ⇒ d4f184c: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 1a684ed: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 3a063dc: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ e69de64: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ d0d5ccd: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 70c578f: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 1ff57c3: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 4046907: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ f749db6: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ b596092: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ e7c4abd: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 9ee3df5: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 7c62863: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 3024628: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ e741bb5: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 1fdd46f: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ f463ff6: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ f84cbb2: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 63d41a8: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 4ca1a4c: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ d3754ae: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 05ed6e8: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 42a7d48: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ f2c23f6: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ dbd1565: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 2c0fbe1: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 8cddb3a: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ f0f8d51: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 0817d46: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 4baae9e: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 094c895: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ ae24881: Merge and build failed.Failed when executing: |
djs55/xen-api@9939238 ⇒ 1bfdaaf: Merge and build failed.Failed when executing: |
I'm going to close this until the branch can be rebased. |
Do not lose stacktraces when handling exception in VM.receive_memory
Everywhere where we make a uuid or reference, decide whether it needs to be unguessable or not. The only things which must be unguessable are session ids (and possibly secrets).
With this change the number of /dev/urandom reads recorded by strace during a migration drops from 680 to 10.
Tested by:
1. quicktest
2. xapi restart with no pool secret -- to verify regeneration was ok
3. adding a "SECURE:" prefix to "Uuid.secure" and checking that sessions were "secure" while VM references were not