mirage / qubes-mirage-firewall

A Mirage firewall VM for QubesOS
BSD 2-Clause "Simplified" License
210 stars 28 forks source link

use a fresh client for requesting vif and ip #160

Closed hannesm closed 1 year ago

hannesm commented 1 year ago

in the callback to "Xs_client.wait", all operations are tracked and new watches are installed (that are never removed, due to xenstore's xs_handle "accessed_path" never removes any elements of the "accessed_paths" (a mutable StringSet). So, whatever is done in the callback of wait needs to take care (if returning EAGAIN and thus forcing xenstore to continue waiting/watching) that accesses are tracked.

Our way out is to create a fresh client and read the IP address with that new client -> the watcher isn't extended -> no dangling (leaking) watches, and no leaking only-expanding StringSet.

tentative fix for #155

hannesm commented 1 year ago

diff best viewed without whitespace changes, https://github.com/mirage/qubes-mirage-firewall/pull/160/files?w=1

palainp commented 1 year ago

Thanks again @hannesm for your time and your hard work on this! I also tried to think how to handle the watches in xenstore but also failed.

With this PR I was able to successively start & stop 100+ clients, I think it solve the issue so LGTM so far.

@xaki23 would you mind to test that on your setup too?

hannesm commented 1 year ago

this has been part of https://github.com/mirage/qubes-mirage-firewall/pull/163 and the 0.8.3 release