GCC has two warnings related to large stack frames. We were already
using the -Wframe-larger-than warning, but this reduces the threshold
from 10000 to 5000 bytes.
However that warning only covers the static part of frames (not
alloca). So this change also enables -Wstack-usage=10000 which covers
both the static and dynamic usage (alloca and variable length arrays).
Multiple changes are made throughout the code to reduce frames to fit
within these new limits.
Note that stack allocation of large strings can be a security issue.
For example, we had code like:
size_t len = strlen (fs->windows_systemroot) + 64;
char software[len];
snprintf (software, len, "%s/system32/config/software",
fs->windows_systemroot);
where fs->windows_systemroot is guest controlled. It's not clear what
the effects might be of allowing the guest to allocate potentially
very large stack frames, but at best it allows the guest to cause
libguestfs to segfault. It turns out we are very lucky that
fs->windows_systemroot cannot be set arbitrarily large (see checks in
is_systemroot).
This commit changes those to large heap allocations instead.
This allows you to append one file to another:
copy-file-to-file /input.txt /output.txt append:true
will append the contents of /input.txt to /output.txt.
When copying from file to file, don't leave the destination file
around if the copy fails.
However in the same code don't try unlinking the destination device on
failure.
Setting the 'sparse' optional boolean causes writes to be omitted if
the block to be written contains all zero bytes.
This should help with sparse backing files (eg. raw, qcow2, dm-thin, etc).
Also, modify virt-resize to use this option by default when copying
devices. The savings in virt-resize can be quite startling, eg
'du -sh' (ie. true size) of a resized disk image:
8.1G /tmp/f15x32-resized.img # before this change
3.2G /tmp/f15x32-resized.img # after this change
The presumption is that all file descriptors should be created with
the close-on-exec flag set. The only exception are file descriptors
that we want passed through to exec'd subprocesses (mainly pipes and
stdin/stdout/stderr).
For open calls, we pass O_CLOEXEC as an extra flag, eg:
fd = open ("foo", O_RDONLY|O_CLOEXEC);
This is a Linux-ism, but using a macro we can easily make it portable.
For sockets, similarly:
sock = socket (..., SOCK_STREAM|SOCK_CLOEXEC, ...);
For accepted sockets, we use the Linux accept4 system call which
allows flags to be supplied, but we use the Gnulib 'accept4' module to
make this portable.
For dup, dup2, we use the Linux dup3 system call, and the Gnulib
modules 'dup3' and 'cloexec'.
The four new APIs:
guestfs_copy_device_to_device,
guestfs_copy_device_to_file,
guestfs_copy_file_to_device, and
guestfs_copy_file_to_file
let you copy from a source to a destination, between files and
devices, optionally allowing source and destination offsets and size
to be specified.
