[PULL 13/17] vfio/iommufd: Remove the use of stat() to check file existence

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "Cédric Le Goater" <clg@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Alex Williamson" <alex.williamson@redhat.com>,
	"Eric Auger" <eric.auger@redhat.com>,
	"Cédric Le Goater" <clg@redhat.com>,
	"Zhenzhong Duan" <Zhenzhong.duan@intel.com>
Subject: [PULL 13/17] vfio/iommufd: Remove the use of stat() to check file existence
Date: Mon,  8 Jan 2024 08:32:28 +0100	[thread overview]
Message-ID: <20240108073232.118228-14-clg@redhat.com> (raw)
In-Reply-To: <20240108073232.118228-1-clg@redhat.com>

Using stat() before opening a file or a directory can lead to a
time-of-check to time-of-use (TOCTOU) filesystem race, which is
reported by coverity as a Security best practices violations. The
sequence could be replaced by open and fdopendir but it doesn't add
much in this case. Simply use opendir to avoid the race.

Fixes: CID 1531551
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Zhenzhong Duan <Zhenzhong.duan@intel.com>
---
 hw/vfio/iommufd.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
index d4c586e842def8f04d3a914843f5eece2c75ea30..9bfddc1360895413176a9f170e29e89027384a66 100644
--- a/hw/vfio/iommufd.c
+++ b/hw/vfio/iommufd.c
@@ -121,17 +121,11 @@ static int iommufd_cdev_getfd(const char *sysfs_path, Error **errp)
     DIR *dir = NULL;
     struct dirent *dent;
     gchar *contents;
-    struct stat st;
     gsize length;
     int major, minor;
     dev_t vfio_devt;
 
     path = g_strdup_printf("%s/vfio-dev", sysfs_path);
-    if (stat(path, &st) < 0) {
-        error_setg_errno(errp, errno, "no such host device");
-        goto out_free_path;
-    }
-
     dir = opendir(path);
     if (!dir) {
         error_setg_errno(errp, errno, "couldn't open directory %s", path);
-- 
2.43.0

next prev parent reply	other threads:[~2024-01-08  7:33 UTC|newest]

Thread overview: 19+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-08  7:32 [PULL 00/17] vfio queue Cédric Le Goater
2024-01-08  7:32 ` [PULL 01/17] vfio/spapr: Extend VFIOIOMMUOps with a release handler Cédric Le Goater
2024-01-08  7:32 ` [PULL 02/17] vfio/container: Introduce vfio_legacy_setup() for further cleanups Cédric Le Goater
2024-01-08  7:32 ` [PULL 03/17] vfio/container: Initialize VFIOIOMMUOps under vfio_init_container() Cédric Le Goater
2024-01-08  7:32 ` [PULL 04/17] vfio/container: Introduce a VFIOIOMMU QOM interface Cédric Le Goater
2024-01-08  7:32 ` [PULL 05/17] vfio/container: Introduce a VFIOIOMMU legacy " Cédric Le Goater
2024-01-08  7:32 ` [PULL 06/17] vfio/container: Intoduce a new VFIOIOMMUClass::setup handler Cédric Le Goater
2024-01-08  7:32 ` [PULL 07/17] vfio/spapr: Introduce a sPAPR VFIOIOMMU QOM interface Cédric Le Goater
2024-01-08  7:32 ` [PULL 08/17] vfio/iommufd: Introduce a VFIOIOMMU iommufd " Cédric Le Goater
2024-01-08  7:32 ` [PULL 09/17] vfio/spapr: Only compile sPAPR IOMMU support when needed Cédric Le Goater
2024-01-08  7:32 ` [PULL 10/17] vfio/iommufd: Remove CONFIG_IOMMUFD usage Cédric Le Goater
2024-01-08  7:32 ` [PULL 11/17] vfio/container: Replace basename with g_path_get_basename Cédric Le Goater
2024-01-08  7:32 ` [PULL 12/17] hw/vfio: fix iteration over global VFIODevice list Cédric Le Goater
2024-01-08  7:32 ` Cédric Le Goater [this message]
2024-01-08  7:32 ` [PULL 14/17] vfio/container: Rename vfio_init_container to vfio_set_iommu Cédric Le Goater
2024-01-08  7:32 ` [PULL 15/17] vfio/migration: Add helper function to set state or reset device Cédric Le Goater
2024-01-08  7:32 ` [PULL 16/17] backends/iommufd: Remove check on number of backend users Cédric Le Goater
2024-01-08  7:32 ` [PULL 17/17] backends/iommufd: Remove mutex Cédric Le Goater
2024-01-08 13:16 ` [PULL 00/17] vfio queue Peter Maydell

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:d4c586e842def8f04d3a914843f5eece2c75ea3
dfblob:9bfddc1360895413176a9f170e29e89027384a6 )
 OR (
bs:"[PULL 13/17] vfio/iommufd: Remove the use of stat() to check file existence" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240108073232.118228-14-clg@redhat.com \
    --to=clg@redhat.com \
    --cc=Zhenzhong.duan@intel.com \
    --cc=alex.williamson@redhat.com \
    --cc=eric.auger@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.