From: Eric Blake <eblake@redhat.com>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH 2/2] io: fix stack allocation when sending of file descriptors
Date: Tue, 22 Dec 2015 11:20:30 -0700 [thread overview]
Message-ID: <5679946E.2060700@redhat.com> (raw)
In-Reply-To: <1450715016-18230-3-git-send-email-berrange@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 1877 bytes --]
On 12/21/2015 09:23 AM, Daniel P. Berrange wrote:
> When sending file descriptors over a socket, we have to
> allocate a data buffer to hold the FDs in the scmsghdr.
> Unfortunately we allocated the buffer on the stack inside
> an if () {} block, but called sendmsg() outside the block.
> So the stack bytes holding the FDs were liable to be
> overwritten with other data. By luck this was not a problem
> when sending 1 FD, but if sending 2 or more then it would
> fail.
>
> The fix is to simply move the variables outside the nested
> 'if' block. To keep valgrind quiet we also zero-initialize
> the 'control' buffer.
>
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
> io/channel-socket.c | 7 ++-
> tests/test-io-channel-socket.c | 98 ++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 101 insertions(+), 4 deletions(-)
>
The fix itself is obvious from the commit message; the bulk of this
patch is the testsuite addition (which is a GOOD thing - thanks!).
> + qio_channel_readv_full(dst,
> + iorecv,
> + G_N_ELEMENTS(iorecv),
> + &fdrecv,
> + &nfdrecv,
> + &error_abort);
> +
> + g_assert(nfdrecv == G_N_ELEMENTS(fdsend));
> + /* Each recvd FD should be different from sent FD */
> + for (i = 0; i < nfdrecv; i++) {
> + g_assert_cmpint(fdrecv[i], !=, testfd);
> + }
Here, you blindly dereference fdrecv[]...
> + unlink(TEST_FILE);
> + close(testfd);
> + if (fdrecv != NULL) {
...so this if() is dead, and you can just always do the cleanup.
That's minor, so:
Reviewed-by: Eric Blake <eblake@redhat.com>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]
next prev parent reply other threads:[~2015-12-22 18:20 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-21 16:23 [Qemu-devel] [PATCH 0/2] Fixes to FD passing with QIOChannel Daniel P. Berrange
2015-12-21 16:23 ` [Qemu-devel] [PATCH 1/2] io: fix setting of QIO_CHANNEL_FEATURE_FD_PASS on server connections Daniel P. Berrange
2015-12-22 18:14 ` Eric Blake
2015-12-23 10:49 ` Daniel P. Berrange
2015-12-21 16:23 ` [Qemu-devel] [PATCH 2/2] io: fix stack allocation when sending of file descriptors Daniel P. Berrange
2015-12-22 18:20 ` Eric Blake [this message]
2015-12-23 10:50 ` Daniel P. Berrange
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5679946E.2060700@redhat.com \
--to=eblake@redhat.com \
--cc=berrange@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.