[PATCH 0/2] block/blkio: fix fd leak and add more comments for the fd passing

[PATCH 0/2] block/blkio: fix fd leak and add more comments for the fd passing

[Stefano Garzarella]

Hanna discovered an fd leak in the error path, and a few comments to
improve in the code.

Stefano Garzarella (2):
  block/blkio: close the fd when blkio_connect() fails
  block/blkio: add more comments on the fd passing handling

 block/blkio.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

-- 
2.41.0

[PATCH 1/2] block/blkio: close the fd when blkio_connect() fails

[Stefano Garzarella]

libblkio drivers take ownership of `fd` only after a successful
blkio_connect(), so if it fails, we are still the owners.

Fixes: cad2ccc395 ("block/blkio: use qemu_open() to support fd passing for virtio-blk")
Suggested-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 block/blkio.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/block/blkio.c b/block/blkio.c
index 8e7ce42c79..2d53a865e7 100644
--- a/block/blkio.c
+++ b/block/blkio.c
@@ -739,6 +739,7 @@ static int blkio_virtio_blk_connect(BlockDriverState *bs, QDict *options,
      * directly setting `path`.
      */
     if (fd_supported && ret == -EINVAL) {
+        fd_supported = false;
         qemu_close(fd);
 
         /*
@@ -763,6 +764,14 @@ static int blkio_virtio_blk_connect(BlockDriverState *bs, QDict *options,
     }
 
     if (ret < 0) {
+        if (fd_supported) {
+            /*
+             * libblkio drivers take ownership of `fd` only after a successful
+             * blkio_connect(), so if it fails, we are still the owners.
+             */
+            qemu_close(fd);
+        }
+
         error_setg_errno(errp, -ret, "blkio_connect failed: %s",
                          blkio_get_error_msg());
         return ret;
-- 
2.41.0

[PATCH 2/2] block/blkio: add more comments on the fd passing handling

[Stefano Garzarella]

As Hanna pointed out, it is not clear in the code why qemu_open()
can fail, and why blkio_set_int("fd") is not enough to discover
the `fd` property support.

Let's fix them by adding more details in the code comments.

Suggested-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 block/blkio.c | 15 ++++++++++++---
 1 file changed, 12 insertions(+), 3 deletions(-)

diff --git a/block/blkio.c b/block/blkio.c
index 2d53a865e7..848b8189d0 100644
--- a/block/blkio.c
+++ b/block/blkio.c
@@ -713,6 +713,12 @@ static int blkio_virtio_blk_connect(BlockDriverState *bs, QDict *options,
          */
         fd = qemu_open(path, O_RDWR, NULL);
         if (fd < 0) {
+            /*
+             * qemu_open() can fail if the user specifies a path that is not
+             * a file or device, for example in the case of Unix Domain Socket
+             * for the virtio-blk-vhost-user driver. In such cases let's have
+             * libblkio open the path directly.
+             */
             fd_supported = false;
         } else {
             ret = blkio_set_int(s->blkio, "fd", fd);
@@ -734,9 +740,12 @@ static int blkio_virtio_blk_connect(BlockDriverState *bs, QDict *options,
 
     ret = blkio_connect(s->blkio);
     /*
-     * If the libblkio driver doesn't support the `fd` property, blkio_connect()
-     * will fail with -EINVAL. So let's try calling blkio_connect() again by
-     * directly setting `path`.
+     * Before https://gitlab.com/libblkio/libblkio/-/merge_requests/208
+     * (libblkio <= v1.3.0), setting the `fd` property is not enough to check
+     * whether the driver supports the `fd` property or not. In that case,
+     * blkio_connect() will fail with -EINVAL.
+     * So let's try calling blkio_connect() again by directly setting `path`
+     * to cover this scenario.
      */
     if (fd_supported && ret == -EINVAL) {
         fd_supported = false;
-- 
2.41.0

Re: [PATCH 1/2] block/blkio: close the fd when blkio_connect() fails

[Hanna Czenczek]

On 01.08.23 18:03, Stefano Garzarella wrote:
> libblkio drivers take ownership of `fd` only after a successful
> blkio_connect(), so if it fails, we are still the owners.
>
> Fixes: cad2ccc395 ("block/blkio: use qemu_open() to support fd passing for virtio-blk")
> Suggested-by: Hanna Czenczek <hreitz@redhat.com>
> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
> ---
>   block/blkio.c | 9 +++++++++
>   1 file changed, 9 insertions(+)

Works, so:

Reviewed-by: Hanna Czenczek <hreitz@redhat.com>


But personally, instead of having `fd_supported` track whether we have a 
valid FD or not, I’d find it more intuitive to track ownership through 
the `fd` variable itself, i.e. initialize it to -1, and set it -1 when 
ownership is transferred, and then close it once we don’t need it 
anymore, but failed to transfer ownership to blkio.  The elaborate way 
would be something like

...
-int fd, ret;
+int fd = -1;
+int ret;
...
  ret = blkio_connect(s->blkio);
+if (!ret) {
+    /* If we had an FD, libblkio now has ownership of it */
+    fd = -1;
+}
+if (fd >= 0) {
+    /* We still have FD ownership, but no longer need it, so close it */
+    qemu_close(fd);
+    fd = -1;
+}
  /*
   * [...]
   */
  if (fd_supported && ret == -EINVAL) {
-    qemu_close(fd);
-
...


Or the shorter less-verbose version would be:

...
-int fd, ret;
+int fd = -1;
+int ret;
...
  ret = blkio_connect(s->blkio);
+if (fd >= 0 && ret < 0) {
+    /* Failed to give the FD to libblkio, close it */
+    qemu_close(fd);
+}
  /*
   * [...]
   */
  if (fd_supported && ret == -EINVAL) {
-    qemu_close(fd);
-
...

Re: [PATCH 2/2] block/blkio: add more comments on the fd passing handling

[Hanna Czenczek]

On 01.08.23 18:03, Stefano Garzarella wrote:
> As Hanna pointed out, it is not clear in the code why qemu_open()
> can fail, and why blkio_set_int("fd") is not enough to discover
> the `fd` property support.
>
> Let's fix them by adding more details in the code comments.
>
> Suggested-by: Hanna Czenczek <hreitz@redhat.com>
> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
> ---
>   block/blkio.c | 15 ++++++++++++---
>   1 file changed, 12 insertions(+), 3 deletions(-)

Thanks!

Reviewed-by: Hanna Czenczek <hreitz@redhat.com>

Re: [PATCH 1/2] block/blkio: close the fd when blkio_connect() fails

[Stefano Garzarella]

On Wed, Aug 02, 2023 at 01:15:40PM +0200, Hanna Czenczek wrote:
>On 01.08.23 18:03, Stefano Garzarella wrote:
>>libblkio drivers take ownership of `fd` only after a successful
>>blkio_connect(), so if it fails, we are still the owners.
>>
>>Fixes: cad2ccc395 ("block/blkio: use qemu_open() to support fd passing for virtio-blk")
>>Suggested-by: Hanna Czenczek <hreitz@redhat.com>
>>Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
>>---
>>  block/blkio.c | 9 +++++++++
>>  1 file changed, 9 insertions(+)
>
>Works, so:
>
>Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
>
>
>But personally, instead of having `fd_supported` track whether we have 
>a valid FD or not, I’d find it more intuitive to track ownership 
>through the `fd` variable itself, i.e. initialize it to -1, and set it 
>-1 when ownership is transferred, and then close it once we don’t need 
>it anymore, but failed to transfer ownership to blkio.  The elaborate 
>way would be something like
>
>...
>-int fd, ret;
>+int fd = -1;
>+int ret;
>...
> ret = blkio_connect(s->blkio);
>+if (!ret) {
>+    /* If we had an FD, libblkio now has ownership of it */
>+    fd = -1;
>+}
>+if (fd >= 0) {
>+    /* We still have FD ownership, but no longer need it, so close it */
>+    qemu_close(fd);
>+    fd = -1;
>+}
> /*
>  * [...]
>  */
> if (fd_supported && ret == -EINVAL) {
>-    qemu_close(fd);
>-
>...
>
>
>Or the shorter less-verbose version would be:
>
>...
>-int fd, ret;
>+int fd = -1;
>+int ret;
>...
> ret = blkio_connect(s->blkio);
>+if (fd >= 0 && ret < 0) {
>+    /* Failed to give the FD to libblkio, close it */
>+    qemu_close(fd);
>+}

I like this, I'll do it in v2!

Thanks,
Stefano