From: Markus Armbruster <armbru@redhat.com>
To: qemu-devel@nongnu.org
Cc: qemu-block@nongnu.org, kwolf@redhat.com,
mitake.hitoshi@lab.ntt.co.jp, namei.unix@gmail.com,
jcody@redhat.com, ndevos@redhat.com, eblake@redhat.com,
f4bug@amsat.org
Subject: [Qemu-devel] [PATCH v2 01/15] sheepdog: Defuse time bomb in sd_open() error handling
Date: Mon, 6 Mar 2017 20:00:35 +0100 [thread overview]
Message-ID: <1488826849-32384-2-git-send-email-armbru@redhat.com> (raw)
In-Reply-To: <1488826849-32384-1-git-send-email-armbru@redhat.com>
When qemu_opts_absorb_qdict() fails, sd_open() closes stdin, because
sd->fd is still zero. Fortunately, qemu_opts_absorb_qdict() can't
fail, because:
1. it only fails when qemu_opt_parse() fails, and
2. the only member of runtime_opts.desc[] is a QEMU_OPT_STRING, and
3. qemu_opt_parse() can't fail for QEMU_OPT_STRING.
Defuse this ticking time bomb by jumping behind the file descriptor
cleanup on error.
Also do that for the error paths where sd->fd is still -1. The file
descriptor cleanup happens to do nothing then, but let's not rely on
that here.
While there, rename label out to err, because it's on the error path,
not the normal path out of the function.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
---
block/sheepdog.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/block/sheepdog.c b/block/sheepdog.c
index 7434710..c3ee4ce 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -1392,7 +1392,7 @@ static int sd_open(BlockDriverState *bs, QDict *options, int flags,
if (local_err) {
error_propagate(errp, local_err);
ret = -EINVAL;
- goto out;
+ goto err_no_fd;
}
filename = qemu_opt_get(opts, "filename");
@@ -1412,17 +1412,17 @@ static int sd_open(BlockDriverState *bs, QDict *options, int flags,
}
if (ret < 0) {
error_setg(errp, "Can't parse filename");
- goto out;
+ goto err_no_fd;
}
s->fd = get_sheep_fd(s, errp);
if (s->fd < 0) {
ret = s->fd;
- goto out;
+ goto err_no_fd;
}
ret = find_vdi_name(s, vdi, snapid, tag, &vid, true, errp);
if (ret) {
- goto out;
+ goto err;
}
/*
@@ -1443,7 +1443,7 @@ static int sd_open(BlockDriverState *bs, QDict *options, int flags,
fd = connect_to_sdog(s, errp);
if (fd < 0) {
ret = fd;
- goto out;
+ goto err;
}
buf = g_malloc(SD_INODE_SIZE);
@@ -1454,7 +1454,7 @@ static int sd_open(BlockDriverState *bs, QDict *options, int flags,
if (ret) {
error_setg(errp, "Can't read snapshot inode");
- goto out;
+ goto err;
}
memcpy(&s->inode, buf, sizeof(s->inode));
@@ -1466,12 +1466,12 @@ static int sd_open(BlockDriverState *bs, QDict *options, int flags,
qemu_opts_del(opts);
g_free(buf);
return 0;
-out:
+
+err:
aio_set_fd_handler(bdrv_get_aio_context(bs), s->fd,
false, NULL, NULL, NULL, NULL);
- if (s->fd >= 0) {
- closesocket(s->fd);
- }
+ closesocket(s->fd);
+err_no_fd:
qemu_opts_del(opts);
g_free(buf);
return ret;
--
2.7.4
next prev parent reply other threads:[~2017-03-06 19:01 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-06 19:00 [Qemu-devel] [PATCH v2 00/15] block: A bunch of fixes for Sheepdog and Gluster Markus Armbruster
2017-03-06 19:00 ` Markus Armbruster [this message]
2017-03-06 19:22 ` [Qemu-devel] [PATCH v2 01/15] sheepdog: Defuse time bomb in sd_open() error handling Eric Blake
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 02/15] sheepdog: Fix error handling in sd_snapshot_delete() Markus Armbruster
2017-03-06 19:25 ` Eric Blake
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 03/15] sheepdog: Fix error handling sd_create() Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 04/15] sheepdog: Mark sd_snapshot_delete() lossage FIXME Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 05/15] sheepdog: Fix snapshot ID parsing in _open(), _create, _goto() Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 06/15] sheepdog: Don't truncate long VDI name in _open(), _create() Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 07/15] sheepdog: Report errors in pseudo-filename more usefully Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 08/15] sheepdog: Use SocketAddress and socket_connect() Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 09/15] sheepdog: Implement bdrv_parse_filename() Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 10/15] gluster: Drop assumptions on SocketTransport names Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 11/15] gluster: Don't duplicate qapi-util.c's qapi_enum_parse() Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 12/15] gluster: Plug memory leaks in qemu_gluster_parse_json() Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 13/15] qapi-schema: Rename GlusterServer to SocketAddressFlat Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 14/15] qapi-schema: Rename SocketAddressFlat's variant tcp to inet Markus Armbruster
2017-03-06 19:00 ` [Qemu-devel] [PATCH v2 15/15] sheepdog: Support blockdev-add Markus Armbruster
2017-03-07 13:09 ` [Qemu-devel] [PATCH v2 00/15] block: A bunch of fixes for Sheepdog and Gluster Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1488826849-32384-2-git-send-email-armbru@redhat.com \
--to=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=f4bug@amsat.org \
--cc=jcody@redhat.com \
--cc=kwolf@redhat.com \
--cc=mitake.hitoshi@lab.ntt.co.jp \
--cc=namei.unix@gmail.com \
--cc=ndevos@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).