From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44731)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <akong@redhat.com>) id 1Y2vXZ-0004Oj-9R
	for qemu-devel@nongnu.org; Mon, 22 Dec 2014 00:28:27 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <akong@redhat.com>) id 1Y2vXT-0004Ly-4h
	for qemu-devel@nongnu.org; Mon, 22 Dec 2014 00:28:21 -0500
Received: from mx1.redhat.com ([209.132.183.28]:56591)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <akong@redhat.com>) id 1Y2vXS-0004Lc-TG
	for qemu-devel@nongnu.org; Mon, 22 Dec 2014 00:28:15 -0500
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
	by mx1.redhat.com (8.14.4/8.14.4) with ESMTP id sBM5SD35023953
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256
	verify=FAIL)
	for <qemu-devel@nongnu.org>; Mon, 22 Dec 2014 00:28:13 -0500
Date: Mon, 22 Dec 2014 13:28:40 +0800
From: Amos Kong <akong@redhat.com>
Message-ID: <20141222052840.GA8597@air.redhat.com>
References: <1418995502-14908-1-git-send-email-akong@redhat.com>
	<5497948D.5050900@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="cWoXeonUoKmBZSoM"
Content-Disposition: inline
In-Reply-To: <5497948D.5050900@redhat.com>
Subject: Re: [Qemu-devel] [PATCH] check return value of fcntl() to detect
 invalid fd
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Jason Wang <jasowang@redhat.com>
Cc: qemu-devel@nongnu.org, stefanha@redhat.com, mst@redhat.com


--cWoXeonUoKmBZSoM
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Dec 22, 2014 at 11:48:29AM +0800, Jason Wang wrote:
>=20
> On 12/19/2014 09:25 PM, Amos Kong wrote:
> > Passing some invalid fds in QEMU commandline, the fds don't exist.
> > QEMU will get error "TUNGETIFF ioctl() failed: Bad file descriptor",
> > and coredump in setting queues.
> >
> > This patch checked return value of first operate to fd, QEMU will
> > report error and exit without coredump. It's effected for both netdev
> > fds and vhost_net fds.
> >
> > Signed-off-by: Amos Kong <akong@redhat.com>
> > ---
> >  net/tap.c | 16 +++++++++++++---
> >  1 file changed, 13 insertions(+), 3 deletions(-)
> >
> > diff --git a/net/tap.c b/net/tap.c
> > index bde6b58..039280a 100644
> > --- a/net/tap.c
> > +++ b/net/tap.c
> > @@ -688,7 +688,7 @@ int net_init_tap(const NetClientOptions *opts, cons=
t char *name,
> >                   NetClientState *peer)
> >  {
> >      const NetdevTapOptions *tap;
> > -    int fd, vnet_hdr =3D 0, i =3D 0, queues;
> > +    int fd, vnet_hdr =3D 0, i =3D 0, queues, ret;
> >      /* for the no-fd, no-helper case */
> >      const char *script =3D NULL; /* suppress wrong "uninit'd use" gcc =
warning */
> >      const char *downscript =3D NULL;
> > @@ -722,7 +722,12 @@ int net_init_tap(const NetClientOptions *opts, con=
st char *name,
> >              return -1;
> >          }
> > =20
> > -        fcntl(fd, F_SETFL, O_NONBLOCK);
> > +        ret =3D fcntl(fd, F_SETFL, O_NONBLOCK);
> > +        if (ret < 0) {
> > +            error_report("Fail to set file status to nonblock, "
> > +                         "%s", strerror(-ret));
> > +            return -1;
> > +        }
>=20
> This may not work. There may be still some kinds of fd can pass this but
> still fail at TUNGETIFF or other tun ioctls.

Early catching the error is better. This only help to check if the fd
exists.

=20
> Probably you need to fail during TUNGETIFF, which can make sure it was
> not a tap fd.

Currently if ioctl fails, we treat the IFF_VNET_HDR flag isn't set.
We can return -1 in this case, and checking return value of tap_probe_vnet_=
hdr(),
and fail qemu.

qemu/net/tap-linux.c:
int tap_probe_vnet_hdr(int fd)
{
    struct ifreq ifr;

    if (ioctl(fd, TUNGETIFF, &ifr) !=3D 0) {
        error_report("TUNGETIFF ioctl() failed: %s", strerror(errno));
        return 0;        <=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
    }

    return ifr.ifr_flags & IFF_VNET_HDR;
}


I think we can fix tap_probe_vnet_hdr() and add checking return value of fc=
ntl().

--=20
			Amos.

--cWoXeonUoKmBZSoM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUl6wIAAoJELxSv6I5vP9jMwYP/2RiZMktyA4FEJ0Ln0nGvYoX
shAg0ZMscHizFEdG3V7zZGM4u60JppZCvtJKANxq6uqs4HyU/1ryRLuWZybI6ruT
k/u5XS/eVtO2Ixhx0tIWgvR7P3rqb71fylMfRpDPzKCPrXXwa3tl5ezAqn+l+NGD
rT1VttcHIbXcq4cLM77VtPocwa54BPmP7bTB8EheC+qpE2A20cd/vPP4/wgaT0us
VPfCHQS2BPoRomIRWYzktAdVXqefPYn5SS9Hhr+vb6A5Z6ixHJUmBi4k0djuUu6A
l5qwQrXJHMr/opIdVKDj0GdE69V4u8QpuwD2LTmF8O9bXDhf6DQJJoaWbU63fsST
pBom1/BzooxsNlnaHSJdirRatER9JI8MWYBJiO/hHjYWBEB9CkIcfDv5Cawr9SOe
sgAP3zQCDAMm8r1bWq15n8zY3XxiODXrW6xb+yXYdyco6MWCIMds7st9pcA40AEN
eomDHLXTY3NoPppHTXnNaiRcIWgE+i948DDvWVN7JLTch5JuHjqY1u0iBxuAvYoH
JZBUkRaO5dMmszr0TKNjghUZxWMBT0hixfYeulBY6y8SeAFxgqQnmPwMd5x8YHAj
l2Q/Vhm4hWwCw4kGtQDGBLp3TZpmtp2qb+YM1mC/PqKEeprr6MDJem5Y2Ft5YR3M
c6y5efBY0FuQQzM2cy4W
=ofHk
-----END PGP SIGNATURE-----

--cWoXeonUoKmBZSoM--