* [Qemu-devel] [PATCH 1/1] event_notifier: prevent accidental use after close
@ 2017-03-02 18:13 Halil Pasic
2017-03-03 2:23 ` Stefan Hajnoczi
0 siblings, 1 reply; 2+ messages in thread
From: Halil Pasic @ 2017-03-02 18:13 UTC (permalink / raw)
To: qemu-devel, Stefan Weil; +Cc: Michael S. Tsirkin, Halil Pasic
Let's set the handles to the underlying facilities to their extremal
value so no accidental misuse can happen, and to make it obvious that the
notifier is dysfunctional. E.g. if we just close an fd but do not touch
the int holding the fd eventually a read/write could succeed again when
the fd gets reused, and corrupt the file addressed by the fd.
Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
---
No strong feelings about this, but obviously, I do think it's worth a
try.
The one who brought this unfortunate possibility to my attention was
Michael Tsirkin.
---
util/event_notifier-posix.c | 2 ++
util/event_notifier-win32.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/util/event_notifier-posix.c b/util/event_notifier-posix.c
index 7e40252..acdbe3b 100644
--- a/util/event_notifier-posix.c
+++ b/util/event_notifier-posix.c
@@ -81,8 +81,10 @@ void event_notifier_cleanup(EventNotifier *e)
{
if (e->rfd != e->wfd) {
close(e->rfd);
+ e->rfd = -1;
}
close(e->wfd);
+ e->wfd = -1;
}
int event_notifier_get_fd(const EventNotifier *e)
diff --git a/util/event_notifier-win32.c b/util/event_notifier-win32.c
index 519fb59..62c53b0 100644
--- a/util/event_notifier-win32.c
+++ b/util/event_notifier-win32.c
@@ -25,6 +25,7 @@ int event_notifier_init(EventNotifier *e, int active)
void event_notifier_cleanup(EventNotifier *e)
{
CloseHandle(e->event);
+ e->event = NULL;
}
HANDLE event_notifier_get_handle(EventNotifier *e)
--
2.8.4
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [Qemu-devel] [PATCH 1/1] event_notifier: prevent accidental use after close
2017-03-02 18:13 [Qemu-devel] [PATCH 1/1] event_notifier: prevent accidental use after close Halil Pasic
@ 2017-03-03 2:23 ` Stefan Hajnoczi
0 siblings, 0 replies; 2+ messages in thread
From: Stefan Hajnoczi @ 2017-03-03 2:23 UTC (permalink / raw)
To: Halil Pasic; +Cc: qemu-devel, Stefan Weil, Michael S. Tsirkin
[-- Attachment #1: Type: text/plain, Size: 850 bytes --]
On Thu, Mar 02, 2017 at 07:13:08PM +0100, Halil Pasic wrote:
> Let's set the handles to the underlying facilities to their extremal
> value so no accidental misuse can happen, and to make it obvious that the
> notifier is dysfunctional. E.g. if we just close an fd but do not touch
> the int holding the fd eventually a read/write could succeed again when
> the fd gets reused, and corrupt the file addressed by the fd.
>
> Signed-off-by: Halil Pasic <pasic@linux.vnet.ibm.com>
> ---
>
> No strong feelings about this, but obviously, I do think it's worth a
> try.
>
> The one who brought this unfortunate possibility to my attention was
> Michael Tsirkin.
> ---
> util/event_notifier-posix.c | 2 ++
> util/event_notifier-win32.c | 1 +
> 2 files changed, 3 insertions(+)
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 455 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-03-03 2:23 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-03-02 18:13 [Qemu-devel] [PATCH 1/1] event_notifier: prevent accidental use after close Halil Pasic
2017-03-03 2:23 ` Stefan Hajnoczi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).