From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
Greg Kurz <groug@kaod.org>, Stefan Hajnoczi <stefanha@redhat.com>
Subject: [PULL v2 03/19] vhost-user: Fix double-close on slave_read() error path
Date: Mon, 22 Mar 2021 18:59:59 -0400 [thread overview]
Message-ID: <20210322225907.541943-4-mst@redhat.com> (raw)
In-Reply-To: <20210322225907.541943-1-mst@redhat.com>
From: Greg Kurz <groug@kaod.org>
Some message types, e.g. VHOST_USER_SLAVE_VRING_HOST_NOTIFIER_MSG,
can convey file descriptors. These must be closed before returning
from slave_read() to avoid being leaked. This can currently be done
in two different places:
[1] just after the request has been processed
[2] on the error path, under the goto label err:
These path are supposed to be mutually exclusive but they are not
actually. If the VHOST_USER_NEED_REPLY_MASK flag was passed and the
sending of the reply fails, both [1] and [2] are performed with the
same descriptor values. This can potentially cause subtle bugs if one
of the descriptor was recycled by some other thread in the meantime.
This code duplication complicates rollback for no real good benefit.
Do the closing in a unique place, under a new fdcleanup: goto label
at the end of the function.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <20210312092212.782255-3-groug@kaod.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
---
hw/virtio/vhost-user.c | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/hw/virtio/vhost-user.c b/hw/virtio/vhost-user.c
index 6af9b43a72..acde1d2936 100644
--- a/hw/virtio/vhost-user.c
+++ b/hw/virtio/vhost-user.c
@@ -1475,13 +1475,6 @@ static void slave_read(void *opaque)
ret = -EINVAL;
}
- /* Close the remaining file descriptors. */
- for (i = 0; i < fdsize; i++) {
- if (fd[i] != -1) {
- close(fd[i]);
- }
- }
-
/*
* REPLY_ACK feature handling. Other reply types has to be managed
* directly in their request handlers.
@@ -1511,12 +1504,14 @@ static void slave_read(void *opaque)
}
}
- return;
+ goto fdcleanup;
err:
qemu_set_fd_handler(u->slave_fd, NULL, NULL, NULL);
close(u->slave_fd);
u->slave_fd = -1;
+
+fdcleanup:
for (i = 0; i < fdsize; i++) {
if (fd[i] != -1) {
close(fd[i]);
--
MST
next prev parent reply other threads:[~2021-03-22 23:02 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-22 22:59 [PULL v2 00/19] pc,virtio,pci: fixes, features Michael S. Tsirkin
2021-03-22 22:59 ` [PULL v2 01/19] virtio: Fix virtio_mmio_read()/virtio_mmio_write() Michael S. Tsirkin
2021-03-22 22:59 ` [PULL v2 02/19] vhost-user: Drop misleading EAGAIN checks in slave_read() Michael S. Tsirkin
2021-03-22 22:59 ` Michael S. Tsirkin [this message]
2021-03-22 23:00 ` [PULL v2 04/19] vhost-user: Factor out duplicated slave_fd teardown code Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 05/19] vhost-user: Convert slave channel to QIOChannelSocket Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 06/19] vhost-user: Introduce nested event loop in vhost_user_read() Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 07/19] vhost-user: Monitor slave channel " Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 08/19] virtio-pmem: fix virtio_pmem_resp assign problem Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 09/19] tests: acpi: temporary whitelist DSDT changes Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 10/19] pci: introduce acpi-index property for PCI device Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 11/19] pci: acpi: ensure that acpi-index is unique Michael S. Tsirkin
2021-04-06 14:54 ` Daniel P. Berrangé
2021-04-06 15:07 ` Daniel P. Berrangé
2021-04-06 18:15 ` Igor Mammedov
2021-04-07 8:29 ` Daniel P. Berrangé
2021-04-07 21:25 ` Igor Mammedov
2021-04-07 13:29 ` Michael S. Tsirkin
2021-04-07 21:23 ` Igor Mammedov
2021-04-07 13:27 ` Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 12/19] acpi: add aml_to_decimalstring() and aml_call6() helpers Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 13/19] pci: acpi: add _DSM method to PCI devices Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 14/19] tests: acpi: update expected blobs Michael S. Tsirkin
2021-03-23 14:12 ` Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 15/19] acpi: Set proper maximum size for "etc/table-loader" blob Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 17/19] acpi: Move maximum size logic into acpi_add_rom_blob() Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 18/19] acpi: Set proper maximum size for "etc/acpi/rsdp" blob Michael S. Tsirkin
2021-03-22 23:00 ` [PULL v2 19/19] acpi: Move setters/getters of oem fields to X86MachineState Michael S. Tsirkin
2021-03-23 15:30 ` [PULL v2 00/19] pc,virtio,pci: fixes, features Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210322225907.541943-4-mst@redhat.com \
--to=mst@redhat.com \
--cc=groug@kaod.org \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).