From: Laurent Vivier <lvivier@redhat.com>
To: qemu-devel@nongnu.org
Cc: David Gibson <dgibson@redhat.com>,
Jason Wang <jasowang@redhat.com>,
Laurent Vivier <lvivier@redhat.com>
Subject: [PATCH 0/3] net: socket: do not close file descriptor if it's not a socket
Date: Fri, 9 Jun 2023 09:27:45 +0200 [thread overview]
Message-ID: <20230609072748.4179873-1-lvivier@redhat.com> (raw)
The socket netdev with a file descriptor (fd) cannot be removed
and then added again because the fd is closed when the backend is
removed and thus is not available anymore when we want to add the
backend again.
But this can bring to a core dump:
1- boot a VM with an fd socket netdev
2- remove the netdev
3- reboot
4- add the netdev again, it fails because the fd is not a
socket, and then closed
5- stop QEMU -> core dump
On reboot (step 3) the fd is allocated to another use in QEMU, and when
we try to use it with a socket netdev, it fails. But the netdev backend
closes the file descriptor that is in use by another part of QEMU.
We can see the core dump on QEMU exit because it tries to close
an invalid file descriptor.
It happens for instance when we have a PCI device and the fd is allocated
to a VirtIOIRQFD on reboot.
Moreover, using "netdev socket,fd=X" allows an user to close any QEMU
internal file descriptor from an HMP or QMP interface.
Laurent Vivier (3):
net: socket: prepare to cleanup net_init_socket()
net: socket: move fd type checking to its own function
net: socket: remove net_init_socket()
net/socket.c | 53 +++++++++++++++++++++++++++-------------------------
1 file changed, 28 insertions(+), 25 deletions(-)
--
2.39.2
next reply other threads:[~2023-06-09 7:29 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-06-09 7:27 Laurent Vivier [this message]
2023-06-09 7:27 ` [PATCH 1/3] net: socket: prepare to cleanup net_init_socket() Laurent Vivier
2023-06-15 5:06 ` David Gibson
2023-06-09 7:27 ` [PATCH 2/3] net: socket: move fd type checking to its own function Laurent Vivier
2023-06-15 5:09 ` David Gibson
2023-06-09 7:27 ` [PATCH 3/3] net: socket: remove net_init_socket() Laurent Vivier
2023-06-15 5:10 ` David Gibson
2023-06-30 6:02 ` [PATCH 0/3] net: socket: do not close file descriptor if it's not a socket Jason Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230609072748.4179873-1-lvivier@redhat.com \
--to=lvivier@redhat.com \
--cc=dgibson@redhat.com \
--cc=jasowang@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).