From: Fabiano Rosas <farosas@suse.de>
To: qemu-devel@nongnu.org
Cc: "Daniel P . Berrangé" <berrange@redhat.com>,
"Peter Xu" <peterx@redhat.com>
Subject: [PATCH v3 2/3] migration/multifd: Duplicate the fd for the outgoing_args
Date: Fri, 15 Mar 2024 00:20:39 -0300 [thread overview]
Message-ID: <20240315032040.7974-3-farosas@suse.de> (raw)
In-Reply-To: <20240315032040.7974-1-farosas@suse.de>
We currently store the file descriptor used during the main outgoing
channel creation to use it again when creating the multifd
channels.
Since this fd is used for the first iochannel, there's risk that the
QIOChannel gets freed and the fd closed while outgoing_args.fd still
has it available. This could lead to an fd-reuse bug.
Duplicate the outgoing_args fd to avoid this issue.
Suggested-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
---
migration/fd.c | 15 ++++++++++++---
1 file changed, 12 insertions(+), 3 deletions(-)
diff --git a/migration/fd.c b/migration/fd.c
index c07030f715..fe0d096abd 100644
--- a/migration/fd.c
+++ b/migration/fd.c
@@ -49,8 +49,7 @@ void fd_start_outgoing_migration(MigrationState *s, const char *fdname, Error **
{
QIOChannel *ioc;
int fd = monitor_get_fd(monitor_cur(), fdname, errp);
-
- outgoing_args.fd = -1;
+ int newfd;
if (fd == -1) {
return;
@@ -63,7 +62,17 @@ void fd_start_outgoing_migration(MigrationState *s, const char *fdname, Error **
return;
}
- outgoing_args.fd = fd;
+ /*
+ * This is dup()ed just to avoid referencing an fd that might
+ * be already closed by the iochannel.
+ */
+ newfd = dup(fd);
+ if (newfd == -1) {
+ error_setg_errno(errp, errno, "Could not dup FD %d", fd);
+ object_unref(ioc);
+ return;
+ }
+ outgoing_args.fd = newfd;
qio_channel_set_name(ioc, "migration-fd-outgoing");
migration_channel_connect(s, ioc, NULL, NULL);
--
2.35.3
next prev parent reply other threads:[~2024-03-15 3:21 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-15 3:20 [PATCH v3 0/3] migration mapped-ram fixes Fabiano Rosas
2024-03-15 3:20 ` [PATCH v3 1/3] migration/multifd: Ensure we're not given a socket for file migration Fabiano Rosas
2024-03-15 11:38 ` Peter Xu
2024-03-15 3:20 ` Fabiano Rosas [this message]
2024-03-15 11:39 ` [PATCH v3 2/3] migration/multifd: Duplicate the fd for the outgoing_args Peter Xu
2024-03-15 3:20 ` [RFC PATCH v3 3/3] migration: Add fd to FileMigrationArgs Fabiano Rosas
2024-03-15 8:55 ` Daniel P. Berrangé
2024-03-15 12:13 ` Fabiano Rosas
2024-03-19 16:31 ` Daniel P. Berrangé
2024-03-15 16:05 ` Peter Xu
2024-03-15 18:01 ` Fabiano Rosas
2024-03-15 20:54 ` Peter Xu
2024-03-19 16:25 ` Daniel P. Berrangé
2024-03-19 19:25 ` Peter Xu
2024-03-19 19:52 ` Daniel P. Berrangé
2024-03-19 20:15 ` Peter Xu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240315032040.7974-3-farosas@suse.de \
--to=farosas@suse.de \
--cc=berrange@redhat.com \
--cc=peterx@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).