From: Peter Xu <peterx@redhat.com>
To: qemu-devel@nongnu.org
Cc: Arun Menon <armenon@redhat.com>,
peterx@redhat.com, Fabiano Rosas <farosas@suse.de>,
Peter Maydell <peter.maydell@linaro.org>,
Juraj Marcin <jmarcin@redhat.com>
Subject: [PATCH 2/3] migration/cpr: Fix coverity report in cpr_exec_persist_state()
Date: Tue, 21 Oct 2025 14:41:31 -0400 [thread overview]
Message-ID: <20251021184132.2635958-3-peterx@redhat.com> (raw)
In-Reply-To: <20251021184132.2635958-1-peterx@redhat.com>
Per reported and analyzed by Peter:
https://lore.kernel.org/r/CAFEAcA_mUQ2NeoguR5efrhw7XYGofnriWEA=+Dg+Ocvyam1wAw@mail.gmail.com
mfd leak is a false positive, try to use a coverity annotation (which I
didn't find manual myself, but still give it a shot).
Fix the other one by dumping an error message if setenv() failed.
Resolves: Coverity CID 1641391
Resolves: Coverity CID 1641392
Fixes: efc6587313 ("migration: cpr-exec save and load")
Signed-off-by: Peter Xu <peterx@redhat.com>
---
migration/cpr-exec.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/migration/cpr-exec.c b/migration/cpr-exec.c
index d57714bc5d..3cf44634a9 100644
--- a/migration/cpr-exec.c
+++ b/migration/cpr-exec.c
@@ -43,13 +43,16 @@ static QEMUFile *qemu_file_new_fd_output(int fd, const char *name)
void cpr_exec_persist_state(QEMUFile *f)
{
QIOChannelFile *fioc = QIO_CHANNEL_FILE(qemu_file_get_ioc(f));
+ /* coverity[leaked_storage] - mfd intentionally kept open across exec() */
int mfd = dup(fioc->fd);
char val[16];
/* Remember mfd in environment for post-exec load */
qemu_clear_cloexec(mfd);
snprintf(val, sizeof(val), "%d", mfd);
- g_setenv(CPR_EXEC_STATE_NAME, val, 1);
+ if (!g_setenv(CPR_EXEC_STATE_NAME, val, 1)) {
+ error_report("Setting env %s = %s failed", CPR_EXEC_STATE_NAME, val);
+ }
}
static int cpr_exec_find_state(void)
--
2.50.1
next prev parent reply other threads:[~2025-10-21 18:42 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-21 18:41 [PATCH 0/3] migration: A few fixes on coverity reports Peter Xu
2025-10-21 18:41 ` [PATCH 1/3] migration: Fix error leak in postcopy_ram_listen_thread() Peter Xu
2025-10-21 20:45 ` Fabiano Rosas
2025-10-21 21:20 ` Peter Xu
2025-10-21 18:41 ` Peter Xu [this message]
2025-10-21 20:49 ` [PATCH 2/3] migration/cpr: Fix coverity report in cpr_exec_persist_state() Fabiano Rosas
2025-10-21 21:29 ` Peter Xu
2025-10-22 12:24 ` Fabiano Rosas
2025-10-22 12:51 ` Peter Xu
2025-10-22 13:41 ` Fabiano Rosas
2025-10-21 18:41 ` [PATCH 3/3] migration/cpr: Fix UAF in cpr_exec_cb() when execvp() fails Peter Xu
2025-10-21 20:49 ` Fabiano Rosas
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251021184132.2635958-3-peterx@redhat.com \
--to=peterx@redhat.com \
--cc=armenon@redhat.com \
--cc=farosas@suse.de \
--cc=jmarcin@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).