From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1O2n9u-0000MY-Rx
	for qemu-devel@nongnu.org; Fri, 16 Apr 2010 11:08:43 -0400
Received: from [140.186.70.92] (port=57420 helo=eggs.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1O2n9s-0000F7-Er
	for qemu-devel@nongnu.org; Fri, 16 Apr 2010 11:08:42 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.69)
	(envelope-from <gceq-qemu-devel@m.gmane.org>) id 1O2mzR-0000fw-Au
	for qemu-devel@nongnu.org; Fri, 16 Apr 2010 10:57:54 -0400
Received: from lo.gmane.org ([80.91.229.12]:59099)
	by eggs.gnu.org with esmtp (Exim 4.69)
	(envelope-from <gceq-qemu-devel@m.gmane.org>) id 1O2mzR-0000fd-5A
	for qemu-devel@nongnu.org; Fri, 16 Apr 2010 10:57:53 -0400
Received: from list by lo.gmane.org with local (Exim 4.69)
	(envelope-from <gceq-qemu-devel@m.gmane.org>) id 1O2mzP-0001z6-BX
	for qemu-devel@nongnu.org; Fri, 16 Apr 2010 16:57:51 +0200
Received: from nat-pool-brq-t.redhat.com ([209.132.186.34])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Fri, 16 Apr 2010 16:57:51 +0200
Received: from pbonzini by nat-pool-brq-t.redhat.com with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <qemu-devel@nongnu.org>; Fri, 16 Apr 2010 16:57:51 +0200
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Fri, 16 Apr 2010 16:57:41 +0200
Message-ID: <4BC87AE5.6080500@redhat.com>
References: <4B190919.9040602@siemens.com>
	<20100416110044.GC5048@redhat.com>	<4BC84683.7050003@redhat.com>
	<20100416131740.GM5048@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
In-Reply-To: <20100416131740.GM5048@redhat.com>
Subject: [Qemu-devel] Re: [FOR 0.12][PATCH] monitor: Accept input only
	byte-wise
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Jan Kiszka <jan.kiszka@siemens.com>, Anthony Liguori <aliguori@us.ibm.com>

On 04/16/2010 03:17 PM, Daniel P. Berrange wrote:
> On Fri, Apr 16, 2010 at 01:14:11PM +0200, Paolo Bonzini wrote:
>>
>>> The QEMU code appears to be written to assume that it will recvmsg() a
>>> complete monitor command in one go + process that, because it closes the
>>> FD the moment the data from any recvmsg() is dealt with.
>>
>> This is buggy anyway.  This should fix it too:
>
> Yep, this makes it work too, but if a client is evil they could
> pass a FD to qemu with any other non-getfd command&  it'd remain
> open for ever. Probably not important though.

No, it wouldn't: outside the part that I patched there is this:

         if (s->msgfd != -1)
             close(s->msgfd);
         s->msgfd = fd;

Only one file descriptor could "leak".

Paolo