From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([208.118.235.92]:53717)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1TOVAb-0006Z4-0B
	for qemu-devel@nongnu.org; Wed, 17 Oct 2012 11:04:37 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1TOVAV-0002Ie-4R
	for qemu-devel@nongnu.org; Wed, 17 Oct 2012 11:04:28 -0400
Received: from mx1.redhat.com ([209.132.183.28]:42205)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <kwolf@redhat.com>) id 1TOVAU-0002IY-RZ
	for qemu-devel@nongnu.org; Wed, 17 Oct 2012 11:04:23 -0400
Message-ID: <507EC8C2.4030807@redhat.com>
Date: Wed, 17 Oct 2012 17:03:30 +0200
From: Kevin Wolf <kwolf@redhat.com>
MIME-Version: 1.0
References: <1350411046-2453-1-git-send-email-coreyb@linux.vnet.ibm.com>
	<507E3103.1020202@redhat.com> <507EBA60.9000000@redhat.com>
	<507EC84E.30106@redhat.com>
In-Reply-To: <507EC84E.30106@redhat.com>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Subject: Re: [Qemu-devel] [PATCH v3 4/4] qemu-config: Add new -add-fd
	command line option
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Eric Blake <eblake@redhat.com>
Cc: libvir-list@redhat.com, Corey Bryant <coreyb@linux.vnet.ibm.com>, qemu-devel@nongnu.org

Am 17.10.2012 17:01, schrieb Eric Blake:
> On 10/17/2012 08:02 AM, Kevin Wolf wrote:
>> Am 17.10.2012 06:16, schrieb Eric Blake:
>>> I'm still seeing the corner case of:
>>>
>>> qemu-kvm -add-fd fd=3,set=1 -add-fd fd=4,set=2 4<&-
>>>
>>> where the dup(3) will populate fd 4 prior to the point where we get to
>>> process the -add-fd fd=4 command to notice that the user started
>>> qemu-kvm with fd 4 closed, and thus qemu will silently proceed to use
>>> the wrong fd.
>>>
>>> On the other hand, I'm not sure if that corner case is worth worrying
>>> about, or if we just chalk it up to user stupidity (aka libvirt
>>> programmer stupidity) if they did something like that (most likely,
>>> because the management app forgot to clear FD_CLOEXEC before exec()ing
>>> qemu-kvm).
>>
>> If you specify an FD number that isn't actually open when qemu is
>> stared, you can get any FD that qemu opens internally. I think the
>> correct answer to this problem is "then don't do that".
> 
> Overnight, I realized we do have one potential safety valve: we are
> guaranteed that any fd inherited by the exec() of qemu-kvm has
> FD_CLOEXEC clear, and we also strive to have qemu open/dup all of its
> internal fds with FD_CLOEXEC set.  Therefore, it may be worth a sanity
> check of fcntl(F_GETFD) to see if FD_CLOEXEC is set, and if so, the user
> must have failed to pass in the fd, and we are now looking at a qemu
> internal fd, and should therefore report failure.  But I'm not sure if
> it's worth the extra code.

Hm, this sounds actually easy enough. I'll leave the decision to Corey,
but I like the idea.

Kevin