1. Patchew
  2. QEMU
  3. View series

[Qemu-devel] [PATCH] 9pfs: fix file descriptor leak

Li Qiang posted 1 patch 7 years ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/1490259133-44411-1-git-send-email-liqiang6-s@360.cn
Test checkpatch passed
Test docker passed
Test s390x passed
hw/9pfs/9p.c | 8 ++++++++
1 file changed, 8 insertions(+)
[Qemu-devel] [PATCH] 9pfs: fix file descriptor leak
Posted by Li Qiang 7 years ago 
In v9fs_create/lcreate dispatch handler, the fidp's fid_type is not checked
before used. As these function will set the fid_type, if the guest call
more than once them, it will leak the fidp. This can cause some other
issue, such as memory leak. Check the fid_type before using them.

Signed-off-by: Li Qiang <liqiang6-s@360.cn>
---
 hw/9pfs/9p.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
index b8c0b99..48babce 100644
--- a/hw/9pfs/9p.c
+++ b/hw/9pfs/9p.c
@@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
         err = -ENOENT;
         goto out_nofid;
     }
+    if (fidp->fid_type != P9_FID_NONE) {
+        err = -EINVAL;
+        goto out;
+    }
 
     flags = get_dotl_openflags(pdu->s, flags);
     err = v9fs_co_open2(pdu, fidp, &name, gid,
@@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
         err = -EINVAL;
         goto out_nofid;
     }
+    if (fidp->fid_type != P9_FID_NONE) {
+        err = -EINVAL;
+        goto out;
+    }
     if (perm & P9_STAT_MODE_DIR) {
         err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
                             fidp->uid, -1, &stbuf);
-- 
1.8.3.1
Re: [Qemu-devel] [PATCH] 9pfs: fix file descriptor leak
Posted by Greg Kurz 7 years ago 
On Thu, 23 Mar 2017 01:52:13 -0700
Li Qiang <liq3ea@gmail.com> wrote:

> In v9fs_create/lcreate dispatch handler, the fidp's fid_type is not checked
> before used. As these function will set the fid_type, if the guest call
> more than once them, it will leak the fidp. This can cause some other

Not leak the fidp but rather a file descriptor or directory handle...

> issue, such as memory leak. Check the fid_type before using them.
> 

or memory previously allocated for an extended attribute.

I'll fix the changelog before pushing the fix.

Thanks,

--
Greg

> Signed-off-by: Li Qiang <liqiang6-s@360.cn>
> ---
>  hw/9pfs/9p.c | 8 ++++++++
>  1 file changed, 8 insertions(+)
> 
> diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c
> index b8c0b99..48babce 100644
> --- a/hw/9pfs/9p.c
> +++ b/hw/9pfs/9p.c
> @@ -1550,6 +1550,10 @@ static void coroutine_fn v9fs_lcreate(void *opaque)
>          err = -ENOENT;
>          goto out_nofid;
>      }
> +    if (fidp->fid_type != P9_FID_NONE) {
> +        err = -EINVAL;
> +        goto out;
> +    }
>  
>      flags = get_dotl_openflags(pdu->s, flags);
>      err = v9fs_co_open2(pdu, fidp, &name, gid,
> @@ -2153,6 +2157,10 @@ static void coroutine_fn v9fs_create(void *opaque)
>          err = -EINVAL;
>          goto out_nofid;
>      }
> +    if (fidp->fid_type != P9_FID_NONE) {
> +        err = -EINVAL;
> +        goto out;
> +    }
>      if (perm & P9_STAT_MODE_DIR) {
>          err = v9fs_co_mkdir(pdu, fidp, &name, perm & 0777,
>                              fidp->uid, -1, &stbuf);

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.