From nobody Mon May  6 09:16:47 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 216.205.24.124 as permitted sender) client-ip=216.205.24.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1603803646; cv=none;
	d=zohomail.com; s=zohoarc;
	b=eLGuwo3rqps/8L+793oUhJ22ViloVJ4mMyuN8JF77RDwM23y66ujtvKHD7Vv6v2bixDS5Y1kAPGFdYIDrOWEZCiCUVocfSZddcoCnQWiPm88gjdayEisg/yxJ9GJh3murSYdTgnFsk8qUdLIi6ldWWWGNGwMwn1IF+OoqE4gzUU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1603803646;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=QibwXXHMhcbVnyVaJYoCzGoBj12Gg6wlya7IIlX21ts=;
	b=SquYfXCL56pI7MaldGR9Gv1YWuMlwEH71rrFoygHuMvYoO6KJ1K5ukGPXW4z0AJzSwMTHOOqZyJQ5/A9VbIBw3dysAKBKT9bUg0DjLhuRwB5fvFC4nhEHN4qmguna4TBVL16som6NXWqzphtnI+aQABdU1H4tHc5jST6WaARHiU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 216.205.24.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<mkletzan@redhat.com> (p=none dis=none)
 header.from=<mkletzan@redhat.com>
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [216.205.24.124]) by mx.zohomail.com
	with SMTPS id 160380364694526.656217390418988;
 Tue, 27 Oct 2020 06:00:46 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-217-j05wf9OvPSiufBIthCBIqg-1; Tue, 27 Oct 2020 09:00:42 -0400
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com
 [10.5.11.14])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id DB9B910866AA;
	Tue, 27 Oct 2020 13:00:34 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 936725D9E8;
	Tue, 27 Oct 2020 13:00:34 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 85527CF48;
	Tue, 27 Oct 2020 13:00:33 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
	[10.5.11.12])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 09RCxO5H022259 for <libvir-list@listman.util.phx.redhat.com>;
	Tue, 27 Oct 2020 08:59:24 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 4FCFA60C11; Tue, 27 Oct 2020 12:59:24 +0000 (UTC)
Received: from caroline.localdomain (unknown [10.40.192.59])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 24368610F3
	for <libvir-list@redhat.com>; Tue, 27 Oct 2020 12:59:24 +0000 (UTC)
Received: from caroline.redhat.com (caroline.k8r.cz [127.0.0.1])
	by caroline.localdomain (Postfix) with ESMTP id A9B9322C001A
	for <libvir-list@redhat.com>; Tue, 27 Oct 2020 13:59:22 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1603803645;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=QibwXXHMhcbVnyVaJYoCzGoBj12Gg6wlya7IIlX21ts=;
	b=hkysYDpWgHxaqNJtjw4hGRm/K6EOLqx04F3M3rbfqUVxX+hF19ni4OsVo4h5IXgVHPkPk+
	7oi5oSAWqtr7I8/OgAzELAbpS5ZsPSH5eRwqRAuUENbSeDKGZlTePVPNLrpRd+kBoKTg3b
	8SmVx1hFZasBnezRSUW+PPxANI+5jag=
X-MC-Unique: j05wf9OvPSiufBIthCBIqg-1
From: Martin Kletzander <mkletzan@redhat.com>
To: libvir-list@redhat.com
Subject: [PATCH] util: Avoid double free in virProcessSetAffinity
Date: Tue, 27 Oct 2020 13:59:17 +0100
Message-Id: 
 <ad3395ba741b798f6a32800ccd051d31dbb9258e.1603803557.git.mkletzan@redhat.com>
MIME-Version: 1.0
X-Clacks-Overhead: GNU Terry Pratchett
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-loop: libvir-list@redhat.com
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.14
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
Content-Type: text/plain; charset="utf-8"

The cpu mask was free()'d immediately on any error and at the end of the
function, where it was expected that it would either error out and return or
goto another allocation if the code was to fail.  However since commit
9514e24984ee the error path did not return in one new case which caused
double-free in such situation.  In order to make the code more straightforw=
ard
just free the mask after it's been used even before checking the return cod=
e of
the call.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=3D1819801

Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
---
 src/util/virprocess.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index 9366f0630c42..37413796b3f6 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -447,6 +447,7 @@ int virProcessSetAffinity(pid_t pid, virBitmapPtr map, =
bool quiet)
     int numcpus =3D 1024;
     size_t masklen;
     cpu_set_t *mask;
+    int rv =3D -1;
=20
     VIR_DEBUG("Set process affinity on %lld", (long long)pid);
=20
@@ -472,8 +473,10 @@ int virProcessSetAffinity(pid_t pid, virBitmapPtr map,=
 bool quiet)
             CPU_SET_S(i, masklen, mask);
     }
=20
-    if (sched_setaffinity(pid, masklen, mask) < 0) {
-        CPU_FREE(mask);
+    rv =3D sched_setaffinity(pid, masklen, mask);
+    CPU_FREE(mask);
+
+    if (rv < 0) {
         if (errno =3D=3D EINVAL &&
             numcpus < (1024 << 8)) { /* 262144 cpus ought to be enough for=
 anyone */
             numcpus =3D numcpus << 2;
@@ -488,7 +491,6 @@ int virProcessSetAffinity(pid_t pid, virBitmapPtr map, =
bool quiet)
             return -1;
         }
     }
-    CPU_FREE(mask);
=20
     return 0;
 }
--=20
2.28.0