* [PATCH 0/2] fix fcntl(F_SETFD) usage
@ 2020-04-20 17:53 Eric Blake
2020-04-20 17:53 ` [PATCH 1/2] hax: Fix setting of FD_CLOEXEC Eric Blake
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Eric Blake @ 2020-04-20 17:53 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, peter.maydell
As recently pointed out:
https://lists.gnu.org/archive/html/qemu-devel/2020-04/msg03133.html
code that blindly calls fcntl(fd, F_SETFD, 1) rather than performing a
read-modify-write when it intends to add FD_CLOEXEC is broken, in that
it can inadvertently clear other bits.
Thankfully, the culprits fixed in this series are unlikely to be
clearing either FD_CLOFORK (if Linux ever follows Solaris' lead in
adding that), or the new FD_32BIT_MODE being proposed (as the fds in
question are unlikely to have that set) - but it is still better to
write proper code than to set up a bad example prone to copy-and-paste
propagation. And as these usages are not new to 5.0, I don't see any
reason against waiting until 5.1 to apply them.
Eric Blake (2):
hax: Fix setting of FD_CLOEXEC
tools: Fix use of fcntl(F_SETFD) during socket activation
target/i386/hax-posix.c | 6 +++---
util/systemd.c | 4 +++-
2 files changed, 6 insertions(+), 4 deletions(-)
--
2.26.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] hax: Fix setting of FD_CLOEXEC
2020-04-20 17:53 [PATCH 0/2] fix fcntl(F_SETFD) usage Eric Blake
@ 2020-04-20 17:53 ` Eric Blake
2020-04-20 22:07 ` Eduardo Habkost
2020-04-21 1:22 ` Colin Xu
2020-04-20 17:53 ` [PATCH 2/2] tools: Fix use of fcntl(F_SETFD) during socket activation Eric Blake
2020-04-20 19:10 ` [PATCH 0/2] fix fcntl(F_SETFD) usage Peter Maydell
2 siblings, 2 replies; 8+ messages in thread
From: Eric Blake @ 2020-04-20 17:53 UTC (permalink / raw)
To: qemu-devel
Cc: peter.maydell, Eduardo Habkost, qemu-trivial,
open list:X86 HAXM CPUs, Colin Xu, Wenchao Wang, Paolo Bonzini,
Richard Henderson
Blindly setting FD_CLOEXEC without a read-modify-write will
inadvertently clear any other intentionally-set bits, such as a
proposed new bit for designating a fd that must behave in 32-bit mode.
Use our wrapper function instead of an incorrect hand-rolled version.
Signed-off-by: Eric Blake <eblake@redhat.com>
---
target/i386/hax-posix.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/i386/hax-posix.c b/target/i386/hax-posix.c
index 3bad89f13337..5f9d1b803dec 100644
--- a/target/i386/hax-posix.c
+++ b/target/i386/hax-posix.c
@@ -23,7 +23,7 @@ hax_fd hax_mod_open(void)
fprintf(stderr, "Failed to open the hax module\n");
}
- fcntl(fd, F_SETFD, FD_CLOEXEC);
+ qemu_set_cloexec(fd);
return fd;
}
@@ -147,7 +147,7 @@ hax_fd hax_host_open_vm(struct hax_state *hax, int vm_id)
fd = open(vm_name, O_RDWR);
g_free(vm_name);
- fcntl(fd, F_SETFD, FD_CLOEXEC);
+ qemu_set_cloexec(fd);
return fd;
}
@@ -200,7 +200,7 @@ hax_fd hax_host_open_vcpu(int vmid, int vcpuid)
if (fd < 0) {
fprintf(stderr, "Failed to open the vcpu devfs\n");
}
- fcntl(fd, F_SETFD, FD_CLOEXEC);
+ qemu_set_cloexec(fd);
return fd;
}
--
2.26.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2] tools: Fix use of fcntl(F_SETFD) during socket activation
2020-04-20 17:53 [PATCH 0/2] fix fcntl(F_SETFD) usage Eric Blake
2020-04-20 17:53 ` [PATCH 1/2] hax: Fix setting of FD_CLOEXEC Eric Blake
@ 2020-04-20 17:53 ` Eric Blake
2020-04-21 21:46 ` Eric Blake
2020-04-20 19:10 ` [PATCH 0/2] fix fcntl(F_SETFD) usage Peter Maydell
2 siblings, 1 reply; 8+ messages in thread
From: Eric Blake @ 2020-04-20 17:53 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, peter.maydell
Blindly setting FD_CLOEXEC without a read-modify-write will
inadvertently clear any other intentionally-set bits, such as a
proposed new bit for designating a fd that must behave in 32-bit mode.
However, we cannot use our wrapper qemu_set_cloexec(), because that
wrapper intentionally abort()s on failure, whereas the probe here
intentionally tolerates failure to deal with incorrect socket
activation gracefully. Instead, fix the code to do the proper
read-modify-write.
Signed-off-by: Eric Blake <eblake@redhat.com>
---
util/systemd.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/util/systemd.c b/util/systemd.c
index 1dd0367d9a84..5bcac9b40169 100644
--- a/util/systemd.c
+++ b/util/systemd.c
@@ -23,6 +23,7 @@ unsigned int check_socket_activation(void)
unsigned long nr_fds;
unsigned int i;
int fd;
+ int f;
int err;
s = getenv("LISTEN_PID");
@@ -54,7 +55,8 @@ unsigned int check_socket_activation(void)
/* So the file descriptors don't leak into child processes. */
for (i = 0; i < nr_fds; ++i) {
fd = FIRST_SOCKET_ACTIVATION_FD + i;
- if (fcntl(fd, F_SETFD, FD_CLOEXEC) == -1) {
+ f = fcntl(fd, F_GETFD);
+ if (f == -1 || fcntl(fd, F_SETFD, f | FD_CLOEXEC) == -1) {
/* If we cannot set FD_CLOEXEC then it probably means the file
* descriptor is invalid, so socket activation has gone wrong
* and we should exit.
--
2.26.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 0/2] fix fcntl(F_SETFD) usage
2020-04-20 17:53 [PATCH 0/2] fix fcntl(F_SETFD) usage Eric Blake
2020-04-20 17:53 ` [PATCH 1/2] hax: Fix setting of FD_CLOEXEC Eric Blake
2020-04-20 17:53 ` [PATCH 2/2] tools: Fix use of fcntl(F_SETFD) during socket activation Eric Blake
@ 2020-04-20 19:10 ` Peter Maydell
2 siblings, 0 replies; 8+ messages in thread
From: Peter Maydell @ 2020-04-20 19:10 UTC (permalink / raw)
To: Eric Blake; +Cc: QEMU Trivial, QEMU Developers
On Mon, 20 Apr 2020 at 18:53, Eric Blake <eblake@redhat.com> wrote:
>
> As recently pointed out:
> https://lists.gnu.org/archive/html/qemu-devel/2020-04/msg03133.html
> code that blindly calls fcntl(fd, F_SETFD, 1) rather than performing a
> read-modify-write when it intends to add FD_CLOEXEC is broken, in that
> it can inadvertently clear other bits.
>
> Thankfully, the culprits fixed in this series are unlikely to be
> clearing either FD_CLOFORK (if Linux ever follows Solaris' lead in
> adding that), or the new FD_32BIT_MODE being proposed (as the fds in
> question are unlikely to have that set) - but it is still better to
> write proper code than to set up a bad example prone to copy-and-paste
> propagation. And as these usages are not new to 5.0, I don't see any
> reason against waiting until 5.1 to apply them.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
thanks
-- PMM
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] hax: Fix setting of FD_CLOEXEC
2020-04-20 17:53 ` [PATCH 1/2] hax: Fix setting of FD_CLOEXEC Eric Blake
@ 2020-04-20 22:07 ` Eduardo Habkost
2020-06-02 17:47 ` Eric Blake
2020-04-21 1:22 ` Colin Xu
1 sibling, 1 reply; 8+ messages in thread
From: Eduardo Habkost @ 2020-04-20 22:07 UTC (permalink / raw)
To: Eric Blake
Cc: peter.maydell, qemu-trivial, qemu-devel, open list:X86 HAXM CPUs,
Colin Xu, Paolo Bonzini, Richard Henderson, Wenchao Wang
On Mon, Apr 20, 2020 at 12:53:07PM -0500, Eric Blake wrote:
> Blindly setting FD_CLOEXEC without a read-modify-write will
> inadvertently clear any other intentionally-set bits, such as a
> proposed new bit for designating a fd that must behave in 32-bit mode.
> Use our wrapper function instead of an incorrect hand-rolled version.
>
> Signed-off-by: Eric Blake <eblake@redhat.com>
Thanks, queued for 5.1.
--
Eduardo
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] hax: Fix setting of FD_CLOEXEC
2020-04-20 17:53 ` [PATCH 1/2] hax: Fix setting of FD_CLOEXEC Eric Blake
2020-04-20 22:07 ` Eduardo Habkost
@ 2020-04-21 1:22 ` Colin Xu
1 sibling, 0 replies; 8+ messages in thread
From: Colin Xu @ 2020-04-21 1:22 UTC (permalink / raw)
To: BEric Blake
Cc: peter.maydell, Eduardo Habkost, qemu-trivial, qemu-devel,
open list:X86 HAXM CPUs, Colin Xu, Paolo Bonzini,
Richard Henderson, Wenchao Wang
Looks good to me.
Reviewed-by: Colin Xu <colin.xu@intel.com>
--
Best Regards,
Colin Xu
On Tue, 21 Apr 2020, Eric Blake wrote:
> Blindly setting FD_CLOEXEC without a read-modify-write will
> inadvertently clear any other intentionally-set bits, such as a
> proposed new bit for designating a fd that must behave in 32-bit mode.
> Use our wrapper function instead of an incorrect hand-rolled version.
>
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
> target/i386/hax-posix.c | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
>
> diff --git a/target/i386/hax-posix.c b/target/i386/hax-posix.c
> index 3bad89f13337..5f9d1b803dec 100644
> --- a/target/i386/hax-posix.c
> +++ b/target/i386/hax-posix.c
> @@ -23,7 +23,7 @@ hax_fd hax_mod_open(void)
> fprintf(stderr, "Failed to open the hax module\n");
> }
>
> - fcntl(fd, F_SETFD, FD_CLOEXEC);
> + qemu_set_cloexec(fd);
>
> return fd;
> }
> @@ -147,7 +147,7 @@ hax_fd hax_host_open_vm(struct hax_state *hax, int vm_id)
> fd = open(vm_name, O_RDWR);
> g_free(vm_name);
>
> - fcntl(fd, F_SETFD, FD_CLOEXEC);
> + qemu_set_cloexec(fd);
>
> return fd;
> }
> @@ -200,7 +200,7 @@ hax_fd hax_host_open_vcpu(int vmid, int vcpuid)
> if (fd < 0) {
> fprintf(stderr, "Failed to open the vcpu devfs\n");
> }
> - fcntl(fd, F_SETFD, FD_CLOEXEC);
> + qemu_set_cloexec(fd);
> return fd;
> }
>
> --
> 2.26.1
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] tools: Fix use of fcntl(F_SETFD) during socket activation
2020-04-20 17:53 ` [PATCH 2/2] tools: Fix use of fcntl(F_SETFD) during socket activation Eric Blake
@ 2020-04-21 21:46 ` Eric Blake
0 siblings, 0 replies; 8+ messages in thread
From: Eric Blake @ 2020-04-21 21:46 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-trivial, peter.maydell
On 4/20/20 12:53 PM, Eric Blake wrote:
> Blindly setting FD_CLOEXEC without a read-modify-write will
> inadvertently clear any other intentionally-set bits, such as a
> proposed new bit for designating a fd that must behave in 32-bit mode.
> However, we cannot use our wrapper qemu_set_cloexec(), because that
> wrapper intentionally abort()s on failure, whereas the probe here
> intentionally tolerates failure to deal with incorrect socket
> activation gracefully. Instead, fix the code to do the proper
> read-modify-write.
>
> Signed-off-by: Eric Blake <eblake@redhat.com>
> ---
> util/systemd.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
As qemu-nbd is impacted, I'll queue 2/2 through my NBD tree if
qemu-trivial doesn't pick it up first.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] hax: Fix setting of FD_CLOEXEC
2020-04-20 22:07 ` Eduardo Habkost
@ 2020-06-02 17:47 ` Eric Blake
0 siblings, 0 replies; 8+ messages in thread
From: Eric Blake @ 2020-06-02 17:47 UTC (permalink / raw)
To: Eduardo Habkost
Cc: peter.maydell, qemu-trivial, qemu-devel, open list:X86 HAXM CPUs,
Colin Xu, Paolo Bonzini, Richard Henderson, Wenchao Wang
On 4/20/20 5:07 PM, Eduardo Habkost wrote:
> On Mon, Apr 20, 2020 at 12:53:07PM -0500, Eric Blake wrote:
>> Blindly setting FD_CLOEXEC without a read-modify-write will
>> inadvertently clear any other intentionally-set bits, such as a
>> proposed new bit for designating a fd that must behave in 32-bit mode.
>> Use our wrapper function instead of an incorrect hand-rolled version.
>>
>> Signed-off-by: Eric Blake <eblake@redhat.com>
>
> Thanks, queued for 5.1.
Ping - I still don't see this upstream.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3226
Virtualization: qemu.org | libvirt.org
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2020-06-02 17:48 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-04-20 17:53 [PATCH 0/2] fix fcntl(F_SETFD) usage Eric Blake
2020-04-20 17:53 ` [PATCH 1/2] hax: Fix setting of FD_CLOEXEC Eric Blake
2020-04-20 22:07 ` Eduardo Habkost
2020-06-02 17:47 ` Eric Blake
2020-04-21 1:22 ` Colin Xu
2020-04-20 17:53 ` [PATCH 2/2] tools: Fix use of fcntl(F_SETFD) during socket activation Eric Blake
2020-04-21 21:46 ` Eric Blake
2020-04-20 19:10 ` [PATCH 0/2] fix fcntl(F_SETFD) usage Peter Maydell
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.