* [Qemu-devel] [PATCHv3 0/5] plug memory and file-descriptor leaks
@ 2012-08-22 11:55 Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 1/5] qemu-ga: don't leak a file descriptor upon failed lockf Jim Meyering
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: Jim Meyering @ 2012-08-22 11:55 UTC (permalink / raw)
To: qemu-devel; +Cc: Jim Meyering, Anthony Liguori
From: Jim Meyering <meyering@redhat.com>
Hi Anthony,
I posted this series back in May, got some good feedback leading to a
pair of v2 patches. Since then one of the 6 patches was applied.
I'm calling this v3, but it is merely a trivial rebase of the v1 and v2
patches. Hoping it's not too late for 1.2, here are the remaining five:
Jim Meyering (5):
qemu-ga: don't leak a file descriptor upon failed lockf
linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure
sheepdog: don't leak socket file descriptor upon connection failure
arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN
softmmu-semi: fix lock_user* functions not to deref NULL upon OOM
block/sheepdog.c | 1 +
linux-user/syscall.c | 4 ++--
qemu-ga.c | 3 +++
softmmu-semi.h | 5 ++++-
target-arm/arm-semi.c | 13 +++++++------
5 files changed, 17 insertions(+), 9 deletions(-)
--
1.7.12
^ permalink raw reply [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCHv3 1/5] qemu-ga: don't leak a file descriptor upon failed lockf
2012-08-22 11:55 [Qemu-devel] [PATCHv3 0/5] plug memory and file-descriptor leaks Jim Meyering
@ 2012-08-22 11:55 ` Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 2/5] linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure Jim Meyering
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jim Meyering @ 2012-08-22 11:55 UTC (permalink / raw)
To: qemu-devel; +Cc: Jim Meyering
From: Jim Meyering <meyering@redhat.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
---
qemu-ga.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/qemu-ga.c b/qemu-ga.c
index 8f87621..26671fe 100644
--- a/qemu-ga.c
+++ b/qemu-ga.c
@@ -247,6 +247,9 @@ static bool ga_open_pidfile(const char *pidfile)
pidfd = open(pidfile, O_CREAT|O_WRONLY, S_IRUSR|S_IWUSR);
if (pidfd == -1 || lockf(pidfd, F_TLOCK, 0)) {
g_critical("Cannot lock pid file, %s", strerror(errno));
+ if (pidfd != -1) {
+ close(pidfd);
+ }
return false;
}
--
1.7.12
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCHv3 2/5] linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure
2012-08-22 11:55 [Qemu-devel] [PATCHv3 0/5] plug memory and file-descriptor leaks Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 1/5] qemu-ga: don't leak a file descriptor upon failed lockf Jim Meyering
@ 2012-08-22 11:55 ` Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 3/5] sheepdog: don't leak socket file descriptor upon connection failure Jim Meyering
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: Jim Meyering @ 2012-08-22 11:55 UTC (permalink / raw)
To: qemu-devel; +Cc: Jim Meyering
From: Jim Meyering <meyering@redhat.com>
Also, use g_malloc to avoid NULL-deref upon OOM.
Signed-off-by: Jim Meyering <meyering@redhat.com>
---
linux-user/syscall.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 41c869b..1174306 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -2848,7 +2848,7 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
if (!lock_user_struct(VERIFY_WRITE, target_mb, msgp, 0))
return -TARGET_EFAULT;
- host_mb = malloc(msgsz+sizeof(long));
+ host_mb = g_malloc(msgsz+sizeof(long));
ret = get_errno(msgrcv(msqid, host_mb, msgsz, tswapal(msgtyp), msgflg));
if (ret > 0) {
@@ -2863,11 +2863,11 @@ static inline abi_long do_msgrcv(int msqid, abi_long msgp,
}
target_mb->mtype = tswapal(host_mb->mtype);
- free(host_mb);
end:
if (target_mb)
unlock_user_struct(target_mb, msgp, 1);
+ g_free(host_mb);
return ret;
}
--
1.7.12
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCHv3 3/5] sheepdog: don't leak socket file descriptor upon connection failure
2012-08-22 11:55 [Qemu-devel] [PATCHv3 0/5] plug memory and file-descriptor leaks Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 1/5] qemu-ga: don't leak a file descriptor upon failed lockf Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 2/5] linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure Jim Meyering
@ 2012-08-22 11:55 ` Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 4/5] arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 5/5] softmmu-semi: fix lock_user* functions not to deref NULL upon OOM Jim Meyering
4 siblings, 0 replies; 6+ messages in thread
From: Jim Meyering @ 2012-08-22 11:55 UTC (permalink / raw)
To: qemu-devel; +Cc: Jim Meyering
From: Jim Meyering <meyering@redhat.com>
Signed-off-by: Jim Meyering <meyering@redhat.com>
---
block/sheepdog.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/block/sheepdog.c b/block/sheepdog.c
index a04ad99..df4f441 100644
--- a/block/sheepdog.c
+++ b/block/sheepdog.c
@@ -485,6 +485,7 @@ static int connect_to_sdog(const char *addr, const char *port)
if (errno == EINTR) {
goto reconnect;
}
+ close(fd);
break;
}
--
1.7.12
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCHv3 4/5] arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN
2012-08-22 11:55 [Qemu-devel] [PATCHv3 0/5] plug memory and file-descriptor leaks Jim Meyering
` (2 preceding siblings ...)
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 3/5] sheepdog: don't leak socket file descriptor upon connection failure Jim Meyering
@ 2012-08-22 11:55 ` Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 5/5] softmmu-semi: fix lock_user* functions not to deref NULL upon OOM Jim Meyering
4 siblings, 0 replies; 6+ messages in thread
From: Jim Meyering @ 2012-08-22 11:55 UTC (permalink / raw)
To: qemu-devel; +Cc: Jim Meyering
From: Jim Meyering <meyering@redhat.com>
Always call unlock_user before returning.
Signed-off-by: Jim Meyering <meyering@redhat.com>
---
target-arm/arm-semi.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
diff --git a/target-arm/arm-semi.c b/target-arm/arm-semi.c
index 2495206..73bde58 100644
--- a/target-arm/arm-semi.c
+++ b/target-arm/arm-semi.c
@@ -194,18 +194,19 @@ uint32_t do_arm_semihosting(CPUARMState *env)
if (!(s = lock_user_string(ARG(0))))
/* FIXME - should this error code be -TARGET_EFAULT ? */
return (uint32_t)-1;
- if (ARG(1) >= 12)
+ if (ARG(1) >= 12) {
+ unlock_user(s, ARG(0), 0);
return (uint32_t)-1;
+ }
if (strcmp(s, ":tt") == 0) {
- if (ARG(1) < 4)
- return STDIN_FILENO;
- else
- return STDOUT_FILENO;
+ int result_fileno = ARG(1) < 4 ? STDIN_FILENO : STDOUT_FILENO;
+ unlock_user(s, ARG(0), 0);
+ return result_fileno;
}
if (use_gdb_syscalls()) {
gdb_do_syscall(arm_semi_cb, "open,%s,%x,1a4", ARG(0),
(int)ARG(2)+1, gdb_open_modeflags[ARG(1)]);
- return env->regs[0];
+ ret = env->regs[0];
} else {
ret = set_swi_errno(ts, open(s, open_modeflags[ARG(1)], 0644));
}
--
1.7.12
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [Qemu-devel] [PATCHv3 5/5] softmmu-semi: fix lock_user* functions not to deref NULL upon OOM
2012-08-22 11:55 [Qemu-devel] [PATCHv3 0/5] plug memory and file-descriptor leaks Jim Meyering
` (3 preceding siblings ...)
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 4/5] arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN Jim Meyering
@ 2012-08-22 11:55 ` Jim Meyering
4 siblings, 0 replies; 6+ messages in thread
From: Jim Meyering @ 2012-08-22 11:55 UTC (permalink / raw)
To: qemu-devel; +Cc: Jim Meyering
From: Jim Meyering <meyering@redhat.com>
Return NULL upon malloc failure.
Signed-off-by: Jim Meyering <meyering@redhat.com>
---
softmmu-semi.h | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/softmmu-semi.h b/softmmu-semi.h
index 648cb95..bcb979a 100644
--- a/softmmu-semi.h
+++ b/softmmu-semi.h
@@ -40,7 +40,7 @@ static void *softmmu_lock_user(CPUArchState *env, uint32_t addr, uint32_t len,
uint8_t *p;
/* TODO: Make this something that isn't fixed size. */
p = malloc(len);
- if (copy)
+ if (p && copy)
cpu_memory_rw_debug(env, addr, p, len, 0);
return p;
}
@@ -52,6 +52,9 @@ static char *softmmu_lock_user_string(CPUArchState *env, uint32_t addr)
uint8_t c;
/* TODO: Make this something that isn't fixed size. */
s = p = malloc(1024);
+ if (!s) {
+ return NULL;
+ }
do {
cpu_memory_rw_debug(env, addr, &c, 1, 0);
addr++;
--
1.7.12
^ permalink raw reply related [flat|nested] 6+ messages in thread
end of thread, other threads:[~2012-08-22 11:57 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2012-08-22 11:55 [Qemu-devel] [PATCHv3 0/5] plug memory and file-descriptor leaks Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 1/5] qemu-ga: don't leak a file descriptor upon failed lockf Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 2/5] linux-user: do_msgrcv: don't leak host_mb upon TARGET_EFAULT failure Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 3/5] sheepdog: don't leak socket file descriptor upon connection failure Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 4/5] arm-semi: don't leak 1KB user string lock buffer upon TARGET_SYS_OPEN Jim Meyering
2012-08-22 11:55 ` [Qemu-devel] [PATCHv3 5/5] softmmu-semi: fix lock_user* functions not to deref NULL upon OOM Jim Meyering
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.