From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58468)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tcminyard@gmail.com>) id 1VgGu9-0004hu-QQ
	for qemu-devel@nongnu.org; Tue, 12 Nov 2013 11:33:43 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <tcminyard@gmail.com>) id 1VgGu2-0007JH-8a
	for qemu-devel@nongnu.org; Tue, 12 Nov 2013 11:33:29 -0500
Received: from mail-oa0-x232.google.com ([2607:f8b0:4003:c02::232]:54050)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <tcminyard@gmail.com>) id 1VgGu2-0007I9-3I
	for qemu-devel@nongnu.org; Tue, 12 Nov 2013 11:33:22 -0500
Received: by mail-oa0-f50.google.com with SMTP id k1so1832704oag.23
	for <qemu-devel@nongnu.org>; Tue, 12 Nov 2013 08:33:21 -0800 (PST)
Sender: Corey Minyard <tcminyard@gmail.com>
From: Corey Minyard <minyard@acm.org>
Date: Tue, 12 Nov 2013 10:33:03 -0600
Message-Id: <1384273995-16486-5-git-send-email-cminyard@mvista.com>
In-Reply-To: <1384273995-16486-1-git-send-email-cminyard@mvista.com>
References: <1384273995-16486-1-git-send-email-cminyard@mvista.com>
Subject: [Qemu-devel] [PATCH 04/16] qemu-char: Close fd at end of file
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org
Cc: Bret Ketchum <bcketchum@gmail.com>, Corey Minyard <cminyard@mvista.com>, =?UTF-8?q?Andreas=20F=C3=A4rber?= <afaerber@suse.de>, "Michael S. Tsirkin" <mst@redhat.com>

The chardev backends that used qemu_chr_open_fd did not get their
file descriptors closed at end of file or when the chardev was closed.
This could result in a file descriptor leak.

Signed-off-by: Corey Minyard <cminyard@mvista.com>
---
 qemu-char.c | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

diff --git a/qemu-char.c b/qemu-char.c
index 935066d..08b29ac 100644
--- a/qemu-char.c
+++ b/qemu-char.c
@@ -820,6 +820,8 @@ typedef struct FDCharDriver {
     GIOChannel *fd_in, *fd_out;
     int max_size;
     QTAILQ_ENTRY(FDCharDriver) node;
+    int close_fdin;
+    int close_fdout;
 } FDCharDriver;
 
 static int fd_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
@@ -829,6 +831,18 @@ static int fd_chr_write(CharDriverState *chr, const uint8_t *buf, int len)
     return io_channel_send(s->fd_out, buf, len);
 }
 
+static void fd_close_fds(FDCharDriver *s)
+{
+    if ((s->close_fdin != s->close_fdout) && (s->close_fdout != -1)) {
+        close(s->close_fdout);
+    }
+    s->close_fdout = -1;
+    if (s->close_fdin != -1) {
+        close(s->close_fdin);
+    }
+    s->close_fdin = -1;
+}
+
 static gboolean fd_chr_read(GIOChannel *chan, GIOCondition cond, void *opaque)
 {
     CharDriverState *chr = opaque;
@@ -850,6 +864,7 @@ static gboolean fd_chr_read(GIOChannel *chan, GIOCondition cond, void *opaque)
                                      len, &bytes_read, NULL);
     if (status == G_IO_STATUS_EOF) {
         remove_fd_in_watch(chr);
+	fd_close_fds(s);
         qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
         return FALSE;
     }
@@ -898,19 +913,27 @@ static void fd_chr_close(struct CharDriverState *chr)
         g_io_channel_unref(s->fd_out);
     }
 
+    fd_close_fds(s);
     g_free(s);
     qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
 }
 
 /* open a character device to a unix fd */
 static CharDriverState *qemu_chr_open_fd(CharDriverState *chr,
-                                         int fd_in, int fd_out)
+                                         int fd_in, int fd_out,
+                                         int close_fds_on_close)
 {
     FDCharDriver *s;
 
     s = g_malloc0(sizeof(FDCharDriver));
     s->fd_in = io_channel_from_fd(fd_in);
     s->fd_out = io_channel_from_fd(fd_out);
+    if (close_fds_on_close) {
+        s->close_fdin = fd_in;
+        s->close_fdout = fd_out;
+    } else {
+        s->close_fdin = s->close_fdout = -1;
+    }
     fcntl(fd_out, F_SETFL, O_NONBLOCK);
     s->chr = chr;
     chr->opaque = s;
@@ -948,7 +971,7 @@ static CharDriverState *qemu_chr_open_pipe(CharDriverState *chr,
             return NULL;
         }
     }
-    return qemu_chr_open_fd(chr, fd_in, fd_out);
+    return qemu_chr_open_fd(chr, fd_in, fd_out, TRUE);
 }
 
 /* init terminal so that we can grab keys */
@@ -1001,7 +1024,7 @@ static CharDriverState *qemu_chr_open_stdio(CharDriverState *chr,
     fcntl(0, F_SETFL, O_NONBLOCK);
     atexit(term_exit);
 
-    qemu_chr_open_fd(chr, 0, 1);
+    qemu_chr_open_fd(chr, 0, 1, FALSE);
     chr->chr_close = qemu_chr_close_stdio;
     chr->chr_set_echo = qemu_chr_set_echo_stdio;
     if (opts->has_signal) {
@@ -1407,7 +1430,7 @@ static void qemu_chr_close_tty(CharDriverState *chr)
 static CharDriverState *qemu_chr_open_tty_fd(CharDriverState *chr, int fd)
 {
     tty_serial_init(fd, 115200, 'N', 8, 1);
-    qemu_chr_open_fd(chr, fd, fd);
+    qemu_chr_open_fd(chr, fd, fd, TRUE);
     chr->chr_ioctl = tty_serial_ioctl;
     chr->chr_close = qemu_chr_close_tty;
     return chr;
@@ -2483,7 +2506,7 @@ static gboolean tcp_chr_read(GIOChannel *chan, GIOCondition cond, void *opaque)
 #ifndef _WIN32
 CharDriverState *qemu_chr_open_eventfd(CharDriverState *chr, int eventfd)
 {
-    return qemu_chr_open_fd(chr, eventfd, eventfd);
+    return qemu_chr_open_fd(chr, eventfd, eventfd, FALSE);
 }
 #endif
 
@@ -3639,7 +3662,7 @@ static CharDriverState *qmp_chardev_open_file(CharDriverState *chr,
         }
     }
 
-    return qemu_chr_open_fd(chr, in, out);
+    return qemu_chr_open_fd(chr, in, out, TRUE);
 }
 
 static CharDriverState *qmp_chardev_open_serial(CharDriverState *chr,
-- 
1.8.3.1