[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 2/4] vhost-user: Convert slave channel to QIOChannelSocket
From: |
Stefan Hajnoczi |
Subject: |
Re: [PATCH 2/4] vhost-user: Convert slave channel to QIOChannelSocket |
Date: |
Tue, 9 Mar 2021 15:17:21 +0000 |
On Mon, Mar 08, 2021 at 01:31:39PM +0100, Greg Kurz wrote:
> + g_autofree int *fd = NULL;
> + size_t fdsize = 0;
> + int i;
>
> /* Read header */
> iov.iov_base = &hdr;
> iov.iov_len = VHOST_USER_HDR_SIZE;
>
> do {
> - size = recvmsg(u->slave_fd, &msgh, 0);
> - } while (size < 0 && (errno == EINTR || errno == EAGAIN));
> + size = qio_channel_readv_full(ioc, &iov, 1, &fd, &fdsize, NULL);
> + } while (size == QIO_CHANNEL_ERR_BLOCK);
Is it possible to leak file descriptors and fd[] memory if we receive a
short message and then loop around? qio_channel_readv_full() will
overwrite &fd and that's how the leak occurs.
On the other hand, it looks like ioc is in blocking mode. I'm not sure
QIO_CHANNEL_ERR_BLOCK can occur?
> @@ -1500,8 +1479,8 @@ static void slave_read(void *opaque)
>
> /* Read payload */
> do {
> - size = read(u->slave_fd, &payload, hdr.size);
> - } while (size < 0 && (errno == EINTR || errno == EAGAIN));
> + size = qio_channel_read(ioc, (char *) &payload, hdr.size, NULL);
> + } while (size == QIO_CHANNEL_ERR_BLOCK);
Same question here.
signature.asc
Description: PGP signature
[PATCH 3/4] vhost-user: Monitor slave channel in vhost_user_read(), Greg Kurz, 2021/03/08
[PATCH 4/4] virtiofsd: Release vu_dispatch_lock when stopping queue, Greg Kurz, 2021/03/08