[Qemu-devel] [Bug 1504513] Re: Socket leak on each call to qemu_socket()

[Mark Pizzolato]

On Sunday, October 11, 2015 at 11:58 PM. Markus Armbruster wrote:
> Mark Pizzolato <m...@infocomm.com> writes:
> 
> > Public bug reported:
> >
> > On any host platform where SOCK_CLOEXEC is defined (Linux at least), a
> > socket is leaked on each call to qemu_socket() AND the socket returned
> > hasn't been created with the desired SOCK_CLOEXEC attribute.  The
> > qemu_socket routine is:
> >
> > Line 272 of util/osdep.c:
> > /*
> >  * Opens a socket with FD_CLOEXEC set
> >  */
> > int qemu_socket(int domain, int type, int protocol)
> > {
> >     int ret;
> >
> > #ifdef SOCK_CLOEXEC
> >     ret = socket(domain, type | SOCK_CLOEXEC, protocol);
> >     if (ret != -1 || errno != EINVAL) {
> >         return ret;
> 
> If socket() succeeded (ret != -1), we return the socket.
> 
> If socket() failed with anything but EINVAL (ret == -1 && errno !=
> EINVAL), we return -1 with errno set.
> 
> >     }
> 
> Here, ret == -1 && errno == EINVAL.
> 
> > #endif
> >     ret = socket(domain, type, protocol);
> >     if (ret >= 0) {
> >         qemu_set_cloexec(ret);
> >     }
> >
> >     return ret;
> > }
> 
> How can this leak a socket?
> 
> How can this return a socket with FD_CLOEXEC not set?

All I can say is "OOPS!!"  Sorry for bothering you.  I misread the
status check after the first socket() call.

I'm in the process of lifting qemu's slirp code and dropping it into
another open source project.  Since I'm trying to use all the code in
the slirp directory without modification I'm digging through where it
now depends on other qemu code.  I quickly looked at the qemu_socket()
routine and read it wrong.

Once again, sorry.

- Mark Pizzolato


** Changed in: qemu
       Status: New => Invalid

** Changed in: qemu
     Assignee: (unassigned) => Mark Pizzolato (r-mark-0)

-- 
You received this bug notification because you are a member of qemu-
devel-ml, which is subscribed to QEMU.
https://bugs.launchpad.net/bugs/1504513

Title:
  Socket leak on each call to qemu_socket()

Status in QEMU:
  Invalid

Bug description:
  On any host platform where SOCK_CLOEXEC is defined (Linux at least), a
  socket is leaked on each call to qemu_socket() AND the socket returned
  hasn't been created with the desired SOCK_CLOEXEC attribute.  The
  qemu_socket routine is:

  Line 272 of util/osdep.c:
  /*
   * Opens a socket with FD_CLOEXEC set
   */
  int qemu_socket(int domain, int type, int protocol)
  {
      int ret;

  #ifdef SOCK_CLOEXEC
      ret = socket(domain, type | SOCK_CLOEXEC, protocol);
      if (ret != -1 || errno != EINVAL) {
          return ret;
      }
  #endif
      ret = socket(domain, type, protocol);
      if (ret >= 0) {
          qemu_set_cloexec(ret);
      }

      return ret;
  }

To manage notifications about this bug go to:
https://bugs.launchpad.net/qemu/+bug/1504513/+subscriptions