Re: [libvirt] [PATCH] lxc: avoid use-after-free
On 11/04/2011 07:32 AM, Daniel P. Berrange wrote: On Thu, Nov 03, 2011 at 05:33:38PM -0600, Eric Blake wrote: I got this weird failure: error: Failed to start domain simple error: internal error cannot mix caller fds with blocking execution and tracked it down to a use-after-free - virCommandSetOutputFD was storing the address of a stack-local variable, which then went out of scope before the virCommandRun that dereferenced it. Bug introduced in commit 451cfd05 (0.9.2). ACK Thanks; pushed. -- Eric Blake ebl...@redhat.com+1-801-349-2682 Libvirt virtualization library http://libvirt.org -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] lxc: avoid use-after-free
On Thu, Nov 03, 2011 at 05:33:38PM -0600, Eric Blake wrote: > I got this weird failure: > > error: Failed to start domain simple > error: internal error cannot mix caller fds with blocking execution > > and tracked it down to a use-after-free - virCommandSetOutputFD > was storing the address of a stack-local variable, which then > went out of scope before the virCommandRun that dereferenced it. > > Bug introduced in commit 451cfd05 (0.9.2). > > * src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd > registration... > (lxcVmStart): ...to caller. > --- > > I have no idea how danpb got so lucky in being able to test > recent lxc addtions, given the fact that booting an LXC domain > has basically been broken for several months now, depending on > whether the compiler happened to smash the stack variable in > question. > > src/lxc/lxc_driver.c |7 +++ > 1 files changed, 3 insertions(+), 4 deletions(-) > > diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c > index d6e5e20..37092bc 100644 > --- a/src/lxc/lxc_driver.c > +++ b/src/lxc/lxc_driver.c > @@ -1449,7 +1449,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver, >char **veths, >int *ttyFDs, >size_t nttyFDs, > - int logfile, >int handshakefd) > { > size_t i; > @@ -1524,8 +1523,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver, > } > > virCommandPreserveFD(cmd, handshakefd); > -virCommandSetOutputFD(cmd, &logfile); > -virCommandSetErrorFD(cmd, &logfile); > > return cmd; > cleanup: > @@ -1747,8 +1744,10 @@ static int lxcVmStart(virConnectPtr conn, >vm, >nveths, veths, >ttyFDs, nttyFDs, > - logfd, handshakefds[1]))) > + handshakefds[1]))) > goto cleanup; > +virCommandSetOutputFD(cmd, &logfd); > +virCommandSetErrorFD(cmd, &logfd); > > /* Log timestamp */ > if ((timestamp = virTimestamp()) == NULL) { ACK Daniel -- |: http://berrange.com -o-http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH] lxc: avoid use-after-free
I got this weird failure: error: Failed to start domain simple error: internal error cannot mix caller fds with blocking execution and tracked it down to a use-after-free - virCommandSetOutputFD was storing the address of a stack-local variable, which then went out of scope before the virCommandRun that dereferenced it. Bug introduced in commit 451cfd05 (0.9.2). * src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd registration... (lxcVmStart): ...to caller. --- I have no idea how danpb got so lucky in being able to test recent lxc addtions, given the fact that booting an LXC domain has basically been broken for several months now, depending on whether the compiler happened to smash the stack variable in question. src/lxc/lxc_driver.c |7 +++ 1 files changed, 3 insertions(+), 4 deletions(-) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index d6e5e20..37092bc 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1449,7 +1449,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver, char **veths, int *ttyFDs, size_t nttyFDs, - int logfile, int handshakefd) { size_t i; @@ -1524,8 +1523,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver, } virCommandPreserveFD(cmd, handshakefd); -virCommandSetOutputFD(cmd, &logfile); -virCommandSetErrorFD(cmd, &logfile); return cmd; cleanup: @@ -1747,8 +1744,10 @@ static int lxcVmStart(virConnectPtr conn, vm, nveths, veths, ttyFDs, nttyFDs, - logfd, handshakefds[1]))) + handshakefds[1]))) goto cleanup; +virCommandSetOutputFD(cmd, &logfd); +virCommandSetErrorFD(cmd, &logfd); /* Log timestamp */ if ((timestamp = virTimestamp()) == NULL) { -- 1.7.4.4 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list