[libvirt] [PATCH] lxc: avoid use-after-free
Eric Blake
eblake at redhat.com
Thu Nov 3 23:33:38 UTC 2011
I got this weird failure:
error: Failed to start domain simple
error: internal error cannot mix caller fds with blocking execution
and tracked it down to a use-after-free - virCommandSetOutputFD
was storing the address of a stack-local variable, which then
went out of scope before the virCommandRun that dereferenced it.
Bug introduced in commit 451cfd05 (0.9.2).
* src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd
registration...
(lxcVmStart): ...to caller.
---
I have no idea how danpb got so lucky in being able to test
recent lxc addtions, given the fact that booting an LXC domain
has basically been broken for several months now, depending on
whether the compiler happened to smash the stack variable in
question.
src/lxc/lxc_driver.c | 7 +++----
1 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
index d6e5e20..37092bc 100644
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@@ -1449,7 +1449,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver,
char **veths,
int *ttyFDs,
size_t nttyFDs,
- int logfile,
int handshakefd)
{
size_t i;
@@ -1524,8 +1523,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver,
}
virCommandPreserveFD(cmd, handshakefd);
- virCommandSetOutputFD(cmd, &logfile);
- virCommandSetErrorFD(cmd, &logfile);
return cmd;
cleanup:
@@ -1747,8 +1744,10 @@ static int lxcVmStart(virConnectPtr conn,
vm,
nveths, veths,
ttyFDs, nttyFDs,
- logfd, handshakefds[1])))
+ handshakefds[1])))
goto cleanup;
+ virCommandSetOutputFD(cmd, &logfd);
+ virCommandSetErrorFD(cmd, &logfd);
/* Log timestamp */
if ((timestamp = virTimestamp()) == NULL) {
--
1.7.4.4
More information about the libvir-list
mailing list