[libvirt] [PATCH] lxc: avoid use-after-free
Daniel P. Berrange
berrange at redhat.com
Fri Nov 4 13:32:36 UTC 2011
On Thu, Nov 03, 2011 at 05:33:38PM -0600, Eric Blake wrote:
> I got this weird failure:
>
> error: Failed to start domain simple
> error: internal error cannot mix caller fds with blocking execution
>
> and tracked it down to a use-after-free - virCommandSetOutputFD
> was storing the address of a stack-local variable, which then
> went out of scope before the virCommandRun that dereferenced it.
>
> Bug introduced in commit 451cfd05 (0.9.2).
>
> * src/lxc/lxc_driver.c (lxcBuildControllerCmd): Move log fd
> registration...
> (lxcVmStart): ...to caller.
> ---
>
> I have no idea how danpb got so lucky in being able to test
> recent lxc addtions, given the fact that booting an LXC domain
> has basically been broken for several months now, depending on
> whether the compiler happened to smash the stack variable in
> question.
>
> src/lxc/lxc_driver.c | 7 +++----
> 1 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c
> index d6e5e20..37092bc 100644
> --- a/src/lxc/lxc_driver.c
> +++ b/src/lxc/lxc_driver.c
> @@ -1449,7 +1449,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver,
> char **veths,
> int *ttyFDs,
> size_t nttyFDs,
> - int logfile,
> int handshakefd)
> {
> size_t i;
> @@ -1524,8 +1523,6 @@ lxcBuildControllerCmd(lxc_driver_t *driver,
> }
>
> virCommandPreserveFD(cmd, handshakefd);
> - virCommandSetOutputFD(cmd, &logfile);
> - virCommandSetErrorFD(cmd, &logfile);
>
> return cmd;
> cleanup:
> @@ -1747,8 +1744,10 @@ static int lxcVmStart(virConnectPtr conn,
> vm,
> nveths, veths,
> ttyFDs, nttyFDs,
> - logfd, handshakefds[1])))
> + handshakefds[1])))
> goto cleanup;
> + virCommandSetOutputFD(cmd, &logfd);
> + virCommandSetErrorFD(cmd, &logfd);
>
> /* Log timestamp */
> if ((timestamp = virTimestamp()) == NULL) {
ACK
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list