From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga06.intel.com (mga06.intel.com [134.134.136.31]) by dpdk.org (Postfix) with ESMTP id ACE88199B0; Wed, 20 Sep 2017 16:39:36 +0200 (CEST) Received: from fmsmga005.fm.intel.com ([10.253.24.32]) by orsmga104.jf.intel.com with ESMTP; 20 Sep 2017 07:39:28 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.42,421,1500966000"; d="scan'208";a="153545352" Received: from aburakov-mobl2.ger.corp.intel.com (HELO [10.237.210.143]) ([10.237.210.143]) by fmsmga005.fm.intel.com with ESMTP; 20 Sep 2017 07:39:27 -0700 To: Patrick MacArthur , Kuba Kozak Cc: dev@dpdk.org, stable@dpdk.org References: <1505901573-463-1-git-send-email-kubax.kozak@intel.com> From: "Burakov, Anatoly" Message-ID: <3abbb473-6d7f-9b48-d33f-59bd098e0ebf@intel.com> Date: Wed, 20 Sep 2017 15:39:26 +0100 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit Subject: Re: [dpdk-stable] [PATCH] vfio: fix close unchecked file descriptor X-BeenThere: stable@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: patches for DPDK stable branches List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Sep 2017 14:39:37 -0000 On 20-Sep-17 3:34 PM, Patrick MacArthur wrote: > On 09/20/2017 05:59 AM, Kuba Kozak wrote: >> Add file descriptor value check before calling close() function. >> >> Coverity issue: 141297 >> Fixes: 811b6b25060f ("vfio: fix file descriptor leak in multi-process") >> Cc: patrick@patrickmacarthur.net >> Cc: stable@dpdk.org >> >> Signed-off-by: Kuba Kozak >> --- >>   lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c | 3 ++- >>   1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c >> b/lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c >> index 7e8095c..c04f548 100644 >> --- a/lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c >> +++ b/lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c >> @@ -301,7 +301,8 @@ vfio_mp_sync_thread(void __rte_unused * arg) >>                   vfio_mp_sync_send_request(conn_sock, SOCKET_ERR); >>               else >>                   vfio_mp_sync_send_fd(conn_sock, fd); >> -            close(fd); >> +            if (fd != -1) >> +                close(fd); > > IMHO this should be: > >         if (fd >= 0) > > What specifically is Coverity complaining about here? Is there a > specific code path that leads to fd being -1 here? > Hi Patrick, There's no way the fd will be 0 - the function we get the value from returns a valid fd, or a -1 in case of error. In this particular case, the "specific code path that leads to fd being -1" is when we can't get a container fd for some reason. I believe this is a very remote possibility as by the time we're spinning up the socket listening thread we're pretty sure we have a working VFIO container, but this is a valid fix nevertheless. Maybe having it >= 0 (or > 0, to be precise) would be cleaner, but it really makes no difference here. -- Thanks, Anatoly