From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <anatoly.burakov@intel.com>
Received: from mga06.intel.com (mga06.intel.com [134.134.136.31])
 by dpdk.org (Postfix) with ESMTP id ACE88199B0;
 Wed, 20 Sep 2017 16:39:36 +0200 (CEST)
Received: from fmsmga005.fm.intel.com ([10.253.24.32])
 by orsmga104.jf.intel.com with ESMTP; 20 Sep 2017 07:39:28 -0700
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.42,421,1500966000"; d="scan'208";a="153545352"
Received: from aburakov-mobl2.ger.corp.intel.com (HELO [10.237.210.143])
 ([10.237.210.143])
 by fmsmga005.fm.intel.com with ESMTP; 20 Sep 2017 07:39:27 -0700
To: Patrick MacArthur <patrick@patrickmacarthur.net>,
 Kuba Kozak <kubax.kozak@intel.com>
Cc: dev@dpdk.org, stable@dpdk.org
References: <1505901573-463-1-git-send-email-kubax.kozak@intel.com>
 <d802da7a-551b-f44e-6aa0-3fb75418ba23@patrickmacarthur.net>
From: "Burakov, Anatoly" <anatoly.burakov@intel.com>
Message-ID: <3abbb473-6d7f-9b48-d33f-59bd098e0ebf@intel.com>
Date: Wed, 20 Sep 2017 15:39:26 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <d802da7a-551b-f44e-6aa0-3fb75418ba23@patrickmacarthur.net>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Subject: Re: [dpdk-stable] [PATCH] vfio: fix close unchecked file descriptor
X-BeenThere: stable@dpdk.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: patches for DPDK stable branches <stable.dpdk.org>
List-Unsubscribe: <http://dpdk.org/ml/options/stable>,
 <mailto:stable-request@dpdk.org?subject=unsubscribe>
List-Archive: <http://dpdk.org/ml/archives/stable/>
List-Post: <mailto:stable@dpdk.org>
List-Help: <mailto:stable-request@dpdk.org?subject=help>
List-Subscribe: <http://dpdk.org/ml/listinfo/stable>,
 <mailto:stable-request@dpdk.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Sep 2017 14:39:37 -0000

On 20-Sep-17 3:34 PM, Patrick MacArthur wrote:
> On 09/20/2017 05:59 AM, Kuba Kozak wrote:
>> Add file descriptor value check before calling close() function.
>>
>> Coverity issue: 141297
>> Fixes: 811b6b25060f ("vfio: fix file descriptor leak in multi-process")
>> Cc: patrick@patrickmacarthur.net
>> Cc: stable@dpdk.org
>>
>> Signed-off-by: Kuba Kozak <kubax.kozak@intel.com>
>> ---
>>   lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c | 3 ++-
>>   1 file changed, 2 insertions(+), 1 deletion(-)
>>
>> diff --git a/lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c 
>> b/lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c
>> index 7e8095c..c04f548 100644
>> --- a/lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c
>> +++ b/lib/librte_eal/linuxapp/eal/eal_vfio_mp_sync.c
>> @@ -301,7 +301,8 @@ vfio_mp_sync_thread(void __rte_unused * arg)
>>                   vfio_mp_sync_send_request(conn_sock, SOCKET_ERR);
>>               else
>>                   vfio_mp_sync_send_fd(conn_sock, fd);
>> -            close(fd);
>> +            if (fd != -1)
>> +                close(fd);
> 
> IMHO this should be:
> 
>          if (fd >= 0)
> 
> What specifically is Coverity complaining about here? Is there a 
> specific code path that leads to fd being -1 here?
> 
Hi Patrick,

There's no way the fd will be 0 - the function we get the value from 
returns a valid fd, or a -1 in case of error. In this particular case, 
the "specific code path that leads to fd being -1" is when we can't get 
a container fd for some reason. I believe this is a very remote 
possibility as by the time we're spinning up the socket listening thread 
we're pretty sure we have a working VFIO container, but this is a valid 
fix nevertheless. Maybe having it >= 0 (or > 0, to be precise) would be 
cleaner, but it really makes no difference here.

-- 
Thanks,
Anatoly