qemu: Don't leak file descriptors in case of error#2684
Conversation
If we take one of the error paths from setupVirtiofsd() after opening the fd variable, the fd.Close() function is not called. Fixes: kata-containers#2683 Signed-off-by: Christophe de Dinechin <dinechin@redhat.com>
jodh-intel
left a comment
jodh-intel
left a comment
There was a problem hiding this comment.
Good catch @c3d, and thanks!
lgtm
|
/test-ubuntu |
jcvenegas
left a comment
jcvenegas
left a comment
There was a problem hiding this comment.
I think you need to remove line
runtime/virtcontainers/qemu.go
Line 680 in 7b269ff
| if err != nil { | ||
| return err | ||
| } | ||
| defer fd.Close() |
There was a problem hiding this comment.
Shouldn't we remove the fd.Close() call a few lines below?
There was a problem hiding this comment.
OOI, I had wondered if we needed to drop the later fd.Close() as well - but, hmm, as it is it means we close the fd after its last use. If we drop that, it will stay open for longer when not needed. On the flip side, we can only leave it there if calling fd.Close() on an already closed fd is safe - as it will still be called by the defer...
There was a problem hiding this comment.
The intent of that fd.Close() is clearly to close the fd before entering the loop, so I left it there intentionally, after checking that closing twice was OK.
Close closes the File, rendering it unusable for I/O. On files that support SetDeadline, any pending I/O operations will be canceled and return immediately with an error. Close will return an error if it has already been called.
(Emphasis mine)
Reference: https://golang.org/pkg/os/#File.Close
There was a problem hiding this comment.
So, just to confirm, the final action on that is to remove the fd.Close() line mentioned, considering "Close will return an error if it has already been called". is it?
(Christophe's Emphasis ;-))
There was a problem hiding this comment.
Ah, I see @c3d's point after a private conversation.
fd.Close() will error out with "already closed", but won't crash, so that may be fine as we don't check / report that error.
I'm fine with this as is now. @jcvenegas, do you agree? If so, feel free to remove the "do-not-merge" label and merge it.
There was a problem hiding this comment.
Hey thanks for the clarifications, I agree that will not be harmful in the case if it is called two times. I think is just a matter of different styles but the same result. let's merge it :)
|
@jcvenegas was faster than me! ;-) |
Codecov Report
@@ Coverage Diff @@
## master #2684 +/- ##
==========================================
+ Coverage 45.93% 50.48% +4.55%
==========================================
Files 118 118
Lines 17653 17139 -514
==========================================
+ Hits 8109 8653 +544
+ Misses 8628 7428 -1200
- Partials 916 1058 +142 |
I disagree. First, it's safe to |
6 participants
If we take one of the error paths from setupVirtiofsd() after
opening the fd variable, the fd.Close() function is not called.
Fixes: #2683
Signed-off-by: Christophe de Dinechin dinechin@redhat.com