On Mon, Jun 13, 2022 at 15:18:14 +0200, Michal Privoznik wrote: > When creating a TAP interface we can end up with multiple FDs, > each representing one queue. However, these FDs must be > relabelled as they are then passed to QEMU. In case of > qemuBuildInterfaceConnect() we allocate the array for the FDs and > then let function corresponding to the <interface/> type to fill > the array with FDs. When any of the functions meets an error, > it's also responsible for closing previously opened FDs. However, > the functions take a shortcut: iterate through each member of the > array and close it (if it's non-negative). This assumes that the > array is initialized to negative values, which use to be the case > before rewrite in v8.4.0-rc1~170 but after it it's no longer the > case. Subsequently, "random" FDs are closed (okay, not that > random since the array is allocated via g_new0(), but hey - FD 0 > is still valid FD and might be valuable, actually). > > Fixes: 7a38d3946bc1a7ef0206f36dfe3dbf422fb8d578 > Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> > --- > src/qemu/qemu_command.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c > index be20053c0d..ecfe6020f3 100644 > --- a/src/qemu/qemu_command.c > +++ b/src/qemu/qemu_command.c > @@ -8736,6 +8736,8 @@ qemuBuildInterfaceConnect(virDomainObj *vm, > size_t tapfdSize = net->driver.virtio.queues; > g_autofree int *tapfd = g_new0(int, tapfdSize + 1); > > + memset(tapfd, -1, (tapfdSize + 1) * sizeof(*tapfd)); > + Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx> but I'm adding to my todo list to fix the offending functions :)
