On 6/13/22 16:04, Peter Krempa wrote: > On Mon, Jun 13, 2022 at 15:18:14 +0200, Michal Privoznik wrote: >> When creating a TAP interface we can end up with multiple FDs, >> each representing one queue. However, these FDs must be >> relabelled as they are then passed to QEMU. In case of >> qemuBuildInterfaceConnect() we allocate the array for the FDs and >> then let function corresponding to the <interface/> type to fill >> the array with FDs. When any of the functions meets an error, >> it's also responsible for closing previously opened FDs. However, >> the functions take a shortcut: iterate through each member of the >> array and close it (if it's non-negative). This assumes that the >> array is initialized to negative values, which use to be the case >> before rewrite in v8.4.0-rc1~170 but after it it's no longer the >> case. Subsequently, "random" FDs are closed (okay, not that >> random since the array is allocated via g_new0(), but hey - FD 0 >> is still valid FD and might be valuable, actually). >> >> Fixes: 7a38d3946bc1a7ef0206f36dfe3dbf422fb8d578 >> Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx> >> --- >> src/qemu/qemu_command.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c >> index be20053c0d..ecfe6020f3 100644 >> --- a/src/qemu/qemu_command.c >> +++ b/src/qemu/qemu_command.c >> @@ -8736,6 +8736,8 @@ qemuBuildInterfaceConnect(virDomainObj *vm, >> size_t tapfdSize = net->driver.virtio.queues; >> g_autofree int *tapfd = g_new0(int, tapfdSize + 1); >> >> + memset(tapfd, -1, (tapfdSize + 1) * sizeof(*tapfd)); >> + > > Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx> > > but I'm adding to my todo list to fix the offending functions :) > Yeah, that might be worth fixing. Pushed thanks. Michal
