To ensure same behaviour when remote driver is or is not used we must not steal the FDs and array holding them passed to qemuDomainFDAssociate but rather duplicate them. At the same time the remote driver must close and free them to prevent leak. Pointed out by Coverity as FD leak on error path: *** CID 404348: Resource leaks (RESOURCE_LEAK) /src/remote/remote_daemon_dispatch.c: 7484 in remoteDispatchDomainFdAssociate() 7478 rv = 0; 7479 7480 cleanup: 7481 if (rv < 0) 7482 virNetMessageSaveError(rerr); 7483 virObjectUnref(dom); >>> CID 404348: Resource leaks (RESOURCE_LEAK) >>> Variable "fds" going out of scope leaks the storage it points to. 7484 return rv; Fixes: abd9025c2fd Fixes: f762f87534e Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> --- src/qemu/qemu_driver.c | 15 ++++++++++++--- src/remote/remote_daemon_dispatch.c | 3 +++ 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index a88c9ebe64..d6879175fe 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -20442,7 +20442,8 @@ qemuDomainFDAssociate(virDomainPtr domain, { virDomainObj *vm = NULL; qemuDomainObjPrivate *priv; - virStorageSourceFDTuple *new; + g_autoptr(virStorageSourceFDTuple) new = NULL; + size_t i; int ret = -1; virCheckFlags(VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_RESTORE | @@ -20460,8 +20461,16 @@ qemuDomainFDAssociate(virDomainPtr domain, priv = vm->privateData; new = virStorageSourceFDTupleNew(); - new->fds = fds; new->nfds = nfds; + new->fds = g_new0(int, new->nfds); + for (i = 0; i < new->nfds; i++) { + if ((new->fds[i] = dup(fds[i])) < 0) { + virReportSystemError(errno, + _("failed to duplicate passed fd with index '%zu'"), + i); + goto cleanup; + } + } new->conn = domain->conn; new->writable = flags & VIR_DOMAIN_FD_ASSOCIATE_SECLABEL_WRITABLE; @@ -20469,7 +20478,7 @@ qemuDomainFDAssociate(virDomainPtr domain, virCloseCallbacksDomainAdd(vm, domain->conn, qemuDomainFDHashCloseConnect); - g_hash_table_insert(priv->fds, g_strdup(name), new); + g_hash_table_insert(priv->fds, g_strdup(name), g_steal_pointer(&new)); ret = 0; diff --git a/src/remote/remote_daemon_dispatch.c b/src/remote/remote_daemon_dispatch.c index 40c734ce6b..6c56e9ec3e 100644 --- a/src/remote/remote_daemon_dispatch.c +++ b/src/remote/remote_daemon_dispatch.c @@ -7478,6 +7478,9 @@ remoteDispatchDomainFdAssociate(virNetServer *server G_GNUC_UNUSED, rv = 0; cleanup: + for (i = 0; i < nfds; i++) + VIR_FORCE_CLOSE(fds[i]); + g_free(fds); if (rv < 0) virNetMessageSaveError(rerr); virObjectUnref(dom); -- 2.38.1