From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from gandalf.ozlabs.org (gandalf.ozlabs.org [150.107.74.76])
	by passt.top (Postfix) with ESMTPS id 691705A026A
	for <passt-dev@passt.top>; Mon, 27 Feb 2023 14:29:55 +0100 (CET)
Received: by gandalf.ozlabs.org (Postfix, from userid 1007)
	id 4PQLvg5K7Nz4xDk; Tue, 28 Feb 2023 00:29:51 +1100 (AEDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gibson.dropbear.id.au; s=201602; t=1677504591;
	bh=2u88pqcYF5Iqp654WBN2jTiWpnmNyvhkaiNqzFLwTBc=;
	h=Date:From:To:Cc:Subject:References:In-Reply-To:From;
	b=E4EQeKZj5hfEqHW8KbZmJJ9KcqCFBUR3uItBhDN2XVSfGuhlcZVOXXa+6kOERYxWa
	 U3S4vJ6ZvmngFyHjvKLud3UEJsWxioLHljoGyoGLo6j6OPrPW+LZF8KRIHV+7lNPd1
	 9XdOYynr6CHniSkrs4HdOsuQwXU+YWVGQIit55nE=
Date: Mon, 27 Feb 2023 21:51:10 +1100
From: David Gibson <david@gibson.dropbear.id.au>
To: Stefano Brivio <sbrivio@redhat.com>
Subject: Re: [PATCH 3/3] tcp: Avoid (theoretical) resource leak (CWE-772)
 Coverity warning
Message-ID: <Y/yLHvIn3m+MNgYO@yekko>
References: <20230227095941.225672-1-sbrivio@redhat.com>
 <20230227095941.225672-4-sbrivio@redhat.com>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature"; boundary="npbWoDPfaIYpmmhV"
Content-Disposition: inline
In-Reply-To: <20230227095941.225672-4-sbrivio@redhat.com>
Message-ID-Hash: UFXFYVGJTUYMAHPU6QACMP644YYNT4H6
X-Message-ID-Hash: UFXFYVGJTUYMAHPU6QACMP644YYNT4H6
X-MailFrom: dgibson@gandalf.ozlabs.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: passt-dev@passt.top
X-Mailman-Version: 3.3.8
Precedence: list
List-Id: Development discussion and patches for passt <passt-dev.passt.top>
Archived-At: <https://archives.passt.top/passt-dev/Y/yLHvIn3m+MNgYO@yekko/>
Archived-At: <https://passt.top/hyperkitty/list/passt-dev@passt.top/message/UFXFYVGJTUYMAHPU6QACMP644YYNT4H6/>
List-Archive: <https://archives.passt.top/passt-dev/>
List-Archive: <https://passt.top/hyperkitty/list/passt-dev@passt.top/>
List-Help: <mailto:passt-dev-request@passt.top?subject=help>
List-Owner: <mailto:passt-dev-owner@passt.top>
List-Post: <mailto:passt-dev@passt.top>
List-Subscribe: <mailto:passt-dev-join@passt.top>
List-Unsubscribe: <mailto:passt-dev-leave@passt.top>


--npbWoDPfaIYpmmhV
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Feb 27, 2023 at 10:59:41AM +0100, Stefano Brivio wrote:
> If tcp_timer_ctl() gets a socket number greater than SOCKET_MAX
> (2 ^ 24), we return error but we don't close the socket. This is a
> rather formal issue given that, at least on Linux, socket numbers are
> monotonic and we're in general not allowed to open so many sockets.
>=20
> Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

Reviewed-by: David Gibson <david@gibson.dropbear.id.au>

> ---
>  tcp.c | 3 +++
>  1 file changed, 3 insertions(+)
>=20
> diff --git a/tcp.c b/tcp.c
> index 561064e..b674311 100644
> --- a/tcp.c
> +++ b/tcp.c
> @@ -702,6 +702,9 @@ static void tcp_timer_ctl(const struct ctx *c, struct=
 tcp_tap_conn *conn)
>  		fd =3D timerfd_create(CLOCK_MONOTONIC, 0);
>  		if (fd =3D=3D -1 || fd > SOCKET_MAX) {
>  			debug("TCP: failed to get timer: %s", strerror(errno));
> +			if (fd > -1)
> +				close(fd);
> +			conn->timer =3D -1;
>  			return;
>  		}
>  		conn->timer =3D fd;

--=20
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson

--npbWoDPfaIYpmmhV
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmP8ixgACgkQzQJF27ox
2GeT0A//d3lWYlVeUmlmORRzohFxGScTht2W4UmvJqjjyAn+5py8PGbA70WBLLIV
GdGXTx62I7mYlj2hEIH9/BuUWSBK2pHtUe2ltQcr72IBLIMdqPmNFi57cUU5M+bZ
v2KaOUAwIsidvMmeKrM0PK4S29zTcx69eQC+55airCnxuR0RgYFSXQQ43pf/CcrS
7YlR1OrzB5eHzGdTfyYU75xVE2sQ2g9ubwsOybusGJ1Zxj6sIiyTCE3//IW7+kKs
jIh1bKtAh7dUGdrUlwotZabbY+2bd5ZheRGabuzUnpIw4DpRw3QFh2B3AHmIXXhO
jApBq/H3JluJnmTCaNe0A6aUrm9A50sHfgQ2W9z7ofV8QBRALw7mxoTd6KfS9cw4
BKJaGXBa0JJC1fRy4OW3Y3FJuyezHGw1qiKwMVjUOn+DmCmf/Hoqy50J8JPSWYDj
ccuhocRBQaotwPgpP/6wd3KMLvbJr3uMoEnDlzStIhBiQTDUdBsOVk5u0/M6hlv/
+OwVzR2xkG//QpLoc8eyPDg4cR9SdVm4sC76xyZ/5mV1YUsGP+MKHG5ZaCmElThX
QpvSp6xfOlw73Ctm4PPl9aOg3G9HL6QoN5WCga7dOFfAG0+JBXpeI2JDiE/k86nx
yqIm/tre0TA5Z1zTLZ66zG1y/oKBZLknqZvrp1/5MoJVEqf2YMA=
=/MPY
-----END PGP SIGNATURE-----

--npbWoDPfaIYpmmhV--