Mir

Merge lp:~kdub/mir/fix-1394362 into lp:mir

  1. fix-1394362
  2. Merge into development-branch
Proposed by Kevin DuBois
Status: Merged
Approved by: Kevin DuBois
Approved revision: no longer in the source branch.
Merged at revision: 2085
Proposed branch: lp:~kdub/mir/fix-1394362
Merge into: lp:mir
Diff against target: 45 lines (+17/-5)
1 file modified
src/common/fd/fd_socket_transmission.cpp (+17/-5)
To merge this branch: bzr merge lp:~kdub/mir/fix-1394362
Reviewer Review Type Date Requested Status
Alberto Aguirre (community) Approve
Alan Griffiths Approve
PS Jenkins bot (community) continuous-integration Approve
Alexandros Frantzis (community) Approve
Review via email: mp+242276@code.launchpad.net

Commit message

fix lp: #1394362 by making the fd reception code exception-safe.

lp: #1394362

Description of the change

fix lp: #1394362 by making the fd reception code exception-safe.

lp: #1394362

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:2073
http://jenkins.qa.ubuntu.com/job/mir-ci/2173/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/219
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/219
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/196/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-vivid-amd64-ci/162
        deb: http://jenkins.qa.ubuntu.com/job/mir-vivid-amd64-ci/162/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/196
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/196/artifact/work/output/*zip*/output.zip
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-mako/3464/console
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/16022

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/2173/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Alexandros Frantzis (afrantzis) wrote :

39 + if (fd > 0)

The fd could also be 0 (not very likely, but possible).

41 BOOST_THROW_EXCEPTION(std::runtime_error("Receieved fewer fds than expected"));

Pre-existing typo: "Receieved"

review: Needs Fixing
Revision history for this message
Alexandros Frantzis (afrantzis) wrote :

40 + ::close(fd);

It would be good to clear the fds vector (not very likely that it will be accessed after an exception, but still...).

Revision history for this message
Alexandros Frantzis (afrantzis) wrote :

Looks good. Once we are able to use owning mir::Fds the code will become much simpler (i.e. no need for manual cleanup).

review: Approve
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:2075
http://jenkins.qa.ubuntu.com/job/mir-ci/2183/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/236
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/236
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/212
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-vivid-amd64-ci/172
        deb: http://jenkins.qa.ubuntu.com/job/mir-vivid-amd64-ci/172/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/212
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/212/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-mako/3477
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/16055

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/2183/rebuild

review: Approve (continuous-integration)
Revision history for this message
Alan Griffiths (alan-griffiths) wrote :

OK

review: Approve
Revision history for this message
Alberto Aguirre (albaguirre) wrote :

Nit:

39+ for(auto fd : fds)

space needed between for and (

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'src/common/fd/fd_socket_transmission.cpp'
2--- src/common/fd/fd_socket_transmission.cpp 2014-10-22 15:43:57 +0000
3+++ src/common/fd/fd_socket_transmission.cpp 2014-11-20 18:49:22 +0000
4@@ -148,18 +148,24 @@
5 struct cmsghdr const* const cmsg = CMSG_FIRSTHDR(&header);
6 if (cmsg)
7 {
8- // NOTE: This relies on the file descriptor cmsg being read
9- // (and written) atomically.
10- if (cmsg->cmsg_len > CMSG_LEN(fds_bytes) || (header.msg_flags & MSG_CTRUNC))
11- BOOST_THROW_EXCEPTION(std::runtime_error("Received more fds than expected"));
12 if ((cmsg->cmsg_level == SOL_SOCKET) && (cmsg->cmsg_type == SCM_CREDENTIALS))
13 BOOST_THROW_EXCEPTION(fd_reception_error("received SCM_CREDENTIALS when expecting fd"));
14 if (cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS)
15 BOOST_THROW_EXCEPTION(fd_reception_error("Invalid control message for receiving file descriptors"));
16+
17 int const* const data = reinterpret_cast<int const*>CMSG_DATA(cmsg);
18 ptrdiff_t const header_size = reinterpret_cast<char const*>(data) - reinterpret_cast<char const*>(cmsg);
19 int const nfds = (cmsg->cmsg_len - header_size) / sizeof(int);
20
21+ // NOTE: This relies on the file descriptor cmsg being read
22+ // (and written) atomically.
23+ if (cmsg->cmsg_len > CMSG_LEN(fds_bytes) || (header.msg_flags & MSG_CTRUNC))
24+ {
25+ for (int i = 0; i < nfds; i++)
26+ ::close(data[i]);
27+ BOOST_THROW_EXCEPTION(std::runtime_error("Received more fds than expected"));
28+ }
29+
30 // We can't properly pass mir::Fds through google::protobuf::Message,
31 // which is where these get shoved.
32 //
33@@ -173,5 +179,11 @@
34 }
35
36 if (fds_read < fds.size())
37- BOOST_THROW_EXCEPTION(std::runtime_error("Receieved fewer fds than expected"));
38+ {
39+ for (auto fd : fds)
40+ if (fd >= 0)
41+ ::close(fd);
42+ fds.clear();
43+ BOOST_THROW_EXCEPTION(std::runtime_error("Received fewer fds than expected"));
44+ }
45 }

Subscribers

People subscribed via source and target branches