Mir

Merge lp:~kdub/mir/fix-1394362 into lp:mir

  1. fix-1394362
  2. Merge into development-branch
Proposed by Kevin DuBois
Status: Merged
Approved by: Kevin DuBois
Approved revision: no longer in the source branch.
Merged at revision: 2085
Proposed branch: lp:~kdub/mir/fix-1394362
Merge into: lp:mir
Diff against target: 45 lines (+17/-5)
1 file modified
src/common/fd/fd_socket_transmission.cpp (+17/-5)
To merge this branch: bzr merge lp:~kdub/mir/fix-1394362
Reviewer Review Type Date Requested Status
Alberto Aguirre (community) Approve
Alan Griffiths Approve
PS Jenkins bot (community) continuous-integration Approve
Alexandros Frantzis (community) Approve
Review via email: mp+242276@code.launchpad.net

Commit message

fix lp: #1394362 by making the fd reception code exception-safe.

lp: #1394362

Description of the change

fix lp: #1394362 by making the fd reception code exception-safe.

lp: #1394362

To post a comment you must log in.
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

FAILED: Continuous integration, rev:2073
http://jenkins.qa.ubuntu.com/job/mir-ci/2173/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/219
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/219
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/196/console
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-vivid-amd64-ci/162
        deb: http://jenkins.qa.ubuntu.com/job/mir-vivid-amd64-ci/162/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/196
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/196/artifact/work/output/*zip*/output.zip
    FAILURE: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-mako/3464/console
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/16022

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/2173/rebuild

review: Needs Fixing (continuous-integration)
Revision history for this message
Alexandros Frantzis (afrantzis) wrote :

39 + if (fd > 0)

The fd could also be 0 (not very likely, but possible).

41 BOOST_THROW_EXCEPTION(std::runtime_error("Receieved fewer fds than expected"));

Pre-existing typo: "Receieved"

review: Needs Fixing
Revision history for this message
Alexandros Frantzis (afrantzis) wrote :

40 + ::close(fd);

It would be good to clear the fds vector (not very likely that it will be accessed after an exception, but still...).

Revision history for this message
Alexandros Frantzis (afrantzis) wrote :

Looks good. Once we are able to use owning mir::Fds the code will become much simpler (i.e. no need for manual cleanup).

review: Approve
Revision history for this message
PS Jenkins bot (ps-jenkins) wrote :

PASSED: Continuous integration, rev:2075
http://jenkins.qa.ubuntu.com/job/mir-ci/2183/
Executed test runs:
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-android-vivid-i386-build/236
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-clang-vivid-amd64-build/236
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-vivid-touch/212
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-vivid-amd64-ci/172
        deb: http://jenkins.qa.ubuntu.com/job/mir-vivid-amd64-ci/172/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/212
        deb: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-builder-vivid-armhf/212/artifact/work/output/*zip*/output.zip
    SUCCESS: http://jenkins.qa.ubuntu.com/job/mir-mediumtests-runner-mako/3477
    SUCCESS: http://s-jenkins.ubuntu-ci:8080/job/touch-flash-device/16055

Click here to trigger a rebuild:
http://s-jenkins.ubuntu-ci:8080/job/mir-ci/2183/rebuild

review: Approve (continuous-integration)
Revision history for this message
Alan Griffiths (alan-griffiths) wrote :

OK

review: Approve
Revision history for this message
Alberto Aguirre (albaguirre) wrote :

Nit:

39+ for(auto fd : fds)

space needed between for and (

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'src/common/fd/fd_socket_transmission.cpp'
--- src/common/fd/fd_socket_transmission.cpp 2014-10-22 15:43:57 +0000
+++ src/common/fd/fd_socket_transmission.cpp 2014-11-20 18:49:22 +0000
@@ -148,18 +148,24 @@
148 struct cmsghdr const* const cmsg = CMSG_FIRSTHDR(&header);148 struct cmsghdr const* const cmsg = CMSG_FIRSTHDR(&header);
149 if (cmsg)149 if (cmsg)
150 {150 {
151 // NOTE: This relies on the file descriptor cmsg being read
152 // (and written) atomically.
153 if (cmsg->cmsg_len > CMSG_LEN(fds_bytes) || (header.msg_flags & MSG_CTRUNC))
154 BOOST_THROW_EXCEPTION(std::runtime_error("Received more fds than expected"));
155 if ((cmsg->cmsg_level == SOL_SOCKET) && (cmsg->cmsg_type == SCM_CREDENTIALS))151 if ((cmsg->cmsg_level == SOL_SOCKET) && (cmsg->cmsg_type == SCM_CREDENTIALS))
156 BOOST_THROW_EXCEPTION(fd_reception_error("received SCM_CREDENTIALS when expecting fd"));152 BOOST_THROW_EXCEPTION(fd_reception_error("received SCM_CREDENTIALS when expecting fd"));
157 if (cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS)153 if (cmsg->cmsg_level != SOL_SOCKET || cmsg->cmsg_type != SCM_RIGHTS)
158 BOOST_THROW_EXCEPTION(fd_reception_error("Invalid control message for receiving file descriptors"));154 BOOST_THROW_EXCEPTION(fd_reception_error("Invalid control message for receiving file descriptors"));
155
159 int const* const data = reinterpret_cast<int const*>CMSG_DATA(cmsg);156 int const* const data = reinterpret_cast<int const*>CMSG_DATA(cmsg);
160 ptrdiff_t const header_size = reinterpret_cast<char const*>(data) - reinterpret_cast<char const*>(cmsg);157 ptrdiff_t const header_size = reinterpret_cast<char const*>(data) - reinterpret_cast<char const*>(cmsg);
161 int const nfds = (cmsg->cmsg_len - header_size) / sizeof(int);158 int const nfds = (cmsg->cmsg_len - header_size) / sizeof(int);
162159
160 // NOTE: This relies on the file descriptor cmsg being read
161 // (and written) atomically.
162 if (cmsg->cmsg_len > CMSG_LEN(fds_bytes) || (header.msg_flags & MSG_CTRUNC))
163 {
164 for (int i = 0; i < nfds; i++)
165 ::close(data[i]);
166 BOOST_THROW_EXCEPTION(std::runtime_error("Received more fds than expected"));
167 }
168
163 // We can't properly pass mir::Fds through google::protobuf::Message,169 // We can't properly pass mir::Fds through google::protobuf::Message,
164 // which is where these get shoved.170 // which is where these get shoved.
165 //171 //
@@ -173,5 +179,11 @@
173 }179 }
174180
175 if (fds_read < fds.size())181 if (fds_read < fds.size())
176 BOOST_THROW_EXCEPTION(std::runtime_error("Receieved fewer fds than expected"));182 {
183 for (auto fd : fds)
184 if (fd >= 0)
185 ::close(fd);
186 fds.clear();
187 BOOST_THROW_EXCEPTION(std::runtime_error("Received fewer fds than expected"));
188 }
177}189}

Subscribers

People subscribed via source and target branches