From patchwork Sun Feb 26 14:43:51 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Samuel Thibault X-Patchwork-Id: 94525 Delivered-To: patch@linaro.org Received: by 10.140.20.113 with SMTP id 104csp501537qgi; Sun, 26 Feb 2017 06:46:33 -0800 (PST) X-Received: by 10.200.49.129 with SMTP id h1mr11356655qte.277.1488120393268; Sun, 26 Feb 2017 06:46:33 -0800 (PST) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id j37si7355958qtc.49.2017.02.26.06.46.32 for (version=TLS1 cipher=AES128-SHA bits=128/128); Sun, 26 Feb 2017 06:46:33 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org Received: from localhost ([::1]:47171 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ci05n-0006pF-07 for patch@linaro.org; Sun, 26 Feb 2017 09:46:31 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56118) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ci03P-0005f1-9B for qemu-devel@nongnu.org; Sun, 26 Feb 2017 09:44:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ci03M-00026A-7E for qemu-devel@nongnu.org; Sun, 26 Feb 2017 09:44:03 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:51269) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ci03M-00025k-0l for qemu-devel@nongnu.org; Sun, 26 Feb 2017 09:44:00 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 0DA2FB3F8; Sun, 26 Feb 2017 15:43:58 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DHQu6NH3IqF9; Sun, 26 Feb 2017 15:43:56 +0100 (CET) Received: from var.youpi.perso.aquilenet.fr (unknown [IPv6:2a01:cb19:181:c200:3602:86ff:fe2c:6a19]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 2CA27B47C; Sun, 26 Feb 2017 15:43:56 +0100 (CET) Received: from samy by var.youpi.perso.aquilenet.fr with local (Exim 4.88) (envelope-from ) id 1ci03G-0000f6-Rp; Sun, 26 Feb 2017 15:43:54 +0100 From: Samuel Thibault To: qemu-devel@nongnu.org, peter.maydell@linaro.org Date: Sun, 26 Feb 2017 15:43:51 +0100 Message-Id: <20170226144353.2502-2-samuel.thibault@ens-lyon.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170226144353.2502-1-samuel.thibault@ens-lyon.org> References: <20170226144353.2502-1-samuel.thibault@ens-lyon.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 141.255.128.1 Subject: [Qemu-devel] [PULL 1/3] slirp: Check qemu_socket() return value in udp_listen() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: jan.kiszka@siemens.com, stefanha@redhat.com, Samuel Thibault Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell Check the return value from qemu_socket() rather than trying to pass it to bind() as an fd argument even if it's negative. This wouldn't have caused any negative consequences, because it won't be a valid fd number and the bind call will fail; but Coverity complains (CID 1005723). Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Samuel Thibault --- slirp/udp.c | 4 ++++ 1 file changed, 4 insertions(+) -- 2.11.0 diff --git a/slirp/udp.c b/slirp/udp.c index 93d7224792..227d779022 100644 --- a/slirp/udp.c +++ b/slirp/udp.c @@ -335,6 +335,10 @@ udp_listen(Slirp *slirp, uint32_t haddr, u_int hport, uint32_t laddr, return NULL; } so->s = qemu_socket(AF_INET,SOCK_DGRAM,0); + if (so->s < 0) { + sofree(so); + return NULL; + } so->so_expire = curtime + SO_EXPIRE; insque(so, &slirp->udb); From patchwork Sun Feb 26 14:43:52 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Samuel Thibault X-Patchwork-Id: 94527 Delivered-To: patch@linaro.org Received: by 10.140.20.113 with SMTP id 104csp501557qgi; Sun, 26 Feb 2017 06:46:38 -0800 (PST) X-Received: by 10.55.191.6 with SMTP id p6mr11460192qkf.79.1488120398917; Sun, 26 Feb 2017 06:46:38 -0800 (PST) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id u2si977751qki.218.2017.02.26.06.46.38 for (version=TLS1 cipher=AES128-SHA bits=128/128); Sun, 26 Feb 2017 06:46:38 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org Received: from localhost ([::1]:47173 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ci05s-0006tY-I1 for patch@linaro.org; Sun, 26 Feb 2017 09:46:36 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56116) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ci03P-0005ez-8m for qemu-devel@nongnu.org; Sun, 26 Feb 2017 09:44:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ci03N-00026W-0G for qemu-devel@nongnu.org; Sun, 26 Feb 2017 09:44:03 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:51284) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ci03M-00026N-NE for qemu-devel@nongnu.org; Sun, 26 Feb 2017 09:44:00 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 26F8AB4FB; Sun, 26 Feb 2017 15:44:00 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LDbTVDtiH6dg; Sun, 26 Feb 2017 15:43:57 +0100 (CET) Received: from var.youpi.perso.aquilenet.fr (unknown [IPv6:2a01:cb19:181:c200:3602:86ff:fe2c:6a19]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 3288EB4ED; Sun, 26 Feb 2017 15:43:56 +0100 (CET) Received: from samy by var.youpi.perso.aquilenet.fr with local (Exim 4.88) (envelope-from ) id 1ci03G-0000f8-SY; Sun, 26 Feb 2017 15:43:54 +0100 From: Samuel Thibault To: qemu-devel@nongnu.org, peter.maydell@linaro.org Date: Sun, 26 Feb 2017 15:43:52 +0100 Message-Id: <20170226144353.2502-3-samuel.thibault@ens-lyon.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170226144353.2502-1-samuel.thibault@ens-lyon.org> References: <20170226144353.2502-1-samuel.thibault@ens-lyon.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 141.255.128.1 Subject: [Qemu-devel] [PULL 2/3] slirp: Convert mbufs to use g_malloc() and g_free() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: jan.kiszka@siemens.com, stefanha@redhat.com, Samuel Thibault Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell The mbuf code currently doesn't check the result of doing a malloc() or realloc() of its data (spotted by Coverity, CID 1238946). Since the m_inc() API assumes that extending an mbuf must succeed, just convert to g_malloc() and g_free(). Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Samuel Thibault --- slirp/mbuf.c | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) -- 2.11.0 diff --git a/slirp/mbuf.c b/slirp/mbuf.c index 7eddc217e4..5ff24559fd 100644 --- a/slirp/mbuf.c +++ b/slirp/mbuf.c @@ -10,7 +10,7 @@ * FreeBSD. They are fixed size, determined by the MTU, * so that one whole packet can fit. Mbuf's cannot be * chained together. If there's more data than the mbuf - * could hold, an external malloced buffer is pointed to + * could hold, an external g_malloced buffer is pointed to * by m_ext (and the data pointers) and M_EXT is set in * the flags */ @@ -41,26 +41,26 @@ void m_cleanup(Slirp *slirp) while ((struct quehead *) m != &slirp->m_usedlist) { next = m->m_next; if (m->m_flags & M_EXT) { - free(m->m_ext); + g_free(m->m_ext); } - free(m); + g_free(m); m = next; } m = (struct mbuf *) slirp->m_freelist.qh_link; while ((struct quehead *) m != &slirp->m_freelist) { next = m->m_next; - free(m); + g_free(m); m = next; } } /* * Get an mbuf from the free list, if there are none - * malloc one + * allocate one * * Because fragmentation can occur if we alloc new mbufs and * free old mbufs, we mark all mbufs above mbuf_thresh as M_DOFREE, - * which tells m_free to actually free() it + * which tells m_free to actually g_free() it */ struct mbuf * m_get(Slirp *slirp) @@ -71,8 +71,7 @@ m_get(Slirp *slirp) DEBUG_CALL("m_get"); if (slirp->m_freelist.qh_link == &slirp->m_freelist) { - m = (struct mbuf *)malloc(SLIRP_MSIZE); - if (m == NULL) goto end_error; + m = g_malloc(SLIRP_MSIZE); slirp->mbuf_alloced++; if (slirp->mbuf_alloced > MBUF_THRESH) flags = M_DOFREE; @@ -94,7 +93,6 @@ m_get(Slirp *slirp) m->m_prevpkt = NULL; m->resolution_requested = false; m->expiration_date = (uint64_t)-1; -end_error: DEBUG_ARG("m = %p", m); return m; } @@ -112,15 +110,15 @@ m_free(struct mbuf *m) remque(m); /* If it's M_EXT, free() it */ - if (m->m_flags & M_EXT) - free(m->m_ext); - + if (m->m_flags & M_EXT) { + g_free(m->m_ext); + } /* * Either free() it or put it on the free list */ if (m->m_flags & M_DOFREE) { m->slirp->mbuf_alloced--; - free(m); + g_free(m); } else if ((m->m_flags & M_FREELIST) == 0) { insque(m,&m->slirp->m_freelist); m->m_flags = M_FREELIST; /* Clobber other flags */ @@ -130,7 +128,7 @@ m_free(struct mbuf *m) /* * Copy data from one mbuf to the end of - * the other.. if result is too big for one mbuf, malloc() + * the other.. if result is too big for one mbuf, allocate * an M_EXT data segment */ void @@ -160,12 +158,12 @@ m_inc(struct mbuf *m, int size) if (m->m_flags & M_EXT) { datasize = m->m_data - m->m_ext; - m->m_ext = (char *)realloc(m->m_ext,size); + m->m_ext = g_realloc(m->m_ext, size); m->m_data = m->m_ext + datasize; } else { char *dat; datasize = m->m_data - m->m_dat; - dat = (char *)malloc(size); + dat = g_malloc(size); memcpy(dat, m->m_dat, m->m_size); m->m_ext = dat; From patchwork Sun Feb 26 14:43:53 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Samuel Thibault X-Patchwork-Id: 94526 Delivered-To: patch@linaro.org Received: by 10.140.20.113 with SMTP id 104csp501554qgi; Sun, 26 Feb 2017 06:46:38 -0800 (PST) X-Received: by 10.55.41.159 with SMTP id p31mr10944763qkp.34.1488120398512; Sun, 26 Feb 2017 06:46:38 -0800 (PST) Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id b1si9904580qkg.219.2017.02.26.06.46.38 for (version=TLS1 cipher=AES128-SHA bits=128/128); Sun, 26 Feb 2017 06:46:38 -0800 (PST) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org Received: from localhost ([::1]:47172 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ci05s-0006s9-29 for patch@linaro.org; Sun, 26 Feb 2017 09:46:36 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:56115) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ci03P-0005ey-8i for qemu-devel@nongnu.org; Sun, 26 Feb 2017 09:44:04 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ci03M-00026E-7M for qemu-devel@nongnu.org; Sun, 26 Feb 2017 09:44:03 -0500 Received: from hera.aquilenet.fr ([141.255.128.1]:51276) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ci03M-00025s-17 for qemu-devel@nongnu.org; Sun, 26 Feb 2017 09:44:00 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id A16EAB47C; Sun, 26 Feb 2017 15:43:58 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gee5p1a1saVb; Sun, 26 Feb 2017 15:43:58 +0100 (CET) Received: from var.youpi.perso.aquilenet.fr (unknown [IPv6:2a01:cb19:181:c200:3602:86ff:fe2c:6a19]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 39A94B4FB; Sun, 26 Feb 2017 15:43:56 +0100 (CET) Received: from samy by var.youpi.perso.aquilenet.fr with local (Exim 4.88) (envelope-from ) id 1ci03G-0000fA-TD; Sun, 26 Feb 2017 15:43:54 +0100 From: Samuel Thibault To: qemu-devel@nongnu.org, peter.maydell@linaro.org Date: Sun, 26 Feb 2017 15:43:53 +0100 Message-Id: <20170226144353.2502-4-samuel.thibault@ens-lyon.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170226144353.2502-1-samuel.thibault@ens-lyon.org> References: <20170226144353.2502-1-samuel.thibault@ens-lyon.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 141.255.128.1 Subject: [Qemu-devel] [PULL 3/3] slirp: tcp_listen(): Don't try to close() an fd we never opened X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: jan.kiszka@siemens.com, stefanha@redhat.com, Samuel Thibault Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell Coverity points out (CID 1005725) that an error-exit path in tcp_listen() will try to close(s) even if the reason it got there was that the qemu_socket() failed and s was never opened. Not only that, this isn't even the right function to use, because we need closesocket() to do the right thing on Windows. Change to using the right function and only calling it if needed. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Signed-off-by: Samuel Thibault --- slirp/socket.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) -- 2.11.0 diff --git a/slirp/socket.c b/slirp/socket.c index 6c18971368..86927722e1 100644 --- a/slirp/socket.c +++ b/slirp/socket.c @@ -713,7 +713,9 @@ tcp_listen(Slirp *slirp, uint32_t haddr, u_int hport, uint32_t laddr, (listen(s,1) < 0)) { int tmperrno = errno; /* Don't clobber the real reason we failed */ - close(s); + if (s >= 0) { + closesocket(s); + } sofree(so); /* Restore the real errno */ #ifdef _WIN32