Bug 675756

Summary: Double close() on the global config_fd variable
Product: Red Hat Enterprise Linux 6 Reporter: Daniel Berrangé <berrange>
Component: libpciaccessAssignee: Dave Airlie <airlied>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: urgent    
Version: 6.1CC: borgan, ddumas, ebenes, iboverma, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: libpciaccess-0.10.9-4.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 14:30:35 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 675698    
Attachments:
Description Flags
Demo program to show the double-close() on config_fd
none
Patch to fix double-close of config_fd none

Description Daniel Berrangé 2011-02-07 16:28:23 UTC 
Created attachment 477452 [details]
Demo program to show the double-close() on config_fd

Description of problem:
Investigating a libvirt bug 675698, we uncovered a double close() that can occur on the config_fd variable, if pci_system_init/pci_system_cleanup are run twice (or more) in a row within one process

In this sequence of operations:

 pci_system_init()
 pci_get_strings()
 pci_system_cleanup()
 nullfd = open('/dev/null', O_RDONLY)
 pci_system_init()
 pci_get_strings()
 pci_system_cleanup()
 close(nullfd);

The final close() call will get an error, because the FD associated with nullfd
was closed by the second pci_get_strings() call :-(

The problem is simply that pci_device_linux_sysfs_destroy() fails to re-initialize the global 'config_fd' varaible to -1 after closing it.


Version-Release number of selected component (if applicable):
libpciaccess-0.10.9-2.el6

How reproducible:
Always

Steps to Reproduce:
1. Save attached demo program to pcidemo.c
2. gcc -Wall -o pcidemo pcidemo.c -lpciaccess
3. ./pcidemo
  
Actual results:
Error from final close() call, due to a double-close

Expected results:
No errors.

Additional info:
Comment 1 Daniel Berrangé 2011-02-07 16:29:11 UTC 
Created attachment 477453 [details]
Patch to fix double-close of config_fd
Comment 2 RHEL Program Management 2011-02-07 16:48:23 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 8 Dave Airlie 2011-04-05 23:07:14 UTC 
MODIFIED

built libpciaccess-0.10.9-4.el6 in brew.
Comment 12 errata-xmlrpc 2011-05-19 14:30:35 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0806.html