Bug 675756 - Double close() on the global config_fd variable
Summary: Double close() on the global config_fd variable
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libpciaccess
Version: 6.1
Hardware: Unspecified
OS: Unspecified
urgent
medium
Target Milestone: rc
: ---
Assignee: Dave Airlie
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks: 675698
TreeView+ depends on / blocked
 
Reported: 2011-02-07 16:28 UTC by Daniel Berrangé
Modified: 2011-05-19 14:30 UTC (History)
5 users (show)

Fixed In Version: libpciaccess-0.10.9-4.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-19 14:30:35 UTC
Target Upstream Version:

Attachments (Terms of Use)
Demo program to show the double-close() on config_fd (540 bytes, text/plain)
2011-02-07 16:28 UTC, Daniel Berrangé 		no flags Details
Patch to fix double-close of config_fd (460 bytes, patch)
2011-02-07 16:29 UTC, Daniel Berrangé 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0806 0 normal SHIPPED_LIVE libpciaccess bug fix update 2011-05-18 18:21:21 UTC

Description Daniel Berrangé 2011-02-07 16:28:23 UTC 
Created attachment 477452 [details]
Demo program to show the double-close() on config_fd

Description of problem:
Investigating a libvirt bug 675698, we uncovered a double close() that can occur on the config_fd variable, if pci_system_init/pci_system_cleanup are run twice (or more) in a row within one process

In this sequence of operations:

 pci_system_init()
 pci_get_strings()
 pci_system_cleanup()
 nullfd = open('/dev/null', O_RDONLY)
 pci_system_init()
 pci_get_strings()
 pci_system_cleanup()
 close(nullfd);

The final close() call will get an error, because the FD associated with nullfd
was closed by the second pci_get_strings() call :-(

The problem is simply that pci_device_linux_sysfs_destroy() fails to re-initialize the global 'config_fd' varaible to -1 after closing it.


Version-Release number of selected component (if applicable):
libpciaccess-0.10.9-2.el6

How reproducible:
Always

Steps to Reproduce:
1. Save attached demo program to pcidemo.c
2. gcc -Wall -o pcidemo pcidemo.c -lpciaccess
3. ./pcidemo
  
Actual results:
Error from final close() call, due to a double-close

Expected results:
No errors.

Additional info:
Comment 1 Daniel Berrangé 2011-02-07 16:29:11 UTC 
Created attachment 477453 [details]
Patch to fix double-close of config_fd
Comment 2 RHEL Program Management 2011-02-07 16:48:23 UTC 
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.
Comment 8 Dave Airlie 2011-04-05 23:07:14 UTC 
MODIFIED

built libpciaccess-0.10.9-4.el6 in brew.
Comment 12 errata-xmlrpc 2011-05-19 14:30:35 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0806.html
Note You need to log in before you can comment on or make changes to this bug.