On 24/02/15 10:14, Pavel Hrdina wrote: > This was found by running libvirt using valgrind. Commit ee195daf > introduced passfd code. > > ==7533== Syscall param sendmsg(msg.msg_control) points to uninitialised > byte(s) > ==7533== at 0x8C728FD: ??? (in /lib64/libpthread-2.19.so) > ==7533== by 0x54F04D1: sendfd (passfd.c:86) > ==7533== by 0x5437881: virNetSocketSendFD (virnetsocket.c:1766) > ==7533== by 0x542C328: virNetServerClientDispatchWrite > (virnetserverclient.c:1271) > ==7533== by 0x542C328: virNetServerClientDispatchEvent > (virnetserverclient.c:1371) > ==7533== by 0x52CA076: virEventPollDispatchHandles (vireventpoll.c:508) > ==7533== by 0x52CA076: virEventPollRunOnce (vireventpoll.c:657) > ==7533== by 0x52C8581: virEventRunDefaultImpl (virevent.c:308) > ==7533== by 0x1578FC: virNetServerRun (virnetserver.c:1139) > ==7533== by 0x11E3EC: main (libvirtd.c:1491) > ==7533== Address 0xffefff3f4 is on thread 1's stack > ==7533== in frame #1, created by sendfd (passfd.c:51) > > Signed-off-by: Pavel Hrdina <phrd...@redhat.com> > --- > lib/passfd.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/lib/passfd.c b/lib/passfd.c > index 1958776..d832268 100644 > --- a/lib/passfd.c > +++ b/lib/passfd.c > @@ -54,7 +54,7 @@ sendfd (int sock, int fd) > struct msghdr msg; > # ifdef CMSG_FIRSTHDR > struct cmsghdr *cmsg; > - char buf[CMSG_SPACE (sizeof fd)]; > + char buf[CMSG_SPACE (sizeof fd)] = ""; > # endif > > /* send at least one char */
While that works, it introduces redundant clearing of alignment slop space. I'll commit the following in your name instead. Can you check it passes? thanks, Pádraig. diff --git a/lib/passfd.c b/lib/passfd.c index 1958776..4d6b813 100644 --- a/lib/passfd.c +++ b/lib/passfd.c @@ -75,6 +75,7 @@ sendfd (int sock, int fd) cmsg->cmsg_len = CMSG_LEN (sizeof fd); /* Initialize the payload: */ memcpy (CMSG_DATA (cmsg), &fd, sizeof fd); + msg.msg_controllen = cmsg->cmsg_len; # elif HAVE_STRUCT_MSGHDR_MSG_ACCRIGHTS msg.msg_accrights = &fd; msg.msg_accrightslen = sizeof fd;
