On 04/16/2010 03:17 PM, Daniel P. Berrange wrote:
On Fri, Apr 16, 2010 at 01:14:11PM +0200, Paolo Bonzini wrote:
The QEMU code appears to be written to assume that it will recvmsg() a
complete monitor command in one go + process that, because it closes the
FD the moment the data from any recvmsg() is dealt with.
This is buggy anyway. This should fix it too:
Yep, this makes it work too, but if a client is evil they could
pass a FD to qemu with any other non-getfd command& it'd remain
open for ever. Probably not important though.
No, it wouldn't: outside the part that I patched there is this:
if (s->msgfd != -1)
close(s->msgfd);
s->msgfd = fd;
Only one file descriptor could "leak".
Paolo
