From: Ian Jackson Date: Mon, 24 Feb 2014 14:19:15 +0000 (+0000) Subject: libxl: Fix carefd lock leak in save callout X-Git-Tag: archive/raspbian/4.8.0-1+rpi1~1^2~5454 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/success//%22http:/www.example.com/cgi/success/?a=commitdiff_plain;h=7eb73add5de5839f160b902dd894d3aecc10ba0c;p=xen.git libxl: Fix carefd lock leak in save callout If libxl_pipe fails we leave the carefd locked, which translates to the atfork lock remaining held. This would probably cause the process to deadlock shortly afterwards. Of course libxl_pipe is very unlikely to fail unless things are already going very badly. This bug has not been observed anywhere as far as we are aware. Signed-off-by: Ian Jackson Acked-by: Ian Campbell CC: George Dunlap --- diff --git a/tools/libxl/libxl_save_callout.c b/tools/libxl/libxl_save_callout.c index 6e45b2f047..e3bda8f812 100644 --- a/tools/libxl/libxl_save_callout.c +++ b/tools/libxl/libxl_save_callout.c @@ -185,7 +185,11 @@ static void run_helper(libxl__egc *egc, libxl__save_helper_state *shs, for (childfd=0; childfd<2; childfd++) { /* Setting up the pipe for the child's fd childfd */ int fds[2]; - if (libxl_pipe(CTX,fds)) { rc = ERROR_FAIL; goto out; } + if (libxl_pipe(CTX,fds)) { + rc = ERROR_FAIL; + libxl__carefd_unlock(); + goto out; + } int childs_end = childfd==0 ? 0 /*read*/ : 1 /*write*/; int our_end = childfd==0 ? 1 /*write*/ : 0 /*read*/; childs_pipes[childfd] = libxl__carefd_record(CTX, fds[childs_end]);