git.ipfire.org Git - thirdparty/qemu.git/commit

author	Markus Armbruster <armbru@redhat.com>
	Mon, 7 Mar 2016 19:25:13 +0000 (20:25 +0100)
committer	Paolo Bonzini <pbonzini@redhat.com>
	Tue, 15 Mar 2016 17:23:33 +0000 (18:23 +0100)
commit	fd97fd4408040a9a6dfaf2fdaeca1c566db6d0aa
tree	90d1f57593b7fc19a8bae19ea4df301a533d707f	tree \| snapshot
parent	2ae823d4f707df05f28509dfa7ae7293b8e9164f	commit \| diff

exec: Fix memory allocation when memory path names new file

Commit 8d31d6b extended file_ram_alloc() to accept file names in
addition to directory names.  Even though it passes O_CREAT to open(),
it actually works only for existing files.  Reproducer adapted from
the commit's qemu-doc.texi update:

    $ qemu-system-x86_64 -object memory-backend-file,size=2M,mem-path=/dev/hugepages/my-shmem-file,id=mb1
    qemu-system-x86_64: -object memory-backend-file,size=2M,mem-path=/dev/hugepages/my-shmem-file,id=mb1: failed to get page size of file /dev/hugepages/my-shmem-file: No such file or directory

This is because we first get the page size for @path, then open the
actual file.  Unwise even before the flawed commit, because the
directory could change in between, invalidating the page size.
Unlikely to bite in practice.

Rearrange the code to create the file (if necessary) before getting
its page size.  Carefully avoid TOCTTOU conditions with a method
suggested by Paolo Bonzini.

While there, replace "hugepages" by "guest RAM" in error messages,
because host memory backends can be used for purposes other than huge
pages, e.g. /dev/shm/ shared memory.  Help text of -mem-path agrees.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <1457378754-21649-2-git-send-email-armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>