From 0516ffcbf9e8be0647308f0440401d8e57904b5b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 30 Jun 2021 03:12:05 +0200 Subject: [PATCH] Fix FD leak causing DispVMs not being cleaned up properly The qrexec-daemon's child process that talks to the policy daemon was holding various FD open. They were closed only if communication with the policy daemon failed, before going to the fallback option of direct qrexec-policy-exec call. Some of those FDs were used to notify then a qrexec connection was terminated - by closing it. When they were leaked, there always was some process keeping them open, so notification was not delivered. Fixes QubesOS/qubes-issues#6695 Fixes QubesOS/qubes-issues#6649 --- daemon/qrexec-daemon.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/daemon/qrexec-daemon.c b/daemon/qrexec-daemon.c index eb569135..c703f0b6 100644 --- a/daemon/qrexec-daemon.c +++ b/daemon/qrexec-daemon.c @@ -853,6 +853,9 @@ static void handle_execute_service( return; } + for (i = 3; i < MAX_FDS; i++) + close(i); + result = connect_daemon_socket(remote_domain_id, remote_domain_name, target_domain, service_name, request_id); if (result >= 0) { @@ -861,8 +864,6 @@ static void handle_execute_service( LOG(ERROR, "couldn't invoke qrexec-policy-daemon, using qrexec-policy-exec"); - for (i = 3; i < MAX_FDS; i++) - close(i); sigemptyset(&sigmask); sigprocmask(SIG_SETMASK, &sigmask, NULL); signal(SIGCHLD, SIG_DFL);