qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [PATCH] vfio/iommufd: Remove the use of stat() to check file existen

From: Duan, Zhenzhong
Subject: RE: [PATCH] vfio/iommufd: Remove the use of stat() to check file existence
Date: Thu, 21 Dec 2023 09:23:13 +0000 

>-----Original Message-----
>From: Cédric Le Goater <clg@redhat.com>
>Sent: Thursday, December 21, 2023 5:16 PM
>Subject: Re: [PATCH] vfio/iommufd: Remove the use of stat() to check file
>existence
>
>Hello Zhenzhong
>
>On 12/21/23 09:55, Duan, Zhenzhong wrote:
>>
>>
>>> -----Original Message-----
>>> From: Cédric Le Goater <clg@redhat.com>
>>> Sent: Thursday, December 21, 2023 4:10 PM
>>> Subject: [PATCH] vfio/iommufd: Remove the use of stat() to check file
>>> existence
>>>
>>> Using stat() before opening a file or a directory can lead to a
>>> time-of-check to time-of-use (TOCTOU) filesystem race, which is
>>> reported by coverity as a Security best practices violations. The
>>> sequence could be replaced by open and fdopendir but it doesn't add
>>> much in this case. Simply use opendir to avoid the race.
>>>
>>> Fixes: CID 1531551
>>> Signed-off-by: Cédric Le Goater <clg@redhat.com>
>>
>> Thanks for fixing, Reviewed-by: Zhenzhong Duan
><Zhenzhong.duan@intel.com>
>
>It seems that tools like b4 need the R-b tag, and probably other
>tags, to be at the beginning of a new line. So, just repeating :
>
>Reviewed-by: Zhenzhong Duan <Zhenzhong.duan@intel.com>

Got it, will follow that rule in the future.

Thanks
Zhenzhong
reply via email to
[Prev in Thread] Current Thread [Next in Thread]