From a1c0e3c680c44ae4a949744b27f3cf0f7ea77939 Mon Sep 17 00:00:00 2001 From: Zach Reizner Date: Wed, 6 May 2020 12:37:30 -0700 Subject: remove instantes of using IntoRawFd in unsafe blocks The trait IntoRawFd isn't marked unsafe, but its documentation says that an impl must return a uniquely owned RawFd. Some code blocks depended on that behavior to ensure safety with the unsafe File::from_raw_fd, but this leads to a soundness hole where a nominally safe impl of IntoRawFd can lead to unsafety in functions that had been left as safe. This change sidesteps the issue by not using IntoRawFd, and using only safe conversions instead. BUG=None TEST=cargo build --features='wl-dmabuf plugin' Change-Id: I9b357e5592be21189fb96e343823dd63000aac30 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/crosvm/+/2185580 Reviewed-by: Zach Reizner Tested-by: Zach Reizner Tested-by: kokoro Commit-Queue: Zach Reizner Auto-Submit: Zach Reizner --- src/plugin/mod.rs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) (limited to 'src/plugin/mod.rs') diff --git a/src/plugin/mod.rs b/src/plugin/mod.rs index ae7e19c..470d5f0 100644 --- a/src/plugin/mod.rs +++ b/src/plugin/mod.rs @@ -8,7 +8,7 @@ mod vcpu; use std::fmt::{self, Display}; use std::fs::File; use std::io; -use std::os::unix::io::{AsRawFd, FromRawFd, IntoRawFd}; +use std::os::unix::io::{AsRawFd, FromRawFd}; use std::os::unix::net::UnixDatagram; use std::path::Path; use std::result; @@ -181,10 +181,6 @@ impl Display for Error { type Result = result::Result; -fn downcast_file(f: F) -> File { - unsafe { File::from_raw_fd(f.into_raw_fd()) } -} - fn new_seqpacket_pair() -> SysResult<(UnixDatagram, UnixDatagram)> { let mut fds = [0, 0]; unsafe { -- cgit 1.4.1