🐛 Bug · 🟠 High · Confidence: 97%
File: crates/forkd-vmm/src/lib.rs
Location: request_wp_uffd
What's wrong
The line let (stream, _) = listener.accept().context("accept FC connection")?; blocks indefinitely if the Firecracker process never connects, causing request_wp_uffd to hang and the caller to block forever.
Suggested fix
Make the listener non‑blocking and add a timeout, or use a separate thread with a bounded wait. For example:
let listener = UnixListener::bind(socket_path)
.with_context(|| format!("bind UDS at {}", socket_path.display()))?;
listener.set_nonblocking(true).context("set non‑blocking")?;
let start = std::time::Instant::now();
let timeout = std::time::Duration::from_secs(5);
let (stream, _) = loop {
match listener.accept() {
Ok(pair) => break pair,
Err(e) if e.kind() == std::io::ErrorKind::WouldBlock => {
if start.elapsed() > timeout {
anyhow::bail!("timeout waiting for FC to connect to UDS");
}
std::thread::sleep(std::time::Duration::from_millis(10));
continue;
}
Err(e) => return Err(e).context("accept FC connection"),
}
};
About this report
This finding was generated by an automated audit tool using Llama 3.3 70B + verification passes.
Only findings with ≥92% confidence that passed both LLM self-verification and line reference
verification are reported. False positives are still possible — please verify before acting.
🐛 Bug · 🟠 High · Confidence: 97%
File:
crates/forkd-vmm/src/lib.rsLocation:
request_wp_uffdWhat's wrong
The line
let (stream, _) = listener.accept().context("accept FC connection")?;blocks indefinitely if the Firecracker process never connects, causingrequest_wp_uffdto hang and the caller to block forever.Suggested fix
Make the listener non‑blocking and add a timeout, or use a separate thread with a bounded wait. For example:
About this report
This finding was generated by an automated audit tool using Llama 3.3 70B + verification passes.
Only findings with ≥92% confidence that passed both LLM self-verification and line reference
verification are reported. False positives are still possible — please verify before acting.