From: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
To: "pannengyuan@huawei.com" <pannengyuan@huawei.com>,
"eblake@redhat.com" <eblake@redhat.com>,
"kwolf@redhat.com" <kwolf@redhat.com>,
"mreitz@redhat.com" <mreitz@redhat.com>,
"sgarzare@redhat.com" <sgarzare@redhat.com>
Cc: "liyiting@huawei.com" <liyiting@huawei.com>,
"kuhn.chenqun@huawei.com" <kuhn.chenqun@huawei.com>,
"zhang.zhanghailiang@huawei.com" <zhang.zhanghailiang@huawei.com>,
"qemu-block@nongnu.org" <qemu-block@nongnu.org>,
"qemu-devel@nongnu.org" <qemu-devel@nongnu.org>
Subject: for 4.2 ??? Re: [PATCH V3 2/2] block/nbd: fix memory leak in nbd_open()
Date: Tue, 3 Dec 2019 17:52:27 +0000 [thread overview]
Message-ID: <1cff97de-303b-3b27-f737-3f69759746b0@virtuozzo.com> (raw)
In-Reply-To: <1575012326-51324-2-git-send-email-pannengyuan@huawei.com>
It's just a memory leak, but it's a regression in 4.2.
Should we take it into 4.2?
29.11.2019 10:25, pannengyuan@huawei.com wrote:
> From: PanNengyuan <pannengyuan@huawei.com>
>
> In currently implementation there will be a memory leak when
> nbd_client_connect() returns error status. Here is an easy way to
> reproduce:
>
> 1. run qemu-iotests as follow and check the result with asan:
> ./check -raw 143
>
> Following is the asan output backtrack:
> Direct leak of 40 byte(s) in 1 object(s) allocated from:
> #0 0x7f629688a560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
> #1 0x7f6295e7e015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
> #2 0x56281dab4642 in qobject_input_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295
> #3 0x56281dab1a04 in visit_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49
> #4 0x56281dad1827 in visit_type_SocketAddress qapi/qapi-visit-sockets.c:386
> #5 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
> #6 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
> #7 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
>
> Direct leak of 15 byte(s) in 1 object(s) allocated from:
> #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
> #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
> #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
> #3 0x56281da804ac in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1834
> #4 0x56281da804ac in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
>
> Indirect leak of 24 byte(s) in 1 object(s) allocated from:
> #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
> #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
> #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
> #3 0x56281dab41a3 in qobject_input_type_str_keyval /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:536
> #4 0x56281dab2ee9 in visit_type_str /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:297
> #5 0x56281dad0fa1 in visit_type_UnixSocketAddress_members qapi/qapi-visit-sockets.c:141
> #6 0x56281dad17b6 in visit_type_SocketAddress_members qapi/qapi-visit-sockets.c:366
> #7 0x56281dad186a in visit_type_SocketAddress qapi/qapi-visit-sockets.c:393
> #8 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
> #9 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
> #10 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
>
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: PanNengyuan <pannengyuan@huawei.com>
May add:
Fixes: 8f071c9db506e03ab
(I found it just by git log -p, could you please check it by your reproduce?)
Ohh, that's my commit, I'm sorry. If you discovered this commit by yourself,
and added Fixes: tag and myself to CC, I'd have reviewed it a lot earlier..
> ---
> Changes v2 to v1:
> - add a new function to do the common cleanups (suggested by Stefano
> Garzarella).
> ---
> Changes v3 to v2:
> - split in two patches(suggested by Stefano Garzarella)
> ---
> block/nbd.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/block/nbd.c b/block/nbd.c
> index 5805979..09d6925 100644
> --- a/block/nbd.c
> +++ b/block/nbd.c
> @@ -1889,6 +1889,7 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags,
>
> ret = nbd_client_connect(bs, errp);
> if (ret < 0) {
> + nbd_free_bdrvstate_prop(s);
> return ret;
> }
> /* successfully connected */
>
Thanks for fixing!
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
--
Best regards,
Vladimir
next prev parent reply other threads:[~2019-12-03 18:58 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-29 7:25 [PATCH V3 1/2] block/nbd: extract the common cleanup code pannengyuan
2019-11-29 7:25 ` [PATCH V3 2/2] block/nbd: fix memory leak in nbd_open() pannengyuan
2019-12-03 17:52 ` Vladimir Sementsov-Ogievskiy [this message]
2019-12-03 18:54 ` for 4.2 ??? " Eric Blake
2019-12-03 21:59 ` Eric Blake
2019-12-04 3:30 ` pannengyuan
2019-12-03 17:38 ` [PATCH V3 1/2] block/nbd: extract the common cleanup code Vladimir Sementsov-Ogievskiy
2019-12-04 3:12 ` pannengyuan
2019-12-04 7:19 ` Vladimir Sementsov-Ogievskiy
2019-12-04 7:24 ` Pan Nengyuan
2019-12-03 19:00 ` Eric Blake
2019-12-04 3:20 ` pannengyuan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1cff97de-303b-3b27-f737-3f69759746b0@virtuozzo.com \
--to=vsementsov@virtuozzo.com \
--cc=eblake@redhat.com \
--cc=kuhn.chenqun@huawei.com \
--cc=kwolf@redhat.com \
--cc=liyiting@huawei.com \
--cc=mreitz@redhat.com \
--cc=pannengyuan@huawei.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=sgarzare@redhat.com \
--cc=zhang.zhanghailiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).