[PATCH 0/2] block/rbd: fix memory leaks

[PATCH 0/2] block/rbd: fix memory leaks

[Stefano Garzarella]

This series fixes two memory leaks, found through valgrind, in the
rbd driver.

Stefano Garzarella (2):
  block/rbd: fix memory leak in qemu_rbd_connect()
  block/rbd: fix memory leak in qemu_rbd_co_create_opts()

 block/rbd.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

-- 
2.30.2

[PATCH 1/2] block/rbd: fix memory leak in qemu_rbd_connect()

[Stefano Garzarella]

In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
using g_strjoinv(), but it's only freed in the error path, leaking
memory in the success path as reported by valgrind:

  80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
     at 0x4839809: malloc (vg_replace_malloc.c:307)
     by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
     by 0x87D07E: qemu_rbd_connect (rbd.c:562)
     by 0x87E1CE: qemu_rbd_open (rbd.c:740)
     by 0x840EB1: bdrv_open_driver (block.c:1528)
     by 0x8453A9: bdrv_open_common (block.c:1802)
     by 0x8453A9: bdrv_open_inherit (block.c:3444)
     by 0x8464C2: bdrv_open (block.c:3537)
     by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
     by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
     by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
     by 0x907EA4: aio_bh_poll (async.c:164)

Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 block/rbd.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index 9071a00e3f..24cefcd0dc 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -563,13 +563,13 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
     if (local_err) {
         error_propagate(errp, local_err);
         r = -EINVAL;
-        goto failed_opts;
+        goto out;
     }
 
     r = rados_create(cluster, opts->user);
     if (r < 0) {
         error_setg_errno(errp, -r, "error initializing");
-        goto failed_opts;
+        goto out;
     }
 
     /* try default location when conf=NULL, but ignore failure */
@@ -626,11 +626,12 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
      */
     rados_ioctx_set_namespace(*io_ctx, opts->q_namespace);
 
-    return 0;
+    r = 0;
+    goto out;
 
 failed_shutdown:
     rados_shutdown(*cluster);
-failed_opts:
+out:
     g_free(mon_host);
     return r;
 }
-- 
2.30.2

[PATCH 2/2] block/rbd: fix memory leak in qemu_rbd_co_create_opts()

[Stefano Garzarella]

When we allocate 'q_namespace', we forgot to set 'has_q_namespace'
to true. This can cause several issues, including a memory leak,
since qapi_free_BlockdevCreateOptions() does not deallocate that
memory, as reported by valgrind:

  13 bytes in 1 blocks are definitely lost in loss record 7 of 96
     at 0x4839809: malloc (vg_replace_malloc.c:307)
     by 0x48CEBB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x48E3FE3: g_strdup (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x180010: qemu_rbd_co_create_opts (rbd.c:446)
     by 0x1AE72C: bdrv_create_co_entry (block.c:492)
     by 0x241902: coroutine_trampoline (coroutine-ucontext.c:173)
     by 0x57530AF: ??? (in /usr/lib64/libc-2.32.so)
     by 0x1FFEFFFA6F: ???

Fix setting 'has_q_namespace' to true when we allocate 'q_namespace'.

Fixes: 19ae9ae014 ("block/rbd: Add support for ceph namespaces")
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 block/rbd.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/block/rbd.c b/block/rbd.c
index 24cefcd0dc..f098a89c7b 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -444,6 +444,7 @@ static int coroutine_fn qemu_rbd_co_create_opts(BlockDriver *drv,
     loc->user        = g_strdup(qdict_get_try_str(options, "user"));
     loc->has_user    = !!loc->user;
     loc->q_namespace = g_strdup(qdict_get_try_str(options, "namespace"));
+    loc->has_q_namespace = !!loc->q_namespace;
     loc->image       = g_strdup(qdict_get_try_str(options, "image"));
     keypairs         = qdict_get_try_str(options, "=keyvalue-pairs");
 
-- 
2.30.2

Re: [PATCH 1/2] block/rbd: fix memory leak in qemu_rbd_connect()

[Markus Armbruster]

Stefano Garzarella <sgarzare@redhat.com> writes:

> In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
> using g_strjoinv(), but it's only freed in the error path, leaking
> memory in the success path as reported by valgrind:
>
>   80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
>      at 0x4839809: malloc (vg_replace_malloc.c:307)
>      by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
>      by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
>      by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
>      by 0x87D07E: qemu_rbd_connect (rbd.c:562)
>      by 0x87E1CE: qemu_rbd_open (rbd.c:740)
>      by 0x840EB1: bdrv_open_driver (block.c:1528)
>      by 0x8453A9: bdrv_open_common (block.c:1802)
>      by 0x8453A9: bdrv_open_inherit (block.c:3444)
>      by 0x8464C2: bdrv_open (block.c:3537)
>      by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
>      by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
>      by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
>      by 0x907EA4: aio_bh_poll (async.c:164)
>
> Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.
>
> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>

I believe this
Fixes: 0a55679b4a5061f4d74bdb1a0e81611ba3390b00

Reviewed-by: Markus Armbruster <armbru@redhat.com>

Re: [PATCH 2/2] block/rbd: fix memory leak in qemu_rbd_co_create_opts()

[Markus Armbruster]

Stefano Garzarella <sgarzare@redhat.com> writes:

> When we allocate 'q_namespace', we forgot to set 'has_q_namespace'
> to true. This can cause several issues, including a memory leak,
> since qapi_free_BlockdevCreateOptions() does not deallocate that
> memory, as reported by valgrind:
>
>   13 bytes in 1 blocks are definitely lost in loss record 7 of 96
>      at 0x4839809: malloc (vg_replace_malloc.c:307)
>      by 0x48CEBB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
>      by 0x48E3FE3: g_strdup (in /usr/lib64/libglib-2.0.so.0.6600.8)
>      by 0x180010: qemu_rbd_co_create_opts (rbd.c:446)
>      by 0x1AE72C: bdrv_create_co_entry (block.c:492)
>      by 0x241902: coroutine_trampoline (coroutine-ucontext.c:173)
>      by 0x57530AF: ??? (in /usr/lib64/libc-2.32.so)
>      by 0x1FFEFFFA6F: ???
>
> Fix setting 'has_q_namespace' to true when we allocate 'q_namespace'.
>
> Fixes: 19ae9ae014 ("block/rbd: Add support for ceph namespaces")
> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
> ---
>  block/rbd.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/block/rbd.c b/block/rbd.c
> index 24cefcd0dc..f098a89c7b 100644
> --- a/block/rbd.c
> +++ b/block/rbd.c
> @@ -444,6 +444,7 @@ static int coroutine_fn qemu_rbd_co_create_opts(BlockDriver *drv,
>      loc->user        = g_strdup(qdict_get_try_str(options, "user"));
>      loc->has_user    = !!loc->user;
>      loc->q_namespace = g_strdup(qdict_get_try_str(options, "namespace"));
> +    loc->has_q_namespace = !!loc->q_namespace;
>      loc->image       = g_strdup(qdict_get_try_str(options, "image"));
>      keypairs         = qdict_get_try_str(options, "=keyvalue-pairs");

Reviewed-by: Markus Armbruster <armbru@redhat.com>

Re: [PATCH 0/2] block/rbd: fix memory leaks

[Max Reitz]

On 29.03.21 17:01, Stefano Garzarella wrote:
> This series fixes two memory leaks, found through valgrind, in the
> rbd driver.
> 
> Stefano Garzarella (2):
>    block/rbd: fix memory leak in qemu_rbd_connect()
>    block/rbd: fix memory leak in qemu_rbd_co_create_opts()
> 
>   block/rbd.c | 10 ++++++----
>   1 file changed, 6 insertions(+), 4 deletions(-)

Reviewed-by: Max Reitz <mreitz@redhat.com>

I’m not quite sure whether this is fit for 6.0...  I think it’s too late 
for rc2, so I don’t know.

Max

Re: [PATCH 0/2] block/rbd: fix memory leaks

[Markus Armbruster]

Max Reitz <mreitz@redhat.com> writes:

> On 29.03.21 17:01, Stefano Garzarella wrote:
>> This series fixes two memory leaks, found through valgrind, in the
>> rbd driver.
>> Stefano Garzarella (2):
>>    block/rbd: fix memory leak in qemu_rbd_connect()
>>    block/rbd: fix memory leak in qemu_rbd_co_create_opts()
>>   block/rbd.c | 10 ++++++----
>>   1 file changed, 6 insertions(+), 4 deletions(-)
>
> Reviewed-by: Max Reitz <mreitz@redhat.com>
>
> I’m not quite sure whether this is fit for 6.0...  I think it’s too
> late for rc2, so I don’t know.

This the maintainers' call to make.

* PATCH 1:

  CON: Old bug, probably 2.9, i.e. four years

  PRO: The fix is straightforward

* PATCH 2:

  NEUTRAL: Not recent from upstream's point of view (5.0), but
  downstreams may have different ideas

  PRO: The fix is trivial

I encourage you to take at least PATCH 2.

Re: [PATCH 0/2] block/rbd: fix memory leaks

[Kevin Wolf]

Am 29.03.2021 um 17:01 hat Stefano Garzarella geschrieben:
> This series fixes two memory leaks, found through valgrind, in the
> rbd driver.

Thanks, applied to the block branch.

Kevin

Re: [PATCH 1/2] block/rbd: fix memory leak in qemu_rbd_connect()

[Stefano Garzarella]

On Tue, Apr 06, 2021 at 10:22:30AM +0200, Markus Armbruster wrote:
>Stefano Garzarella <sgarzare@redhat.com> writes:
>
>> In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
>> using g_strjoinv(), but it's only freed in the error path, leaking
>> memory in the success path as reported by valgrind:
>>
>>   80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
>>      at 0x4839809: malloc (vg_replace_malloc.c:307)
>>      by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
>>      by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
>>      by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
>>      by 0x87D07E: qemu_rbd_connect (rbd.c:562)
>>      by 0x87E1CE: qemu_rbd_open (rbd.c:740)
>>      by 0x840EB1: bdrv_open_driver (block.c:1528)
>>      by 0x8453A9: bdrv_open_common (block.c:1802)
>>      by 0x8453A9: bdrv_open_inherit (block.c:3444)
>>      by 0x8464C2: bdrv_open (block.c:3537)
>>      by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
>>      by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
>>      by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
>>      by 0x907EA4: aio_bh_poll (async.c:164)
>>
>> Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.
>>
>> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
>
>I believe this
>Fixes: 0a55679b4a5061f4d74bdb1a0e81611ba3390b00

Yep :-)

>
>Reviewed-by: Markus Armbruster <armbru@redhat.com>
>

Thanks,
Stefano

Re: [PATCH 0/2] block/rbd: fix memory leaks

[Stefano Garzarella]

On Wed, Apr 07, 2021 at 11:38:17AM +0200, Markus Armbruster wrote:
>Max Reitz <mreitz@redhat.com> writes:
>
>> On 29.03.21 17:01, Stefano Garzarella wrote:
>>> This series fixes two memory leaks, found through valgrind, in the
>>> rbd driver.
>>> Stefano Garzarella (2):
>>>    block/rbd: fix memory leak in qemu_rbd_connect()
>>>    block/rbd: fix memory leak in qemu_rbd_co_create_opts()
>>>   block/rbd.c | 10 ++++++----
>>>   1 file changed, 6 insertions(+), 4 deletions(-)
>>
>> Reviewed-by: Max Reitz <mreitz@redhat.com>
>>
>> I’m not quite sure whether this is fit for 6.0...  I think it’s too
>> late for rc2, so I don’t know.
>
>This the maintainers' call to make.
>
>* PATCH 1:
>
>  CON: Old bug, probably 2.9, i.e. four years
>
>  PRO: The fix is straightforward
>
>* PATCH 2:
>
>  NEUTRAL: Not recent from upstream's point of view (5.0), but
>  downstreams may have different ideas
>
>  PRO: The fix is trivial
>
>I encourage you to take at least PATCH 2.
>

Kevin queued them up, thank you both for the review,
Stefano