qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] qom-qmp-cmds: remove unnecessary alloc in qmp_object_add to fix memleak
@ 2020-03-13  7:58 Pan Nengyuan
  2020-03-17 10:49 ` Markus Armbruster
  0 siblings, 1 reply; 4+ messages in thread
From: Pan Nengyuan @ 2020-03-13  7:58 UTC (permalink / raw)
  To: pbonzini, berrange, ehabkost
  Cc: Kevin Wolf, zhang.zhanghailiang, Pan Nengyuan, qemu-devel, euler.robot

In qmp_object_add(), user_creatable_add_type() may set errp with some error message and
return NULL. In this case, qmp_object_add() still alloc memory to *ret_data which return
to the caller and causes a memory leak.

This patch do this alloc() action only if obj is not NULL to fix it. And initialize ret_data
in xen-block to avoid a possible uninitialized error.

The Leak stack:
Direct leak of 4120 byte(s) in 1 object(s) allocated from:
    #0 0x7f6106ce5970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970)
    #1 0x7f6105e6a49d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d)
    #2 0x55d2c58c17fd in qdict_new /mnt/sdb/qemu-new/qemu_test/qemu/qobject/qdict.c:29
    #3 0x55d2c53a0051 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:291
    #4 0x55d2c57b47da in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132
    #5 0x55d2c57b47da in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175
    #6 0x55d2c52f1430 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145
    #7 0x55d2c52f3087 in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234
    #8 0x55d2c58e6153 in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136

Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
---
Cc: Kevin Wolf <kwolf@redhat.com>
---
 hw/block/xen-block.c | 2 +-
 qom/qom-qmp-cmds.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
index 3885464513..041866b846 100644
--- a/hw/block/xen-block.c
+++ b/hw/block/xen-block.c
@@ -860,7 +860,7 @@ static XenBlockIOThread *xen_block_iothread_create(const char *id,
     XenBlockIOThread *iothread = g_new(XenBlockIOThread, 1);
     Error *local_err = NULL;
     QDict *opts;
-    QObject *ret_data;
+    QObject *ret_data = NULL;
 
     iothread->id = g_strdup(id);
 
diff --git a/qom/qom-qmp-cmds.c b/qom/qom-qmp-cmds.c
index 435193b036..6bd137ccbf 100644
--- a/qom/qom-qmp-cmds.c
+++ b/qom/qom-qmp-cmds.c
@@ -287,8 +287,8 @@ void qmp_object_add(QDict *qdict, QObject **ret_data, Error **errp)
     visit_free(v);
     if (obj) {
         object_unref(obj);
+        *ret_data = QOBJECT(qdict_new());
     }
-    *ret_data = QOBJECT(qdict_new());
 }
 
 void qmp_object_del(const char *id, Error **errp)
-- 
2.18.2



^ permalink raw reply related	[flat|nested] 4+ messages in thread
* Re: [PATCH] qom-qmp-cmds: remove unnecessary alloc in qmp_object_add to fix memleak
  2020-03-13  7:58 [PATCH] qom-qmp-cmds: remove unnecessary alloc in qmp_object_add to fix memleak Pan Nengyuan
@ 2020-03-17 10:49 ` Markus Armbruster
  2020-04-06  6:34   ` Markus Armbruster
  0 siblings, 1 reply; 4+ messages in thread
From: Markus Armbruster @ 2020-03-17 10:49 UTC (permalink / raw)
  To: Pan Nengyuan
  Cc: Kevin Wolf, berrange, ehabkost, qemu-devel, euler.robot,
	pbonzini, zhang.zhanghailiang

Pan Nengyuan <pannengyuan@huawei.com> writes:

> In qmp_object_add(), user_creatable_add_type() may set errp with some error message and
> return NULL. In this case, qmp_object_add() still alloc memory to *ret_data which return
> to the caller and causes a memory leak.
>
> This patch do this alloc() action only if obj is not NULL to fix it. And initialize ret_data
> in xen-block to avoid a possible uninitialized error.
>
> The Leak stack:
> Direct leak of 4120 byte(s) in 1 object(s) allocated from:
>     #0 0x7f6106ce5970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970)
>     #1 0x7f6105e6a49d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d)
>     #2 0x55d2c58c17fd in qdict_new /mnt/sdb/qemu-new/qemu_test/qemu/qobject/qdict.c:29
>     #3 0x55d2c53a0051 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:291
>     #4 0x55d2c57b47da in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132
>     #5 0x55d2c57b47da in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175
>     #6 0x55d2c52f1430 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145
>     #7 0x55d2c52f3087 in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234
>     #8 0x55d2c58e6153 in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136
>
> Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>

Reviewed-by: Markus Armbruster <armbru@redhat.com>



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] qom-qmp-cmds: remove unnecessary alloc in qmp_object_add to fix memleak
  2020-03-17 10:49 ` Markus Armbruster
@ 2020-04-06  6:34   ` Markus Armbruster
  2020-04-06  9:46     ` Paolo Bonzini
  0 siblings, 1 reply; 4+ messages in thread
From: Markus Armbruster @ 2020-04-06  6:34 UTC (permalink / raw)
  To: pbonzini
  Cc: Kevin Wolf, berrange, ehabkost, Pan Nengyuan, qemu-devel,
	euler.robot, zhang.zhanghailiang

Paolo, looks like this has fallen through the cracks.  If you'd prefer
me to take it, let me know.

Markus Armbruster <armbru@redhat.com> writes:

> Pan Nengyuan <pannengyuan@huawei.com> writes:
>
>> In qmp_object_add(), user_creatable_add_type() may set errp with some error message and
>> return NULL. In this case, qmp_object_add() still alloc memory to *ret_data which return
>> to the caller and causes a memory leak.
>>
>> This patch do this alloc() action only if obj is not NULL to fix it. And initialize ret_data
>> in xen-block to avoid a possible uninitialized error.
>>
>> The Leak stack:
>> Direct leak of 4120 byte(s) in 1 object(s) allocated from:
>>     #0 0x7f6106ce5970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970)
>>     #1 0x7f6105e6a49d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d)
>>     #2 0x55d2c58c17fd in qdict_new /mnt/sdb/qemu-new/qemu_test/qemu/qobject/qdict.c:29
>>     #3 0x55d2c53a0051 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:291
>>     #4 0x55d2c57b47da in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132
>>     #5 0x55d2c57b47da in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175
>>     #6 0x55d2c52f1430 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145
>>     #7 0x55d2c52f3087 in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234
>>     #8 0x55d2c58e6153 in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136
>>
>> Fixes: 5f07c4d60d091320186e7b0edaf9ed2cc16b2d1e
>> Reported-by: Euler Robot <euler.robot@huawei.com>
>> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
>
> Reviewed-by: Markus Armbruster <armbru@redhat.com>



^ permalink raw reply	[flat|nested] 4+ messages in thread
* Re: [PATCH] qom-qmp-cmds: remove unnecessary alloc in qmp_object_add to fix memleak
  2020-04-06  6:34   ` Markus Armbruster
@ 2020-04-06  9:46     ` Paolo Bonzini
  0 siblings, 0 replies; 4+ messages in thread
From: Paolo Bonzini @ 2020-04-06  9:46 UTC (permalink / raw)
  To: Markus Armbruster
  Cc: Kevin Wolf, berrange, ehabkost, Pan Nengyuan, qemu-devel,
	euler.robot, zhang.zhanghailiang

On 06/04/20 08:34, Markus Armbruster wrote:
> Paolo, looks like this has fallen through the cracks.  If you'd prefer
> me to take it, let me know.
> 
> Markus Armbruster <armbru@redhat.com> writes:

Actually it was in my latest pull request, but between this version, 
Marc-André and mine you might have missed it:

commit 7f5d9b206d1e86425faa5b84b551068bf044b823
Author: Paolo Bonzini <pbonzini@redhat.com>
Date:   Thu Mar 26 10:41:21 2020 +0100

    object-add: don't create return value if failed
    
    No need to return an empty value from object-add (it would also leak
    if the command failed).  While at it, remove the "if" around object_unref
    since object_unref handles NULL arguments just fine.
    
    Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com>
    Message-Id: <20200325184723.2029630-4-marcandre.lureau@redhat.com>
    Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Thanks,

Paolo



^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-04-06 10:02 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-03-13  7:58 [PATCH] qom-qmp-cmds: remove unnecessary alloc in qmp_object_add to fix memleak Pan Nengyuan
2020-03-17 10:49 ` Markus Armbruster
2020-04-06  6:34   ` Markus Armbruster
2020-04-06  9:46     ` Paolo Bonzini

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).