* [PATCH V2] block/nbd: fix memory leak in nbd_open()
@ 2019-11-28 12:09 pannengyuan
2019-11-28 13:36 ` Stefano Garzarella
0 siblings, 1 reply; 3+ messages in thread
From: pannengyuan @ 2019-11-28 12:09 UTC (permalink / raw)
To: eblake, kwolf, mreitz
Cc: liyiting, zhang.zhanghailiang, qemu-block, PanNengyuan,
qemu-devel, kuhn.chenqun
From: PanNengyuan <pannengyuan@huawei.com>
In currently implementation there will be a memory leak when
nbd_client_connect() returns error status. Here is an easy way to
reproduce:
1. run qemu-iotests as follow and check the result with asan:
./check -raw 143
Following is the asan output backtrack:
Direct leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7f629688a560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
#1 0x7f6295e7e015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
#2 0x56281dab4642 in qobject_input_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295
#3 0x56281dab1a04 in visit_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49
#4 0x56281dad1827 in visit_type_SocketAddress qapi/qapi-visit-sockets.c:386
#5 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
#6 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
#7 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
Direct leak of 15 byte(s) in 1 object(s) allocated from:
#0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
#1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
#2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
#3 0x56281da804ac in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1834
#4 0x56281da804ac in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
Indirect leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
#1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
#2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
#3 0x56281dab41a3 in qobject_input_type_str_keyval /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:536
#4 0x56281dab2ee9 in visit_type_str /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:297
#5 0x56281dad0fa1 in visit_type_UnixSocketAddress_members qapi/qapi-visit-sockets.c:141
#6 0x56281dad17b6 in visit_type_SocketAddress_members qapi/qapi-visit-sockets.c:366
#7 0x56281dad186a in visit_type_SocketAddress qapi/qapi-visit-sockets.c:393
#8 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
#9 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
#10 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: PanNengyuan <pannengyuan@huawei.com>
---
Changes v2 to v1:
- add a new function to do the common cleanups (suggested by Stefano Garzarella).
---
block/nbd.c | 26 ++++++++++++++++----------
1 file changed, 16 insertions(+), 10 deletions(-)
diff --git a/block/nbd.c b/block/nbd.c
index 1239761..f8aa2a8 100644
--- a/block/nbd.c
+++ b/block/nbd.c
@@ -94,6 +94,8 @@ typedef struct BDRVNBDState {
static int nbd_client_connect(BlockDriverState *bs, Error **errp);
+static void nbd_free_bdrvstate_prop(BDRVNBDState *s);
+
static void nbd_channel_error(BDRVNBDState *s, int ret)
{
if (ret == -EIO) {
@@ -1486,6 +1488,17 @@ static int nbd_client_connect(BlockDriverState *bs, Error **errp)
}
}
+static void nbd_free_bdrvstate_prop(BDRVNBDState *s)
+{
+ object_unref(OBJECT(s->tlscreds));
+ qapi_free_SocketAddress(s->saddr);
+ g_free(s->export);
+ g_free(s->tlscredsid);
+ if (s->x_dirty_bitmap) {
+ g_free(s->x_dirty_bitmap);
+ }
+}
+
/*
* Parse nbd_open options
*/
@@ -1855,10 +1868,7 @@ static int nbd_process_options(BlockDriverState *bs, QDict *options,
error:
if (ret < 0) {
- object_unref(OBJECT(s->tlscreds));
- qapi_free_SocketAddress(s->saddr);
- g_free(s->export);
- g_free(s->tlscredsid);
+ nbd_free_bdrvstate_prop(s);
}
qemu_opts_del(opts);
return ret;
@@ -1881,6 +1891,7 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags,
ret = nbd_client_connect(bs, errp);
if (ret < 0) {
+ nbd_free_bdrvstate_prop(s);
return ret;
}
/* successfully connected */
@@ -1937,12 +1948,7 @@ static void nbd_close(BlockDriverState *bs)
BDRVNBDState *s = bs->opaque;
nbd_client_close(bs);
-
- object_unref(OBJECT(s->tlscreds));
- qapi_free_SocketAddress(s->saddr);
- g_free(s->export);
- g_free(s->tlscredsid);
- g_free(s->x_dirty_bitmap);
+ nbd_free_bdrvstate_prop(s);
}
static int64_t nbd_getlength(BlockDriverState *bs)
--
2.7.2.windows.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH V2] block/nbd: fix memory leak in nbd_open()
2019-11-28 12:09 [PATCH V2] block/nbd: fix memory leak in nbd_open() pannengyuan
@ 2019-11-28 13:36 ` Stefano Garzarella
2019-11-29 0:50 ` pannengyuan
0 siblings, 1 reply; 3+ messages in thread
From: Stefano Garzarella @ 2019-11-28 13:36 UTC (permalink / raw)
To: pannengyuan
Cc: kwolf, liyiting, zhang.zhanghailiang, qemu-block, qemu-devel,
mreitz, kuhn.chenqun
On Thu, Nov 28, 2019 at 08:09:31PM +0800, pannengyuan@huawei.com wrote:
> From: PanNengyuan <pannengyuan@huawei.com>
>
> In currently implementation there will be a memory leak when
> nbd_client_connect() returns error status. Here is an easy way to
> reproduce:
>
> 1. run qemu-iotests as follow and check the result with asan:
> ./check -raw 143
>
> Following is the asan output backtrack:
> Direct leak of 40 byte(s) in 1 object(s) allocated from:
> #0 0x7f629688a560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
> #1 0x7f6295e7e015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
> #2 0x56281dab4642 in qobject_input_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295
> #3 0x56281dab1a04 in visit_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49
> #4 0x56281dad1827 in visit_type_SocketAddress qapi/qapi-visit-sockets.c:386
> #5 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
> #6 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
> #7 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
>
> Direct leak of 15 byte(s) in 1 object(s) allocated from:
> #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
> #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
> #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
> #3 0x56281da804ac in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1834
> #4 0x56281da804ac in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
>
> Indirect leak of 24 byte(s) in 1 object(s) allocated from:
> #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
> #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
> #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
> #3 0x56281dab41a3 in qobject_input_type_str_keyval /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:536
> #4 0x56281dab2ee9 in visit_type_str /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:297
> #5 0x56281dad0fa1 in visit_type_UnixSocketAddress_members qapi/qapi-visit-sockets.c:141
> #6 0x56281dad17b6 in visit_type_SocketAddress_members qapi/qapi-visit-sockets.c:366
> #7 0x56281dad186a in visit_type_SocketAddress qapi/qapi-visit-sockets.c:393
> #8 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
> #9 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
> #10 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
>
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: PanNengyuan <pannengyuan@huawei.com>
> ---
> Changes v2 to v1:
> - add a new function to do the common cleanups (suggested by Stefano Garzarella).
> ---
> block/nbd.c | 26 ++++++++++++++++----------
> 1 file changed, 16 insertions(+), 10 deletions(-)
>
> diff --git a/block/nbd.c b/block/nbd.c
> index 1239761..f8aa2a8 100644
> --- a/block/nbd.c
> +++ b/block/nbd.c
> @@ -94,6 +94,8 @@ typedef struct BDRVNBDState {
>
> static int nbd_client_connect(BlockDriverState *bs, Error **errp);
>
> +static void nbd_free_bdrvstate_prop(BDRVNBDState *s);
> +
> static void nbd_channel_error(BDRVNBDState *s, int ret)
> {
> if (ret == -EIO) {
> @@ -1486,6 +1488,17 @@ static int nbd_client_connect(BlockDriverState *bs, Error **errp)
> }
> }
>
> +static void nbd_free_bdrvstate_prop(BDRVNBDState *s)
> +{
> + object_unref(OBJECT(s->tlscreds));
> + qapi_free_SocketAddress(s->saddr);
> + g_free(s->export);
> + g_free(s->tlscredsid);
> + if (s->x_dirty_bitmap) {
^ it is not needed, g_free() handles NULL pointers.
> + g_free(s->x_dirty_bitmap);
> + }
> +}
> +
Please, split this patch in two patches:
- the first patch where you add this function and use it in
nbd_process_options() and nbd_close()
- the second patch where you fix the leak in nbd_open()
Thanks,
Stefano
> /*
> * Parse nbd_open options
> */
> @@ -1855,10 +1868,7 @@ static int nbd_process_options(BlockDriverState *bs, QDict *options,
>
> error:
> if (ret < 0) {
> - object_unref(OBJECT(s->tlscreds));
> - qapi_free_SocketAddress(s->saddr);
> - g_free(s->export);
> - g_free(s->tlscredsid);
> + nbd_free_bdrvstate_prop(s);
> }
> qemu_opts_del(opts);
> return ret;
> @@ -1881,6 +1891,7 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags,
>
> ret = nbd_client_connect(bs, errp);
> if (ret < 0) {
> + nbd_free_bdrvstate_prop(s);
> return ret;
> }
> /* successfully connected */
> @@ -1937,12 +1948,7 @@ static void nbd_close(BlockDriverState *bs)
> BDRVNBDState *s = bs->opaque;
>
> nbd_client_close(bs);
> -
> - object_unref(OBJECT(s->tlscreds));
> - qapi_free_SocketAddress(s->saddr);
> - g_free(s->export);
> - g_free(s->tlscredsid);
> - g_free(s->x_dirty_bitmap);
> + nbd_free_bdrvstate_prop(s);
> }
>
> static int64_t nbd_getlength(BlockDriverState *bs)
> --
> 2.7.2.windows.1
>
>
>
--
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH V2] block/nbd: fix memory leak in nbd_open()
2019-11-28 13:36 ` Stefano Garzarella
@ 2019-11-29 0:50 ` pannengyuan
0 siblings, 0 replies; 3+ messages in thread
From: pannengyuan @ 2019-11-29 0:50 UTC (permalink / raw)
To: Stefano Garzarella
Cc: kwolf, liyiting, zhang.zhanghailiang, qemu-block, qemu-devel,
mreitz, kuhn.chenqun
On 2019/11/28 21:36, Stefano Garzarella wrote:
> On Thu, Nov 28, 2019 at 08:09:31PM +0800, pannengyuan@huawei.com wrote:
>> From: PanNengyuan <pannengyuan@huawei.com>
>>
>> In currently implementation there will be a memory leak when
>> nbd_client_connect() returns error status. Here is an easy way to
>> reproduce:
>>
>> 1. run qemu-iotests as follow and check the result with asan:
>> ./check -raw 143
>>
>> Following is the asan output backtrack:
>> Direct leak of 40 byte(s) in 1 object(s) allocated from:
>> #0 0x7f629688a560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
>> #1 0x7f6295e7e015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
>> #2 0x56281dab4642 in qobject_input_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295
>> #3 0x56281dab1a04 in visit_start_struct /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49
>> #4 0x56281dad1827 in visit_type_SocketAddress qapi/qapi-visit-sockets.c:386
>> #5 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
>> #6 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
>> #7 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
>>
>> Direct leak of 15 byte(s) in 1 object(s) allocated from:
>> #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
>> #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
>> #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
>> #3 0x56281da804ac in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1834
>> #4 0x56281da804ac in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
>>
>> Indirect leak of 24 byte(s) in 1 object(s) allocated from:
>> #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
>> #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
>> #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
>> #3 0x56281dab41a3 in qobject_input_type_str_keyval /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:536
>> #4 0x56281dab2ee9 in visit_type_str /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:297
>> #5 0x56281dad0fa1 in visit_type_UnixSocketAddress_members qapi/qapi-visit-sockets.c:141
>> #6 0x56281dad17b6 in visit_type_SocketAddress_members qapi/qapi-visit-sockets.c:366
>> #7 0x56281dad186a in visit_type_SocketAddress qapi/qapi-visit-sockets.c:393
>> #8 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
>> #9 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
>> #10 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873
>>
>> Reported-by: Euler Robot <euler.robot@huawei.com>
>> Signed-off-by: PanNengyuan <pannengyuan@huawei.com>
>> ---
>> Changes v2 to v1:
>> - add a new function to do the common cleanups (suggested by Stefano Garzarella).
>> ---
>> block/nbd.c | 26 ++++++++++++++++----------
>> 1 file changed, 16 insertions(+), 10 deletions(-)
>>
>> diff --git a/block/nbd.c b/block/nbd.c
>> index 1239761..f8aa2a8 100644
>> --- a/block/nbd.c
>> +++ b/block/nbd.c
>> @@ -94,6 +94,8 @@ typedef struct BDRVNBDState {
>>
>> static int nbd_client_connect(BlockDriverState *bs, Error **errp);
>>
>> +static void nbd_free_bdrvstate_prop(BDRVNBDState *s);
>> +
>> static void nbd_channel_error(BDRVNBDState *s, int ret)
>> {
>> if (ret == -EIO) {
>> @@ -1486,6 +1488,17 @@ static int nbd_client_connect(BlockDriverState *bs, Error **errp)
>> }
>> }
>>
>> +static void nbd_free_bdrvstate_prop(BDRVNBDState *s)
>> +{
>> + object_unref(OBJECT(s->tlscreds));
>> + qapi_free_SocketAddress(s->saddr);
>> + g_free(s->export);
>> + g_free(s->tlscredsid);
>> + if (s->x_dirty_bitmap) {
> ^ it is not needed, g_free() handles NULL pointers.
>> + g_free(s->x_dirty_bitmap);
>> + }
>> +}
>> +
>
> Please, split this patch in two patches:
> - the first patch where you add this function and use it in
> nbd_process_options() and nbd_close()
> - the second patch where you fix the leak in nbd_open()
>
> Thanks,
> Stefano
Thanks, I will change and split it in next version.
>
>> /*
>> * Parse nbd_open options
>> */
>> @@ -1855,10 +1868,7 @@ static int nbd_process_options(BlockDriverState *bs, QDict *options,
>>
>> error:
>> if (ret < 0) {
>> - object_unref(OBJECT(s->tlscreds));
>> - qapi_free_SocketAddress(s->saddr);
>> - g_free(s->export);
>> - g_free(s->tlscredsid);
>> + nbd_free_bdrvstate_prop(s);
>> }
>> qemu_opts_del(opts);
>> return ret;
>> @@ -1881,6 +1891,7 @@ static int nbd_open(BlockDriverState *bs, QDict *options, int flags,
>>
>> ret = nbd_client_connect(bs, errp);
>> if (ret < 0) {
>> + nbd_free_bdrvstate_prop(s);
>> return ret;
>> }
>> /* successfully connected */
>> @@ -1937,12 +1948,7 @@ static void nbd_close(BlockDriverState *bs)
>> BDRVNBDState *s = bs->opaque;
>>
>> nbd_client_close(bs);
>> -
>> - object_unref(OBJECT(s->tlscreds));
>> - qapi_free_SocketAddress(s->saddr);
>> - g_free(s->export);
>> - g_free(s->tlscredsid);
>> - g_free(s->x_dirty_bitmap);
>> + nbd_free_bdrvstate_prop(s);
>> }
>>
>> static int64_t nbd_getlength(BlockDriverState *bs)
>> --
>> 2.7.2.windows.1
>>
>>
>>
>
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2019-11-29 1:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-28 12:09 [PATCH V2] block/nbd: fix memory leak in nbd_open() pannengyuan
2019-11-28 13:36 ` Stefano Garzarella
2019-11-29 0:50 ` pannengyuan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).