All of lore.kernel.org
 help / color / mirror / Atom feed
From: John Snow <jsnow@redhat.com>
To: "Jeff Cody" <jcody@redhat.com>,
	"Marc-André Lureau" <marcandre.lureau@redhat.com>
Cc: kwolf@redhat.com, qemu-devel@nongnu.org, qemu-block@nongnu.org,
	mreitz@redhat.com
Subject: Re: [Qemu-devel] [Qemu-block] [PATCH] blockjob: leak fix, remove from txn when failing early
Date: Tue, 27 Mar 2018 18:46:48 -0400	[thread overview]
Message-ID: <f7cdb4cc-b614-5d43-ee98-7d678631a652@redhat.com> (raw)
In-Reply-To: <20180327201017.GT12302@localhost.localdomain>



On 03/27/2018 04:10 PM, Jeff Cody wrote:
> On Tue, Mar 27, 2018 at 06:07:36PM +0200, Marc-André Lureau wrote:
>> This fixes leaks found by ASAN such as:
>>   GTESTER tests/test-blockjob
>> =================================================================
>> ==31442==ERROR: LeakSanitizer: detected memory leaks
>>
>> Direct leak of 24 byte(s) in 1 object(s) allocated from:
>>     #0 0x7f88483cba38 in __interceptor_calloc (/lib64/libasan.so.4+0xdea38)
>>     #1 0x7f8845e1bd77 in g_malloc0 ../glib/gmem.c:129
>>     #2 0x7f8845e1c04b in g_malloc0_n ../glib/gmem.c:360
>>     #3 0x5584d2732498 in block_job_txn_new /home/elmarco/src/qemu/blockjob.c:172
>>     #4 0x5584d2739b28 in block_job_create /home/elmarco/src/qemu/blockjob.c:973
>>     #5 0x5584d270ae31 in mk_job /home/elmarco/src/qemu/tests/test-blockjob.c:34
>>     #6 0x5584d270b1c1 in do_test_id /home/elmarco/src/qemu/tests/test-blockjob.c:57
>>     #7 0x5584d270b65c in test_job_ids /home/elmarco/src/qemu/tests/test-blockjob.c:118
>>     #8 0x7f8845e40b69 in test_case_run ../glib/gtestutils.c:2255
>>     #9 0x7f8845e40f29 in g_test_run_suite_internal ../glib/gtestutils.c:2339
>>     #10 0x7f8845e40fd2 in g_test_run_suite_internal ../glib/gtestutils.c:2351
>>     #11 0x7f8845e411e9 in g_test_run_suite ../glib/gtestutils.c:2426
>>     #12 0x7f8845e3fe72 in g_test_run ../glib/gtestutils.c:1692
>>     #13 0x5584d270d6e2 in main /home/elmarco/src/qemu/tests/test-blockjob.c:377
>>     #14 0x7f8843641f29 in __libc_start_main (/lib64/libc.so.6+0x20f29)
>>
>> Add an assert to make sure that the job doesn't have associated txn before free().
>>
>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>> ---
>>  blockjob.c | 5 +++++
>>  1 file changed, 5 insertions(+)
>>
>> diff --git a/blockjob.c b/blockjob.c
>> index 11c9ce124d..bb75386515 100644
>> --- a/blockjob.c
>> +++ b/blockjob.c
>> @@ -228,6 +228,7 @@ void block_job_unref(BlockJob *job)
>>  {
>>      if (--job->refcnt == 0) {
>>          assert(job->status == BLOCK_JOB_STATUS_NULL);
>> +        assert(!job->txn);
>>          BlockDriverState *bs = blk_bs(job->blk);
>>          QLIST_REMOVE(job, job_list);
>>          bs->job = NULL;
>> @@ -479,6 +480,7 @@ static int block_job_finalize_single(BlockJob *job)
>>  
>>      QLIST_REMOVE(job, txn_list);
>>      block_job_txn_unref(job->txn);
>> +    job->txn = NULL;
>>      block_job_conclude(job);
>>      return 0;
>>  }
>> @@ -994,6 +996,9 @@ void block_job_pause_all(void)
>>  void block_job_early_fail(BlockJob *job)
>>  {
>>      assert(job->status == BLOCK_JOB_STATUS_CREATED);
>> +    QLIST_REMOVE(job, txn_list);
>> +    block_job_txn_unref(job->txn);
>> +    job->txn = NULL;
>>      block_job_decommission(job);
>>  }
>>  
>> -- 
>> 2.17.0.rc1.1.g4c4f2b46a3
>>
> 
> This patch causes a segfault/assert in iotests 031 041 055:
> 
> e.g., from 031:
> 
> test_set_speed_invalid (__main__.TestSetSpeed) ... DEBUG:QMP:>>> {'execute': 'qmp_capabilities'}
> DEBUG:QMP:<<< {u'return': {}}
> DEBUG:QMP:>>> {'execute': 'query-block-jobs'}
> DEBUG:QMP:<<< {u'return': []}
> DEBUG:QMP:>>> {'execute': 'block-stream', 'arguments': {'device': 'drive0', 'speed': -1}}
> DEBUG:QMP:<<< None
> WARNING:qemu:qemu received signal -11: [...]
> 
> 

Oh, because block_job_early_fail can be called from block_job_create
before we've established a transaction (even if it's the dummy transaction.)

It's a *really* early failure.

I patched it out like this; JTC: take whichever one, credit Marc-Andre
regardless of which you choose.

--js


diff --git a/blockjob.c b/blockjob.c
index ef3ed69ff1..c510a9fde5 100644
--- a/blockjob.c
+++ b/blockjob.c
@@ -204,6 +204,15 @@ void block_job_txn_add_job(BlockJobTxn *txn,
BlockJob *job)
     block_job_txn_ref(txn);
 }

+static void block_job_txn_del_job(BlockJob *job)
+{
+    if (job->txn) {
+        QLIST_REMOVE(job, txn_list);
+        block_job_txn_unref(job->txn);
+        job->txn = NULL;
+    }
+}
+
 static void block_job_pause(BlockJob *job)
 {
     job->pause_count++;
@@ -232,6 +241,7 @@ void block_job_unref(BlockJob *job)
 {
     if (--job->refcnt == 0) {
         assert(job->status == BLOCK_JOB_STATUS_NULL);
+        assert(!job->txn);
         BlockDriverState *bs = blk_bs(job->blk);
         QLIST_REMOVE(job, job_list);
         bs->job = NULL;
@@ -392,6 +402,7 @@ static void block_job_decommission(BlockJob *job)
     job->busy = false;
     job->paused = false;
     job->deferred_to_main_loop = true;
+    block_job_txn_del_job(job);
     block_job_state_transition(job, BLOCK_JOB_STATUS_NULL);
     block_job_unref(job);
 }
@@ -481,8 +492,7 @@ static int block_job_finalize_single(BlockJob *job)
         }
     }

-    QLIST_REMOVE(job, txn_list);
-    block_job_txn_unref(job->txn);
+    block_job_txn_del_job(job);
     block_job_conclude(job);
     return 0;
 }

      reply	other threads:[~2018-03-27 22:47 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-03-27 16:07 [Qemu-devel] [PATCH] blockjob: leak fix, remove from txn when failing early Marc-André Lureau
2018-03-27 19:06 ` [Qemu-devel] [Qemu-block] " John Snow
2018-03-27 20:10 ` [Qemu-devel] " Jeff Cody
2018-03-27 22:46   ` John Snow [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=f7cdb4cc-b614-5d43-ee98-7d678631a652@redhat.com \
    --to=jsnow@redhat.com \
    --cc=jcody@redhat.com \
    --cc=kwolf@redhat.com \
    --cc=marcandre.lureau@redhat.com \
    --cc=mreitz@redhat.com \
    --cc=qemu-block@nongnu.org \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.