motorhead/qemu
1
0
Fork 0
mirror of https://github.com/Motorhead1991/qemu.git synced 2025-12-17 21:26:13 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions
qemu/block
History
Pan Nengyuan 8198cf5ef0 block/nbd: fix memory leak in nbd_open() 
In currently implementation there will be a memory leak when
nbd_client_connect() returns error status. Here is an easy way to
reproduce:

1. run qemu-iotests as follow and check the result with asan:
    ./check -raw 143

Following is the asan output backtrack:
Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f629688a560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
    #1 0x7f6295e7e015 in g_malloc0  (/usr/lib64/libglib-2.0.so.0+0x50015)
    #2 0x56281dab4642 in qobject_input_start_struct  /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:295
    #3 0x56281dab1a04 in visit_start_struct  /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:49
    #4 0x56281dad1827 in visit_type_SocketAddress  qapi/qapi-visit-sockets.c:386
    #5 0x56281da8062f in nbd_config   /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
    #6 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
    #7 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873

Direct leak of 15 byte(s) in 1 object(s) allocated from:
    #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
    #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
    #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
    #3 0x56281da804ac in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1834
    #4 0x56281da804ac in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873

Indirect leak of 24 byte(s) in 1 object(s) allocated from:
    #0 0x7f629688a3a0 in malloc (/usr/lib64/libasan.so.3+0xc73a0)
    #1 0x7f6295e7dfbd in g_malloc (/usr/lib64/libglib-2.0.so.0+0x4ffbd)
    #2 0x7f6295e96ace in g_strdup (/usr/lib64/libglib-2.0.so.0+0x68ace)
    #3 0x56281dab41a3 in qobject_input_type_str_keyval /mnt/sdb/qemu-4.2.0-rc0/qapi/qobject-input-visitor.c:536
    #4 0x56281dab2ee9 in visit_type_str /mnt/sdb/qemu-4.2.0-rc0/qapi/qapi-visit-core.c:297
    #5 0x56281dad0fa1 in visit_type_UnixSocketAddress_members qapi/qapi-visit-sockets.c:141
    #6 0x56281dad17b6 in visit_type_SocketAddress_members qapi/qapi-visit-sockets.c:366
    #7 0x56281dad186a in visit_type_SocketAddress qapi/qapi-visit-sockets.c:393
    #8 0x56281da8062f in nbd_config /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1716
    #9 0x56281da8062f in nbd_process_options /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1829
    #10 0x56281da8062f in nbd_open /mnt/sdb/qemu-4.2.0-rc0/block/nbd.c:1873

Fixes: 8f071c9db5
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Cc: qemu-stable <qemu-stable@nongnu.org>
Cc: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <1575517528-44312-3-git-send-email-pannengyuan@huawei.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
2020-02-26 17:29:00 -06:00
..
accounting.c block: add empty account cookie type 2019-10-10 10:56:18 +02:00
aio_task.c block: introduce aio task pool 2019-10-10 10:56:17 +02:00
backup-top.c block/backup-top: fix flags handling 2020-02-20 16:43:42 +01:00
backup-top.h block: introduce backup-top filter driver 2019-10-10 10:56:18 +02:00
backup.c block/backup-top: Don't acquire context while dropping top 2020-01-27 17:19:53 +01:00
blkdebug.c blkdebug: Allow taking/unsharing permissions 2020-01-06 13:43:06 +01:00
blklogwrites.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
blkreplay.c block: implement bdrv_snapshot_goto for blkreplay 2019-10-14 17:12:48 +02:00
blkverify.c block: Remove bdrv_recurse_is_first_non_filter() 2020-02-18 11:55:40 +01:00
block-backend.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
block-copy.c block/block-copy: fix s->copy_size for compressed cluster 2019-11-04 09:21:45 +01:00
bochs.c block: Use QEMU_IS_ALIGNED 2019-09-16 14:48:30 +02:00
cloop.c block: Use QEMU_IS_ALIGNED 2019-09-16 14:48:30 +02:00
commit.c commit: Fix is_read for block_job_error_action() 2020-02-18 10:53:56 +01:00
copy-on-read.c block: Remove bdrv_recurse_is_first_non_filter() 2020-02-18 11:55:40 +01:00
create.c block/create: Do not abort if a block driver is not available 2019-09-13 12:18:37 +02:00
crypto.c block: Let format drivers pass @exact 2019-10-28 12:05:30 +01:00
crypto.h Clean up ill-advised or unusual header guards 2019-05-13 08:58:55 +02:00
curl.c curl: Check curl_multi_add_handle()'s return code 2019-09-16 15:31:12 +02:00
dirty-bitmap.c bitmap: Enforce maximum bitmap name length 2019-11-18 16:01:34 -06:00
dmg-bz2.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
dmg-lzfse.c block: adding lzfse decompressing support as a module. 2018-12-14 11:52:40 +01:00
dmg.c block: Use QEMU_IS_ALIGNED 2019-09-16 14:48:30 +02:00
dmg.h Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
file-posix.c file-posix: Drop hdev_co_create_opts() 2020-02-20 16:43:42 +01:00
file-win32.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
filter-compress.c block: Remove bdrv_recurse_is_first_non_filter() 2020-02-18 11:55:40 +01:00
gluster.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
io.c block: fix crash on zero-length unaligned write and read 2020-02-07 16:46:59 +00:00
io_uring.c block/io_uring: Remove superfluous semicolon 2020-02-18 10:54:02 +01:00
iscsi-opts.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
iscsi.c iscsi: Drop iscsi_co_create_opts() 2020-02-20 16:43:42 +01:00
linux-aio.c linux-aio: increasing MAX_EVENTS to a larger hardcoded value 2020-01-13 16:41:45 +00:00
Makefile.objs block/io_uring: implements interfaces for io_uring 2020-01-30 20:59:41 +00:00
mirror.c mirror: Double-check immediately before replacing 2020-02-18 11:55:40 +01:00
nbd.c block/nbd: fix memory leak in nbd_open() 2020-02-26 17:29:00 -06:00
nfs.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
null.c replay: add BH oneshot event for block layer 2019-10-14 17:12:48 +02:00
nvme.c block/nvme: add support for discard 2019-10-28 11:34:35 +01:00
parallels.c Block patches for softfreeze: 2019-10-28 14:40:01 +00:00
parallels.h Clean up includes 2018-02-09 05:05:11 +01:00
qapi.c block: Fix VM size field width in snapshot dump 2020-02-20 16:43:42 +01:00
qcow.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
qcow2-bitmap.c block/qcow2-bitmap: Remove unneeded variable assignment 2020-02-18 10:53:56 +01:00
qcow2-cache.c core: replace getpagesize() with qemu_real_host_page_size 2019-10-26 15:38:06 +02:00
qcow2-cluster.c qcow2: Fix qcow2_alloc_cluster_abort() for external data file 2020-02-18 10:53:56 +01:00
qcow2-refcount.c qcow2: update_refcount(): Reset old_table_index after qcow2_cache_put() 2020-02-18 10:53:56 +01:00
qcow2-snapshot.c qcow2: Don't round the L1 table allocation up to the sector size 2020-02-06 13:47:45 +01:00
qcow2-threads.c qcow2: Fix alignment checks in encrypted images 2020-02-18 10:53:56 +01:00
qcow2.c block: always fill entire LUKS header space with zeros 2020-02-20 16:43:42 +01:00
qcow2.h qcow2: Fix QCOW2_COMPRESSED_SECTOR_MASK 2019-11-07 14:37:46 +01:00
qed-check.c block/qed: add missed coroutine_fn markers 2019-04-30 15:29:00 +02:00
qed-cluster.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-l2-cache.c qed: protect table cache with CoMutex 2017-07-17 11:34:11 +08:00
qed-table.c block/qed: add missed coroutine_fn markers 2019-04-30 15:29:00 +02:00
qed.c block: Pass truncate exact=true where reasonable 2019-10-28 12:08:45 +01:00
qed.h block/qed: add missed coroutine_fn markers 2019-04-30 15:29:00 +02:00
quorum.c quorum: Stop marking it as a filter 2020-02-18 11:55:40 +01:00
raw-format.c block: Let format drivers pass @exact 2019-10-28 12:05:30 +01:00
rbd.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
replication.c block: Remove bdrv_recurse_is_first_non_filter() 2020-02-18 11:55:40 +01:00
sheepdog.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
snapshot.c block/snapshot: rename Error ** parameter to more common errp 2019-12-18 08:43:19 +01:00
ssh.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
stream.c job: drop job_drain 2019-09-10 08:58:43 +02:00
throttle-groups.c throttle-groups: fix memory leak in throttle_group_set_limit: 2020-01-06 13:43:06 +01:00
throttle.c block: Remove bdrv_recurse_is_first_non_filter() 2020-02-18 11:55:40 +01:00
trace-events block: add trace events for io_uring 2020-01-30 20:59:42 +00:00
vdi.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
vhdx-endian.c Include qemu-common.h exactly where needed 2019-06-12 13:20:20 +02:00
vhdx-log.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
vhdx.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
vhdx.h block/vhdx: Use IEC binary prefixes for size constants 2019-04-30 15:29:00 +02:00
vmdk.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
vpc.c block: Add @exact parameter to bdrv_co_truncate() 2019-10-28 12:00:07 +01:00
vvfat.c block/vvfat: Do not unref qcow on closing backing bdrv 2020-02-18 10:53:56 +01:00
vxhs.c replay: add BH oneshot event for block layer 2019-10-14 17:12:48 +02:00
win32-aio.c Include qemu/module.h where needed, drop it from qemu-common.h 2019-06-12 13:18:33 +02:00
write-threshold.c qapi: Drop qapi_event_send_FOO()'s Error ** argument 2018-08-28 18:21:38 +02:00