From: Laszlo Ersek <lersek@redhat.com>
To: Chen Gang <gang.chen.5i5j@gmail.com>,
lcapitulino@redhat.com, qiaonuohan@cn.fujitsu.com,
pbonzini@redhat.com, agraf@suse.de,
Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-trivial] [PATCH] dump.c: Fix memory leak issue in cleanup processing for dump_init()
Date: Sun, 03 Aug 2014 17:56:39 +0200 [thread overview]
Message-ID: <53DE5BB7.10709@redhat.com> (raw)
In-Reply-To: <53DE5538.1020701@gmail.com>
comments below
On 08/03/14 17:28, Chen Gang wrote:
> In dump_init(), when failure occurs, need notice about 'fd' and memory
> mapping. So call dump_cleanup() for it (need let all initializations at
> front).
>
> Also simplify dump_cleanup(): remove redundant 'ret' and redundant 'fd'
> checking.
>
> Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
> ---
> dump.c | 18 +++++-------------
> 1 file changed, 5 insertions(+), 13 deletions(-)
Please explain what is leaked and how.
The only possibility I can see (without digging very hard) is that
qemu_get_guest_memory_mapping() succeeds and lzo_init() fails (which
should never happen in practice).
Regarding s->fd itself, I'm beyond trying to understand its lifecycle.
Qemu uses a bad ownership model wherein functions, in case of an
internal error, release resources they got from their callers. I'm
unable to reason in such a model. The only function to close fd *ever*
should be qmp_dump_guest_memory() (and that one should close fd with a
direct close() call). Currently fd is basically a global variable,
because the entire dump function tree has access to it (and closes it if
there's an error).
Anyway I guess it's OK to call dump_cleanup() to close s->fd just in case.
If you have a Coverity report, please share it.
Then,
> diff --git a/dump.c b/dump.c
> index ce646bc..71d3e94 100644
> --- a/dump.c
> +++ b/dump.c
> @@ -71,18 +71,14 @@ uint64_t cpu_to_dump64(DumpState *s, uint64_t val)
>
> static int dump_cleanup(DumpState *s)
> {
> - int ret = 0;
> -
I agree with this change.
> guest_phys_blocks_free(&s->guest_phys_blocks);
> memory_mapping_list_free(&s->list);
> - if (s->fd != -1) {
> - close(s->fd);
> - }
> + close(s->fd);
I disagree. It clobbers errno if s->fd is -1. Even though we don't
particularly care about errno, it sort of disturbs be. Or can you prove
s->fd is never -1 here?
> if (s->resume) {
> vm_start();
> }
>
> - return ret;
> + return 0;
> }
>
> static void dump_error(DumpState *s, const char *reason)
> @@ -1499,6 +1495,8 @@ static int dump_init(DumpState *s, int fd, bool has_format,
> s->begin = begin;
> s->length = length;
>
> + memory_mapping_list_init(&s->list);
> +
> guest_phys_blocks_init(&s->guest_phys_blocks);
> guest_phys_blocks_append(&s->guest_phys_blocks);
>
> @@ -1526,7 +1524,6 @@ static int dump_init(DumpState *s, int fd, bool has_format,
> }
>
> /* get memory mapping */
> - memory_mapping_list_init(&s->list);
> if (paging) {
> qemu_get_guest_memory_mapping(&s->list, &s->guest_phys_blocks, &err);
> if (err != NULL) {
> @@ -1622,12 +1619,7 @@ static int dump_init(DumpState *s, int fd, bool has_format,
> return 0;
>
> cleanup:
> - guest_phys_blocks_free(&s->guest_phys_blocks);
> -
> - if (s->resume) {
> - vm_start();
> - }
> -
> + dump_cleanup(s);
> return -1;
> }
>
>
This code is ripe for a generic lifecycle tracking overhaul, but since
my view of ownership tracking is marginal in the qemu developer
community, I'm not motivated.
NB: I'm not nacking your patch, just please explain it better.
Thanks
Laszlo
WARNING: multiple messages have this Message-ID (diff)
From: Laszlo Ersek <lersek@redhat.com>
To: Chen Gang <gang.chen.5i5j@gmail.com>,
lcapitulino@redhat.com, qiaonuohan@cn.fujitsu.com,
pbonzini@redhat.com, agraf@suse.de,
Michael Tokarev <mjt@tls.msk.ru>
Cc: qemu-trivial@nongnu.org, qemu-devel@nongnu.org
Subject: Re: [Qemu-devel] [PATCH] dump.c: Fix memory leak issue in cleanup processing for dump_init()
Date: Sun, 03 Aug 2014 17:56:39 +0200 [thread overview]
Message-ID: <53DE5BB7.10709@redhat.com> (raw)
In-Reply-To: <53DE5538.1020701@gmail.com>
comments below
On 08/03/14 17:28, Chen Gang wrote:
> In dump_init(), when failure occurs, need notice about 'fd' and memory
> mapping. So call dump_cleanup() for it (need let all initializations at
> front).
>
> Also simplify dump_cleanup(): remove redundant 'ret' and redundant 'fd'
> checking.
>
> Signed-off-by: Chen Gang <gang.chen.5i5j@gmail.com>
> ---
> dump.c | 18 +++++-------------
> 1 file changed, 5 insertions(+), 13 deletions(-)
Please explain what is leaked and how.
The only possibility I can see (without digging very hard) is that
qemu_get_guest_memory_mapping() succeeds and lzo_init() fails (which
should never happen in practice).
Regarding s->fd itself, I'm beyond trying to understand its lifecycle.
Qemu uses a bad ownership model wherein functions, in case of an
internal error, release resources they got from their callers. I'm
unable to reason in such a model. The only function to close fd *ever*
should be qmp_dump_guest_memory() (and that one should close fd with a
direct close() call). Currently fd is basically a global variable,
because the entire dump function tree has access to it (and closes it if
there's an error).
Anyway I guess it's OK to call dump_cleanup() to close s->fd just in case.
If you have a Coverity report, please share it.
Then,
> diff --git a/dump.c b/dump.c
> index ce646bc..71d3e94 100644
> --- a/dump.c
> +++ b/dump.c
> @@ -71,18 +71,14 @@ uint64_t cpu_to_dump64(DumpState *s, uint64_t val)
>
> static int dump_cleanup(DumpState *s)
> {
> - int ret = 0;
> -
I agree with this change.
> guest_phys_blocks_free(&s->guest_phys_blocks);
> memory_mapping_list_free(&s->list);
> - if (s->fd != -1) {
> - close(s->fd);
> - }
> + close(s->fd);
I disagree. It clobbers errno if s->fd is -1. Even though we don't
particularly care about errno, it sort of disturbs be. Or can you prove
s->fd is never -1 here?
> if (s->resume) {
> vm_start();
> }
>
> - return ret;
> + return 0;
> }
>
> static void dump_error(DumpState *s, const char *reason)
> @@ -1499,6 +1495,8 @@ static int dump_init(DumpState *s, int fd, bool has_format,
> s->begin = begin;
> s->length = length;
>
> + memory_mapping_list_init(&s->list);
> +
> guest_phys_blocks_init(&s->guest_phys_blocks);
> guest_phys_blocks_append(&s->guest_phys_blocks);
>
> @@ -1526,7 +1524,6 @@ static int dump_init(DumpState *s, int fd, bool has_format,
> }
>
> /* get memory mapping */
> - memory_mapping_list_init(&s->list);
> if (paging) {
> qemu_get_guest_memory_mapping(&s->list, &s->guest_phys_blocks, &err);
> if (err != NULL) {
> @@ -1622,12 +1619,7 @@ static int dump_init(DumpState *s, int fd, bool has_format,
> return 0;
>
> cleanup:
> - guest_phys_blocks_free(&s->guest_phys_blocks);
> -
> - if (s->resume) {
> - vm_start();
> - }
> -
> + dump_cleanup(s);
> return -1;
> }
>
>
This code is ripe for a generic lifecycle tracking overhaul, but since
my view of ownership tracking is marginal in the qemu developer
community, I'm not motivated.
NB: I'm not nacking your patch, just please explain it better.
Thanks
Laszlo
next prev parent reply other threads:[~2014-08-03 15:57 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-03 15:28 [Qemu-trivial] [PATCH] dump.c: Fix memory leak issue in cleanup processing for dump_init() Chen Gang
2014-08-03 15:28 ` [Qemu-devel] " Chen Gang
2014-08-03 15:56 ` Laszlo Ersek [this message]
2014-08-03 15:56 ` Laszlo Ersek
2014-08-04 13:51 ` [Qemu-trivial] " Chen Gang
2014-08-04 13:51 ` [Qemu-devel] " Chen Gang
2014-08-11 19:47 ` [Qemu-trivial] " Chen Gang
2014-08-11 19:47 ` [Qemu-devel] " Chen Gang
2014-08-04 7:59 ` [Qemu-trivial] Cc'ing emails [was: [PATCH] dump.c: Fix memory leak issue in cleanup processing for dump_init()] Michael Tokarev
2014-08-04 7:59 ` [Qemu-devel] " Michael Tokarev
2014-08-04 14:13 ` [Qemu-trivial] " Chen Gang
2014-08-04 14:13 ` [Qemu-devel] " Chen Gang
2014-08-04 15:43 ` [Qemu-trivial] [Qemu-devel] Cc'ing emails [ Markus Armbruster
2014-08-04 15:43 ` Markus Armbruster
2014-08-05 4:41 ` [Qemu-trivial] " Chen Gang
2014-08-05 4:41 ` Chen Gang
2014-08-05 7:08 ` [Qemu-trivial] " Michael Tokarev
2014-08-05 7:08 ` Michael Tokarev
2014-08-05 8:07 ` [Qemu-trivial] " Peter Maydell
2014-08-05 8:07 ` Peter Maydell
2014-08-05 12:20 ` [Qemu-trivial] " Chen Gang
2014-08-05 12:20 ` Chen Gang
2014-08-05 9:41 ` [Qemu-trivial] " Markus Armbruster
2014-08-05 9:41 ` Markus Armbruster
2014-08-05 13:25 ` [Qemu-trivial] " Anthony Liguori
2014-08-05 13:25 ` Anthony Liguori
2014-08-12 15:43 ` [Qemu-trivial] [PATCH] dump.c: Fix memory leak issue in cleanup processing for dump_init() Laszlo Ersek
2014-08-12 15:43 ` [Qemu-devel] " Laszlo Ersek
2014-08-12 22:19 ` [Qemu-trivial] " Chen Gang
2014-08-12 22:19 ` [Qemu-devel] " Chen Gang
2014-08-14 20:49 ` [Qemu-trivial] " Luiz Capitulino
2014-08-14 20:49 ` [Qemu-devel] " Luiz Capitulino
2014-08-14 22:03 ` [Qemu-trivial] " Chen Gang
2014-08-14 22:03 ` [Qemu-devel] " Chen Gang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=53DE5BB7.10709@redhat.com \
--to=lersek@redhat.com \
--cc=agraf@suse.de \
--cc=gang.chen.5i5j@gmail.com \
--cc=lcapitulino@redhat.com \
--cc=mjt@tls.msk.ru \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-trivial@nongnu.org \
--cc=qiaonuohan@cn.fujitsu.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.