From: Markus Armbruster <armbru@redhat.com>
To: Pan Nengyuan <pannengyuan@huawei.com>
Cc: lvivier@redhat.com, zhang.zhanghailiang@huawei.com,
mst@redhat.com, amit@kernel.org, qemu-devel@nongnu.org,
pbonzini@redhat.com, marcandre.lureau@redhat.com,
euler.robot@huawei.com
Subject: Re: [PATCH v2] virtio-serial-bus: do cleanup on the error path in realize() to avoid memleaks
Date: Fri, 06 Mar 2020 09:51:00 +0100 [thread overview]
Message-ID: <871rq57tor.fsf@dusky.pond.sub.org> (raw)
In-Reply-To: <20200306025030.28824-1-pannengyuan@huawei.com> (Pan Nengyuan's message of "Fri, 6 Mar 2020 10:50:30 +0800")
Pan Nengyuan <pannengyuan@huawei.com> writes:
> port->bh forgot to delete on the error path, this patch add it to fix memleaks. It's easy to reproduce as follow(add a same nr port):
Long line. Suggest:
virtio-serial-bus: Plug memory leak on realize() error paths
We neglect to free port->bh on the error paths. Fix that.
Reproducer:
Perhaps the maintainer can tweak this for you without a respin.
> {'execute': 'device_add', 'arguments': {'id': 'virtio_serial_pci0', 'driver': 'virtio-serial-pci', 'bus': 'pci.0', 'addr': '0x5'}, 'id': 'yVkZcGgV'}
> {'execute': 'device_add', 'arguments': {'id': 'port1', 'driver': 'virtserialport', 'name': 'port1', 'chardev': 'channel1', 'bus': 'virtio_serial_pci0.0', 'nr': 1}, 'id': '3dXdUgJA'}
> {'execute': 'device_add', 'arguments': {'id': 'port2', 'driver': 'virtserialport', 'name': 'port2', 'chardev': 'channel2', 'bus': 'virtio_serial_pci0.0', 'nr': 1}, 'id': 'qLzcCkob'}
> {'execute': 'device_add', 'arguments': {'id': 'port2', 'driver': 'virtserialport', 'name': 'port2', 'chardev': 'channel2', 'bus': 'virtio_serial_pci0.0', 'nr': 2}, 'id': 'qLzcCkob'}
>
> The leak stack:
> Direct leak of 40 byte(s) in 1 object(s) allocated from:
> #0 0x7f04a8008ae8 in __interceptor_malloc (/lib64/libasan.so.5+0xefae8)
> #1 0x7f04a73cf1d5 in g_malloc (/lib64/libglib-2.0.so.0+0x531d5)
> #2 0x56273eaee484 in aio_bh_new /mnt/sdb/backup/qemu/util/async.c:125
> #3 0x56273eafe9a8 in qemu_bh_new /mnt/sdb/backup/qemu/util/main-loop.c:532
> #4 0x56273d52e62e in virtser_port_device_realize /mnt/sdb/backup/qemu/hw/char/virtio-serial-bus.c:946
> #5 0x56273dcc5040 in device_set_realized /mnt/sdb/backup/qemu/hw/core/qdev.c:891
> #6 0x56273e5ebbce in property_set_bool /mnt/sdb/backup/qemu/qom/object.c:2238
> #7 0x56273e5e5a9c in object_property_set /mnt/sdb/backup/qemu/qom/object.c:1324
> #8 0x56273e5ef5f8 in object_property_set_qobject /mnt/sdb/backup/qemu/qom/qom-qobject.c:26
> #9 0x56273e5e5e6a in object_property_set_bool /mnt/sdb/backup/qemu/qom/object.c:1390
> #10 0x56273daa40de in qdev_device_add /mnt/sdb/backup/qemu/qdev-monitor.c:680
> #11 0x56273daa53e9 in qmp_device_add /mnt/sdb/backup/qemu/qdev-monitor.c:805
>
> Fixes: 199646d81522509ac2dba6d28c31e8c7d807bc93
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
> ---
> v1->v2:
> - simply create port->bh last in virtser_port_device_realize() to fix memleaks.(Suggested by Markus Armbruster)
> ---
> hw/char/virtio-serial-bus.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/hw/char/virtio-serial-bus.c b/hw/char/virtio-serial-bus.c
> index 941ed5aca9..99a65bab7f 100644
> --- a/hw/char/virtio-serial-bus.c
> +++ b/hw/char/virtio-serial-bus.c
> @@ -943,7 +943,6 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
> Error *err = NULL;
>
> port->vser = bus->vser;
> - port->bh = qemu_bh_new(flush_queued_data_bh, port);
>
> assert(vsc->have_data);
>
> @@ -992,6 +991,7 @@ static void virtser_port_device_realize(DeviceState *dev, Error **errp)
> return;
> }
>
> + port->bh = qemu_bh_new(flush_queued_data_bh, port);
> port->elem = NULL;
> }
Preferably with a tidied up commit message:
Reviewed-by: Markus Armbruster <armbru@redhat.com>
next prev parent reply other threads:[~2020-03-06 8:52 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-06 2:50 [PATCH v2] virtio-serial-bus: do cleanup on the error path in realize() to avoid memleaks Pan Nengyuan
2020-03-06 7:26 ` Amit Shah
2020-03-06 8:51 ` Markus Armbruster [this message]
2020-03-06 9:35 ` Pan Nengyuan
2020-03-07 16:37 ` Michael S. Tsirkin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871rq57tor.fsf@dusky.pond.sub.org \
--to=armbru@redhat.com \
--cc=amit@kernel.org \
--cc=euler.robot@huawei.com \
--cc=lvivier@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=mst@redhat.com \
--cc=pannengyuan@huawei.com \
--cc=pbonzini@redhat.com \
--cc=qemu-devel@nongnu.org \
--cc=zhang.zhanghailiang@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.