From: Alexandru Elisei <alexandru.elisei@arm.com>
To: leixiang <leixiang@kylinos.cn>,
will@kernel.org, julien.thierry.kdev@gmail.com
Cc: kvm@vger.kernel.org, xieming@kylinos.cn
Subject: Re: [PATCH] kvm tools:Fix memory leakage in open all disks
Date: Tue, 9 Jul 2024 11:12:35 +0100 [thread overview]
Message-ID: <Zo0NE38hE3PAxJrD@arm.com> (raw)
In-Reply-To: <20240618075247.1394144-1-leixiang@kylinos.cn>
Hi,
Adding the kvmtool maintainers (you can find them in the README file).
On Tue, Jun 18, 2024 at 03:52:47PM +0800, leixiang wrote:
> Fix memory leakage in disk/core disk_image__open_all when malloc disk failed,
> should free the disks that already malloced.
>
> Signed-off-by: Lei Xiang <leixiang@kylinos.cn>
> Suggested-by: Xie Ming <xieming@kylinos.cn>
> ---
> disk/core.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/disk/core.c b/disk/core.c
> index dd2f258..affeece 100644
> --- a/disk/core.c
> +++ b/disk/core.c
> @@ -195,8 +195,10 @@ static struct disk_image **disk_image__open_all(struct kvm *kvm)
>
> if (wwpn) {
> disks[i] = malloc(sizeof(struct disk_image));
> - if (!disks[i])
> - return ERR_PTR(-ENOMEM);
> + if (!disks[i]) {
> + err = ERR_PTR(-ENOMEM);
> + goto error;
> + }
> disks[i]->wwpn = wwpn;
> disks[i]->tpgt = tpgt;
Currently, the latest patch on branch master is ca31abf5d9c3 ("arm64: Allow
the user to select the max SVE vector length"), and struct disk_image
doesn't have a tpgt field. Did you write this patch on a local branch?
> continue;
This is what the 'error' label does:
error:
for (i = 0; i < count; i++)
if (!IS_ERR_OR_NULL(disks[i]))
disk_image__close(disks[i]);
free(disks);
return err;
And disk_image__close() ends up poking all sort of fields from struct
disk_image, including dereferencing pointers embedded in the struct. If
WWPN is specified for a disk, struct disk_image is allocated using malloc
as above, the field wwwpn is set and the rest of the fields are left
uninitialized. Because of this, calling disk_image__close() on a struct
disk_image with wwpn can lead to all sorts of nasty things happening.
May I suggest allocating disks[i] using calloc in the wwpn case to fix
this? Ideally, you would have two patches:
1. A patch that changes the disk[i] allocation to calloc(), to prevent
disk_image__close() accessing unitialized fields when disk_image__open()
fails after initialized a WWPN disk.
2. This patch.
Thanks,
Alex
> --
> 2.34.1
>
>
next prev parent reply other threads:[~2024-07-09 10:12 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-18 7:52 [PATCH] kvm tools:Fix memory leakage in open all disks leixiang
2024-07-09 10:12 ` Alexandru Elisei [this message]
[not found] ` <1720577870543075.69.seg@mailgw.kylinos.cn>
2024-07-10 8:12 ` leixiang
2024-07-10 8:27 ` Alexandru Elisei
2024-07-10 10:00 ` leixiang
2024-07-10 10:03 ` Alexandru Elisei
2024-08-05 12:27 ` Will Deacon
2024-08-06 12:48 ` Alexandru Elisei
2024-08-08 7:07 ` leixiang
-- strict thread matches above, loose matches on Subject: below --
2024-08-07 6:18 雷翔
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zo0NE38hE3PAxJrD@arm.com \
--to=alexandru.elisei@arm.com \
--cc=julien.thierry.kdev@gmail.com \
--cc=kvm@vger.kernel.org \
--cc=leixiang@kylinos.cn \
--cc=will@kernel.org \
--cc=xieming@kylinos.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.