* [Qemu-devel] [PATCH] json-streamer: Don't leak tokens on incomplete parse @ 2016-05-18 21:46 Eric Blake 2016-05-31 13:45 ` Markus Armbruster 2016-07-04 7:35 ` Changlong Xie 0 siblings, 2 replies; 5+ messages in thread From: Eric Blake @ 2016-05-18 21:46 UTC (permalink / raw) To: qemu-devel; +Cc: pbonzini, armbru, qemu-stable, Luiz Capitulino Valgrind complained about a number of leaks in tests/check-qobject-json: ==12657== definitely lost: 17,247 bytes in 1,234 blocks All of which had the same root cause: on an incomplete parse, we were abandoning the token queue without cleaning up the allocated data within each queue element. Introduced in commit 95385fe, when we switched from QList (which recursively frees contents) to g_queue (which does not). We don't yet require glib 2.32 with its g_queue_free_full(), so open-code it instead. CC: qemu-stable@nongnu.org Signed-off-by: Eric Blake <eblake@redhat.com> --- qobject/json-streamer.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/qobject/json-streamer.c b/qobject/json-streamer.c index 0251685..7164390 100644 --- a/qobject/json-streamer.c +++ b/qobject/json-streamer.c @@ -20,9 +20,15 @@ #define MAX_TOKEN_COUNT (2ULL << 20) #define MAX_NESTING (1ULL << 10) +static void json_message_free_token(void *token, void *opaque) +{ + g_free(token); +} + static void json_message_free_tokens(JSONMessageParser *parser) { if (parser->tokens) { + g_queue_foreach(parser->tokens, json_message_free_token, NULL); g_queue_free(parser->tokens); parser->tokens = NULL; } -- 2.5.5 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH] json-streamer: Don't leak tokens on incomplete parse 2016-05-18 21:46 [Qemu-devel] [PATCH] json-streamer: Don't leak tokens on incomplete parse Eric Blake @ 2016-05-31 13:45 ` Markus Armbruster 2016-07-04 7:35 ` Changlong Xie 1 sibling, 0 replies; 5+ messages in thread From: Markus Armbruster @ 2016-05-31 13:45 UTC (permalink / raw) To: Eric Blake; +Cc: qemu-devel, pbonzini, Luiz Capitulino, qemu-stable Eric Blake <eblake@redhat.com> writes: > Valgrind complained about a number of leaks in > tests/check-qobject-json: > > ==12657== definitely lost: 17,247 bytes in 1,234 blocks > > All of which had the same root cause: on an incomplete parse, > we were abandoning the token queue without cleaning up the > allocated data within each queue element. Introduced in > commit 95385fe, when we switched from QList (which recursively > frees contents) to g_queue (which does not). > > We don't yet require glib 2.32 with its g_queue_free_full(), > so open-code it instead. Should we add a replacement g_queue_free_full() to glib-compat.h? > CC: qemu-stable@nongnu.org > Signed-off-by: Eric Blake <eblake@redhat.com> > --- > qobject/json-streamer.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/qobject/json-streamer.c b/qobject/json-streamer.c > index 0251685..7164390 100644 > --- a/qobject/json-streamer.c > +++ b/qobject/json-streamer.c > @@ -20,9 +20,15 @@ > #define MAX_TOKEN_COUNT (2ULL << 20) > #define MAX_NESTING (1ULL << 10) > > +static void json_message_free_token(void *token, void *opaque) > +{ > + g_free(token); > +} > + > static void json_message_free_tokens(JSONMessageParser *parser) > { > if (parser->tokens) { > + g_queue_foreach(parser->tokens, json_message_free_token, NULL); > g_queue_free(parser->tokens); > parser->tokens = NULL; > } Since open-coding is a one-liner, I'm okay with it. Applied to my qapi-next branch, thanks! ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH] json-streamer: Don't leak tokens on incomplete parse 2016-05-18 21:46 [Qemu-devel] [PATCH] json-streamer: Don't leak tokens on incomplete parse Eric Blake 2016-05-31 13:45 ` Markus Armbruster @ 2016-07-04 7:35 ` Changlong Xie 2016-07-04 12:21 ` Markus Armbruster 1 sibling, 1 reply; 5+ messages in thread From: Changlong Xie @ 2016-07-04 7:35 UTC (permalink / raw) To: Eric Blake, qemu-devel; +Cc: pbonzini, Luiz Capitulino, armbru, qemu-stable On 05/19/2016 05:46 AM, Eric Blake wrote: > Valgrind complained about a number of leaks in > tests/check-qobject-json: > > ==12657== definitely lost: 17,247 bytes in 1,234 blocks > > All of which had the same root cause: on an incomplete parse, > we were abandoning the token queue without cleaning up the > allocated data within each queue element. Introduced in > commit 95385fe, when we switched from QList (which recursively > frees contents) to g_queue (which does not). > > We don't yet require glib 2.32 with its g_queue_free_full(), > so open-code it instead. > > CC: qemu-stable@nongnu.org > Signed-off-by: Eric Blake <eblake@redhat.com> > --- > qobject/json-streamer.c | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/qobject/json-streamer.c b/qobject/json-streamer.c > index 0251685..7164390 100644 > --- a/qobject/json-streamer.c > +++ b/qobject/json-streamer.c > @@ -20,9 +20,15 @@ > #define MAX_TOKEN_COUNT (2ULL << 20) > #define MAX_NESTING (1ULL << 10) > > +static void json_message_free_token(void *token, void *opaque) > +{ > + g_free(token); > +} > + > static void json_message_free_tokens(JSONMessageParser *parser) > { > if (parser->tokens) { > + g_queue_foreach(parser->tokens, json_message_free_token, NULL); > g_queue_free(parser->tokens); > parser->tokens = NULL; > } > It seems this commit make tests/qemu-iotests/071 failed on the last master branch. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH] json-streamer: Don't leak tokens on incomplete parse 2016-07-04 7:35 ` Changlong Xie @ 2016-07-04 12:21 ` Markus Armbruster 2016-07-04 12:31 ` Paolo Bonzini 0 siblings, 1 reply; 5+ messages in thread From: Markus Armbruster @ 2016-07-04 12:21 UTC (permalink / raw) To: Changlong Xie Cc: Eric Blake, qemu-devel, pbonzini, qemu-stable, Luiz Capitulino Changlong Xie <xiecl.fnst@cn.fujitsu.com> writes: > On 05/19/2016 05:46 AM, Eric Blake wrote: >> Valgrind complained about a number of leaks in >> tests/check-qobject-json: >> >> ==12657== definitely lost: 17,247 bytes in 1,234 blocks >> >> All of which had the same root cause: on an incomplete parse, >> we were abandoning the token queue without cleaning up the >> allocated data within each queue element. Introduced in >> commit 95385fe, when we switched from QList (which recursively >> frees contents) to g_queue (which does not). >> >> We don't yet require glib 2.32 with its g_queue_free_full(), >> so open-code it instead. >> >> CC: qemu-stable@nongnu.org >> Signed-off-by: Eric Blake <eblake@redhat.com> >> --- >> qobject/json-streamer.c | 6 ++++++ >> 1 file changed, 6 insertions(+) >> >> diff --git a/qobject/json-streamer.c b/qobject/json-streamer.c >> index 0251685..7164390 100644 >> --- a/qobject/json-streamer.c >> +++ b/qobject/json-streamer.c >> @@ -20,9 +20,15 @@ >> #define MAX_TOKEN_COUNT (2ULL << 20) >> #define MAX_NESTING (1ULL << 10) >> >> +static void json_message_free_token(void *token, void *opaque) >> +{ >> + g_free(token); >> +} >> + >> static void json_message_free_tokens(JSONMessageParser *parser) >> { >> if (parser->tokens) { >> + g_queue_foreach(parser->tokens, json_message_free_token, NULL); >> g_queue_free(parser->tokens); >> parser->tokens = NULL; >> } >> > > It seems this commit make tests/qemu-iotests/071 failed on the last > master branch. More direct reproducer: { "execute": "qmp_capabilities" } { "execute": "blockdev-add", "arguments": { "options": { "node-name": "drive0", "driver": "qcow2", "file": { "driver": "file", "filename": "t.qcow2" } } } } { "execute": "blockdev-add", "arguments": { "options": { "driver": "blkverify", "id": "drive0-verify", "test": "drive0", "raw": { "driver": "file", "filename": "t.qcow2.base" } } } } { "execute": "human-monitor-command", "arguments": { "command-line": 'qemu-io drive0-verify "read 0 512"' } } With t.qcow2 and t.qcow2.base as in 071. Interesting part of valgrind run: ==29716== at 0xF7E8E71: g_queue_foreach (in /usr/lib64/libglib-2.0.so.0.4600.2) ==29716== by 0x7CB7C5: json_message_free_tokens (json-streamer.c:31) ==29716== by 0x7CBAC6: json_message_parser_destroy (json-streamer.c:131) ==29716== by 0x3469AE: monitor_qmp_event (monitor.c:4022) ==29716== by 0x476C32: qemu_chr_be_event (qemu-char.c:205) ==29716== by 0x47BE05: tcp_chr_close (qemu-char.c:3175) ==29716== by 0x47E5AB: qemu_chr_free (qemu-char.c:4036) ==29716== by 0x47E62C: qemu_chr_delete (qemu-char.c:4044) ==29716== by 0x47F576: qemu_chr_cleanup (qemu-char.c:4557) ==29716== by 0x12EA65E7: __run_exit_handlers (in /usr/lib64/libc-2.22.so) ==29716== by 0x12EA6634: exit (in /usr/lib64/libc-2.22.so) ==29716== by 0x74762C: blkverify_err (blkverify.c:58) ==29716== Address 0x24270550 is 0 bytes inside a block of size 24 free'd ==29716== at 0x4C29CF0: free (vg_replace_malloc.c:530) ==29716== by 0xF7DE63D: g_free (in /usr/lib64/libglib-2.0.so.0.4600.2) ==29716== by 0xF7F5DCC: g_slice_free1 (in /usr/lib64/libglib-2.0.so.0.4600.2) ==29716== by 0x7CC327: parser_context_free (json-parser.c:268) ==29716== by 0x7CCFB5: json_parser_parse_err (json-parser.c:577) ==29716== by 0x7CCF48: json_parser_parse (json-parser.c:561) ==29716== by 0x3464A2: handle_qmp_command (monitor.c:3892) ==29716== by 0x7CB9C7: json_message_process_token (json-streamer.c:100) ==29716== by 0x7EDEC2: json_lexer_feed_char (json-lexer.c:319) ==29716== by 0x7EE00A: json_lexer_feed (json-lexer.c:369) ==29716== by 0x7CBA7E: json_message_parser_feed (json-streamer.c:120) ==29716== by 0x346722: monitor_qmp_read (monitor.c:3949) ==29716== Block was alloc'd at ==29716== at 0x4C28BF6: malloc (vg_replace_malloc.c:299) ==29716== by 0xF7DE528: g_malloc (in /usr/lib64/libglib-2.0.so.0.4600.2) ==29716== by 0xF7F5652: g_slice_alloc (in /usr/lib64/libglib-2.0.so.0.4600.2) ==29716== by 0xF7F5CED: g_slice_alloc0 (in /usr/lib64/libglib-2.0.so.0.4600.2) ==29716== by 0x7CB9CC: json_message_process_token (json-streamer.c:101) ==29716== by 0x7EDEC2: json_lexer_feed_char (json-lexer.c:319) ==29716== by 0x7EE00A: json_lexer_feed (json-lexer.c:369) ==29716== by 0x7CBA7E: json_message_parser_feed (json-streamer.c:120) ==29716== by 0x346722: monitor_qmp_read (monitor.c:3949) ==29716== by 0x477214: qemu_chr_be_write_impl (qemu-char.c:388) ==29716== by 0x477272: qemu_chr_be_write (qemu-char.c:400) ==29716== by 0x47B4CD: tcp_chr_read (qemu-char.c:2894) Double free. Can't see offhand how this stuff works. Eric, let's revert this patch unless you can see a fix. ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [Qemu-devel] [PATCH] json-streamer: Don't leak tokens on incomplete parse 2016-07-04 12:21 ` Markus Armbruster @ 2016-07-04 12:31 ` Paolo Bonzini 0 siblings, 0 replies; 5+ messages in thread From: Paolo Bonzini @ 2016-07-04 12:31 UTC (permalink / raw) To: Markus Armbruster, Changlong Xie Cc: Eric Blake, qemu-devel, qemu-stable, Luiz Capitulino On 04/07/2016 14:21, Markus Armbruster wrote: > Double free. Can't see offhand how this stuff works. Eric, let's > revert this patch unless you can see a fix. I think I have a fix. Paolo ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-07-04 12:31 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2016-05-18 21:46 [Qemu-devel] [PATCH] json-streamer: Don't leak tokens on incomplete parse Eric Blake 2016-05-31 13:45 ` Markus Armbruster 2016-07-04 7:35 ` Changlong Xie 2016-07-04 12:21 ` Markus Armbruster 2016-07-04 12:31 ` Paolo Bonzini
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).