qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [Qemu-devel] [PATCH] qapi: fix memory leak in QmpOutputVisitor
@ 2016-10-18  9:17 Pino Toscano
  2016-10-18 11:13 ` Eric Blake
  0 siblings, 1 reply; 6+ messages in thread
From: Pino Toscano @ 2016-10-18  9:17 UTC (permalink / raw)
  To: qemu-devel; +Cc: armbru, mdroth, ptoscano

qmp_output_start_struct() and qmp_output_start_list() create a new
QObject (QDict, QList) and push it to the stack of the QmpOutputVisitor,
where it is saved as 'value'.  When freeing the iterator in
qmp_output_free(), these values are never freed properly.

The simple solution is to qobject_decref() them.
---
 qapi/qmp-output-visitor.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/qapi/qmp-output-visitor.c b/qapi/qmp-output-visitor.c
index 9e3b67c..eedf256 100644
--- a/qapi/qmp-output-visitor.c
+++ b/qapi/qmp-output-visitor.c
@@ -220,6 +220,7 @@ static void qmp_output_free(Visitor *v)
     while (!QSLIST_EMPTY(&qov->stack)) {
         e = QSLIST_FIRST(&qov->stack);
         QSLIST_REMOVE_HEAD(&qov->stack, node);
+        qobject_decref(e->value);
         g_free(e);
     }
 
-- 
2.7.4

^ permalink raw reply related	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH] qapi: fix memory leak in QmpOutputVisitor
  2016-10-18  9:17 [Qemu-devel] [PATCH] qapi: fix memory leak in QmpOutputVisitor Pino Toscano
@ 2016-10-18 11:13 ` Eric Blake
  2016-10-18 11:19   ` Eric Blake
  2016-10-18 11:22   ` Pino Toscano
  0 siblings, 2 replies; 6+ messages in thread
From: Eric Blake @ 2016-10-18 11:13 UTC (permalink / raw)
  To: Pino Toscano, qemu-devel; +Cc: armbru, mdroth

[-- Attachment #1: Type: text/plain, Size: 1187 bytes --]

On 10/18/2016 04:17 AM, Pino Toscano wrote:
> qmp_output_start_struct() and qmp_output_start_list() create a new
> QObject (QDict, QList) and push it to the stack of the QmpOutputVisitor,
> where it is saved as 'value'.  When freeing the iterator in
> qmp_output_free(), these values are never freed properly.

Do any of the tests (perhaps run under valgrind) show this leak? If not,
maybe we should enhance their coverage.

> 
> The simple solution is to qobject_decref() them.
> ---
>  qapi/qmp-output-visitor.c | 1 +
>  1 file changed, 1 insertion(+)

Reviewed-by: Eric Blake <eblake@redhat.com>

> 
> diff --git a/qapi/qmp-output-visitor.c b/qapi/qmp-output-visitor.c
> index 9e3b67c..eedf256 100644
> --- a/qapi/qmp-output-visitor.c
> +++ b/qapi/qmp-output-visitor.c
> @@ -220,6 +220,7 @@ static void qmp_output_free(Visitor *v)
>      while (!QSLIST_EMPTY(&qov->stack)) {
>          e = QSLIST_FIRST(&qov->stack);
>          QSLIST_REMOVE_HEAD(&qov->stack, node);
> +        qobject_decref(e->value);
>          g_free(e);
>      }
>  
> 

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH] qapi: fix memory leak in QmpOutputVisitor
  2016-10-18 11:13 ` Eric Blake
@ 2016-10-18 11:19   ` Eric Blake
  2016-10-18 11:22   ` Pino Toscano
  1 sibling, 0 replies; 6+ messages in thread
From: Eric Blake @ 2016-10-18 11:19 UTC (permalink / raw)
  To: Pino Toscano, qemu-devel; +Cc: armbru, mdroth

[-- Attachment #1: Type: text/plain, Size: 1337 bytes --]

On 10/18/2016 06:13 AM, Eric Blake wrote:
> On 10/18/2016 04:17 AM, Pino Toscano wrote:
>> qmp_output_start_struct() and qmp_output_start_list() create a new
>> QObject (QDict, QList) and push it to the stack of the QmpOutputVisitor,
>> where it is saved as 'value'.  When freeing the iterator in
>> qmp_output_free(), these values are never freed properly.
> 
> Do any of the tests (perhaps run under valgrind) show this leak? If not,
> maybe we should enhance their coverage.
> 
>>
>> The simple solution is to qobject_decref() them.
>> ---
>>  qapi/qmp-output-visitor.c | 1 +
>>  1 file changed, 1 insertion(+)
> 
> Reviewed-by: Eric Blake <eblake@redhat.com>

except this should be done against v2, where you had S-o-B :)

> 
>>
>> diff --git a/qapi/qmp-output-visitor.c b/qapi/qmp-output-visitor.c
>> index 9e3b67c..eedf256 100644
>> --- a/qapi/qmp-output-visitor.c
>> +++ b/qapi/qmp-output-visitor.c
>> @@ -220,6 +220,7 @@ static void qmp_output_free(Visitor *v)
>>      while (!QSLIST_EMPTY(&qov->stack)) {
>>          e = QSLIST_FIRST(&qov->stack);
>>          QSLIST_REMOVE_HEAD(&qov->stack, node);
>> +        qobject_decref(e->value);
>>          g_free(e);
>>      }
>>  
>>
> 

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH] qapi: fix memory leak in QmpOutputVisitor
  2016-10-18 11:13 ` Eric Blake
  2016-10-18 11:19   ` Eric Blake
@ 2016-10-18 11:22   ` Pino Toscano
  2016-10-21 21:20     ` Eric Blake
  1 sibling, 1 reply; 6+ messages in thread
From: Pino Toscano @ 2016-10-18 11:22 UTC (permalink / raw)
  To: Eric Blake; +Cc: qemu-devel, armbru, mdroth

[-- Attachment #1: Type: text/plain, Size: 1500 bytes --]

On Tuesday, 18 October 2016 06:13:30 CEST Eric Blake wrote:
> On 10/18/2016 04:17 AM, Pino Toscano wrote:
> > qmp_output_start_struct() and qmp_output_start_list() create a new
> > QObject (QDict, QList) and push it to the stack of the QmpOutputVisitor,
> > where it is saved as 'value'.  When freeing the iterator in
> > qmp_output_free(), these values are never freed properly.
> 
> Do any of the tests (perhaps run under valgrind) show this leak? If not,
> maybe we should enhance their coverage.

Running a simple `qemu-img info file.qcow2` under valgrind was enough
for me to show the leak.

In this case, another simple fix is needed to fully fix the leak:
http://lists.nongnu.org/archive/html/qemu-devel/2016-10/msg04023.html
(Yes, I just saw your ACK on this, Eric, just leaving it here for
reference.)

> > 
> > The simple solution is to qobject_decref() them.
> > ---
> >  qapi/qmp-output-visitor.c | 1 +
> >  1 file changed, 1 insertion(+)
> 
> Reviewed-by: Eric Blake <eblake@redhat.com>
> 
> > 
> > diff --git a/qapi/qmp-output-visitor.c b/qapi/qmp-output-visitor.c
> > index 9e3b67c..eedf256 100644
> > --- a/qapi/qmp-output-visitor.c
> > +++ b/qapi/qmp-output-visitor.c
> > @@ -220,6 +220,7 @@ static void qmp_output_free(Visitor *v)
> >      while (!QSLIST_EMPTY(&qov->stack)) {
> >          e = QSLIST_FIRST(&qov->stack);
> >          QSLIST_REMOVE_HEAD(&qov->stack, node);
> > +        qobject_decref(e->value);
> >          g_free(e);
> >      }
> >  
> > 
> 
> 


-- 
Pino Toscano

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH] qapi: fix memory leak in QmpOutputVisitor
  2016-10-18 11:22   ` Pino Toscano
@ 2016-10-21 21:20     ` Eric Blake
  2016-10-24 11:40       ` Pino Toscano
  0 siblings, 1 reply; 6+ messages in thread
From: Eric Blake @ 2016-10-21 21:20 UTC (permalink / raw)
  To: Pino Toscano; +Cc: qemu-devel, armbru, mdroth

[-- Attachment #1: Type: text/plain, Size: 1489 bytes --]

On 10/18/2016 06:22 AM, Pino Toscano wrote:
> On Tuesday, 18 October 2016 06:13:30 CEST Eric Blake wrote:
>> On 10/18/2016 04:17 AM, Pino Toscano wrote:
>>> qmp_output_start_struct() and qmp_output_start_list() create a new
>>> QObject (QDict, QList) and push it to the stack of the QmpOutputVisitor,
>>> where it is saved as 'value'.  When freeing the iterator in
>>> qmp_output_free(), these values are never freed properly.
>>
>> Do any of the tests (perhaps run under valgrind) show this leak? If not,
>> maybe we should enhance their coverage.
> 
> Running a simple `qemu-img info file.qcow2` under valgrind was enough
> for me to show the leak.

I'm still not reproducing it. :(

> 
> In this case, another simple fix is needed to fully fix the leak:
> http://lists.nongnu.org/archive/html/qemu-devel/2016-10/msg04023.html

In fact, isn't that fix alone enough to fix the leak? The more I think
about this patch (and the thread on v2), the more I think it is too
prone to double-freeing things.

>>> +++ b/qapi/qmp-output-visitor.c
>>> @@ -220,6 +220,7 @@ static void qmp_output_free(Visitor *v)
>>>      while (!QSLIST_EMPTY(&qov->stack)) {
>>>          e = QSLIST_FIRST(&qov->stack);
>>>          QSLIST_REMOVE_HEAD(&qov->stack, node);
>>> +        qobject_decref(e->value);
>>>          g_free(e);
>>>      }
>>>  
>>>
>>
>>
> 
> 

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 604 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
* Re: [Qemu-devel] [PATCH] qapi: fix memory leak in QmpOutputVisitor
  2016-10-21 21:20     ` Eric Blake
@ 2016-10-24 11:40       ` Pino Toscano
  0 siblings, 0 replies; 6+ messages in thread
From: Pino Toscano @ 2016-10-24 11:40 UTC (permalink / raw)
  To: Eric Blake; +Cc: qemu-devel, armbru, mdroth

[-- Attachment #1: Type: text/plain, Size: 1500 bytes --]

On Friday, 21 October 2016 16:20:30 CEST Eric Blake wrote:
> On 10/18/2016 06:22 AM, Pino Toscano wrote:
> > On Tuesday, 18 October 2016 06:13:30 CEST Eric Blake wrote:
> >> On 10/18/2016 04:17 AM, Pino Toscano wrote:
> >>> qmp_output_start_struct() and qmp_output_start_list() create a new
> >>> QObject (QDict, QList) and push it to the stack of the QmpOutputVisitor,
> >>> where it is saved as 'value'.  When freeing the iterator in
> >>> qmp_output_free(), these values are never freed properly.
> >>
> >> Do any of the tests (perhaps run under valgrind) show this leak? If not,
> >> maybe we should enhance their coverage.
> > 
> > Running a simple `qemu-img info file.qcow2` under valgrind was enough
> > for me to show the leak.
> 
> I'm still not reproducing it. :(

Funny, now I cannot either, not even by resetting master back to the day
when I did the patches.  And I'm pretty sure that it was an issue, since
doing only this patch did not fully fix the leak: valgrind runs were
fine, so a full run of the libguestfs test suite with the rebuild qemu
as hypervisor.

> > In this case, another simple fix is needed to fully fix the leak:
> > http://lists.nongnu.org/archive/html/qemu-devel/2016-10/msg04023.html
> 
> In fact, isn't that fix alone enough to fix the leak? The more I think
> about this patch (and the thread on v2), the more I think it is too
> prone to double-freeing things.

I agree on the "this is not needed part", so let's just drop this patch.

Thanks,
-- 
Pino Toscano

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-10-24 11:41 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-10-18  9:17 [Qemu-devel] [PATCH] qapi: fix memory leak in QmpOutputVisitor Pino Toscano
2016-10-18 11:13 ` Eric Blake
2016-10-18 11:19   ` Eric Blake
2016-10-18 11:22   ` Pino Toscano
2016-10-21 21:20     ` Eric Blake
2016-10-24 11:40       ` Pino Toscano

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).