From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42561)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <stefanha@redhat.com>) id 1VOpba-0007sy-0H
	for qemu-devel@nongnu.org; Wed, 25 Sep 2013 09:58:18 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <stefanha@redhat.com>) id 1VOpbU-0004MW-VK
	for qemu-devel@nongnu.org; Wed, 25 Sep 2013 09:58:13 -0400
Date: Wed, 25 Sep 2013 15:58:02 +0200
From: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20130925135802.GA13589@stefanha-thinkpad.redhat.com>
References: <1376482432-24929-1-git-send-email-stefanha@redhat.com>
	<20130925002823.25429.86191@loki>
	<20130925080611.GA2898@dhcp-200-207.str.redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20130925080611.GA2898@dhcp-200-207.str.redhat.com>
Subject: Re: [Qemu-devel] [PATCH] rbd: avoid qemu_rbd_snap_list() memory
 leak when no snapshots
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: Kevin Wolf <kwolf@redhat.com>
Cc: Josh Durgin <josh.durgin@inktank.com>, qemu-stable@nongnu.org, Michael Roth <mdroth@linux.vnet.ibm.com>, qemu-devel@nongnu.org

On Wed, Sep 25, 2013 at 10:06:11AM +0200, Kevin Wolf wrote:
> Am 25.09.2013 um 02:28 hat Michael Roth geschrieben:
> > Quoting Stefan Hajnoczi (2013-08-14 07:13:52)
> > > When there are no snapshots qemu_rbd_snap_list() returns 0 and the
> > > snapshot table pointer is NULL.  Don't forget to free the snaps buffer
> > > we allocated for librbd rbd_snap_list().
> > > 
> > > Cc: qemu-stable@nongnu.org
> > > Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
> > 
> > Ping for 1.6.1
> 
> Applied it to the block branch for now, but...
> 
> > > ---
> > >  block/rbd.c | 2 +-
> > >  1 file changed, 1 insertion(+), 1 deletion(-)
> > > 
> > > diff --git a/block/rbd.c b/block/rbd.c
> > > index cb71751..4e26fea 100644
> > > --- a/block/rbd.c
> > > +++ b/block/rbd.c
> > > @@ -934,7 +934,7 @@ static int qemu_rbd_snap_list(BlockDriverState *bs,
> > >      do {
> > >          snaps = g_malloc(sizeof(*snaps) * max_snaps);
> > >          snap_count = rbd_snap_list(s->image, snaps, &max_snaps);
> > > -        if (snap_count < 0) {
> > > +        if (snap_count <= 0) {
> > >              g_free(snaps);
> > >          }
> > >      } while (snap_count == -ERANGE);
> 
> ...I think this isn't a complete fix. In the successful case we still
> leak snaps. The g_free() should probably be moved to after the done:
> label in a v2 of the patch.

You are right.  I'm sending a v2.  rbd_snap_list_end() does not free
snaps itself, only the strings that snaps[i].name points to.  Therefore
we need to free snaps.