From: Kevin Wolf <kwolf@redhat.com>
To: Manos Pitsidianakis <el13635@mail.ntua.gr>
Cc: qemu-devel <qemu-devel@nongnu.org>,
qemu-block <qemu-block@nongnu.org>,
Stefan Hajnoczi <stefanha@redhat.com>,
Alberto Garcia <berto@igalia.com>, Max Reitz <mreitz@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2] block: fix leaks in bdrv_open_driver()
Date: Tue, 11 Jul 2017 17:16:17 +0200 [thread overview]
Message-ID: <20170711151617.GK4335@noname.str.redhat.com> (raw)
In-Reply-To: <20170701153906.16588-1-el13635@mail.ntua.gr>
Am 01.07.2017 um 17:39 hat Manos Pitsidianakis geschrieben:
> bdrv_open_driver() is called in two places, bdrv_new_open_driver() and
> bdrv_open_common(). In the latter, failure cleanup in is in its caller,
> bdrv_open_inherit(), which unrefs the bs->file of the failed driver open if it
> exists.
>
> Let's move the bs->file cleanup to bdrv_open_driver() to take care of all
> callers and do not set bs->drv to NULL unless the driver's open function
> failed. When bs is destroyed by removing its last reference, bdrv_close()
> checks bs->drv to perform the needed cleanups and also call the driver's close
> function.
>
> Signed-off-by: Manos Pitsidianakis <el13635@mail.ntua.gr>
> ---
>
> v2:
> move bdrv_unref_child(bs, bs->file) to bdrv_open_driver
> do not set bs->drv to NULL if open succeeds
>
> block.c | 21 +++++++++++++--------
> 1 file changed, 13 insertions(+), 8 deletions(-)
>
> diff --git a/block.c b/block.c
> index 694396281b..df2a46990c 100644
> --- a/block.c
> +++ b/block.c
> @@ -1091,6 +1091,7 @@ static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
> {
> Error *local_err = NULL;
> int ret;
> + bool open_failed;
>
> bdrv_assign_node_name(bs, node_name, &local_err);
> if (local_err) {
> @@ -1111,7 +1112,9 @@ static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
> ret = 0;
> }
>
> - if (ret < 0) {
> + open_failed = ret < 0;
> +
> + if (open_failed) {
> if (local_err) {
> error_propagate(errp, local_err);
> } else if (bs->filename[0]) {
> @@ -1142,10 +1145,15 @@ static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
> return 0;
>
> free_and_fail:
> - /* FIXME Close bs first if already opened*/
> - g_free(bs->opaque);
> - bs->opaque = NULL;
> - bs->drv = NULL;
> + if (open_failed) {
> + g_free(bs->opaque);
> + bs->opaque = NULL;
> + bs->drv = NULL;
> + }
> + if (bs->file != NULL) {
> + bdrv_unref_child(bs, bs->file);
> + bs->file = NULL;
> + }
Is this bdrv_unref_child() safe if we leave bs->drv set? Format drivers
expect that if an image is opened, it also has a valid bs->file.
For example, if I add ret = -1 after refresh_total_sectors() (because I
couldn't find an easier way to make it fail intentionally), I get an
ugly heap corruption crash instead of a nice error message with this
patch.
Kevin
next prev parent reply other threads:[~2017-07-11 15:16 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-01 15:39 [Qemu-devel] [PATCH v2] block: fix leaks in bdrv_open_driver() Manos Pitsidianakis
2017-07-11 15:16 ` Kevin Wolf [this message]
2017-07-11 18:50 ` Manos Pitsidianakis
2017-07-12 8:33 ` Kevin Wolf
2017-07-12 8:39 ` Manos Pitsidianakis
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170711151617.GK4335@noname.str.redhat.com \
--to=kwolf@redhat.com \
--cc=berto@igalia.com \
--cc=el13635@mail.ntua.gr \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
--cc=stefanha@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).