From: Kevin Wolf <kwolf@redhat.com>
To: qemu-block@nongnu.org
Cc: kwolf@redhat.com, peter.maydell@linaro.org, qemu-devel@nongnu.org
Subject: [Qemu-devel] [PULL 07/15] block: fix leaks in bdrv_open_driver()
Date: Tue, 1 Aug 2017 16:46:24 +0200 [thread overview]
Message-ID: <20170801144632.3831-8-kwolf@redhat.com> (raw)
In-Reply-To: <20170801144632.3831-1-kwolf@redhat.com>
From: Manos Pitsidianakis <el13635@mail.ntua.gr>
bdrv_open_driver() is called in two places, bdrv_new_open_driver() and
bdrv_open_common(). In the latter, failure cleanup in is in its caller,
bdrv_open_inherit(), which unrefs the bs->file of the failed driver open
if it exists.
Let's move the bs->file cleanup to bdrv_open_driver() to take care of
all callers and do not set bs->drv to NULL unless the driver's open
function failed. When bs is destroyed by removing its last reference, it
calls bdrv_close() which checks bs->drv to perform the needed cleanups
and also call the driver's close function. Since it cleans up options
and opaque we must take care not leave dangling pointers.
The error paths in bdrv_open_driver() are now two:
If open fails, drv->bdrv_close() should not be called. Unref the child
if it exists, free what we allocated and set bs->drv to NULL. Return the
error and let callers free their stuff.
If open succeeds but we fail after, return the error and let callers
unref and delete their bs, while cleaning up their allocations.
Signed-off-by: Manos Pitsidianakis <el13635@mail.ntua.gr>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
---
block.c | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/block.c b/block.c
index 7a78bc647b..ce9cce7b3c 100644
--- a/block.c
+++ b/block.c
@@ -1119,20 +1119,19 @@ static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
} else {
error_setg_errno(errp, -ret, "Could not open image");
}
- goto free_and_fail;
+ goto open_failed;
}
ret = refresh_total_sectors(bs, bs->total_sectors);
if (ret < 0) {
error_setg_errno(errp, -ret, "Could not refresh total sector count");
- goto free_and_fail;
+ return ret;
}
bdrv_refresh_limits(bs, &local_err);
if (local_err) {
error_propagate(errp, local_err);
- ret = -EINVAL;
- goto free_and_fail;
+ return -EINVAL;
}
assert(bdrv_opt_mem_align(bs) != 0);
@@ -1140,12 +1139,14 @@ static int bdrv_open_driver(BlockDriverState *bs, BlockDriver *drv,
assert(is_power_of_2(bs->bl.request_alignment));
return 0;
-
-free_and_fail:
- /* FIXME Close bs first if already opened*/
+open_failed:
+ bs->drv = NULL;
+ if (bs->file != NULL) {
+ bdrv_unref_child(bs, bs->file);
+ bs->file = NULL;
+ }
g_free(bs->opaque);
bs->opaque = NULL;
- bs->drv = NULL;
return ret;
}
@@ -1166,7 +1167,9 @@ BlockDriverState *bdrv_new_open_driver(BlockDriver *drv, const char *node_name,
ret = bdrv_open_driver(bs, drv, node_name, bs->options, flags, errp);
if (ret < 0) {
QDECREF(bs->explicit_options);
+ bs->explicit_options = NULL;
QDECREF(bs->options);
+ bs->options = NULL;
bdrv_unref(bs);
return NULL;
}
@@ -2600,9 +2603,6 @@ static BlockDriverState *bdrv_open_inherit(const char *filename,
fail:
blk_unref(file);
- if (bs->file != NULL) {
- bdrv_unref_child(bs, bs->file);
- }
QDECREF(snapshot_options);
QDECREF(bs->explicit_options);
QDECREF(bs->options);
--
2.13.3
next prev parent reply other threads:[~2017-08-01 14:46 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-01 14:46 [Qemu-devel] [PULL 00/15] Block layer patches for 2.10.0-rc1 Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 01/15] docs: add qemu-block-drivers(7) man page Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 02/15] iotests: Fix test 156 Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 03/15] iotests: Redirect stderr to stdout in 186 Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 04/15] iotests: Check dirty bitmap statistics in 124 Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 05/15] iotests: Add test of recent fix to 'qemu-img measure' Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 06/15] block: fix dangling bs->explicit_options in block.c Kevin Wolf
2017-08-01 14:46 ` Kevin Wolf [this message]
2017-08-01 14:46 ` [Qemu-devel] [PULL 08/15] qemu-iotests/041: Fix leaked scratch images Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 09/15] qemu-iotests: Remove blkdebug.conf after tests Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 10/15] qemu-iotests/141: Fix image cleanup Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 11/15] qemu-iotests/153: Fix leaked scratch images Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 12/15] qemu-iotests/162: Fix leaked temporary files Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 13/15] qemu-iotests/063: Fix leaked image Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 14/15] qemu-iotests/059: Fix leaked image files Kevin Wolf
2017-08-01 14:46 ` [Qemu-devel] [PULL 15/15] block/qapi: Remove redundant NULL check to silence Coverity Kevin Wolf
2017-08-01 16:01 ` [Qemu-devel] [PULL 00/15] Block layer patches for 2.10.0-rc1 Peter Maydell
2017-08-01 16:10 ` Kevin Wolf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170801144632.3831-8-kwolf@redhat.com \
--to=kwolf@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).