From: Peter Maydell <peter.maydell@linaro.org>
To: Anthony PERARD <anthony.perard@citrix.com>
Cc: qemu-devel@nongnu.org
Subject: Re: [PULL 3/3] xen-block: Use specific blockdev driver
Date: Fri, 2 Jun 2023 18:04:45 +0100 [thread overview]
Message-ID: <CAFEAcA-ZxRW-+ttyfZj1hSAZyDbYj6Mbvs=KsG6Sfg6QTdKhrg@mail.gmail.com> (raw)
In-Reply-To: <20210510125340.903323-4-anthony.perard@citrix.com>
On Mon, 10 May 2021 at 13:53, Anthony PERARD <anthony.perard@citrix.com> wrote:
>
> ... when a xen-block backend instance is created via xenstore.
>
> Following 8d17adf34f50 ("block: remove support for using "file" driver
> with block/char devices"), using the "file" blockdev driver for
> everything doesn't work anymore, we need to use the "host_device"
> driver when the disk image is a block device and "file" driver when it
> is a regular file.
>
> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
> Acked-by: Paul Durrant <paul@xen.org>
> Message-Id: <20210430163432.468894-1-anthony.perard@citrix.com>
> Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Hi; Coverity points out (CID 1508722) that this introduces a
memory leak in the new error codepath:
> ---
> hw/block/xen-block.c | 14 +++++++++++++-
> 1 file changed, 13 insertions(+), 1 deletion(-)
>
> diff --git a/hw/block/xen-block.c b/hw/block/xen-block.c
> index 83754a4344..674953f1ad 100644
> --- a/hw/block/xen-block.c
> +++ b/hw/block/xen-block.c
> @@ -728,6 +728,8 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
> XenBlockDrive *drive = NULL;
> QDict *file_layer;
> QDict *driver_layer;
> + struct stat st;
> + int rc;
>
> if (params) {
> char **v = g_strsplit(params, ":", 2);
> @@ -761,7 +763,17 @@ static XenBlockDrive *xen_block_drive_create(const char *id,
> file_layer = qdict_new();
> driver_layer = qdict_new();
You can see here that we allocate file_layer and driver_layer
as new qdict objects...
>
> - qdict_put_str(file_layer, "driver", "file");
> + rc = stat(filename, &st);
> + if (rc) {
> + error_setg_errno(errp, errno, "Could not stat file '%s'", filename);
> + goto done;
...but here if the stat() fails we will bail out to
the 'done' label, and the code there does not dereference
these qdicts, so they will leak.
The easy fix is to move the two calls to qdict_new() to
below this if() rather than above it.
> + }
> + if (S_ISBLK(st.st_mode)) {
> + qdict_put_str(file_layer, "driver", "host_device");
> + } else {
> + qdict_put_str(file_layer, "driver", "file");
> + }
> +
> qdict_put_str(file_layer, "filename", filename);
> g_free(filename);
thanks
-- PMM
next prev parent reply other threads:[~2023-06-02 17:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-05-10 12:53 [PULL 0/3] xen queue 2021-05-10 Anthony PERARD via
2021-05-10 12:53 ` [PULL 1/3] xen-mapcache: avoid a race on memory map while using MAP_FIXED Anthony PERARD via
2021-05-10 12:53 ` [PULL 2/3] xen: Free xenforeignmemory_resource at exit Anthony PERARD via
2021-05-10 12:53 ` [PULL 3/3] xen-block: Use specific blockdev driver Anthony PERARD via
2023-06-02 17:04 ` Peter Maydell [this message]
2023-06-27 12:09 ` Peter Maydell
2021-05-10 13:00 ` [PULL 0/3] xen queue 2021-05-10 no-reply
2021-05-12 11:03 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFEAcA-ZxRW-+ttyfZj1hSAZyDbYj6Mbvs=KsG6Sfg6QTdKhrg@mail.gmail.com' \
--to=peter.maydell@linaro.org \
--cc=anthony.perard@citrix.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).