[084/104] Virtiofsd: fix memory leak on fuse queueinfo

Message ID	20191212163904.159893-85-dgilbert@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=PTTO=2C=nongnu.org=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7526221655 From: "Dr. David Alan Gilbert (git)" <dgilbert@redhat.com> To: qemu-devel@nongnu.org, stefanha@redhat.com, vgoyal@redhat.com Subject: [PATCH 084/104] Virtiofsd: fix memory leak on fuse queueinfo Date: Thu, 12 Dec 2019 16:38:44 +0000 Message-Id: <20191212163904.159893-85-dgilbert@redhat.com> In-Reply-To: <20191212163904.159893-1-dgilbert@redhat.com> References: <20191212163904.159893-1-dgilbert@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Precedence: list Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	virtiofs daemon [all] \| expand [000/104] virtiofs daemon [all] [001/104] virtiofsd: Pull in upstream headers [002/104] virtiofsd: Pull in kernel's fuse.h [003/104] virtiofsd: Add auxiliary .c's [004/104] virtiofsd: Add fuse_lowlevel.c [005/104] virtiofsd: Add passthrough_ll [006/104] virtiofsd: Trim down imported files [007/104] virtiofsd: Format imported files to qemu style [008/104] virtiofsd: remove mountpoint dummy argument [009/104] virtiofsd: remove unused notify reply support [010/104] virtiofsd: Fix fuse_daemonize ignored return values [011/104] virtiofsd: Fix common header and define for QEMU builds [012/104] virtiofsd: Trim out compatibility code [013/104] virtiofsd: Make fsync work even if only inode is passed in [014/104] virtiofsd: Add options for virtio [015/104] virtiofsd: add -o source=PATH to help output [016/104] virtiofsd: Open vhost connection instead of mounting [017/104] virtiofsd: Start wiring up vhost-user [018/104] virtiofsd: Add main virtio loop [019/104] virtiofsd: get/set features callbacks [020/104] virtiofsd: Start queue threads [021/104] virtiofsd: Poll kick_fd for queue [022/104] virtiofsd: Start reading commands from queue [023/104] virtiofsd: Send replies to messages [024/104] virtiofsd: Keep track of replies [025/104] virtiofsd: Add Makefile wiring for virtiofsd contrib [026/104] virtiofsd: Fast path for virtio read [027/104] virtiofsd: add --fd=FDNUM fd passing option [028/104] virtiofsd: make -f (foreground) the default [029/104] virtiofsd: add vhost-user.json file [030/104] virtiofsd: add --print-capabilities option [031/104] virtiofs: Add maintainers entry [032/104] virtiofsd: passthrough_ll: create new files in caller's context [033/104] virtiofsd: passthrough_ll: add lo_map for ino/fh indirection [034/104] virtiofsd: passthrough_ll: add ino_map to hide lo_inode pointers [035/104] virtiofsd: passthrough_ll: add dirp_map to hide lo_dirp pointers [036/104] virtiofsd: passthrough_ll: add fd_map to hide file descriptors [037/104] virtiofsd: passthrough_ll: add fallback for racy ops [038/104] virtiofsd: validate path components [039/104] virtiofsd: Plumb fuse_bufvec through to do_write_buf [040/104] virtiofsd: Pass write iov's all the way through [041/104] virtiofsd: add fuse_mbuf_iter API [042/104] virtiofsd: validate input buffer sizes in do_write_buf() [043/104] virtiofsd: check input buffer size in fuse_lowlevel.c ops [044/104] virtiofsd: prevent ".." escape in lo_do_lookup() [045/104] virtiofsd: prevent ".." escape in lo_do_readdir() [046/104] virtiofsd: use /proc/self/fd/ O_PATH file descriptor [047/104] virtiofsd: sandbox mount namespace [048/104] virtiofsd: move to an empty network namespace [049/104] virtiofsd: move to a new pid namespace [050/104] virtiofsd: add seccomp whitelist [051/104] virtiofsd: Parse flag FUSE_WRITE_KILL_PRIV [052/104] virtiofsd: cap-ng helpers [053/104] virtiofsd: Drop CAP_FSETID if client asked for it [054/104] virtiofsd: set maximum RLIMIT_NOFILE limit [055/104] virtiofsd: fix libfuse information leaks [056/104] virtiofsd: add security guide document [057/104] virtiofsd: add --syslog command-line option [058/104] virtiofsd: print log only when priority is high enough [059/104] virtiofsd: Add ID to the log with FUSE_LOG_DEBUG level [060/104] virtiofsd: Add timestamp to the log with FUSE_LOG_DEBUG level [061/104] virtiofsd: Handle reinit [062/104] virtiofsd: Handle hard reboot [063/104] virtiofsd: Kill threads when queues are stopped [064/104] vhost-user: Print unexpected slave message types [065/104] contrib/libvhost-user: Protect slave fd with mutex [066/104] virtiofsd: passthrough_ll: add renameat2 support [067/104] virtiofsd: passthrough_ll: disable readdirplus on cache=never [068/104] virtiofsd: passthrough_ll: control readdirplus [069/104] virtiofsd: rename unref_inode() to unref_inode_lolocked() [070/104] virtiofsd: fail when parent inode isn't known in lo_do_lookup() [071/104] virtiofsd: extract root inode init into setup_root() [072/104] virtiofsd: passthrough_ll: fix refcounting on remove/rename [073/104] virtiofsd: passthrough_ll: clean up cache related options [074/104] virtiofsd: passthrough_ll: use hashtable [075/104] virtiofsd: Clean up inodes on destroy [076/104] virtiofsd: support nanosecond resolution for file timestamp [077/104] virtiofsd: fix error handling in main() [078/104] virtiofsd: cleanup allocated resource in se [079/104] virtiofsd: fix memory leak on lo.source [080/104] virtiofsd: add helper for lo_data cleanup [081/104] virtiofsd: Prevent multiply running with same vhost_user_socket [082/104] virtiofsd: enable PARALLEL_DIROPS during INIT [083/104] virtiofsd: fix incorrect error handling in lo_do_lookup [084/104] Virtiofsd: fix memory leak on fuse queueinfo [085/104] virtiofsd: Support remote posix locks [086/104] virtiofsd: use fuse_lowlevel_is_virtio() in fuse_session_destroy() [087/104] virtiofsd: prevent fv_queue_thread() vs virtio_loop() races [088/104] virtiofsd: make lo_release() atomic [089/104] virtiofsd: prevent races with lo_dirp_put() [090/104] virtiofsd: rename inode->refcount to inode->nlookup [091/104] libvhost-user: Fix some memtable remap cases [092/104] virtiofsd: add man page [093/104] virtiofsd: introduce inode refcount to prevent use-after-free [094/104] virtiofsd: do not always set FUSE_FLOCK_LOCKS [095/104] virtiofsd: convert more fprintf and perror to use fuse log infra [096/104] virtiofsd: Reset O_DIRECT flag during file open [097/104] virtiofsd: Fix data corruption with O_APPEND wirte in writeback mode [098/104] virtiofsd: add definition of fuse_buf_writev() [099/104] virtiofsd: use fuse_buf_writev to replace fuse_buf_write for better performance [100/104] virtiofsd: process requests in a thread pool [101/104] virtiofsd: prevent FUSE_INIT/FUSE_DESTROY races [102/104] virtiofsd: fix lo_destroy() resource leaks [103/104] virtiofsd: add --thread-pool-size=NUM option [104/104] virtiofsd: Convert lo_destroy to take the lo->mutex lock itself [105/104] virtiofsd: Unref old/new inodes with the same mutex lock in lo_rename()

Dr. David Alan Gilbert Dec. 12, 2019, 4:38 p.m. UTC

From: Liu Bo <bo.liu@linux.alibaba.com>

For fuse's queueinfo, both queueinfo array and queueinfos are allocated in
fv_queue_set_started() but not cleaned up when the daemon process quits.

This fixes the leak in proper places.

Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
---
 tools/virtiofsd/fuse_virtio.c | 9 +++++++++
 1 file changed, 9 insertions(+)

Misono Tomohiro Jan. 15, 2020, 11:20 a.m. UTC | #1

> From: Liu Bo <bo.liu@linux.alibaba.com>
> 
> For fuse's queueinfo, both queueinfo array and queueinfos are allocated in
> fv_queue_set_started() but not cleaned up when the daemon process quits.
> 
> This fixes the leak in proper places.
> 
> Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
> Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
> ---
>  tools/virtiofsd/fuse_virtio.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
> 
> diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c
> index 7b22ae8d4f..a364f23d5d 100644
> --- a/tools/virtiofsd/fuse_virtio.c
> +++ b/tools/virtiofsd/fuse_virtio.c
> @@ -671,6 +671,8 @@ static void fv_queue_set_started(VuDev *dev, int qidx, bool started)
>          }
>          close(ourqi->kill_fd);
>          ourqi->kick_fd = -1;
> +        free(vud->qi[qidx]);
> +        vud->qi[qidx] = NULL;
>      }
>  }
>  
> @@ -878,6 +880,13 @@ int virtio_session_mount(struct fuse_session *se)
>  void virtio_session_close(struct fuse_session *se)
>  {
>      close(se->vu_socketfd);

I beleve above close() should be removed as it is called 6 line below.

> +
> +    if (!se->virtio_dev) {
> +        return;
> +    }
> +
> +    close(se->vu_socketfd);
> +    free(se->virtio_dev->qi);
>      free(se->virtio_dev);
>      se->virtio_dev = NULL;
>  }
> -- 
> 2.23.0

Dr. David Alan Gilbert Jan. 15, 2020, 4:57 p.m. UTC | #2

* Misono Tomohiro (misono.tomohiro@jp.fujitsu.com) wrote:
> > From: Liu Bo <bo.liu@linux.alibaba.com>
> > 
> > For fuse's queueinfo, both queueinfo array and queueinfos are allocated in
> > fv_queue_set_started() but not cleaned up when the daemon process quits.
> > 
> > This fixes the leak in proper places.
> > 
> > Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
> > Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
> > ---
> >  tools/virtiofsd/fuse_virtio.c | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> > 
> > diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c
> > index 7b22ae8d4f..a364f23d5d 100644
> > --- a/tools/virtiofsd/fuse_virtio.c
> > +++ b/tools/virtiofsd/fuse_virtio.c
> > @@ -671,6 +671,8 @@ static void fv_queue_set_started(VuDev *dev, int qidx, bool started)
> >          }
> >          close(ourqi->kill_fd);
> >          ourqi->kick_fd = -1;
> > +        free(vud->qi[qidx]);
> > +        vud->qi[qidx] = NULL;
> >      }
> >  }
> >  
> > @@ -878,6 +880,13 @@ int virtio_session_mount(struct fuse_session *se)
> >  void virtio_session_close(struct fuse_session *se)
> >  {
> >      close(se->vu_socketfd);
> 
> I beleve above close() should be removed as it is called 6 line below.

You're right, I think that's my fault from when I merged this patch
with 'Virtiofsd: fix segfault when quit before dev init'.

Fixed.
Thanks.

Dave

> > +
> > +    if (!se->virtio_dev) {
> > +        return;
> > +    }
> > +
> > +    close(se->vu_socketfd);
> > +    free(se->virtio_dev->qi);
> >      free(se->virtio_dev);
> >      se->virtio_dev = NULL;
> >  }
> > -- 
> > 2.23.0
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Tomohiro Misono (Fujitsu) Jan. 16, 2020, 12:54 a.m. UTC | #3

> * Misono Tomohiro (misono.tomohiro@jp.fujitsu.com) wrote:
> > > From: Liu Bo <bo.liu@linux.alibaba.com>
> > >
> > > For fuse's queueinfo, both queueinfo array and queueinfos are
> > > allocated in
> > > fv_queue_set_started() but not cleaned up when the daemon process quits.
> > >
> > > This fixes the leak in proper places.
> > >
> > > Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
> > > Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
> > > ---
> > >  tools/virtiofsd/fuse_virtio.c | 9 +++++++++
> > >  1 file changed, 9 insertions(+)
> > >
> > > diff --git a/tools/virtiofsd/fuse_virtio.c
> > > b/tools/virtiofsd/fuse_virtio.c index 7b22ae8d4f..a364f23d5d 100644
> > > --- a/tools/virtiofsd/fuse_virtio.c
> > > +++ b/tools/virtiofsd/fuse_virtio.c
> > > @@ -671,6 +671,8 @@ static void fv_queue_set_started(VuDev *dev, int qidx, bool started)
> > >          }
> > >          close(ourqi->kill_fd);
> > >          ourqi->kick_fd = -1;
> > > +        free(vud->qi[qidx]);
> > > +        vud->qi[qidx] = NULL;
> > >      }
> > >  }
> > >
> > > @@ -878,6 +880,13 @@ int virtio_session_mount(struct fuse_session
> > > *se)  void virtio_session_close(struct fuse_session *se)  {
> > >      close(se->vu_socketfd);
> >
> > I beleve above close() should be removed as it is called 6 line below.
> 
> You're right, I think that's my fault from when I merged this patch with 'Virtiofsd: fix segfault when quit before dev init'.
> 
> Fixed.

Given that:
 Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>

Thanks.

> Thanks.
> 
> Dave
> 
> > > +
> > > +    if (!se->virtio_dev) {
> > > +        return;
> > > +    }
> > > +
> > > +    close(se->vu_socketfd);
> > > +    free(se->virtio_dev->qi);
> > >      free(se->virtio_dev);
> > >      se->virtio_dev = NULL;
> > >  }
> > > --
> > > 2.23.0
> >
> --
> Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Dr. David Alan Gilbert Jan. 16, 2020, 12:19 p.m. UTC | #4

* misono.tomohiro@fujitsu.com (misono.tomohiro@fujitsu.com) wrote:
> > * Misono Tomohiro (misono.tomohiro@jp.fujitsu.com) wrote:
> > > > From: Liu Bo <bo.liu@linux.alibaba.com>
> > > >
> > > > For fuse's queueinfo, both queueinfo array and queueinfos are
> > > > allocated in
> > > > fv_queue_set_started() but not cleaned up when the daemon process quits.
> > > >
> > > > This fixes the leak in proper places.
> > > >
> > > > Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
> > > > Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
> > > > ---
> > > >  tools/virtiofsd/fuse_virtio.c | 9 +++++++++
> > > >  1 file changed, 9 insertions(+)
> > > >
> > > > diff --git a/tools/virtiofsd/fuse_virtio.c
> > > > b/tools/virtiofsd/fuse_virtio.c index 7b22ae8d4f..a364f23d5d 100644
> > > > --- a/tools/virtiofsd/fuse_virtio.c
> > > > +++ b/tools/virtiofsd/fuse_virtio.c
> > > > @@ -671,6 +671,8 @@ static void fv_queue_set_started(VuDev *dev, int qidx, bool started)
> > > >          }
> > > >          close(ourqi->kill_fd);
> > > >          ourqi->kick_fd = -1;
> > > > +        free(vud->qi[qidx]);
> > > > +        vud->qi[qidx] = NULL;
> > > >      }
> > > >  }
> > > >
> > > > @@ -878,6 +880,13 @@ int virtio_session_mount(struct fuse_session
> > > > *se)  void virtio_session_close(struct fuse_session *se)  {
> > > >      close(se->vu_socketfd);
> > >
> > > I beleve above close() should be removed as it is called 6 line below.
> > 
> > You're right, I think that's my fault from when I merged this patch with 'Virtiofsd: fix segfault when quit before dev init'.
> > 
> > Fixed.
> 
> Given that:
>  Reviewed-by: Misono Tomohiro <misono.tomohiro@jp.fujitsu.com>

Thank you!

Dave

> Thanks.
> 
> > Thanks.
> > 
> > Dave
> > 
> > > > +
> > > > +    if (!se->virtio_dev) {
> > > > +        return;
> > > > +    }
> > > > +
> > > > +    close(se->vu_socketfd);
> > > > +    free(se->virtio_dev->qi);
> > > >      free(se->virtio_dev);
> > > >      se->virtio_dev = NULL;
> > > >  }
> > > > --
> > > > 2.23.0
> > >
> > --
> > Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK
> 
--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

Sergio Lopez Pascual Jan. 20, 2020, 10:24 a.m. UTC | #5

Dr. David Alan Gilbert (git) <dgilbert@redhat.com> writes:

> From: Liu Bo <bo.liu@linux.alibaba.com>
>
> For fuse's queueinfo, both queueinfo array and queueinfos are allocated in
> fv_queue_set_started() but not cleaned up when the daemon process quits.
>
> This fixes the leak in proper places.
>
> Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
> Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
> ---
>  tools/virtiofsd/fuse_virtio.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c
> index 7b22ae8d4f..a364f23d5d 100644
> --- a/tools/virtiofsd/fuse_virtio.c
> +++ b/tools/virtiofsd/fuse_virtio.c
> @@ -671,6 +671,8 @@ static void fv_queue_set_started(VuDev *dev, int qidx, bool started)
>          }
>          close(ourqi->kill_fd);
>          ourqi->kick_fd = -1;
> +        free(vud->qi[qidx]);
> +        vud->qi[qidx] = NULL;
>      }
>  }
>  
> @@ -878,6 +880,13 @@ int virtio_session_mount(struct fuse_session *se)
>  void virtio_session_close(struct fuse_session *se)
>  {
>      close(se->vu_socketfd);
> +
> +    if (!se->virtio_dev) {
> +        return;
> +    }
> +
> +    close(se->vu_socketfd);
> +    free(se->virtio_dev->qi);
>      free(se->virtio_dev);
>      se->virtio_dev = NULL;
>  }

There's a duplicated "close(se->vu_socketfd);" statement here.

Sergio.

Dr. David Alan Gilbert Jan. 20, 2020, 10:54 a.m. UTC | #6

* Sergio Lopez (slp@redhat.com) wrote:
> 
> Dr. David Alan Gilbert (git) <dgilbert@redhat.com> writes:
> 
> > From: Liu Bo <bo.liu@linux.alibaba.com>
> >
> > For fuse's queueinfo, both queueinfo array and queueinfos are allocated in
> > fv_queue_set_started() but not cleaned up when the daemon process quits.
> >
> > This fixes the leak in proper places.
> >
> > Signed-off-by: Liu Bo <bo.liu@linux.alibaba.com>
> > Signed-off-by: Eric Ren <renzhen@linux.alibaba.com>
> > ---
> >  tools/virtiofsd/fuse_virtio.c | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/tools/virtiofsd/fuse_virtio.c b/tools/virtiofsd/fuse_virtio.c
> > index 7b22ae8d4f..a364f23d5d 100644
> > --- a/tools/virtiofsd/fuse_virtio.c
> > +++ b/tools/virtiofsd/fuse_virtio.c
> > @@ -671,6 +671,8 @@ static void fv_queue_set_started(VuDev *dev, int qidx, bool started)
> >          }
> >          close(ourqi->kill_fd);
> >          ourqi->kick_fd = -1;
> > +        free(vud->qi[qidx]);
> > +        vud->qi[qidx] = NULL;
> >      }
> >  }
> >  
> > @@ -878,6 +880,13 @@ int virtio_session_mount(struct fuse_session *se)
> >  void virtio_session_close(struct fuse_session *se)
> >  {
> >      close(se->vu_socketfd);
> > +
> > +    if (!se->virtio_dev) {
> > +        return;
> > +    }
> > +
> > +    close(se->vu_socketfd);
> > +    free(se->virtio_dev->qi);
> >      free(se->virtio_dev);
> >      se->virtio_dev = NULL;
> >  }
> 
> There's a duplicated "close(se->vu_socketfd);" statement here.

Yep, already spotted/fixed:
  https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg02901.html

Dave

> Sergio.


--
Dr. David Alan Gilbert / dgilbert@redhat.com / Manchester, UK

[084/104] Virtiofsd: fix memory leak on fuse queueinfo

Commit Message

Comments

Patch