diff mbox series

qemu-nbd: Fix a memleak in nbd_client_thread()

Message ID 20201201061349.110262-1-alex.chen@huawei.com (mailing list archive)
State New, archived
Headers show
Series qemu-nbd: Fix a memleak in nbd_client_thread() | expand

Commit Message

Alex Chen Dec. 1, 2020, 6:13 a.m. UTC
When the qio_channel_socket_connect_sync() fails
we should goto 'out_socket' label to free the 'sioc' instead of
goto 'out' label.
In addition, now the 'out' label is useless, delete it.

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Alex Chen <alex.chen@huawei.com>
---
 qemu-nbd.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Eric Blake Dec. 1, 2020, 8:15 p.m. UTC | #1
On 12/1/20 12:13 AM, Alex Chen wrote:
> When the qio_channel_socket_connect_sync() fails
> we should goto 'out_socket' label to free the 'sioc' instead of
> goto 'out' label.
> In addition, now the 'out' label is useless, delete it.
> 
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: Alex Chen <alex.chen@huawei.com>
> ---
>  qemu-nbd.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/qemu-nbd.c b/qemu-nbd.c
> index 47587a709e..643b0777c0 100644
> --- a/qemu-nbd.c
> +++ b/qemu-nbd.c
> @@ -275,7 +275,7 @@ static void *nbd_client_thread(void *arg)
>                                          saddr,
>                                          &local_error) < 0) {
>          error_report_err(local_error);
> -        goto out;
> +        goto out_socket;
>      }
>  
>      ret = nbd_receive_negotiate(NULL, QIO_CHANNEL(sioc),
> @@ -325,7 +325,6 @@ out_fd:
>      close(fd);
>  out_socket:
>      object_unref(OBJECT(sioc));
> -out:
>      g_free(info.name);
>      kill(getpid(), SIGTERM);
>      return (void *) EXIT_FAILURE;
> 

While the patch looks correct, we have a lot of duplication.  Simpler
might be a solution with only one exit label altogether:

diff --git i/qemu-nbd.c w/qemu-nbd.c
index a7075c5419d7..d7bdcd0011ba 100644
--- i/qemu-nbd.c
+++ w/qemu-nbd.c
@@ -265,8 +265,8 @@ static void *nbd_client_thread(void *arg)
     char *device = arg;
     NBDExportInfo info = { .request_sizes = false, .name = g_strdup("") };
     QIOChannelSocket *sioc;
-    int fd;
-    int ret;
+    int fd = -1;
+    int ret = EXIT_FAILURE;
     pthread_t show_parts_thread;
     Error *local_error = NULL;

@@ -278,26 +278,24 @@ static void *nbd_client_thread(void *arg)
         goto out;
     }

-    ret = nbd_receive_negotiate(NULL, QIO_CHANNEL(sioc),
-                                NULL, NULL, NULL, &info, &local_error);
-    if (ret < 0) {
+    if (nbd_receive_negotiate(NULL, QIO_CHANNEL(sioc),
+                              NULL, NULL, NULL, &info, &local_error) < 0) {
         if (local_error) {
             error_report_err(local_error);
         }
-        goto out_socket;
+        goto out;
     }

     fd = open(device, O_RDWR);
     if (fd < 0) {
         /* Linux-only, we can use %m in printf.  */
         error_report("Failed to open %s: %m", device);
-        goto out_socket;
+        goto out;
     }

-    ret = nbd_init(fd, sioc, &info, &local_error);
-    if (ret < 0) {
+    if (nbd_init(fd, sioc, &info, &local_error) < 0) {
         error_report_err(local_error);
-        goto out_fd;
+        goto out;
     }

     /* update partition table */
@@ -311,24 +309,18 @@ static void *nbd_client_thread(void *arg)
         dup2(STDOUT_FILENO, STDERR_FILENO);
     }

-    ret = nbd_client(fd);
-    if (ret) {
-        goto out_fd;
+    if (nbd_client(fd) == 0) {
+        ret = EXIT_SUCCESS;
     }
-    close(fd);
-    object_unref(OBJECT(sioc));
-    g_free(info.name);
-    kill(getpid(), SIGTERM);
-    return (void *) EXIT_SUCCESS;

-out_fd:
-    close(fd);
-out_socket:
+ out:
+    if (fd >= 0) {
+        close(fd);
+    }
     object_unref(OBJECT(sioc));
-out:
     g_free(info.name);
     kill(getpid(), SIGTERM);
-    return (void *) EXIT_FAILURE;
+    return (void *) (intptr_t) ret;
 }
 #endif /* HAVE_NBD_DEVICE */
Alex Chen Dec. 2, 2020, 2:02 a.m. UTC | #2
On 2020/12/2 4:15, Eric Blake wrote:
> On 12/1/20 12:13 AM, Alex Chen wrote:
>> When the qio_channel_socket_connect_sync() fails
>> we should goto 'out_socket' label to free the 'sioc' instead of
>> goto 'out' label.
>> In addition, now the 'out' label is useless, delete it.
>>
>> Reported-by: Euler Robot <euler.robot@huawei.com>
>> Signed-off-by: Alex Chen <alex.chen@huawei.com>
>> ---
>>  qemu-nbd.c | 3 +--
>>  1 file changed, 1 insertion(+), 2 deletions(-)
>>
>> diff --git a/qemu-nbd.c b/qemu-nbd.c
>> index 47587a709e..643b0777c0 100644
>> --- a/qemu-nbd.c
>> +++ b/qemu-nbd.c
>> @@ -275,7 +275,7 @@ static void *nbd_client_thread(void *arg)
>>                                          saddr,
>>                                          &local_error) < 0) {
>>          error_report_err(local_error);
>> -        goto out;
>> +        goto out_socket;
>>      }
>>  
>>      ret = nbd_receive_negotiate(NULL, QIO_CHANNEL(sioc),
>> @@ -325,7 +325,6 @@ out_fd:
>>      close(fd);
>>  out_socket:
>>      object_unref(OBJECT(sioc));
>> -out:
>>      g_free(info.name);
>>      kill(getpid(), SIGTERM);
>>      return (void *) EXIT_FAILURE;
>>
> 
> While the patch looks correct, we have a lot of duplication.  Simpler
> might be a solution with only one exit label altogether:
> 

Thanks for your review, I will modify the patch and send patch v2 according to your suggestion.
BTW, do I need to split this patch into two patches, one to solve the memleak and the other to optimizes the redundant code?

Thanks,
Alex

> diff --git i/qemu-nbd.c w/qemu-nbd.c
> index a7075c5419d7..d7bdcd0011ba 100644
> --- i/qemu-nbd.c
> +++ w/qemu-nbd.c
> @@ -265,8 +265,8 @@ static void *nbd_client_thread(void *arg)
>      char *device = arg;
>      NBDExportInfo info = { .request_sizes = false, .name = g_strdup("") };
>      QIOChannelSocket *sioc;
> -    int fd;
> -    int ret;
> +    int fd = -1;
> +    int ret = EXIT_FAILURE;
>      pthread_t show_parts_thread;
>      Error *local_error = NULL;
> 
> @@ -278,26 +278,24 @@ static void *nbd_client_thread(void *arg)
>          goto out;
>      }
> 
> -    ret = nbd_receive_negotiate(NULL, QIO_CHANNEL(sioc),
> -                                NULL, NULL, NULL, &info, &local_error);
> -    if (ret < 0) {
> +    if (nbd_receive_negotiate(NULL, QIO_CHANNEL(sioc),
> +                              NULL, NULL, NULL, &info, &local_error) < 0) {
>          if (local_error) {
>              error_report_err(local_error);
>          }
> -        goto out_socket;
> +        goto out;
>      }
> 
>      fd = open(device, O_RDWR);
>      if (fd < 0) {
>          /* Linux-only, we can use %m in printf.  */
>          error_report("Failed to open %s: %m", device);
> -        goto out_socket;
> +        goto out;
>      }
> 
> -    ret = nbd_init(fd, sioc, &info, &local_error);
> -    if (ret < 0) {
> +    if (nbd_init(fd, sioc, &info, &local_error) < 0) {
>          error_report_err(local_error);
> -        goto out_fd;
> +        goto out;
>      }
> 
>      /* update partition table */
> @@ -311,24 +309,18 @@ static void *nbd_client_thread(void *arg)
>          dup2(STDOUT_FILENO, STDERR_FILENO);
>      }
> 
> -    ret = nbd_client(fd);
> -    if (ret) {
> -        goto out_fd;
> +    if (nbd_client(fd) == 0) {
> +        ret = EXIT_SUCCESS;
>      }
> -    close(fd);
> -    object_unref(OBJECT(sioc));
> -    g_free(info.name);
> -    kill(getpid(), SIGTERM);
> -    return (void *) EXIT_SUCCESS;
> 
> -out_fd:
> -    close(fd);
> -out_socket:
> + out:
> +    if (fd >= 0) {
> +        close(fd);
> +    }
>      object_unref(OBJECT(sioc));
> -out:
>      g_free(info.name);
>      kill(getpid(), SIGTERM);
> -    return (void *) EXIT_FAILURE;
> +    return (void *) (intptr_t) ret;
>  }
>  #endif /* HAVE_NBD_DEVICE */
>
Eric Blake Dec. 3, 2020, 4:26 p.m. UTC | #3
On 12/1/20 8:02 PM, Alex Chen wrote:
> On 2020/12/2 4:15, Eric Blake wrote:

>> While the patch looks correct, we have a lot of duplication.  Simpler
>> might be a solution with only one exit label altogether:
>>
> 
> Thanks for your review, I will modify the patch and send patch v2 according to your suggestion.
> BTW, do I need to split this patch into two patches, one to solve the memleak and the other to optimizes the redundant code?

This one seems small enough that a single patch is probably fine (that
is, document that the patch is fixing a memory loop BY consolidating
redundant code).
diff mbox series

Patch

diff --git a/qemu-nbd.c b/qemu-nbd.c
index 47587a709e..643b0777c0 100644
--- a/qemu-nbd.c
+++ b/qemu-nbd.c
@@ -275,7 +275,7 @@  static void *nbd_client_thread(void *arg)
                                         saddr,
                                         &local_error) < 0) {
         error_report_err(local_error);
-        goto out;
+        goto out_socket;
     }
 
     ret = nbd_receive_negotiate(NULL, QIO_CHANNEL(sioc),
@@ -325,7 +325,6 @@  out_fd:
     close(fd);
 out_socket:
     object_unref(OBJECT(sioc));
-out:
     g_free(info.name);
     kill(getpid(), SIGTERM);
     return (void *) EXIT_FAILURE;