[libvirt] [PATCH] libxl: fix coverity issues introduced by 6a95edf

Joao Martins posted 1 patch 4 years, 2 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/1487263385-27855-1-git-send-email-joao.m.martins@oracle.com
src/libxl/libxl_migration.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

[libvirt] [PATCH] libxl: fix coverity issues introduced by 6a95edf

Posted by Joao Martins 4 years, 2 months ago
As discussed here [0][1] Coverity reported two issues:

- On libxlDomainMigrationPrepareTunnel3 @@mig will be leaked on failures
after sucessfull call libxlDomainMigrationPrepareAny hence we free it.

Setting mig = NULL after @mig is assigned plus adding libxlMigrationCookieFree
on error paths addresses the issue. In case virThreadCreate fails,
unref of args frees the cookie on dispose function (libxlMigrationDstArgsDispose)

- On libxlMigrationStartTunnel @tc would be leaked.

Fixed by correctly saving the newly allocated @tc onto @tnl such that
libxlMigrationStopTunnel would free it up.

[0] https://www.redhat.com/archives/libvir-list/2017-February/msg00791.html
[1] https://www.redhat.com/archives/libvir-list/2017-February/msg00833.html

Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
---
Cc: John Ferlan <jferlan@redhat.com>
Cc: Jim Fehlig <jfehlig@suse.com>
---
 src/libxl/libxl_migration.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/libxl/libxl_migration.c b/src/libxl/libxl_migration.c
index ba1ca5c..fb833d1 100644
--- a/src/libxl/libxl_migration.c
+++ b/src/libxl/libxl_migration.c
@@ -617,6 +617,8 @@ libxlDomainMigrationPrepareTunnel3(virConnectPtr dconn,
     /* Receive from pipeOut */
     args->recvfd = dataFD[0];
     args->nsocks = 0;
+    mig = NULL;
+
     if (virThreadCreate(&thread, false, libxlDoMigrateReceive, args) < 0) {
         virReportError(VIR_ERR_OPERATION_FAILED, "%s",
                        _("Failed to create thread for receiving migration data"));
@@ -627,6 +629,7 @@ libxlDomainMigrationPrepareTunnel3(virConnectPtr dconn,
     goto done;
 
  error:
+    libxlMigrationCookieFree(mig);
     VIR_FORCE_CLOSE(dataFD[1]);
     VIR_FORCE_CLOSE(dataFD[0]);
     virObjectUnref(args);
@@ -907,13 +910,15 @@ libxlMigrationStartTunnel(libxlDriverPrivatePtr driver,
                           virDomainObjPtr vm,
                           unsigned long flags,
                           virStreamPtr st,
-                          struct libxlTunnelControl *tc)
+                          struct libxlTunnelControl **tnl)
 {
+    struct libxlTunnelControl *tc = NULL;
     libxlTunnelMigrationThread *arg = NULL;
     int ret = -1;
 
     if (VIR_ALLOC(tc) < 0)
         goto out;
+    *tnl = tc;
 
     tc->dataFD[0] = -1;
     tc->dataFD[1] = -1;
@@ -1045,7 +1050,7 @@ libxlDoMigrateP2P(libxlDriverPrivatePtr driver,
 
     VIR_DEBUG("Perform3 uri=%s", NULLSTR(uri_out));
     if (flags & VIR_MIGRATE_TUNNELLED)
-        ret = libxlMigrationStartTunnel(driver, vm, flags, st, tc);
+        ret = libxlMigrationStartTunnel(driver, vm, flags, st, &tc);
     else
         ret = libxlDomainMigrationPerform(driver, vm, NULL, NULL,
                                           uri_out, NULL, flags);
-- 
2.1.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] libxl: fix coverity issues introduced by 6a95edf

Posted by John Ferlan 4 years, 2 months ago

On 02/16/2017 11:43 AM, Joao Martins wrote:
> As discussed here [0][1] Coverity reported two issues:
> 
> - On libxlDomainMigrationPrepareTunnel3 @@mig will be leaked on failures
> after sucessfull call libxlDomainMigrationPrepareAny hence we free it.
> 
> Setting mig = NULL after @mig is assigned plus adding libxlMigrationCookieFree
> on error paths addresses the issue. In case virThreadCreate fails,
> unref of args frees the cookie on dispose function (libxlMigrationDstArgsDispose)
> 
> - On libxlMigrationStartTunnel @tc would be leaked.
> 
> Fixed by correctly saving the newly allocated @tc onto @tnl such that
> libxlMigrationStopTunnel would free it up.
> 
> [0] https://www.redhat.com/archives/libvir-list/2017-February/msg00791.html
> [1] https://www.redhat.com/archives/libvir-list/2017-February/msg00833.html
> 
> Signed-off-by: Joao Martins <joao.m.martins@oracle.com>
> ---
> Cc: John Ferlan <jferlan@redhat.com>
> Cc: Jim Fehlig <jfehlig@suse.com>
> ---
>  src/libxl/libxl_migration.c | 9 +++++++--
>  1 file changed, 7 insertions(+), 2 deletions(-)
> 

ACK and pushed.

John

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list