net_tap_fd_init() allocates new NetClientState through
qemu_new_net_client(). We should free it on failure path.
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
---
Attention: it's an intuitive patch.
I see, that net-client is leaked. May be it's still freed some tricky
way? And I don't understand the whole logic of qemu_del_net_client(),
it's just the only public interface to free net-client I found.
net/tap.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/net/tap.c b/net/tap.c
index 89ea04862b..ba4c34af3d 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
ret = tap_set_sndbuf(s->fd, tap, errp);
if (ret < 0) {
- return;
+ goto fail;
}
if (tap->has_fd || tap->has_fds) {
@@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
if (ret < 0) {
if (tap->has_vhostforce && tap->vhostforce) {
error_propagate(errp, err);
+ goto fail;
} else {
warn_report_err(err);
}
}
} else if (vhostfdname) {
error_setg(errp, "vhostfd(s)= is not valid without vhost");
+ goto fail;
}
+
+ return;
+
+fail:
+ qemu_del_net_client(&s->nc);
}
static int get_fds(char *str, char *fds[], int max)
--
2.28.0
On 2020/12/22 上午3:06, Vladimir Sementsov-Ogievskiy wrote:
> net_tap_fd_init() allocates new NetClientState through
> qemu_new_net_client(). We should free it on failure path.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
>
> Attention: it's an intuitive patch.
>
> I see, that net-client is leaked. May be it's still freed some tricky
> way? And I don't understand the whole logic of qemu_del_net_client(),
> it's just the only public interface to free net-client I found.
Your patch looks correct and it's indeed a leak.
I wonder whether it's better to do the cleanup in the free_fail label in
net_init_tap(). The reason is that we need deal with case of multiqueue.
Though qemu_del_net_client() can handle this but it's not clear if we do
it in net_init_tap_one().
Thanks
>
> net/tap.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/net/tap.c b/net/tap.c
> index 89ea04862b..ba4c34af3d 100644
> --- a/net/tap.c
> +++ b/net/tap.c
> @@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
>
> ret = tap_set_sndbuf(s->fd, tap, errp);
> if (ret < 0) {
> - return;
> + goto fail;
> }
>
> if (tap->has_fd || tap->has_fds) {
> @@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
> if (ret < 0) {
> if (tap->has_vhostforce && tap->vhostforce) {
> error_propagate(errp, err);
> + goto fail;
> } else {
> warn_report_err(err);
> }
> }
> } else if (vhostfdname) {
> error_setg(errp, "vhostfd(s)= is not valid without vhost");
> + goto fail;
> }
> +
> + return;
> +
> +fail:
> + qemu_del_net_client(&s->nc);
> }
>
> static int get_fds(char *str, char *fds[], int max)
12.01.2021 07:53, Jason Wang wrote:
>
> On 2020/12/22 上午3:06, Vladimir Sementsov-Ogievskiy wrote:
>> net_tap_fd_init() allocates new NetClientState through
>> qemu_new_net_client(). We should free it on failure path.
>>
>> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
>> ---
>>
>> Attention: it's an intuitive patch.
>>
>> I see, that net-client is leaked. May be it's still freed some tricky
>> way? And I don't understand the whole logic of qemu_del_net_client(),
>> it's just the only public interface to free net-client I found.
>
>
> Your patch looks correct and it's indeed a leak.
>
> I wonder whether it's better to do the cleanup in the free_fail label in net_init_tap(). The reason is that we need deal with case of multiqueue. Though qemu_del_net_client() can handle this but it's not clear if we do it in net_init_tap_one().
>
Sorry for so long delay :(
Now I'm thinking about reviving this series. But I don't understand what you mean about multiqueue.. I think, if some function allocates a resource, we should release the resource on failure path in this function, not in the caller. Good functions tries to roll-back any visible changes on failure.. What am I missing?
>>
>> net/tap.c | 9 ++++++++-
>> 1 file changed, 8 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/tap.c b/net/tap.c
>> index 89ea04862b..ba4c34af3d 100644
>> --- a/net/tap.c
>> +++ b/net/tap.c
>> @@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
>> ret = tap_set_sndbuf(s->fd, tap, errp);
>> if (ret < 0) {
>> - return;
>> + goto fail;
>> }
>> if (tap->has_fd || tap->has_fds) {
>> @@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer,
>> if (ret < 0) {
>> if (tap->has_vhostforce && tap->vhostforce) {
>> error_propagate(errp, err);
>> + goto fail;
>> } else {
>> warn_report_err(err);
>> }
>> }
>> } else if (vhostfdname) {
>> error_setg(errp, "vhostfd(s)= is not valid without vhost");
>> + goto fail;
>> }
>> +
>> + return;
>> +
>> +fail:
>> + qemu_del_net_client(&s->nc);
>> }
>> static int get_fds(char *str, char *fds[], int max)
>
--
Best regards,
Vladimir
© 2016 - 2025 Red Hat, Inc.