1. Patchew
  2. QEMU
  3. [PATCH 0/2] block/rbd: fix memory leaks
  4. View patch

[PATCH 1/2] block/rbd: fix memory leak in qemu_rbd_connect()

Stefano Garzarella posted 2 patches 4 years, 10 months ago
Maintainers: Jason Dillaman <dillaman@redhat.com>, Max Reitz <mreitz@redhat.com>, Kevin Wolf <kwolf@redhat.com>
[PATCH 1/2] block/rbd: fix memory leak in qemu_rbd_connect()
Posted by Stefano Garzarella 4 years, 10 months ago 
In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
using g_strjoinv(), but it's only freed in the error path, leaking
memory in the success path as reported by valgrind:

  80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
     at 0x4839809: malloc (vg_replace_malloc.c:307)
     by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
     by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
     by 0x87D07E: qemu_rbd_connect (rbd.c:562)
     by 0x87E1CE: qemu_rbd_open (rbd.c:740)
     by 0x840EB1: bdrv_open_driver (block.c:1528)
     by 0x8453A9: bdrv_open_common (block.c:1802)
     by 0x8453A9: bdrv_open_inherit (block.c:3444)
     by 0x8464C2: bdrv_open (block.c:3537)
     by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
     by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
     by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
     by 0x907EA4: aio_bh_poll (async.c:164)

Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.

Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
---
 block/rbd.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/block/rbd.c b/block/rbd.c
index 9071a00e3f..24cefcd0dc 100644
--- a/block/rbd.c
+++ b/block/rbd.c
@@ -563,13 +563,13 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
     if (local_err) {
         error_propagate(errp, local_err);
         r = -EINVAL;
-        goto failed_opts;
+        goto out;
     }
 
     r = rados_create(cluster, opts->user);
     if (r < 0) {
         error_setg_errno(errp, -r, "error initializing");
-        goto failed_opts;
+        goto out;
     }
 
     /* try default location when conf=NULL, but ignore failure */
@@ -626,11 +626,12 @@ static int qemu_rbd_connect(rados_t *cluster, rados_ioctx_t *io_ctx,
      */
     rados_ioctx_set_namespace(*io_ctx, opts->q_namespace);
 
-    return 0;
+    r = 0;
+    goto out;
 
 failed_shutdown:
     rados_shutdown(*cluster);
-failed_opts:
+out:
     g_free(mon_host);
     return r;
 }
-- 
2.30.2
Re: [PATCH 1/2] block/rbd: fix memory leak in qemu_rbd_connect()
Posted by Markus Armbruster 4 years, 10 months ago 
Stefano Garzarella <sgarzare@redhat.com> writes:

> In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
> using g_strjoinv(), but it's only freed in the error path, leaking
> memory in the success path as reported by valgrind:
>
>   80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
>      at 0x4839809: malloc (vg_replace_malloc.c:307)
>      by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
>      by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
>      by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
>      by 0x87D07E: qemu_rbd_connect (rbd.c:562)
>      by 0x87E1CE: qemu_rbd_open (rbd.c:740)
>      by 0x840EB1: bdrv_open_driver (block.c:1528)
>      by 0x8453A9: bdrv_open_common (block.c:1802)
>      by 0x8453A9: bdrv_open_inherit (block.c:3444)
>      by 0x8464C2: bdrv_open (block.c:3537)
>      by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
>      by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
>      by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
>      by 0x907EA4: aio_bh_poll (async.c:164)
>
> Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.
>
> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>

I believe this
Fixes: 0a55679b4a5061f4d74bdb1a0e81611ba3390b00

Reviewed-by: Markus Armbruster <armbru@redhat.com>
Re: [PATCH 1/2] block/rbd: fix memory leak in qemu_rbd_connect()
Posted by Stefano Garzarella 4 years, 10 months ago 
On Tue, Apr 06, 2021 at 10:22:30AM +0200, Markus Armbruster wrote:
>Stefano Garzarella <sgarzare@redhat.com> writes:
>
>> In qemu_rbd_connect(), 'mon_host' is allocated by qemu_rbd_mon_host()
>> using g_strjoinv(), but it's only freed in the error path, leaking
>> memory in the success path as reported by valgrind:
>>
>>   80 bytes in 4 blocks are definitely lost in loss record 5,028 of 6,516
>>      at 0x4839809: malloc (vg_replace_malloc.c:307)
>>      by 0x5315BB8: g_malloc (in /usr/lib64/libglib-2.0.so.0.6600.8)
>>      by 0x532B6FF: g_strjoinv (in /usr/lib64/libglib-2.0.so.0.6600.8)
>>      by 0x87D07E: qemu_rbd_mon_host (rbd.c:538)
>>      by 0x87D07E: qemu_rbd_connect (rbd.c:562)
>>      by 0x87E1CE: qemu_rbd_open (rbd.c:740)
>>      by 0x840EB1: bdrv_open_driver (block.c:1528)
>>      by 0x8453A9: bdrv_open_common (block.c:1802)
>>      by 0x8453A9: bdrv_open_inherit (block.c:3444)
>>      by 0x8464C2: bdrv_open (block.c:3537)
>>      by 0x8108CD: qmp_blockdev_add (blockdev.c:3569)
>>      by 0x8EA61B: qmp_marshal_blockdev_add (qapi-commands-block-core.c:1086)
>>      by 0x90B528: do_qmp_dispatch_bh (qmp-dispatch.c:131)
>>      by 0x907EA4: aio_bh_poll (async.c:164)
>>
>> Fix freeing 'mon_host' also when qemu_rbd_connect() ends correctly.
>>
>> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
>
>I believe this
>Fixes: 0a55679b4a5061f4d74bdb1a0e81611ba3390b00

Yep :-)

>
>Reviewed-by: Markus Armbruster <armbru@redhat.com>
>

Thanks,
Stefano

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.