Re: [PATCH 5/5] net/tap: net_init_tap_one(): fix net-client leak on failure path
12.01.2021 07:53, Jason Wang wrote:
On 2020/12/22 上午3:06, Vladimir Sementsov-Ogievskiy wrote:
net_tap_fd_init() allocates new NetClientState through
qemu_new_net_client(). We should free it on failure path.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
Attention: it's an intuitive patch.
I see, that net-client is leaked. May be it's still freed some tricky
way? And I don't understand the whole logic of qemu_del_net_client(),
it's just the only public interface to free net-client I found.
Your patch looks correct and it's indeed a leak.
I wonder whether it's better to do the cleanup in the free_fail label in
net_init_tap(). The reason is that we need deal with case of multiqueue. Though
qemu_del_net_client() can handle this but it's not clear if we do it in
net_init_tap_one().
Sorry for so long delay :(
Now I'm thinking about reviving this series. But I don't understand what you
mean about multiqueue.. I think, if some function allocates a resource, we
should release the resource on failure path in this function, not in the
caller. Good functions tries to roll-back any visible changes on failure.. What
am I missing?
net/tap.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/net/tap.c b/net/tap.c
index 89ea04862b..ba4c34af3d 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap,
NetClientState *peer,
ret = tap_set_sndbuf(s->fd, tap, errp);
if (ret < 0) {
- return;
+ goto fail;
}
if (tap->has_fd || tap->has_fds) {
@@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap,
NetClientState *peer,
if (ret < 0) {
if (tap->has_vhostforce && tap->vhostforce) {
error_propagate(errp, err);
+ goto fail;
} else {
warn_report_err(err);
}
}
} else if (vhostfdname) {
error_setg(errp, "vhostfd(s)= is not valid without vhost");
+ goto fail;
}
+
+ return;
+
+fail:
+ qemu_del_net_client(>nc);
}
static int get_fds(char *str, char *fds[], int max)
--
Best regards,
Vladimir
Re: [PATCH 5/5] net/tap: net_init_tap_one(): fix net-client leak on failure path
On 2020/12/22 上午3:06, Vladimir Sementsov-Ogievskiy wrote:
net_tap_fd_init() allocates new NetClientState through
qemu_new_net_client(). We should free it on failure path.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
Attention: it's an intuitive patch.
I see, that net-client is leaked. May be it's still freed some tricky
way? And I don't understand the whole logic of qemu_del_net_client(),
it's just the only public interface to free net-client I found.
Your patch looks correct and it's indeed a leak.
I wonder whether it's better to do the cleanup in the free_fail label in
net_init_tap(). The reason is that we need deal with case of multiqueue.
Though qemu_del_net_client() can handle this but it's not clear if we do
it in net_init_tap_one().
Thanks
net/tap.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/net/tap.c b/net/tap.c
index 89ea04862b..ba4c34af3d 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap,
NetClientState *peer,
ret = tap_set_sndbuf(s->fd, tap, errp);
if (ret < 0) {
-return;
+goto fail;
}
if (tap->has_fd || tap->has_fds) {
@@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap,
NetClientState *peer,
if (ret < 0) {
if (tap->has_vhostforce && tap->vhostforce) {
error_propagate(errp, err);
+goto fail;
} else {
warn_report_err(err);
}
}
} else if (vhostfdname) {
error_setg(errp, "vhostfd(s)= is not valid without vhost");
+goto fail;
}
+
+return;
+
+fail:
+qemu_del_net_client(>nc);
}
static int get_fds(char *str, char *fds[], int max)
[PATCH 5/5] net/tap: net_init_tap_one(): fix net-client leak on failure path
net_tap_fd_init() allocates new NetClientState through
qemu_new_net_client(). We should free it on failure path.
Signed-off-by: Vladimir Sementsov-Ogievskiy
---
Attention: it's an intuitive patch.
I see, that net-client is leaked. May be it's still freed some tricky
way? And I don't understand the whole logic of qemu_del_net_client(),
it's just the only public interface to free net-client I found.
net/tap.c | 9 -
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/net/tap.c b/net/tap.c
index 89ea04862b..ba4c34af3d 100644
--- a/net/tap.c
+++ b/net/tap.c
@@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap,
NetClientState *peer,
ret = tap_set_sndbuf(s->fd, tap, errp);
if (ret < 0) {
-return;
+goto fail;
}
if (tap->has_fd || tap->has_fds) {
@@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap,
NetClientState *peer,
if (ret < 0) {
if (tap->has_vhostforce && tap->vhostforce) {
error_propagate(errp, err);
+goto fail;
} else {
warn_report_err(err);
}
}
} else if (vhostfdname) {
error_setg(errp, "vhostfd(s)= is not valid without vhost");
+goto fail;
}
+
+return;
+
+fail:
+qemu_del_net_client(>nc);
}
static int get_fds(char *str, char *fds[], int max)
--
2.28.0
