Re: [PATCH 5/5] net/tap: net_init_tap_one(): fix net-client leak on failure path
12.01.2021 07:53, Jason Wang wrote: On 2020/12/22 上午3:06, Vladimir Sementsov-Ogievskiy wrote: net_tap_fd_init() allocates new NetClientState through qemu_new_net_client(). We should free it on failure path. Signed-off-by: Vladimir Sementsov-Ogievskiy --- Attention: it's an intuitive patch. I see, that net-client is leaked. May be it's still freed some tricky way? And I don't understand the whole logic of qemu_del_net_client(), it's just the only public interface to free net-client I found. Your patch looks correct and it's indeed a leak. I wonder whether it's better to do the cleanup in the free_fail label in net_init_tap(). The reason is that we need deal with case of multiqueue. Though qemu_del_net_client() can handle this but it's not clear if we do it in net_init_tap_one(). Sorry for so long delay :( Now I'm thinking about reviving this series. But I don't understand what you mean about multiqueue.. I think, if some function allocates a resource, we should release the resource on failure path in this function, not in the caller. Good functions tries to roll-back any visible changes on failure.. What am I missing? net/tap.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/net/tap.c b/net/tap.c index 89ea04862b..ba4c34af3d 100644 --- a/net/tap.c +++ b/net/tap.c @@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, ret = tap_set_sndbuf(s->fd, tap, errp); if (ret < 0) { - return; + goto fail; } if (tap->has_fd || tap->has_fds) { @@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, if (ret < 0) { if (tap->has_vhostforce && tap->vhostforce) { error_propagate(errp, err); + goto fail; } else { warn_report_err(err); } } } else if (vhostfdname) { error_setg(errp, "vhostfd(s)= is not valid without vhost"); + goto fail; } + + return; + +fail: + qemu_del_net_client(>nc); } static int get_fds(char *str, char *fds[], int max) -- Best regards, Vladimir
Re: [PATCH 5/5] net/tap: net_init_tap_one(): fix net-client leak on failure path
On 2020/12/22 上午3:06, Vladimir Sementsov-Ogievskiy wrote: net_tap_fd_init() allocates new NetClientState through qemu_new_net_client(). We should free it on failure path. Signed-off-by: Vladimir Sementsov-Ogievskiy --- Attention: it's an intuitive patch. I see, that net-client is leaked. May be it's still freed some tricky way? And I don't understand the whole logic of qemu_del_net_client(), it's just the only public interface to free net-client I found. Your patch looks correct and it's indeed a leak. I wonder whether it's better to do the cleanup in the free_fail label in net_init_tap(). The reason is that we need deal with case of multiqueue. Though qemu_del_net_client() can handle this but it's not clear if we do it in net_init_tap_one(). Thanks net/tap.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/net/tap.c b/net/tap.c index 89ea04862b..ba4c34af3d 100644 --- a/net/tap.c +++ b/net/tap.c @@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, ret = tap_set_sndbuf(s->fd, tap, errp); if (ret < 0) { -return; +goto fail; } if (tap->has_fd || tap->has_fds) { @@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, if (ret < 0) { if (tap->has_vhostforce && tap->vhostforce) { error_propagate(errp, err); +goto fail; } else { warn_report_err(err); } } } else if (vhostfdname) { error_setg(errp, "vhostfd(s)= is not valid without vhost"); +goto fail; } + +return; + +fail: +qemu_del_net_client(>nc); } static int get_fds(char *str, char *fds[], int max)
[PATCH 5/5] net/tap: net_init_tap_one(): fix net-client leak on failure path
net_tap_fd_init() allocates new NetClientState through qemu_new_net_client(). We should free it on failure path. Signed-off-by: Vladimir Sementsov-Ogievskiy --- Attention: it's an intuitive patch. I see, that net-client is leaked. May be it's still freed some tricky way? And I don't understand the whole logic of qemu_del_net_client(), it's just the only public interface to free net-client I found. net/tap.c | 9 - 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/net/tap.c b/net/tap.c index 89ea04862b..ba4c34af3d 100644 --- a/net/tap.c +++ b/net/tap.c @@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, ret = tap_set_sndbuf(s->fd, tap, errp); if (ret < 0) { -return; +goto fail; } if (tap->has_fd || tap->has_fds) { @@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap, NetClientState *peer, if (ret < 0) { if (tap->has_vhostforce && tap->vhostforce) { error_propagate(errp, err); +goto fail; } else { warn_report_err(err); } } } else if (vhostfdname) { error_setg(errp, "vhostfd(s)= is not valid without vhost"); +goto fail; } + +return; + +fail: +qemu_del_net_client(>nc); } static int get_fds(char *str, char *fds[], int max) -- 2.28.0