From e215d8d12a912cc36ac8553cbe41f16ee6a0233c Mon Sep 17 00:00:00 2001 From: Leo Fang Date: Sat, 9 May 2020 16:17:17 +0800 Subject: [PATCH] migration: fix some memleaks Fix some memleaks for migration. Signed-off-by: Pan Nengyuan --- ...-error_free-after-migrate_set_error-.patch | 69 +++++++++++++++++++ ...x-memleaks-in-multifd_new_send_chann.patch | 54 +++++++++++++++ ...ix-a-memleak-on-error-path-in-rdma_s.patch | 43 ++++++++++++ qemu.spec | 8 +++ 4 files changed, 174 insertions(+) create mode 100644 migration-ram-Do-error_free-after-migrate_set_error-.patch create mode 100644 migration-ram-fix-memleaks-in-multifd_new_send_chann.patch create mode 100644 migration-rdma-fix-a-memleak-on-error-path-in-rdma_s.patch diff --git a/migration-ram-Do-error_free-after-migrate_set_error-.patch b/migration-ram-Do-error_free-after-migrate_set_error-.patch new file mode 100644 index 0000000..0039f43 --- /dev/null +++ b/migration-ram-Do-error_free-after-migrate_set_error-.patch @@ -0,0 +1,69 @@ +From 05d1fbd2390d441e5acb606dba3d308d506a8eb1 Mon Sep 17 00:00:00 2001 +From: Pan Nengyuan +Date: Tue, 5 May 2020 11:44:20 +0800 +Subject: [PATCH 1/3] migration/ram: Do error_free after migrate_set_error to + avoid memleaks + +If local_err is not NULL, it use error_copy to set migrate error in +multifd_send_terminate_threads. Thus, we should free it. + +Similarly, fix another leak in multifd_recv_thread. + +The leak stack: +Direct leak of 96 byte(s) in 2 object(s) allocated from: + #0 0xfffdd97fe938 in __interceptor_calloc (/lib64/libasan.so.4+0xee938) + #1 0xfffdd85a8bb0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x58bb0) + #2 0xaaadfc6e41c4 in error_setv util/error.c:61 + #3 0xaaadfc6e4880 in error_setg_errno_internal util/error.c:109 + #4 0xaaadfc6192a8 in qio_channel_socket_writev io/channel-socket.c:552 + #5 0xaaadfc614604 in qio_channel_writev_all io/channel.c:171 + #6 0xaaadfc6147ec in qio_channel_write_all io/channel.c:257 + #7 0xaaadfbaec5fc in multifd_send_thread /usr/src/debug/qemu-4.1.0-4_asan.aarch64/migration/ram.c:1145 + #8 0xaaadfc6db768 in qemu_thread_start util/qemu-thread-posix.c:502 + #9 0xfffdd79a88c8 (/lib64/libpthread.so.0+0x88c8) + #10 0xfffdd78e9578 (/lib64/libc.so.6+0xd9578) + +Indirect leak of 104 byte(s) in 2 object(s) allocated from: + #0 0xfffdd97feb40 in realloc (/lib64/libasan.so.4+0xeeb40) + #1 0xfffdd78fa6e0 in __vasprintf_chk (/lib64/libc.so.6+0xea6e0) + #2 0xfffdd85ee710 in g_vasprintf (/lib64/libglib-2.0.so.0+0x9e710) + #3 0xfffdd85c45c4 in g_strdup_vprintf (/lib64/libglib-2.0.so.0+0x745c4) + #4 0xfffdd85c4674 in g_strdup_printf (/lib64/libglib-2.0.so.0+0x74674) + #5 0xaaadfc6e4214 in error_setv util/error.c:65 + #6 0xaaadfc6e4880 in error_setg_errno_internal util/error.c:109 + #7 0xaaadfc6192a8 in qio_channel_socket_writev io/channel-socket.c:552 + #8 0xaaadfc614604 in qio_channel_writev_all io/channel.c:171 + #9 0xaaadfc6147ec in qio_channel_write_all io/channel.c:257 + #10 0xaaadfbaec5fc in multifd_send_thread /usr/src/debug/qemu-4.1.0-4_asan.aarch64/migration/ram.c:1145 + #11 0xaaadfc6db768 in qemu_thread_start util/qemu-thread-posix.c:502 + #12 0xfffdd79a88c8 (/lib64/libpthread.so.0+0x88c8) + #13 0xfffdd78e9578 (/lib64/libc.so.6+0xd9578) + +Reported-by: Euler Robot +Signed-off-by: Pan Nengyuan +--- + migration/ram.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/migration/ram.c b/migration/ram.c +index 1858d66c..6baf1412 100644 +--- a/migration/ram.c ++++ b/migration/ram.c +@@ -1176,6 +1176,7 @@ static void *multifd_send_thread(void *opaque) + out: + if (local_err) { + multifd_send_terminate_threads(local_err); ++ error_free(local_err); + } + + /* +@@ -1427,6 +1428,7 @@ static void *multifd_recv_thread(void *opaque) + + if (local_err) { + multifd_recv_terminate_threads(local_err); ++ error_free(local_err); + } + qemu_mutex_lock(&p->mutex); + p->running = false; +-- +2.23.0 diff --git a/migration-ram-fix-memleaks-in-multifd_new_send_chann.patch b/migration-ram-fix-memleaks-in-multifd_new_send_chann.patch new file mode 100644 index 0000000..f9cb2bf --- /dev/null +++ b/migration-ram-fix-memleaks-in-multifd_new_send_chann.patch @@ -0,0 +1,54 @@ +From 4d456b243a41a8e91535b2820fd6ed4f6fb4a194 Mon Sep 17 00:00:00 2001 +From: Pan Nengyuan +Date: Tue, 5 May 2020 15:50:54 +0800 +Subject: [PATCH 2/3] migration/ram: fix memleaks in + multifd_new_send_channel_async + +When error happen in multifd_new_send_channel_async, 'sioc' will not be used +to create the multifd_send_thread. Let's free it to avoid a memleak. And also +do error_free after migrate_set_error() to avoid another leak in the same place. + +The leak stack: +Direct leak of 2160 byte(s) in 6 object(s) allocated from: + #0 0xfffdd97fe754 in malloc (/lib64/libasan.so.4+0xee754) + #1 0xfffdd85a8b48 in g_malloc (/lib64/libglib-2.0.so.0+0x58b48) + #2 0xaaadfc4e2b10 in object_new_with_type qom/object.c:634 + #3 0xaaadfc619468 in qio_channel_socket_new io/channel-socket.c:56 + #4 0xaaadfc3d3e74 in socket_send_channel_create migration/socket.c:37 + #5 0xaaadfbaed6f4 in multifd_save_setup /usr/src/debug/qemu-4.1.0-4_asan.aarch64/migration/ram.c:1255 + #6 0xaaadfc3d2f78 in migrate_fd_connect migration/migration.c:3359 + #7 0xaaadfc3d6240 in migration_channel_connect migration/channel.c:101 + #8 0xaaadfc3d3590 in socket_outgoing_migration migration/socket.c:108 + #9 0xaaadfc625a64 in qio_task_complete io/task.c:195 + #10 0xaaadfc625ed0 in qio_task_thread_result io/task.c:111 + #11 0xfffdd859edec (/lib64/libglib-2.0.so.0+0x4edec) + #12 0xfffdd85a2a78 in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x52a78) + #13 0xaaadfc6d3b84 in glib_pollfds_poll util/main-loop.c:218 + #14 0xaaadfc6d3b84 in os_host_main_loop_wait util/main-loop.c:241 + #15 0xaaadfc6d3b84 in main_loop_wait util/main-loop.c:517 + #16 0xaaadfbf9206c in main_loop /usr/src/debug/qemu-4.1.0-4_asan.aarch64/vl.c:1791 + #17 0xaaadfba1b124 in main /usr/src/debug/qemu-4.1.0-4_asan.aarch64/vl.c:4473 + #18 0xfffdd7833f5c in __libc_start_main (/lib64/libc.so.6+0x23f5c) + #19 0xaaadfba26360 (/usr/libexec/qemu-kvm+0x886360) + +Reported-by: Euler Robot +Signed-off-by: Pan Nengyuan +--- + migration/ram.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/migration/ram.c b/migration/ram.c +index 6baf1412..840e3548 100644 +--- a/migration/ram.c ++++ b/migration/ram.c +@@ -1215,6 +1215,8 @@ static void multifd_new_send_channel_async(QIOTask *task, gpointer opaque) + * its status. + */ + p->quit = true; ++ object_unref(OBJECT(sioc)); ++ error_free(local_err); + } else { + p->c = QIO_CHANNEL(sioc); + qio_channel_set_delay(p->c, false); +-- +2.23.0 diff --git a/migration-rdma-fix-a-memleak-on-error-path-in-rdma_s.patch b/migration-rdma-fix-a-memleak-on-error-path-in-rdma_s.patch new file mode 100644 index 0000000..5e0fb10 --- /dev/null +++ b/migration-rdma-fix-a-memleak-on-error-path-in-rdma_s.patch @@ -0,0 +1,43 @@ +From 8ae2e3b8be812bcbdeb6151c685026bcaedd4a4b Mon Sep 17 00:00:00 2001 +From: Pan Nengyuan +Date: Sat, 9 May 2020 15:25:42 +0800 +Subject: [PATCH 3/3] migration/rdma: fix a memleak on error path in + rdma_start_incoming_migration + +'rdma->host' is malloced in qemu_rdma_data_init, but forgot to free on the error +path in rdma_start_incoming_migration(), this patch fix that. + +Direct leak of 2 byte(s) in 1 object(s) allocated from: + #0 0xfffce56d34fb in __interceptor_malloc (/lib64/libasan.so.4+0xd34fb) + #1 0xfffce5158aa3 in g_malloc (/lib64/libglib-2.0.so.0+0x58aa3) + #2 0xfffce5174213 in g_strdup (/lib64/libglib-2.0.so.0+0x74213) + #3 0xaaad7c569ddf in qemu_rdma_data_init /Images/qemu/migration/rdma.c:2647 + #4 0xaaad7c57c99f in rdma_start_incoming_migration /Images/qemu/migration/rdma.c:4020 + #5 0xaaad7c52b35f in qemu_start_incoming_migration /Images/qemu/migration/migration.c:371 + #6 0xaaad7be173bf in qemu_init /Images/qemu/softmmu/vl.c:4464 + #7 0xaaad7bb29843 in main /Images/qemu/softmmu/main.c:48 + #8 0xfffce3713f5f in __libc_start_main (/lib64/libc.so.6+0x23f5f) + #9 0xaaad7bb2bf73 (/Images/qemu/build/aarch64-softmmu/qemu-system-aarch64+0x8fbf73) + +Reported-by: Euler Robot +Signed-off-by: Pan Nengyuan +--- + migration/rdma.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/migration/rdma.c b/migration/rdma.c +index 3036221e..b5fdb6a7 100644 +--- a/migration/rdma.c ++++ b/migration/rdma.c +@@ -4068,6 +4068,9 @@ void rdma_start_incoming_migration(const char *host_port, Error **errp) + return; + err: + error_propagate(errp, local_err); ++ if (rdma) { ++ g_free(rdma->host); ++ } + g_free(rdma); + g_free(rdma_return_path); + } +-- +2.23.0 diff --git a/qemu.spec b/qemu.spec index 448cb89..9bc6f04 100644 --- a/qemu.spec +++ b/qemu.spec @@ -158,6 +158,9 @@ Patch0145: migration-multifd-fix-potential-wrong-acception-orde.patch Patch0146: migration-multifd-fix-destroyed-mutex-access-in-term.patch Patch0147: migration-multifd-fix-nullptr-access-in-multifd_send.patch Patch0148: vtimer-compat-cross-version-migration-from-v4.0.1.patch +Patch0149: migration-ram-Do-error_free-after-migrate_set_error-.patch +Patch0150: migration-ram-fix-memleaks-in-multifd_new_send_chann.patch +Patch0151: migration-rdma-fix-a-memleak-on-error-path-in-rdma_s.patch BuildRequires: flex BuildRequires: bison @@ -503,6 +506,11 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Sat May 9 2020 Huawei Technologies Co., Ltd. +- migration/ram: do error_free after migrate_set_error to avoid memleaks. +- migration/ram: fix memleaks in multifd_new_send_channel_async. +- migration/rdma: fix a memleak on error path in rdma_start_incoming_migration. + * Fri May 8 2020 Huawei Technologies Co., Ltd. - vtimer: compat cross version migration from v4.0.1