6:58 a.m.
If we call virStreamFinish and virStreamAbort from 2 distinct
threads for example we can have access to freed memory.
Because when virStreamFinish finishes for example virStreamAbort
yet to be finished and it access virNetClientStreamPtr object
in stream->privateData.
Also it does not make sense to clear @driver field. After
stream is finished/aborted it is better to have appropriate
error message instead of "unsupported error".
This commit reverts [1] or virNetClientStreamPtr and
virStreamPtr will never be unrefed due to cyclic dependency.
Before this patch we don't have leaks because all execution
paths we call virStreamFinish or virStreamAbort.
[1] 8b6ffe40 : virNetClientStreamNew: Track origin stream
Signed-off-by: Nikolay Shirokovskiy <nshirokovskiy(a)virtuozzo.com>
---
src/datatypes.c | 2 ++
src/datatypes.h | 1 +
src/remote/remote_driver.c | 11 ++++-------
src/rpc/gendispatch.pl | 3 ++-
src/rpc/virnetclientstream.c | 7 +------
src/rpc/virnetclientstream.h | 3 +--
6 files changed, 11 insertions(+), 16 deletions(-)
diff --git a/src/datatypes.c b/src/datatypes.c
index 09f63d9..be9b528 100644
--- a/src/datatypes.c
+++ b/src/datatypes.c
@@ -763,6 +763,8 @@ virStreamDispose(void *obj)
virStreamPtr st = obj;
VIR_DEBUG("release dev %p", st);
+ if (st->ff)
+ st->ff(st->privateData);
virObjectUnref(st->conn);
}
diff --git a/src/datatypes.h b/src/datatypes.h
index 529b340..1201567 100644
--- a/src/datatypes.h
+++ b/src/datatypes.h
@@ -665,6 +665,7 @@ struct _virStream {
virStreamDriverPtr driver;
void *privateData;
+ virFreeCallback ff;
};
/**
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 1ff55e2..2861ee6 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -5835,9 +5835,6 @@ remoteStreamCloseInt(virStreamPtr st, bool streamAbort)
priv->localUses--;
virNetClientRemoveStream(priv->client, privst);
- virObjectUnref(privst);
- st->privateData = NULL;
- st->driver = NULL;
remoteDriverUnlock(priv);
return ret;
@@ -6177,8 +6174,7 @@ remoteDomainMigratePrepareTunnel3(virConnectPtr dconn,
memset(&args, 0, sizeof(args));
memset(&ret, 0, sizeof(ret));
- if (!(netst = virNetClientStreamNew(st,
- priv->remoteProgram,
+ if (!(netst = virNetClientStreamNew(priv->remoteProgram,
REMOTE_PROC_DOMAIN_MIGRATE_PREPARE_TUNNEL3,
priv->counter,
false)))
@@ -6191,6 +6187,7 @@ remoteDomainMigratePrepareTunnel3(virConnectPtr dconn,
st->driver = &remoteStreamDrv;
st->privateData = netst;
+ st->ff = virObjectFreeCallback;
args.cookie_in.cookie_in_val = (char *)cookiein;
args.cookie_in.cookie_in_len = cookieinlen;
@@ -7142,8 +7139,7 @@ remoteDomainMigratePrepareTunnel3Params(virConnectPtr dconn,
goto cleanup;
}
- if (!(netst = virNetClientStreamNew(st,
- priv->remoteProgram,
+ if (!(netst = virNetClientStreamNew(priv->remoteProgram,
REMOTE_PROC_DOMAIN_MIGRATE_PREPARE_TUNNEL3_PARAMS,
priv->counter,
false)))
@@ -7156,6 +7152,7 @@ remoteDomainMigratePrepareTunnel3Params(virConnectPtr dconn,
st->driver = &remoteStreamDrv;
st->privateData = netst;
+ st->ff = virObjectFreeCallback;
if (call(dconn, priv, 0, REMOTE_PROC_DOMAIN_MIGRATE_PREPARE_TUNNEL3_PARAMS,
(xdrproc_t) xdr_remote_domain_migrate_prepare_tunnel3_params_args,
diff --git a/src/rpc/gendispatch.pl b/src/rpc/gendispatch.pl
index ce4db5d..ae3a42c 100755
--- a/src/rpc/gendispatch.pl
+++ b/src/rpc/gendispatch.pl
@@ -1804,7 +1804,7 @@ elsif ($mode eq "client") {
if ($call->{streamflag} ne "none") {
print "\n";
- print " if (!(netst = virNetClientStreamNew(st,
priv->remoteProgram, $call->{constname}, priv->counter, sparse)))\n";
+ print " if (!(netst = virNetClientStreamNew(priv->remoteProgram,
$call->{constname}, priv->counter, sparse)))\n";
print " goto done;\n";
print "\n";
print " if (virNetClientAddStream(priv->client, netst) < 0)
{\n";
@@ -1814,6 +1814,7 @@ elsif ($mode eq "client") {
print "\n";
print " st->driver = &remoteStreamDrv;\n";
print " st->privateData = netst;\n";
+ print " st->ff = virObjectFreeCallback;\n";
}
if ($call->{ProcName} eq "SupportsFeature") {
diff --git a/src/rpc/virnetclientstream.c b/src/rpc/virnetclientstream.c
index 713307c..cfdaa74 100644
--- a/src/rpc/virnetclientstream.c
+++ b/src/rpc/virnetclientstream.c
@@ -34,8 +34,6 @@ VIR_LOG_INIT("rpc.netclientstream");
struct _virNetClientStream {
virObjectLockable parent;
- virStreamPtr stream; /* Reverse pointer to parent stream */
-
virNetClientProgramPtr prog;
int proc;
unsigned serial;
@@ -133,8 +131,7 @@ virNetClientStreamEventTimer(int timer ATTRIBUTE_UNUSED, void
*opaque)
}
-virNetClientStreamPtr virNetClientStreamNew(virStreamPtr stream,
- virNetClientProgramPtr prog,
+virNetClientStreamPtr virNetClientStreamNew(virNetClientProgramPtr prog,
int proc,
unsigned serial,
bool allowSkip)
@@ -147,7 +144,6 @@ virNetClientStreamPtr virNetClientStreamNew(virStreamPtr stream,
if (!(st = virObjectLockableNew(virNetClientStreamClass)))
return NULL;
- st->stream = virObjectRef(stream);
st->prog = virObjectRef(prog);
st->proc = proc;
st->serial = serial;
@@ -167,7 +163,6 @@ void virNetClientStreamDispose(void *obj)
virNetMessageFree(msg);
}
virObjectUnref(st->prog);
- virObjectUnref(st->stream);
}
bool virNetClientStreamMatches(virNetClientStreamPtr st,
diff --git a/src/rpc/virnetclientstream.h b/src/rpc/virnetclientstream.h
index d81ec60..49b74bc 100644
--- a/src/rpc/virnetclientstream.h
+++ b/src/rpc/virnetclientstream.h
@@ -30,8 +30,7 @@ typedef virNetClientStream *virNetClientStreamPtr;
typedef void (*virNetClientStreamEventCallback)(virNetClientStreamPtr stream,
int events, void *opaque);
-virNetClientStreamPtr virNetClientStreamNew(virStreamPtr stream,
- virNetClientProgramPtr prog,
+virNetClientStreamPtr virNetClientStreamNew(virNetClientProgramPtr prog,
int proc,
unsigned serial,
bool allowSkip);
--
1.8.3.1