[PATCH] qemu: Don't double free @node_cpus in qemuProcessSetupPid()
When placing vCPUs into CGroups the qemuProcessSetupPid() is called which then enters a for() loop (around its middle) where it calls virDomainNumaGetNodeCpumask() for each guest NUMA node. But the latter returns only a pointer not new reference/copy and thus the caller must not free it. But the variable is decorated with g_autoptr() which leads to a double free. Signed-off-by: Michal Privoznik <mprivozn@redhat.com> --- src/qemu/qemu_process.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 05104e3098..92c1f0ab74 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2741,8 +2741,7 @@ qemuProcessSetupPid(virDomainObj *vm, /* Look for the guest NUMA node of this vCPU */ for (i = 0; i < virDomainNumaGetNodeCount(numatune); i++) { - g_autoptr(virBitmap) node_cpus = NULL; - node_cpus = virDomainNumaGetNodeCpumask(numatune, i); + virBitmap *node_cpus = virDomainNumaGetNodeCpumask(numatune, i); if (!virBitmapIsBitSet(node_cpus, id)) continue; -- 2.26.3
On a Friday in 2021, Michal Privoznik wrote:
When placing vCPUs into CGroups the qemuProcessSetupPid() is called which then enters a for() loop (around its middle) where it calls virDomainNumaGetNodeCpumask() for each guest NUMA node. But the latter returns only a pointer not new reference/copy and thus the caller must not free it. But the variable is decorated with g_autoptr() which leads to a double free.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Fixes: 2d37d8dbc987d1998b4ad8029ba324b6bfe49799 Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
--- src/qemu/qemu_process.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c index 05104e3098..92c1f0ab74 100644 --- a/src/qemu/qemu_process.c +++ b/src/qemu/qemu_process.c @@ -2741,8 +2741,7 @@ qemuProcessSetupPid(virDomainObj *vm,
/* Look for the guest NUMA node of this vCPU */ for (i = 0; i < virDomainNumaGetNodeCount(numatune); i++) { - g_autoptr(virBitmap) node_cpus = NULL; - node_cpus = virDomainNumaGetNodeCpumask(numatune, i); + virBitmap *node_cpus = virDomainNumaGetNodeCpumask(numatune, i);
if (!virBitmapIsBitSet(node_cpus, id)) continue; -- 2.26.3
On 4/23/21 10:56 AM, Ján Tomko wrote:
On a Friday in 2021, Michal Privoznik wrote:
When placing vCPUs into CGroups the qemuProcessSetupPid() is called which then enters a for() loop (around its middle) where it calls virDomainNumaGetNodeCpumask() for each guest NUMA node. But the latter returns only a pointer not new reference/copy and thus the caller must not free it. But the variable is decorated with g_autoptr() which leads to a double free.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Fixes: 2d37d8dbc987d1998b4ad8029ba324b6bfe49799
Yeah, I thought about adding it here, but then figured it's int the same release as this patch is going to be. And I guess nobody backports features. So what are the rules for putting "fixes"?
Reviewed-by: Ján Tomko <jtomko@redhat.com>
Pushed, thanks. Michal
participants (2)
-
Ján Tomko -
Michal Privoznik