6:07 p.m.
Coverity reported a number of bugs against libvirt. I ran out
of time to get through them all today, but there are certainly
some real doozies in here. I've blamed commits where non-trivial
bugs were introduced, to help distros decide if things need
back-porting (I think that leaks on OOM situations and coverity
false positives are not serious enough to warrant a back-port).
These patches are pretty much independent (can be applied in any
order); I suppose I could have rebased it to order the series by
severity, oh well.
Eric Blake (10):
command: avoid leak on failure
libvirtd: avoid leak on failure
storage: avoid memory leak
storage: avoid memory leak on stat failure
lock: avoid leak on failure
remote: avoid leak on failure
qemu: avoid memory leak on vcpupin
event: avoid memory leak on cleanup
build: silence coverity false positive
build: silence coverity false positive
daemon/libvirtd.c | 4 +++-
daemon/remote.c | 1 +
src/conf/domain_event.c | 3 ++-
src/locking/lock_manager.c | 3 ++-
src/qemu/qemu_process.c | 21 +++++++++++++--------
src/remote/remote_driver.c | 7 ++++++-
src/storage/storage_backend_fs.c | 15 +--------------
src/util/command.c | 5 ++++-
src/util/storage_file.c | 15 +++++++--------
9 files changed, 39 insertions(+), 35 deletions(-)
--
1.7.4.4
6:07 p.m.
New subject: [libvirt] [PATCH 01/10] command: avoid leak on failure
Detected by Coverity. While it is possible on OOM condition, as
well as with bad code that passes binary == NULL, it is unlikely
to be encountered in the wild.
* src/util/command.c (virCommandNewArgList): Don't leak memory.
---
src/util/command.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/util/command.c b/src/util/command.c
index 288958e..a2f7ff6 100644
--- a/src/util/command.c
+++ b/src/util/command.c
@@ -142,7 +142,7 @@ virCommandNewArgList(const char *binary, ...)
const char *arg;
if (!cmd || cmd->has_error)
- return NULL;
+ return cmd;
va_start(list, binary);
while ((arg = va_arg(list, const char *)) != NULL)
--
1.7.4.4
7:26 p.m.
New subject: [libvirt] [PATCH 01/10] command: avoid leak on failure
On Thu, Jun 02, 2011 at 05:07:53PM -0600, Eric Blake wrote:
Detected by Coverity. While it is possible on OOM condition, as
well as with bad code that passes binary == NULL, it is unlikely
to be encountered in the wild.
* src/util/command.c (virCommandNewArgList): Don't leak memory.
---
src/util/command.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/src/util/command.c b/src/util/command.c
index 288958e..a2f7ff6 100644
--- a/src/util/command.c
+++ b/src/util/command.c
@@ -142,7 +142,7 @@ virCommandNewArgList(const char *binary, ...)
const char *arg;
if (!cmd || cmd->has_error)
- return NULL;
+ return cmd;
va_start(list, binary);
while ((arg = va_arg(list, const char *)) != NULL)
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:07 p.m.
New subject: [libvirt] [PATCH 02/10] libvirtd: avoid leak on failure
Spotted by Coverity. Only possible on an OOM condition, so
unlikely to bite in the wild.
* daemon/libvirtd.c (qemudSetLogging): Don't leak memory.
---
daemon/libvirtd.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index aec81cf..728031f 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -2779,8 +2779,10 @@ qemudSetLogging(struct qemud_server *server, virConfPtr conf,
goto free_and_fail;
if (virAsprintf(&tmp, "%d:file:%s/.libvirt/libvirtd.log",
- virLogGetDefaultPriority(), userdir) == -1)
+ virLogGetDefaultPriority(), userdir) == -1) {
+ VIR_FREE(userdir);
goto out_of_memory;
+ }
}
} else {
if (virAsprintf(&tmp, "%d:stderr", virLogGetDefaultPriority())
< 0)
--
1.7.4.4
7:30 p.m.
New subject: [libvirt] [PATCH 02/10] libvirtd: avoid leak on failure
On Thu, Jun 02, 2011 at 05:07:54PM -0600, Eric Blake wrote:
Spotted by Coverity. Only possible on an OOM condition, so
unlikely to bite in the wild.
* daemon/libvirtd.c (qemudSetLogging): Don't leak memory.
---
daemon/libvirtd.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index aec81cf..728031f 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -2779,8 +2779,10 @@ qemudSetLogging(struct qemud_server *server, virConfPtr conf,
goto free_and_fail;
if (virAsprintf(&tmp, "%d:file:%s/.libvirt/libvirtd.log",
- virLogGetDefaultPriority(), userdir) == -1)
+ virLogGetDefaultPriority(), userdir) == -1) {
+ VIR_FREE(userdir);
goto out_of_memory;
+ }
}
} else {
if (virAsprintf(&tmp, "%d:stderr", virLogGetDefaultPriority())
< 0)
ACK, userdir is defined only on the local scope, so that's the best way
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:07 p.m.
New subject: [libvirt] [PATCH 03/10] storage: avoid memory leak
Coverity detected that options was being set by strdup but never
freed. But why even bother with an options variable? The options
parameter never changes! Leak present since commit 44948f5b (0.7.0).
This function could probably be rewritten to take better advantage
of virCommand, but that is more invasive.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemMount): Avoid wasted strdup, and
guarantee proper cleanup on all paths.
---
src/storage/storage_backend_fs.c | 15 +--------------
1 files changed, 1 insertions(+), 14 deletions(-)
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
index 3f4d978..207669a 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -317,7 +317,6 @@ virStorageBackendFileSystemIsMounted(virStoragePoolObjPtr pool) {
static int
virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
char *src;
- char *options = NULL;
const char **mntargv;
/* 'mount -t auto' doesn't seem to auto determine nfs (or cifs),
@@ -328,7 +327,6 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
int glusterfs = (pool->def->type == VIR_STORAGE_POOL_NETFS &&
pool->def->source.format == VIR_STORAGE_POOL_NETFS_GLUSTERFS);
- int option_index;
int source_index;
const char *netfs_auto_argv[] = {
@@ -358,7 +356,7 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
virStoragePoolFormatFileSystemNetTypeToString(pool->def->source.format),
NULL,
"-o",
- NULL,
+ "direct-io-mode=1",
pool->def->target.path,
NULL,
};
@@ -369,7 +367,6 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
} else if (glusterfs) {
mntargv = glusterfs_argv;
source_index = 3;
- option_index = 5;
} else {
mntargv = fs_argv;
source_index = 3;
@@ -405,12 +402,6 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
}
if (pool->def->type == VIR_STORAGE_POOL_NETFS) {
- if (pool->def->source.format == VIR_STORAGE_POOL_NETFS_GLUSTERFS) {
- if ((options = strdup("direct-io-mode=1")) == NULL) {
- virReportOOMError();
- return -1;
- }
- }
if (virAsprintf(&src, "%s:%s",
pool->def->source.host.name,
pool->def->source.dir) == -1) {
@@ -426,10 +417,6 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
}
mntargv[source_index] = src;
- if (glusterfs) {
- mntargv[option_index] = options;
- }
-
if (virRun(mntargv, NULL) < 0) {
VIR_FREE(src);
return -1;
--
1.7.4.4
7:38 p.m.
New subject: [libvirt] [PATCH 03/10] storage: avoid memory leak
On Thu, Jun 02, 2011 at 05:07:55PM -0600, Eric Blake wrote:
Coverity detected that options was being set by strdup but never
freed. But why even bother with an options variable? The options
parameter never changes! Leak present since commit 44948f5b (0.7.0).
This function could probably be rewritten to take better advantage
of virCommand, but that is more invasive.
* src/storage/storage_backend_fs.c
(virStorageBackendFileSystemMount): Avoid wasted strdup, and
guarantee proper cleanup on all paths.
---
src/storage/storage_backend_fs.c | 15 +--------------
1 files changed, 1 insertions(+), 14 deletions(-)
diff --git a/src/storage/storage_backend_fs.c b/src/storage/storage_backend_fs.c
index 3f4d978..207669a 100644
--- a/src/storage/storage_backend_fs.c
+++ b/src/storage/storage_backend_fs.c
@@ -317,7 +317,6 @@ virStorageBackendFileSystemIsMounted(virStoragePoolObjPtr pool) {
static int
virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
char *src;
- char *options = NULL;
const char **mntargv;
/* 'mount -t auto' doesn't seem to auto determine nfs (or cifs),
@@ -328,7 +327,6 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
int glusterfs = (pool->def->type == VIR_STORAGE_POOL_NETFS &&
pool->def->source.format == VIR_STORAGE_POOL_NETFS_GLUSTERFS);
- int option_index;
int source_index;
const char *netfs_auto_argv[] = {
@@ -358,7 +356,7 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
virStoragePoolFormatFileSystemNetTypeToString(pool->def->source.format),
NULL,
"-o",
- NULL,
+ "direct-io-mode=1",
pool->def->target.path,
NULL,
};
@@ -369,7 +367,6 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
} else if (glusterfs) {
mntargv = glusterfs_argv;
source_index = 3;
- option_index = 5;
} else {
mntargv = fs_argv;
source_index = 3;
@@ -405,12 +402,6 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
}
if (pool->def->type == VIR_STORAGE_POOL_NETFS) {
- if (pool->def->source.format == VIR_STORAGE_POOL_NETFS_GLUSTERFS) {
- if ((options = strdup("direct-io-mode=1")) == NULL) {
- virReportOOMError();
- return -1;
- }
- }
if (virAsprintf(&src, "%s:%s",
pool->def->source.host.name,
pool->def->source.dir) == -1) {
@@ -426,10 +417,6 @@ virStorageBackendFileSystemMount(virStoragePoolObjPtr pool) {
}
mntargv[source_index] = src;
- if (glusterfs) {
- mntargv[option_index] = options;
- }
-
if (virRun(mntargv, NULL) < 0) {
VIR_FREE(src);
return -1;
Okay it seems we unconditionally set this option for glusterfs, but
I'm still confused by the initial author intent there. It would be good
if someone else could double check, this looks good but I'm not 100%
sure and glusterfs is not used that often.
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
9:37 a.m.
New subject: [libvirt] [PATCH 03/10] storage: avoid memory leak
On 06/02/2011 06:38 PM, Daniel Veillard wrote:
On Thu, Jun 02, 2011 at 05:07:55PM -0600, Eric Blake wrote:
> Coverity detected that options was being set by strdup but never
> freed. But why even bother with an options variable? The options
> parameter never changes! Leak present since commit 44948f5b (0.7.0).
>
> This function could probably be rewritten to take better advantage
> of virCommand, but that is more invasive.
>
Okay it seems we unconditionally set this option for glusterfs, but
I'm still confused by the initial author intent there. It would be good
if someone else could double check, this looks good but I'm not 100%
sure and glusterfs is not used that often.
Thanks for the reviews. I'm pushing this as-is (along with the rest of
the ack'd series); if someone more familiar with glusterfs speaks up, we
can revisit that post-release as part of the more invasive rewrite to
use virCommand instead of virRun.
Now off to round 2 of coverity analysis :)
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org
6:07 p.m.
New subject: [libvirt] [PATCH 04/10] storage: avoid memory leak on stat failure
Spotted by coverity. Triggers on failed stat, although I'm not sure
how easy that condition is, so I'm not sure if this is a runtime
memory hog. Regression introduced in commit 8077d64 (unreleased).
* src/util/storage_file.c (virStorageFileGetMetadataFromFD):
Reduce need for malloc, avoiding a leak.
---
src/util/storage_file.c | 15 +++++++--------
1 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
index 8dbd933..6b3b756 100644
--- a/src/util/storage_file.c
+++ b/src/util/storage_file.c
@@ -831,11 +831,6 @@ virStorageFileGetMetadataFromFD(const char *path,
int ret = -1;
struct stat sb;
- if (VIR_ALLOC_N(head, len) < 0) {
- virReportOOMError();
- return -1;
- }
-
memset(meta, 0, sizeof (*meta));
if (fstat(fd, &sb) < 0) {
@@ -847,13 +842,17 @@ virStorageFileGetMetadataFromFD(const char *path,
/* No header to probe for directories */
if (S_ISDIR(sb.st_mode)) {
- ret = 0;
- goto cleanup;
+ return 0;
}
if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
virReportSystemError(errno, _("cannot seek to start of '%s'"),
path);
- goto cleanup;
+ return -1;
+ }
+
+ if (VIR_ALLOC_N(head, len) < 0) {
+ virReportOOMError();
+ return -1;
}
if ((len = read(fd, head, len)) < 0) {
--
1.7.4.4
7:53 p.m.
New subject: [libvirt] [PATCH 04/10] storage: avoid memory leak on stat failure
On Thu, Jun 02, 2011 at 05:07:56PM -0600, Eric Blake wrote:
Spotted by coverity. Triggers on failed stat, although I'm not
sure
how easy that condition is, so I'm not sure if this is a runtime
memory hog. Regression introduced in commit 8077d64 (unreleased).
* src/util/storage_file.c (virStorageFileGetMetadataFromFD):
Reduce need for malloc, avoiding a leak.
---
src/util/storage_file.c | 15 +++++++--------
1 files changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/util/storage_file.c b/src/util/storage_file.c
index 8dbd933..6b3b756 100644
--- a/src/util/storage_file.c
+++ b/src/util/storage_file.c
@@ -831,11 +831,6 @@ virStorageFileGetMetadataFromFD(const char *path,
int ret = -1;
struct stat sb;
- if (VIR_ALLOC_N(head, len) < 0) {
- virReportOOMError();
- return -1;
- }
-
memset(meta, 0, sizeof (*meta));
if (fstat(fd, &sb) < 0) {
@@ -847,13 +842,17 @@ virStorageFileGetMetadataFromFD(const char *path,
/* No header to probe for directories */
if (S_ISDIR(sb.st_mode)) {
- ret = 0;
- goto cleanup;
+ return 0;
}
if (lseek(fd, 0, SEEK_SET) == (off_t)-1) {
virReportSystemError(errno, _("cannot seek to start of '%s'"),
path);
- goto cleanup;
+ return -1;
+ }
+
+ if (VIR_ALLOC_N(head, len) < 0) {
+ virReportOOMError();
+ return -1;
}
if ((len = read(fd, head, len)) < 0) {
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:07 p.m.
New subject: [libvirt] [PATCH 05/10] lock: avoid leak on failure
Detected by Coverity. Only possible on OOM situations.
* src/locking/lock_manager.c (virLockManagerPluginNew): Plug leak.
---
src/locking/lock_manager.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/locking/lock_manager.c b/src/locking/lock_manager.c
index 6197fd4..138cc91 100644
--- a/src/locking/lock_manager.c
+++ b/src/locking/lock_manager.c
@@ -120,7 +120,7 @@ virLockManagerPluginPtr virLockManagerPluginNew(const char *name,
{
void *handle = NULL;
virLockDriverPtr driver;
- virLockManagerPluginPtr plugin;
+ virLockManagerPluginPtr plugin = NULL;
const char *moddir = getenv("LIBVIRT_LOCK_MANAGER_PLUGIN_DIR");
char *modfile = NULL;
@@ -182,6 +182,7 @@ virLockManagerPluginPtr virLockManagerPluginNew(const char *name,
return plugin;
cleanup:
+ VIR_FREE(plugin);
VIR_FREE(modfile);
if (handle)
dlclose(handle);
--
1.7.4.4
7:54 p.m.
New subject: [libvirt] [PATCH 05/10] lock: avoid leak on failure
On Thu, Jun 02, 2011 at 05:07:57PM -0600, Eric Blake wrote:
Detected by Coverity. Only possible on OOM situations.
* src/locking/lock_manager.c (virLockManagerPluginNew): Plug leak.
---
src/locking/lock_manager.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/locking/lock_manager.c b/src/locking/lock_manager.c
index 6197fd4..138cc91 100644
--- a/src/locking/lock_manager.c
+++ b/src/locking/lock_manager.c
@@ -120,7 +120,7 @@ virLockManagerPluginPtr virLockManagerPluginNew(const char *name,
{
void *handle = NULL;
virLockDriverPtr driver;
- virLockManagerPluginPtr plugin;
+ virLockManagerPluginPtr plugin = NULL;
const char *moddir = getenv("LIBVIRT_LOCK_MANAGER_PLUGIN_DIR");
char *modfile = NULL;
@@ -182,6 +182,7 @@ virLockManagerPluginPtr virLockManagerPluginNew(const char *name,
return plugin;
cleanup:
+ VIR_FREE(plugin);
VIR_FREE(modfile);
if (handle)
dlclose(handle);
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:07 p.m.
New subject: [libvirt] [PATCH 06/10] remote: avoid leak on failure
Detected by Coverity. Only possible in OOM situations.
* daemon/remote.c (remoteDispatchDomainScreenshot): Plug leak.
---
daemon/remote.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 2a32ee8..49058f2 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1453,6 +1453,7 @@ remoteDispatchDomainScreenshot(struct qemud_server *server
ATTRIBUTE_UNUSED,
*mime_p = strdup(mime);
if (*mime_p == NULL) {
virReportOOMError();
+ VIR_FREE(mime_p);
goto cleanup;
}
--
1.7.4.4
7:55 p.m.
New subject: [libvirt] [PATCH 06/10] remote: avoid leak on failure
On Thu, Jun 02, 2011 at 05:07:58PM -0600, Eric Blake wrote:
Detected by Coverity. Only possible in OOM situations.
* daemon/remote.c (remoteDispatchDomainScreenshot): Plug leak.
---
daemon/remote.c | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/daemon/remote.c b/daemon/remote.c
index 2a32ee8..49058f2 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1453,6 +1453,7 @@ remoteDispatchDomainScreenshot(struct qemud_server *server
ATTRIBUTE_UNUSED,
*mime_p = strdup(mime);
if (*mime_p == NULL) {
virReportOOMError();
+ VIR_FREE(mime_p);
goto cleanup;
}
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:07 p.m.
New subject: [libvirt] [PATCH 07/10] qemu: avoid memory leak on vcpupin
Detected by Coverity. This leaked a cpumap on every iteration
of the loop. Leak introduced in commit 1cc4d02 (v0.9.0).
* src/qemu/qemu_process.c (qemuProcessSetVcpuAffinites): Plug
leak, and hoist allocation outside loop.
---
src/qemu/qemu_process.c | 21 +++++++++++++--------
1 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 116253e..f175d50 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -1195,6 +1195,8 @@ qemuProcessSetVcpuAffinites(virConnectPtr conn,
pid_t vcpupid;
unsigned char *cpumask;
int vcpu, cpumaplen, hostcpus, maxcpu;
+ unsigned char *cpumap = NULL;
+ int ret = -1;
if (virNodeGetInfo(conn, &nodeinfo) != 0) {
return -1;
@@ -1216,18 +1218,18 @@ qemuProcessSetVcpuAffinites(virConnectPtr conn,
if (maxcpu > hostcpus)
maxcpu = hostcpus;
+ if (VIR_ALLOC_N(cpumap, cpumaplen) < 0) {
+ virReportOOMError();
+ return -1;
+ }
+
for (vcpu = 0; vcpu < def->cputune.nvcpupin; vcpu++) {
if (vcpu != def->cputune.vcpupin[vcpu]->vcpuid)
continue;
int i;
- unsigned char *cpumap = NULL;
-
- if (VIR_ALLOC_N(cpumap, cpumaplen) < 0) {
- virReportOOMError();
- return -1;
- }
+ memset(cpumap, 0, cpumaplen);
cpumask = (unsigned char *)def->cputune.vcpupin[vcpu]->cpumask;
vcpupid = priv->vcpupids[vcpu];
@@ -1249,11 +1251,14 @@ qemuProcessSetVcpuAffinites(virConnectPtr conn,
cpumap,
cpumaplen,
maxcpu) < 0) {
- return -1;
+ goto cleanup;
}
}
- return 0;
+ ret = 0;
+cleanup:
+ VIR_FREE(cpumap);
+ return ret;
}
static int
--
1.7.4.4
7:57 p.m.
New subject: [libvirt] [PATCH 07/10] qemu: avoid memory leak on vcpupin
On Thu, Jun 02, 2011 at 05:07:59PM -0600, Eric Blake wrote:
Detected by Coverity. This leaked a cpumap on every iteration
of the loop. Leak introduced in commit 1cc4d02 (v0.9.0).
* src/qemu/qemu_process.c (qemuProcessSetVcpuAffinites): Plug
leak, and hoist allocation outside loop.
---
src/qemu/qemu_process.c | 21 +++++++++++++--------
1 files changed, 13 insertions(+), 8 deletions(-)
diff --git a/src/qemu/qemu_process.c b/src/qemu/qemu_process.c
index 116253e..f175d50 100644
--- a/src/qemu/qemu_process.c
+++ b/src/qemu/qemu_process.c
@@ -1195,6 +1195,8 @@ qemuProcessSetVcpuAffinites(virConnectPtr conn,
pid_t vcpupid;
unsigned char *cpumask;
int vcpu, cpumaplen, hostcpus, maxcpu;
+ unsigned char *cpumap = NULL;
+ int ret = -1;
if (virNodeGetInfo(conn, &nodeinfo) != 0) {
return -1;
@@ -1216,18 +1218,18 @@ qemuProcessSetVcpuAffinites(virConnectPtr conn,
if (maxcpu > hostcpus)
maxcpu = hostcpus;
+ if (VIR_ALLOC_N(cpumap, cpumaplen) < 0) {
+ virReportOOMError();
+ return -1;
+ }
+
for (vcpu = 0; vcpu < def->cputune.nvcpupin; vcpu++) {
if (vcpu != def->cputune.vcpupin[vcpu]->vcpuid)
continue;
int i;
- unsigned char *cpumap = NULL;
-
- if (VIR_ALLOC_N(cpumap, cpumaplen) < 0) {
- virReportOOMError();
- return -1;
- }
+ memset(cpumap, 0, cpumaplen);
cpumask = (unsigned char *)def->cputune.vcpupin[vcpu]->cpumask;
vcpupid = priv->vcpupids[vcpu];
@@ -1249,11 +1251,14 @@ qemuProcessSetVcpuAffinites(virConnectPtr conn,
cpumap,
cpumaplen,
maxcpu) < 0) {
- return -1;
+ goto cleanup;
}
}
- return 0;
+ ret = 0;
+cleanup:
+ VIR_FREE(cpumap);
+ return ret;
}
Whoops !!! ACK, better to allocate out of the loop, fix looks fine,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:08 p.m.
New subject: [libvirt] [PATCH 08/10] event: avoid memory leak on cleanup
Detected by Coverity. Introduced in commit aaf2b70, and turned into
a regression in the next few commits through 4e6e6672 (unreleased).
* src/conf/domain_event.c (virDomainEventStateFree): Free object,
per documentation.
---
src/conf/domain_event.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c
index 34a9d91..fabc1a5 100644
--- a/src/conf/domain_event.c
+++ b/src/conf/domain_event.c
@@ -1,7 +1,7 @@
/*
* domain_event.c: domain event queue processing helpers
*
- * Copyright (C) 2010 Red Hat, Inc.
+ * Copyright (C) 2010-2011 Red Hat, Inc.
* Copyright (C) 2008 VirtualIron
*
* This library is free software; you can redistribute it and/or
@@ -555,6 +555,7 @@ virDomainEventStateFree(virDomainEventStatePtr state)
if (state->timer != -1)
virEventRemoveTimeout(state->timer);
+ VIR_FREE(state);
}
/**
--
1.7.4.4
7:59 p.m.
New subject: [libvirt] [PATCH 08/10] event: avoid memory leak on cleanup
On Thu, Jun 02, 2011 at 05:08:00PM -0600, Eric Blake wrote:
Detected by Coverity. Introduced in commit aaf2b70, and turned into
a regression in the next few commits through 4e6e6672 (unreleased).
* src/conf/domain_event.c (virDomainEventStateFree): Free object,
per documentation.
---
src/conf/domain_event.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/conf/domain_event.c b/src/conf/domain_event.c
index 34a9d91..fabc1a5 100644
--- a/src/conf/domain_event.c
+++ b/src/conf/domain_event.c
@@ -1,7 +1,7 @@
/*
* domain_event.c: domain event queue processing helpers
*
- * Copyright (C) 2010 Red Hat, Inc.
+ * Copyright (C) 2010-2011 Red Hat, Inc.
* Copyright (C) 2008 VirtualIron
*
* This library is free software; you can redistribute it and/or
@@ -555,6 +555,7 @@ virDomainEventStateFree(virDomainEventStatePtr state)
if (state->timer != -1)
virEventRemoveTimeout(state->timer);
+ VIR_FREE(state);
}
ACK, otherwise we leak in various ways from different drivers,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:08 p.m.
New subject: [libvirt] [PATCH 09/10] build: silence coverity false positive
Coverity complained that infd could be -1 at the point where it is
passed to write, when in reality, this code can only be reached if
infd is non-negative.
* src/util/command.c (virCommandProcessIO): Help out coverity.
---
src/util/command.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/util/command.c b/src/util/command.c
index a2f7ff6..b51bdcf 100644
--- a/src/util/command.c
+++ b/src/util/command.c
@@ -961,6 +961,9 @@ virCommandProcessIO(virCommandPtr cmd)
} else {
int done;
+ /* Coverity 5.3.0 can't see that we only get here if
+ * infd is in the set because it was non-negative. */
+ sa_assert(infd != -1);
done = write(infd, cmd->inbuf + inoff,
inlen - inoff);
if (done < 0) {
--
1.7.4.4
11:32 p.m.
New subject: [libvirt] [PATCH 09/10] build: silence coverity false positive
On Thu, Jun 02, 2011 at 05:08:01PM -0600, Eric Blake wrote:
Coverity complained that infd could be -1 at the point where it is
passed to write, when in reality, this code can only be reached if
infd is non-negative.
* src/util/command.c (virCommandProcessIO): Help out coverity.
---
src/util/command.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/src/util/command.c b/src/util/command.c
index a2f7ff6..b51bdcf 100644
--- a/src/util/command.c
+++ b/src/util/command.c
@@ -961,6 +961,9 @@ virCommandProcessIO(virCommandPtr cmd)
} else {
int done;
+ /* Coverity 5.3.0 can't see that we only get here if
+ * infd is in the set because it was non-negative. */
+ sa_assert(infd != -1);
done = write(infd, cmd->inbuf + inoff,
inlen - inoff);
if (done < 0) {
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:08 p.m.
New subject: [libvirt] [PATCH 10/10] build: silence coverity false positive
* src/remote/remote_driver.c (remoteGenericOpen): Help coverity.
---
src/remote/remote_driver.c | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 14c3d24..fcb4c14 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -2547,8 +2547,13 @@ remoteGenericOpen(virConnectPtr conn, virConnectAuthPtr auth,
struct private_data *priv;
int ret;
ret = remoteOpenSecondaryDriver(conn, auth, flags, &priv);
- if (ret == VIR_DRV_OPEN_SUCCESS)
+ if (ret == VIR_DRV_OPEN_SUCCESS) {
*genericPrivateData = priv;
+ } else {
+ /* Coverity 5.3.0 missed that remoteOpenSecondaryDriver
+ * guarantees priv is clean on failure. */
+ sa_assert(!priv);
+ }
return ret;
}
}
--
1.7.4.4
6:24 p.m.
New subject: [libvirt] [PATCHv2 10/10] build: silence coverity false positive
Coverity couldn't see that priv is clean on failure. But on failure,
we might as well guarantee that callers don't try to free uninitialized
memory.
* src/remote/remote_driver.c (remoteGenericOpen): Even on failure,
pass priv back to caller.
---
In reading my own mail, I decided that patch 10 can be made simpler.
v2: rewrite to avoid sa_assert and be more robust.
src/remote/remote_driver.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 14c3d24..8335a1a 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -2545,10 +2545,8 @@ remoteGenericOpen(virConnectPtr conn, virConnectAuthPtr auth,
* use the UNIX transport. This handles Xen driver
* which doesn't have its own impl of the network APIs. */
struct private_data *priv;
- int ret;
- ret = remoteOpenSecondaryDriver(conn, auth, flags, &priv);
- if (ret == VIR_DRV_OPEN_SUCCESS)
- *genericPrivateData = priv;
+ int ret = remoteOpenSecondaryDriver(conn, auth, flags, &priv);
+ *genericPrivateData = priv;
return ret;
}
}
--
1.7.4.4
11:34 p.m.
New subject: [libvirt] [PATCHv2 10/10] build: silence coverity false positive
On Thu, Jun 02, 2011 at 05:24:25PM -0600, Eric Blake wrote:
Coverity couldn't see that priv is clean on failure. But on
failure,
we might as well guarantee that callers don't try to free uninitialized
memory.
* src/remote/remote_driver.c (remoteGenericOpen): Even on failure,
pass priv back to caller.
---
In reading my own mail, I decided that patch 10 can be made simpler.
v2: rewrite to avoid sa_assert and be more robust.
src/remote/remote_driver.c | 6 ++----
1 files changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index 14c3d24..8335a1a 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -2545,10 +2545,8 @@ remoteGenericOpen(virConnectPtr conn, virConnectAuthPtr auth,
* use the UNIX transport. This handles Xen driver
* which doesn't have its own impl of the network APIs. */
struct private_data *priv;
- int ret;
- ret = remoteOpenSecondaryDriver(conn, auth, flags, &priv);
- if (ret == VIR_DRV_OPEN_SUCCESS)
- *genericPrivateData = priv;
+ int ret = remoteOpenSecondaryDriver(conn, auth, flags, &priv);
+ *genericPrivateData = priv;
return ret;
}
}
I really prefer the second version, ACK
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:42 p.m.
New subject: [libvirt] [PATCH 11/10] migrate: detect xml incompatibility
Detected by Coverity. Bug introduced in 08106e2044 (unreleased).
* src/conf/domain_conf.c (virDomainChannelDefCheckABIStability):
Use correct sizeof operand.
---
src/conf/domain_conf.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9975bca..0d9fef4 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7269,7 +7269,8 @@ static bool virDomainChannelDefCheckABIStability(virDomainChrDefPtr
src,
}
break;
case VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_GUESTFWD:
- if (memcmp(src->target.addr, dst->target.addr, sizeof(src->target.addr))
!= 0) {
+ if (memcmp(src->target.addr, dst->target.addr,
+ sizeof(*src->target.addr)) != 0) {
char *saddr = virSocketFormatAddrFull(src->target.addr, true,
":");
char *daddr = virSocketFormatAddrFull(dst->target.addr, true,
":");
virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED,
--
1.7.4.4
11:35 p.m.
New subject: [libvirt] [PATCH 11/10] migrate: detect xml incompatibility
On Thu, Jun 02, 2011 at 05:42:27PM -0600, Eric Blake wrote:
Detected by Coverity. Bug introduced in 08106e2044 (unreleased).
* src/conf/domain_conf.c (virDomainChannelDefCheckABIStability):
Use correct sizeof operand.
---
src/conf/domain_conf.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletions(-)
diff --git a/src/conf/domain_conf.c b/src/conf/domain_conf.c
index 9975bca..0d9fef4 100644
--- a/src/conf/domain_conf.c
+++ b/src/conf/domain_conf.c
@@ -7269,7 +7269,8 @@ static bool virDomainChannelDefCheckABIStability(virDomainChrDefPtr
src,
}
break;
case VIR_DOMAIN_CHR_CHANNEL_TARGET_TYPE_GUESTFWD:
- if (memcmp(src->target.addr, dst->target.addr,
sizeof(src->target.addr)) != 0) {
+ if (memcmp(src->target.addr, dst->target.addr,
+ sizeof(*src->target.addr)) != 0) {
char *saddr = virSocketFormatAddrFull(src->target.addr, true,
":");
char *daddr = virSocketFormatAddrFull(dst->target.addr, true,
":");
virDomainReportError(VIR_ERR_CONFIG_UNSUPPORTED,
Oops, good catch !!!
ACK,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
4921
days inactive
4922
days old
24 comments
2 participants
participants (2)
-
Daniel Veillard -
Eric Blake