[libvirt] [PATCH 11/14] xen: Resource resource leak with 'cpuset'
John Ferlan
jferlan at redhat.com
Wed Jan 9 18:50:41 UTC 2013
On 01/09/2013 11:55 AM, Laine Stump wrote:
> (you duplicated "resource" in the subject line)
>
Missed that one... Will fix.
> On 01/09/2013 09:54 AM, John Ferlan wrote:
>> Make cpuset local to the while loop and free it once done with it each
>> time through the loop.
>> ---
>> src/xen/xend_internal.c | 12 ++++++------
>> 1 file changed, 6 insertions(+), 6 deletions(-)
>>
>> diff --git a/src/xen/xend_internal.c b/src/xen/xend_internal.c
>> index 84a25e8..c6b800b 100644
>> --- a/src/xen/xend_internal.c
>> +++ b/src/xen/xend_internal.c
>> @@ -1113,7 +1113,6 @@ sexpr_to_xend_topology(const struct sexpr *root,
>> {
>> const char *nodeToCpu;
>> const char *cur;
>> - virBitmapPtr cpuset = NULL;
>> int *cpuNums = NULL;
>> int cell, cpu, nb_cpus;
>> int n = 0;
>> @@ -1131,6 +1130,7 @@ sexpr_to_xend_topology(const struct sexpr *root,
>>
>> cur = nodeToCpu;
>> while (*cur != 0) {
>> + virBitmapPtr cpuset = NULL;
>> /*
>> * Find the next NUMA cell described in the xend output
>> */
>> @@ -1152,8 +1152,10 @@ sexpr_to_xend_topology(const struct sexpr *root,
>> goto memory_error;
>> } else {
>> nb_cpus = virBitmapParse(cur, 'n', &cpuset, numCpus);
>> - if (nb_cpus < 0)
>> + if (nb_cpus < 0) {
>> + virBitmapFree(cpuset);
>
> This virBitmapFree() isn't necessary - virBitmapParse is guaranteed to
> have nothing allocated (and will set cpuset = NULL) if it fails.
>
According to Coverity's analysis this may not be true since it's
"possible" to hit the "ret--" line (more than once) in virBitmapParse()
while hitting either "ret++" line less times returning a negative value
on the "success" path. The example Coverity had shows 6 passes through
the loop, 4 negatives, 1 positive, and 1 nothing.
Whether realistically this could be true, I am not sure.
How Coverity determined what the value of 'cpuSet' is a mystery as the
output I have doesn't show what's being used for parsing, just that we
go through the loop 6 times. Perhaps something like "^1,^2,^3,4,^5,^6"
where 1,2,3,4,5,6 pass the virBitmapIsSet() call changing the 'ret'
value to -3.
>> goto error;
>> + }
>> }
>>
>> for (n = 0, cpu = 0; cpu < numCpus; cpu++) {
>> @@ -1163,28 +1165,26 @@ sexpr_to_xend_topology(const struct sexpr *root,
>> if (used)
>> cpuNums[n++] = cpu;
>> }
>> + virBitmapFree(cpuset);
>>
>> if (virCapabilitiesAddHostNUMACell(caps,
>> cell,
>> nb_cpus,
>> cpuNums) < 0)
>> goto memory_error;
>> +
>> }
>> VIR_FREE(cpuNums);
>> - virBitmapFree(cpuset);
>> return 0;
>>
>> parse_error:
>> virReportError(VIR_ERR_XEN_CALL, "%s", _("topology syntax error"));
>> error:
>> VIR_FREE(cpuNums);
>> - virBitmapFree(cpuset);
>> -
>> return -1;
>>
>> memory_error:
>> VIR_FREE(cpuNums);
>> - virBitmapFree(cpuset);
>> virReportOOMError();
>> return -1;
>> }
>
> ACK with the above nits fixed.
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
More information about the libvir-list
mailing list