[libvirt] [dbus PATCH v2 1/3] Implement FSFreeze method for Domain Interface

Ján Tomko jtomko at redhat.com
Wed Apr 18 15:12:23 UTC 2018 

On Wed, Apr 18, 2018 at 01:52:17PM +0200, Katerina Koukiou wrote:
>Signed-off-by: Katerina Koukiou <kkoukiou at redhat.com>
>---
> data/org.libvirt.Domain.xml |  7 +++++++
> src/domain.c                | 41 +++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 48 insertions(+)
>

>diff --git a/src/domain.c b/src/domain.c
>index 5e59094..9a6ff1d 100644
>--- a/src/domain.c
>+++ b/src/domain.c
>@@ -677,6 +677,46 @@ virtDBusDomainDetachDevice(GVariant *inArgs,
>         virtDBusUtilSetLastVirtError(error);
> }
>
>+static void
>+virtDBusDomainFSFreeze(GVariant *inArgs,
>+                       GUnixFDList *inFDs G_GNUC_UNUSED,
>+                       const gchar *objectPath,
>+                       gpointer userData,
>+                       GVariant **outArgs,
>+                       GUnixFDList **outFDs G_GNUC_UNUSED,
>+                       GError **error)
>+{
>+    virtDBusConnect *connect = userData;
>+    g_autoptr(virDomain) domain = NULL;
>+    g_autofree const gchar **mountpoints = NULL;
>+    const gchar **tmp;
>+    GVariantIter *iter;
>+    gsize nmountpoints = 0;
>+    guint flags;
>+    gint ret;
>+
>+    g_variant_get(inArgs, "(asu)", &iter, &flags);
>+
>+    nmountpoints = g_variant_iter_n_children(iter);
>+    if (nmountpoints > 0) {
>+        mountpoints = g_new0(const gchar*, nmountpoints);
>+        tmp = mountpoints;
>+        while (g_variant_iter_loop(iter, "&s", tmp))

g_variant_iter_loop seems to access tmp even if it returns 0.
For an array with two strings, valgrind reports:

==27339== Invalid read of size 8
==27339==    at 0x54B2CB3: g_variant_valist_get (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x54B4AAB: g_variant_iter_loop (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x407AD1: virtDBusDomainFSFreeze (domain.c:720)
==27339==    by 0x40B723: virtDBusGDBusHandleMethod (gdbus.c:224)
==27339==    by 0x40B723: virtDBusGDBusMethodCallThread (gdbus.c:263)
==27339==    by 0x54A146F: g_thread_pool_thread_proxy (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x54A0AA4: g_thread_proxy (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x611E636: start_thread (in /lib64/libpthread-2.25.so)
==27339==    by 0x642FBCE: clone (in /lib64/libc-2.25.so)
==27339==  Address 0x1064f980 is 0 bytes after a block of size 16 alloc'd
==27339==    at 0x4C2CEE6: calloc (vg_replace_malloc.c:711)
==27339==    by 0x547EAF0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x407AAA: virtDBusDomainFSFreeze (domain.c:718)
==27339==    by 0x40B723: virtDBusGDBusHandleMethod (gdbus.c:224)
==27339==    by 0x40B723: virtDBusGDBusMethodCallThread (gdbus.c:263)

==27339== Invalid write of size 8
==27339==    at 0x54B2CF0: g_variant_valist_get (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x54B4AAB: g_variant_iter_loop (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x407AD1: virtDBusDomainFSFreeze (domain.c:720)
==27339==    by 0x40B723: virtDBusGDBusHandleMethod (gdbus.c:224)
==27339==    by 0x40B723: virtDBusGDBusMethodCallThread (gdbus.c:263)
==27339==    by 0x54A146F: g_thread_pool_thread_proxy (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x54A0AA4: g_thread_proxy (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x611E636: start_thread (in /lib64/libpthread-2.25.so)
==27339==    by 0x642FBCE: clone (in /lib64/libc-2.25.so)
==27339==  Address 0x1064f980 is 0 bytes after a block of size 16 alloc'd
==27339==    at 0x4C2CEE6: calloc (vg_replace_malloc.c:711)
==27339==    by 0x547EAF0: g_malloc0 (in /usr/lib64/libglib-2.0.so.0.5200.3)
==27339==    by 0x407AAA: virtDBusDomainFSFreeze (domain.c:718)
==27339==    by 0x40B723: virtDBusGDBusHandleMethod (gdbus.c:224)
==27339==    by 0x40B723: virtDBusGDBusMethodCallThread (gdbus.c:263)

So yes, you should allocate nmountpoints + 1:
https://www.redhat.com/archives/libvir-list/2018-April/msg01647.html

>+            tmp++;
>+        g_variant_iter_free(iter);

This should be moved after the if (n > 0) condition.
g_variant_get initialized the iterator even if the string array has zero
elements.

>+    }
>+
>+    domain = virtDBusDomainGetVirDomain(connect, objectPath, error);
>+    if (!domain)
>+        return;
>+
>+    ret = virDomainFSFreeze(domain, mountpoints, nmountpoints, flags);
>+    if (ret < 0)
>+        return virtDBusUtilSetLastVirtError(error);
>+
>+    *outArgs = g_variant_new("(u)", ret);
>+}
>+
> static void
> virtDBusDomainFSTrim(GVariant *inArgs,
>                      GUnixFDList *inFDs G_GNUC_UNUSED,

Reviewed-by: Ján Tomko <jtomko at redhat.com>

Jano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20180418/e8097513/attachment-0001.sig>

More information about the libvir-list mailing list