|
 |
2cf05b |
From 77b0485ba92fe5f0520321385af8a7581c286df1 Mon Sep 17 00:00:00 2001
|
|
|
2cf05b |
Message-Id: <77b0485ba92fe5f0520321385af8a7581c286df1@dist-git>
|
|
|
2cf05b |
From: Michal Privoznik <mprivozn@redhat.com>
|
|
|
2cf05b |
Date: Mon, 31 Oct 2022 15:38:13 +0100
|
|
|
2cf05b |
Subject: [PATCH] qemu_namespace: Don't leak memory in
|
|
|
2cf05b |
qemuDomainGetPreservedMounts()
|
|
|
2cf05b |
MIME-Version: 1.0
|
|
|
2cf05b |
Content-Type: text/plain; charset=UTF-8
|
|
|
2cf05b |
Content-Transfer-Encoding: 8bit
|
|
|
2cf05b |
|
|
|
2cf05b |
The aim of qemuDomainGetPreservedMounts() is to get a list of
|
|
|
2cf05b |
filesystems mounted under /dev and optionally generate a path for
|
|
|
2cf05b |
each one where they are moved temporarily when building the
|
|
|
2cf05b |
namespace. And the function tries to be a bit clever about it.
|
|
|
2cf05b |
For instance, if /dev/shm mount point exists, there's no need to
|
|
|
2cf05b |
consider /dev/shm/a nor /dev/shm/b as preserving just 'top level'
|
|
|
2cf05b |
/dev/shm gives the same result. To achieve this, the function
|
|
|
2cf05b |
iterates over the list of filesystem as returned by
|
|
|
2cf05b |
virFileGetMountSubtree() and removes the nested ones. However, it
|
|
|
2cf05b |
does so in a bit clumsy way: plain VIR_DELETE_ELEMENT() is used
|
|
|
2cf05b |
without freeing the string itself. Therefore, if all three
|
|
|
2cf05b |
aforementioned example paths appeared on the list, /dev/shm/a and
|
|
|
2cf05b |
/dev/shm/b strings would be leaked.
|
|
|
2cf05b |
|
|
|
2cf05b |
And when I think about it more, there's no real need to shrink
|
|
|
2cf05b |
the array down (realloc()). It's going to be free()-d when
|
|
|
2cf05b |
returning from the function. Switch to
|
|
|
2cf05b |
VIR_DELETE_ELEMENT_INPLACE() then.
|
|
|
2cf05b |
|
|
|
2cf05b |
Fixes: cdd9205dfffa3aaed935446a41f0d2dd1357c268
|
|
|
2cf05b |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
2cf05b |
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
|
|
|
2cf05b |
Reviewed-by: Ján Tomko <jtomko@redhat.com>
|
|
|
2cf05b |
(cherry picked from commit bca7a53333ead7c1afd178728de74c2977cd4b5e)
|
|
|
2cf05b |
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2166573
|
|
|
2cf05b |
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
|
|
|
2cf05b |
---
|
|
|
2cf05b |
src/qemu/qemu_namespace.c | 3 ++-
|
|
|
2cf05b |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
2cf05b |
|
|
|
2cf05b |
diff --git a/src/qemu/qemu_namespace.c b/src/qemu/qemu_namespace.c
|
|
|
2cf05b |
index 74ffd6fb90..2f50087c1d 100644
|
|
|
2cf05b |
--- a/src/qemu/qemu_namespace.c
|
|
|
2cf05b |
+++ b/src/qemu/qemu_namespace.c
|
|
|
2cf05b |
@@ -160,7 +160,8 @@ qemuDomainGetPreservedMounts(virQEMUDriverConfig *cfg,
|
|
|
2cf05b |
|
|
|
2cf05b |
if (c && (*c == '/' || *c == '\0')) {
|
|
|
2cf05b |
VIR_DEBUG("Dropping path %s because of %s", mounts[j], mounts[i]);
|
|
|
2cf05b |
- VIR_DELETE_ELEMENT(mounts, j, nmounts);
|
|
|
2cf05b |
+ VIR_FREE(mounts[j]);
|
|
|
2cf05b |
+ VIR_DELETE_ELEMENT_INPLACE(mounts, j, nmounts);
|
|
|
2cf05b |
} else {
|
|
|
2cf05b |
j++;
|
|
|
2cf05b |
}
|
|
|
2cf05b |
--
|
|
|
2cf05b |
2.39.1
|
|
|
2cf05b |
|