Re: [PATCH v3 2/2] libxl: add tunnelled migration support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 02/16/2017 09:26 AM, Joao Martins wrote:
> On 02/16/2017 11:47 AM, John Ferlan wrote:
>> FYI: Couple of Coverity issues resulted from these patches.
>>
>>>  int
>>> +libxlDomainMigrationPrepareTunnel3(virConnectPtr dconn,
>>> +                                   virStreamPtr st,
>>> +                                   virDomainDefPtr *def,
>>> +                                   const char *cookiein,
>>> +                                   int cookieinlen,
>>> +                                   unsigned int flags)
>>> +{
>>> +    libxlMigrationCookiePtr mig = NULL;
>>> +    libxlDriverPrivatePtr driver = dconn->privateData;
>>> +    virDomainObjPtr vm = NULL;
>>> +    libxlMigrationDstArgs *args = NULL;
>>> +    virThread thread;
>>> +    bool taint_hook = false;
>>> +    libxlDomainObjPrivatePtr priv = NULL;
>>> +    char *xmlout = NULL;
>>> +    int dataFD[2] = { -1, -1 };
>>> +    int ret = -1;
>>> +
>>> +    if (libxlDomainMigrationPrepareAny(dconn, def, cookiein, cookieinlen,
>>> +                                       &mig, &xmlout, &taint_hook) < 0)
>>
>> Coverity notes that '@mig' will be leaked in this case when "if
>> (!cookiein || !cookieinlen) {" is true in libxlMigrationEatCookie and
>> failures from libxlDomainMigrationPrepareAny don't free it.
> 
> /nods. This diff should do then? It covers both cases I think.

What about:

    args->migcookie = mig;


and then successful virThreadCreate(&thread, false,
libxlDoMigrateReceive, args) where 'args' is unref'd, but the cookie
isn't free'd.

Certainly you wouldn't want to free the cookie and then let the thread
use it!

So I think the libxlMigrationCookieFree needs to be done in the error:
label and in the thread cleanup. Also after you assign @mig to
migcookie, set 'mig = NULL';

> 
> diff --git a/src/libxl/libxl_migration.c b/src/libxl/libxl_migration.c
> index ba1ca5c..6a7d458 100644
> --- a/src/libxl/libxl_migration.c
> +++ b/src/libxl/libxl_migration.c
> @@ -637,6 +637,7 @@ libxlDomainMigrationPrepareTunnel3(virConnectPtr dconn,
>      }
> 
>   done:
> +    libxlMigrationCookieFree(mig);
>      if (vm)
>          virObjectUnlock(vm);
> 
> 
> 
>>> +        goto error;
>>> +
>>> +    if (!(vm = virDomainObjListAdd(driver->domains, *def,
>>> +                                   driver->xmlopt,
>>> +                                   VIR_DOMAIN_OBJ_LIST_ADD_LIVE |
>>> +                                   VIR_DOMAIN_OBJ_LIST_ADD_CHECK_LIVE,
>>> +                                   NULL)))
>>> +        goto error;
>>> +
>>> +    *def = NULL;
>>> +    priv = vm->privateData;
>>> +
>>> +    if (taint_hook) {
>>> +        /* Domain XML has been altered by a hook script. */
>>> +        priv->hookRun = true;
>>> +    }
>>> +
>>> +    /*
>>> +     * The data flow of tunnel3 migration in the dest side:
>>> +     * stream -> pipe -> recvfd of libxlDomainStartRestore
>>> +     */
>>> +    if (pipe(dataFD) < 0)
>>> +        goto error;
>>> +
>>> +    /* Stream data will be written to pipeIn */
>>> +    if (virFDStreamOpen(st, dataFD[1]) < 0)
>>> +        goto error;
>>> +    dataFD[1] = -1; /* 'st' owns the FD now & will close it */
>>> +
>>> +    if (libxlMigrationDstArgsInitialize() < 0)
>>> +        goto error;
>>> +
>>> +    if (!(args = virObjectNew(libxlMigrationDstArgsClass)))
>>> +        goto error;
>>> +
>>> +    args->conn = dconn;
>>> +    args->vm = vm;
>>> +    args->flags = flags;
>>> +    args->migcookie = mig;
>>> +    /* Receive from pipeOut */
>>> +    args->recvfd = dataFD[0];
>>> +    args->nsocks = 0;
>>> +    if (virThreadCreate(&thread, false, libxlDoMigrateReceive, args) < 0) {
>>> +        virReportError(VIR_ERR_OPERATION_FAILED, "%s",
>>> +                       _("Failed to create thread for receiving migration data"));
>>> +        goto error;
>>> +    }
>>> +
>>> +    ret = 0;
>>> +    goto done;
>>> +
>>> + error:
>>> +    VIR_FORCE_CLOSE(dataFD[1]);
>>> +    VIR_FORCE_CLOSE(dataFD[0]);
>>> +    virObjectUnref(args);
>>> +    /* Remove virDomainObj from domain list */
>>> +    if (vm) {
>>> +        virDomainObjListRemove(driver->domains, vm);
>>> +        vm = NULL;
>>> +    }
>>> +
>>> + done:
>>> +    if (vm)
>>> +        virObjectUnlock(vm);
>>> +
>>> +    return ret;
>>> +}
>>
>> [...]
>>
>>> +
>>> +static int
>>> +libxlMigrationStartTunnel(libxlDriverPrivatePtr driver,
>>> +                          virDomainObjPtr vm,
>>> +                          unsigned long flags,
>>> +                          virStreamPtr st,
>>> +                          struct libxlTunnelControl *tc)
>>> +{
>>> +    libxlTunnelMigrationThread *arg = NULL;
>>> +    int ret = -1;
>>> +
>>> +    if (VIR_ALLOC(tc) < 0)
>>> +        goto out;
>>> +
>>> +    tc->dataFD[0] = -1;
>>> +    tc->dataFD[1] = -1;
>>> +    if (pipe(tc->dataFD) < 0) {
>>> +        virReportError(errno, "%s", _("Unable to make pipes"));
>>
>> Coverity notes that failures would cause a leak for @tc (I assume here
>> and of course if virThreadCreate fails.  Perhaps the 'best' way to
>> handle that would be to set tc = NULL after ThreadCreate success and
>> just call libxlMigrationStopTunnel in "out:"...
> 
> But libxlMigrationStopTunnel is always called (hence should be freeing @tc),
> whether libxlMigrationStartTunnel failed or not. How about this?
> 
> @@ -907,8 +908,9 @@ libxlMigrationStartTunnel(libxlDriverPrivatePtr driver,
>                            virDomainObjPtr vm,
>                            unsigned long flags,
>                            virStreamPtr st,
> -                          struct libxlTunnelControl *tc)
> +                          struct libxlTunnelControl **tnl)
>  {
> +    struct libxlTunnelControl *tc = *tnl;

This doesn't do much... since @tc would be allocated below and *tnl
wouldn't be updated... Thus, the following is better:

    if (VIR_ALLOC(tc) < 0)
        goto out;
    *tnl = tc;

John

>      libxlTunnelMigrationThread *arg = NULL;
>      int ret = -1;
> 
> @@ -1045,7 +1047,7 @@ libxlDoMigrateP2P(libxlDriverPrivatePtr driver,
> 
>      VIR_DEBUG("Perform3 uri=%s", NULLSTR(uri_out));
>      if (flags & VIR_MIGRATE_TUNNELLED)
> -        ret = libxlMigrationStartTunnel(driver, vm, flags, st, tc);
> +        ret = libxlMigrationStartTunnel(driver, vm, flags, st, &tc);
>      else
>          ret = libxlDomainMigrationPerform(driver, vm, NULL, NULL,
>                                            uri_out, NULL, flags);
> 

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux