Commit 9a3ff01d7f16cc280ce3176620c0714f55511a65 (which was ACKed at
the end of January, but for some reason didn't get pushed until during
the 1.0.4 freeze) fixed the logic in virPCIGetVirtualFunctions().
Unfortunately, a typo in the fix (replacing VIR_REALLOC_N with
VIR_ALLOC_N during code movement) caused not only a memory leak, but
also resulted in most of the elements of the result array being
replaced with NULL. virNetDevGetVirtualFunctions() assumed (and I think
rightly so) that virPCIGetVirtualFunctions() wouldn't return any NULL
elements in the array, so it ended up segfaulting.
This was found when attempting to use a virtual network with an
auto-created pool of SRIOV VFs, e.g.:
<forward mode='hostdev' managed='yes'>
<pf dev='eth4'/>
</forward>
(the pool of PCI addresses is discovered by calling
virNetDevGetVirtualFunctions() on the PF dev).
---
src/util/virpci.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/util/virpci.c b/src/util/virpci.c
index a0da1cd..85cd694 100644
--- a/src/util/virpci.c
+++ b/src/util/virpci.c
@@ -2026,8 +2026,8 @@ virPCIGetVirtualFunctions(const char *sysfs_path,
continue;
}
- if (VIR_ALLOC_N(*virtual_functions,
- *num_virtual_functions + 1) < 0) {
+ if (VIR_REALLOC_N(*virtual_functions,
+ *num_virtual_functions + 1) < 0) {
virReportOOMError();
VIR_FREE(config_addr);
goto error;
--
1.7.11.7
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list