Re: [PATCH 5/5] net/tap: net_init_tap_one(): fix net-client leak on failure path

[Jason Wang]

On 2020/12/22 上午3:06, Vladimir Sementsov-Ogievskiy wrote:
> net_tap_fd_init() allocates new NetClientState through
> qemu_new_net_client(). We should free it on failure path.
>
> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
> ---
>
> Attention: it's an intuitive patch.
>
> I see, that net-client is leaked. May be it's still freed some tricky
> way? And I don't understand the whole logic of qemu_del_net_client(),
> it's just the only public interface to free net-client I found.


Your patch looks correct and it's indeed a leak.

I wonder whether it's better to do the cleanup in the free_fail label in 
net_init_tap(). The reason is that we need deal with case of multiqueue. 
Though qemu_del_net_client() can handle this but it's not clear if we do 
it in net_init_tap_one().

Thanks


>   net/tap.c | 9 ++++++++-
>   1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/net/tap.c b/net/tap.c
> index 89ea04862b..ba4c34af3d 100644
> --- a/net/tap.c
> +++ b/net/tap.c
> @@ -711,7 +711,7 @@ static void net_init_tap_one(const NetdevTapOptions *tap, 
> NetClientState *peer,
>   
>       ret = tap_set_sndbuf(s->fd, tap, errp);
>       if (ret < 0) {
> -        return;
> +        goto fail;
>       }
>   
>       if (tap->has_fd || tap->has_fds) {
> @@ -739,13 +739,20 @@ static void net_init_tap_one(const NetdevTapOptions *tap, 
> NetClientState *peer,
>           if (ret < 0) {
>               if (tap->has_vhostforce && tap->vhostforce) {
>                   error_propagate(errp, err);
> +                goto fail;
>               } else {
>                   warn_report_err(err);
>               }
>           }
>       } else if (vhostfdname) {
>           error_setg(errp, "vhostfd(s)= is not valid without vhost");
> +        goto fail;
>       }
> +
> +    return;
> +
> +fail:
> +    qemu_del_net_client(&s->nc);
>   }
>   
>   static int get_fds(char *str, char *fds[], int max)