On 27/09/2016 04:22, Zhang Chen wrote:
> COLO-proxy is a part of COLO project. COLO project is
> composed of COLO-frame, COLO-proxy and block-replication.
> It is used to compare the network package to help COLO
> decide whether to do checkpoint. With COLO-proxy's help,
> COLO greatly improves the performance.
>
> The filter-redirector, filter-mirror, colo-compare
> and filter-rewriter compose the COLO-proxy.
>
> COLO-compare
> It is used to compare the network package to help COLO decide
> whether to do checkpoint.
>
> Filter-rewriter
> It will rewrite some of secondary packet to make
> secondary guest's connection established successfully.
> In this module we will rewrite tcp packet's ack to the secondary
> from primary,and rewrite tcp packet's seq to the primary from
> secondary.
Hi, please fix the following issues reported by Coverity:
** CID 1363368: (RESOURCE_LEAK)
/net/filter-rewriter.c: 197 in colo_rewriter_receive_iov()
/net/filter-rewriter.c: 210 in colo_rewriter_receive_iov()
/net/filter-rewriter.c: 217 in colo_rewriter_receive_iov()
________________________________________________________________________________________________________
*** CID 1363368: (RESOURCE_LEAK)
191 packet_destroy(pkt, NULL);
192 pkt = NULL;
193 /*
194 * We block the packet here,after rewrite pkt
195 * and will send it
196 */
>>> CID 1363368: (RESOURCE_LEAK)
>>> Variable "buf" going out of scope leaks the storage it points to.
197 return 1;
198 }
199 } else {
200 /* NET_FILTER_DIRECTION_RX */
201 if (!handle_secondary_tcp_pkt(nf, conn, pkt)) {
202 qemu_net_queue_send(s->incoming_queue, sender, 0,
204 packet_destroy(pkt, NULL);
205 pkt = NULL;
206 /*
207 * We block the packet here,after rewrite pkt
208 * and will send it
209 */
>>> CID 1363368: (RESOURCE_LEAK)
>>> Variable "buf" going out of scope leaks the storage it points to.
210 return 1;
211 }
212 }
213 }
214
215 packet_destroy(pkt, NULL);
/net/filter-rewriter.c: 217 in colo_rewriter_receive_iov()
216 pkt = NULL;
>>> CID 1363368: (RESOURCE_LEAK)
>>> Variable "buf" going out of scope leaks the storage it points to.
217 return 0;
218 }
219
220 static void colo_rewriter_cleanup(NetFilterState *nf)
221 {
222 RewriterState *s = FILTER_COLO_REWRITER(nf);
** CID 1363359: API usage errors (ALLOC_FREE_MISMATCH)
/net/filter-rewriter.c: 78 in handle_primary_tcp_pkt()
/net/filter-rewriter.c: 79 in handle_primary_tcp_pkt()
________________________________________________________________________________________________________
72 sdebug = strdup(inet_ntoa(pkt->ip->ip_src));
73 ddebug = strdup(inet_ntoa(pkt->ip->ip_dst));
74 trace_colo_filter_rewriter_pkt_info(__func__, sdebug, ddebug,
75 ntohl(tcp_pkt->th_seq), ntohl(tcp_pkt->th_ack),
76 tcp_pkt->th_flags);
77 trace_colo_filter_rewriter_conn_offset(conn->offset);
>>> CID 1363359: API usage errors (ALLOC_FREE_MISMATCH)
>>> Calling "g_free" frees "sdebug" using "g_free" but it should have been
>>> freed using "free".
78 g_free(sdebug);
>>> CID 1363359: API usage errors (ALLOC_FREE_MISMATCH)
>>> Calling "g_free" frees "ddebug" using "g_free" but it should have been
>>> freed using "free".
79 g_free(ddebug);
80 }
81
82 if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == TH_SYN)) {
83 /*
** CID 1363358: API usage errors (ALLOC_FREE_MISMATCH)
/net/filter-rewriter.c: 126 in handle_secondary_tcp_pkt()
/net/filter-rewriter.c: 127 in handle_secondary_tcp_pkt()
________________________________________________________________________________________________________
120 sdebug = strdup(inet_ntoa(pkt->ip->ip_src));
121 ddebug = strdup(inet_ntoa(pkt->ip->ip_dst));
122 trace_colo_filter_rewriter_pkt_info(__func__, sdebug, ddebug,
123 ntohl(tcp_pkt->th_seq), ntohl(tcp_pkt->th_ack),
124 tcp_pkt->th_flags);
125 trace_colo_filter_rewriter_conn_offset(conn->offset);
>>> CID 1363358: API usage errors (ALLOC_FREE_MISMATCH)
>>> Calling "g_free" frees "sdebug" using "g_free", it should have been
>>> allocated using "g_strdup".
126 g_free(sdebug);
>>> CID 1363358: API usage errors (ALLOC_FREE_MISMATCH)
>>> Calling "g_free" frees "ddebug" using "g_free", it should have been
>>> allocated using "g_strdup".
127 g_free(ddebug);
128 }
129
130 if (((tcp_pkt->th_flags & (TH_ACK | TH_SYN)) == (TH_ACK | TH_SYN)))
{
131 /*
** CID 1363357: API usage errors (ALLOC_FREE_MISMATCH)
/net/colo-compare.c: 238 in colo_packet_compare_tcp()
/net/colo-compare.c: 239 in colo_packet_compare_tcp()
________________________________________________________________________________________________________
233 fprintf(stderr, "Primary len = %d\n", ppkt->size);
234 qemu_hexdump((char *)ppkt->data, stderr, "colo-compare",
ppkt->size);
235 fprintf(stderr, "Secondary len = %d\n", spkt->size);
236 qemu_hexdump((char *)spkt->data, stderr, "colo-compare",
spkt->size);
237
>>> CID 1363356: API usage errors (ALLOC_FREE_MISMATCH)
>>> Calling "g_free" frees "sdebug" using "g_free", it should have been
>>> allocated using "g_strdup".
238 g_free(sdebug);
>>> CID 1363357: API usage errors (ALLOC_FREE_MISMATCH)
>>> Calling "g_free" frees "ddebug" using "g_free", it should have been
>>> allocated using "g_strdup".
239 g_free(ddebug);
240 }
241
242 return res;
243 }
244
