diff options
| author | Zhang Chen <chen.zhang@intel.com> | 2022-04-01 11:47:00 +0800 |
|---|---|---|
| committer | Jason Wang <jasowang@redhat.com> | 2022-07-20 16:58:08 +0800 |
| commit | a18d436954c534b74ed57fc126bb737247d22cba (patch) | |
| tree | b7a598affe82fdde3165e05c5195c07eb724fa8b /.mailmap | |
| parent | 669846c530dc4ab4afa0d2ad827fec651cb7510c (diff) | |
| download | qemu-a18d436954c534b74ed57fc126bb737247d22cba.zip qemu-a18d436954c534b74ed57fc126bb737247d22cba.tar.gz qemu-a18d436954c534b74ed57fc126bb737247d22cba.tar.bz2 | |
net/colo: Fix a "double free" crash to clear the conn_list
We notice the QEMU may crash when the guest has too many
incoming network connections with the following log:
15197@1593578622.668573:colo_proxy_main : colo proxy connection hashtable full, clear it
free(): invalid pointer
[1] 15195 abort (core dumped) qemu-system-x86_64 ....
This is because we create the s->connection_track_table with
g_hash_table_new_full() which is defined as:
GHashTable * g_hash_table_new_full (GHashFunc hash_func,
GEqualFunc key_equal_func,
GDestroyNotify key_destroy_func,
GDestroyNotify value_destroy_func);
The fourth parameter connection_destroy() will be called to free the
memory allocated for all 'Connection' values in the hashtable when
we call g_hash_table_remove_all() in the connection_hashtable_reset().
But both connection_track_table and conn_list reference to the same
conn instance. It will trigger double free in conn_list clear. So this
patch remove free action on hash table side to avoid double free the
conn.
Signed-off-by: Like Xu <like.xu@linux.intel.com>
Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Diffstat (limited to '.mailmap')
0 files changed, 0 insertions, 0 deletions