From 93817ec39656896543b84b877528ce6fedc3903b Mon Sep 17 00:00:00 2001 From: Markus Armbruster Date: Sat, 15 Nov 2025 09:34:58 +0100 Subject: [PATCH] migration: Plug memory leaks after migrate_set_error() migrate_set_error(s, err) stores a copy of @err in @s. The original @err is not freed. Most callers free it immediately. Some callers free it later, or pass it on. And some leak it. Fix those. Perhaps migrate_set_error(s, err) should take ownership of @err. The callers that free it immediately would become simpler, and avoid a copy and a deallocation. The others would have to pass error_copy(err). Signed-off-by: Markus Armbruster Link: https://lore.kernel.org/r/20251115083500.2753895-2-armbru@redhat.com Signed-off-by: Peter Xu --- migration/cpr-exec.c | 3 ++- migration/multifd.c | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/migration/cpr-exec.c b/migration/cpr-exec.c index d284f6e734..0b8344a86f 100644 --- a/migration/cpr-exec.c +++ b/migration/cpr-exec.c @@ -159,11 +159,12 @@ static void cpr_exec_cb(void *opaque) error_report_err(error_copy(err)); migrate_set_state(&s->state, s->state, MIGRATION_STATUS_FAILED); migrate_set_error(s, err); + error_free(err); + err = NULL; /* Note, we can go from state COMPLETED to FAILED */ migration_call_notifiers(s, MIG_EVENT_PRECOPY_FAILED, NULL); - err = NULL; if (!migration_block_activate(&err)) { /* error was already reported */ error_free(err); diff --git a/migration/multifd.c b/migration/multifd.c index 98873cee74..a529c399e4 100644 --- a/migration/multifd.c +++ b/migration/multifd.c @@ -964,6 +964,7 @@ bool multifd_send_setup(void) if (!multifd_new_send_channel_create(p, &local_err)) { migrate_set_error(s, local_err); + error_free(local_err); ret = -1; } } @@ -988,6 +989,7 @@ bool multifd_send_setup(void) ret = multifd_send_state->ops->send_setup(p, &local_err); if (ret) { migrate_set_error(s, local_err); + error_free(local_err); goto err; } assert(p->iov); -- 2.47.3