Changeset 86501 in vbox for trunk/src/VBox

Timestamp:

Oct 9, 2020 12:28:32 PM (4 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

140816

Message:

VBoxSVC: Fix Medium leak when encoutering duplicate instances while loading a media registry (from settings) via VirtualBox::initMedia(). The media registration is now moved to before any children are loaded, so that we use the right parent for them. This essentially changes the operation to a merge. An unaddressed issue is that on child load failure, we will leave the parent(s) still registered but non-functioning (uninit was done). (The old code would just leave any successfully loaded children registered with non-working parents only accessible via their parent attribute.) bugref:9841

Location:

trunk/src/VBox/Main

Files:

• include/MediumImpl.h (modified) (2 diffs)
• include/VirtualBoxImpl.h (modified) (1 diff)
• src-server/MediumImpl.cpp (modified) (7 diffs)
• src-server/VirtualBoxImpl.cpp (modified) (6 diffs)

trunk/src/VBox/Main/include/MediumImpl.h

@@ -79 +79 @@
                     const settings::Medium &data,
                     const Utf8Str &strMachineFolder);
-    HRESULT init(VirtualBox *aVirtualBox,
-                 Medium *aParent,
-                 DeviceType_T aDeviceType,
-                 const Guid &uuidMachineRegistry,
-                 const settings::Medium &data,
-                 const Utf8Str &strMachineFolder,
-                 AutoWriteLock &mediaTreeLock);
+    HRESULT initFromSettings(VirtualBox *aVirtualBox,
+                             Medium *aParent,
+                             DeviceType_T aDeviceType,
+                             const Guid &uuidMachineRegistry,
+                             const settings::Medium &data,
+                             const Utf8Str &strMachineFolder,
+                             AutoWriteLock &mediaTreeLock,
+                             ComObjPtr<Medium> *ppRegistered);
 
     // initializer for host floppy/DVD
@@ -119 +120 @@
     /* handles caller/locking itself */
     bool i_addRegistry(const Guid &id);
+    bool i_addRegistryNoCallerCheck(const Guid &id);
     /* handles caller/locking itself, caller is responsible for tree lock */
     bool i_addRegistryRecursive(const Guid &id);

trunk/src/VBox/Main/include/VirtualBoxImpl.h

@@ -277 +277 @@
     void i_copyPathRelativeToConfig(const Utf8Str &strSource, Utf8Str &strTarget);
     HRESULT i_registerMedium(const ComObjPtr<Medium> &pMedium, ComObjPtr<Medium> *ppMedium,
-                             AutoWriteLock &mediaTreeLock);
+                             AutoWriteLock &mediaTreeLock, bool fCalledFromMediumInit = false);
     HRESULT i_unregisterMedium(Medium *pMedium);
     void i_pushMediumToListWithChildren(MediaList &llMedia, Medium *pMedium);

trunk/src/VBox/Main/src-server/MediumImpl.cpp

@@ -209 +209 @@
     const Guid uuidParentImage;
 
+/** @todo r=bird: the boolean bitfields are pointless if they're not grouped! */
     bool hostDrive : 1;
 
@@ -1342 +1343 @@
 
 /**
- * Initializes the medium object and its children by loading its data from the
- * given settings node. The medium will always be opened read/write.
+ * Initializes and registers the medium object and its children by loading its
+ * data from the given settings node. The medium will always be opened
+ * read/write.
+ *
+ * @todo r=bird: What's that stuff about 'always be opened read/write'?
  *
  * In this case, since we're loading from a registry, uuidMachineRegistry is
  * always set: it's either the global registry UUID or a machine UUID when
  * loading from a per-machine registry.
+ *
+ * The only caller is currently VirtualBox::initMedia().
  *
  * @param aVirtualBox   VirtualBox object.
@@ -1358 +1364 @@
  *                      paths; if empty, then we use the VirtualBox home directory
  * @param mediaTreeLock Autolock.
+ * @param ppRegistered  Where to return the registered Medium object.  This is
+ *                      for handling the case where the medium object we're
+ *                      constructing from settings already has a registered
+ *                      instance that should be used instead of this one.
  *
  * @note Locks the medium tree for writing.
  */
-HRESULT Medium::init(VirtualBox *aVirtualBox,
-                     Medium *aParent,
-                     DeviceType_T aDeviceType,
-                     const Guid &uuidMachineRegistry,
-                     const settings::Medium &data,
-                     const Utf8Str &strMachineFolder,
-                     AutoWriteLock &mediaTreeLock)
+HRESULT Medium::initFromSettings(VirtualBox *aVirtualBox,
+                                 Medium *aParent,
+                                 DeviceType_T aDeviceType,
+                                 const Guid &uuidMachineRegistry,
+                                 const settings::Medium &data,
+                                 const Utf8Str &strMachineFolder,
+                                 AutoWriteLock &mediaTreeLock,
+                                 ComObjPtr<Medium> *ppRegistered)
 {
     using namespace settings;
@@ -1374 +1385 @@
     AssertReturn(aVirtualBox, E_INVALIDARG);
 
-    /* Enclose the state transition NotReady->InInit->Ready */
-    AutoInitSpan autoInitSpan(this);
-    AssertReturn(autoInitSpan.isOk(), E_FAIL);
-
-    unconst(m->pVirtualBox) = aVirtualBox;
-
-    // Do not inline this method call, as the purpose of having this separate
-    // is to save on stack size. Less local variables are the key for reaching
-    // deep recursion levels with small stack (XPCOM/g++ without optimization).
-    HRESULT rc = initOne(aParent, aDeviceType, uuidMachineRegistry, data, strMachineFolder);
-
-
-    /* Don't call Medium::i_queryInfo for registered media to prevent the calling
-     * thread (i.e. the VirtualBox server startup thread) from an unexpected
-     * freeze but mark it as initially inaccessible instead. The vital UUID,
-     * location and format properties are read from the registry file above; to
-     * get the actual state and the rest of the data, the user will have to call
-     * COMGETTER(State). */
-
-    /* load all children */
-    for (settings::MediaList::const_iterator it = data.llChildren.begin();
-         it != data.llChildren.end();
-         ++it)
-    {
-        const settings::Medium &med = *it;
-
-        ComObjPtr<Medium> pMedium;
-        pMedium.createObject();
-        rc = pMedium->init(aVirtualBox,
-                           this,            // parent
-                           aDeviceType,
-                           uuidMachineRegistry,
-                           med,               // child data
-                           strMachineFolder,
-                           mediaTreeLock);
-        if (FAILED(rc)) break;
-
-        rc = m->pVirtualBox->i_registerMedium(pMedium, &pMedium, mediaTreeLock);
-        if (FAILED(rc)) break;
-    }
-
-    /* Confirm a successful initialization when it's the case */
-    if (SUCCEEDED(rc))
-        autoInitSpan.setSucceeded();
+    /*
+     * Enclose the state transition NotReady->InInit->Ready.
+     *
+     * Note! This has to be scoped so that we can temporarily drop the
+     *       mediaTreeLock ownership on failure.
+     */
+    HRESULT rc;
+    bool    fRetakeLock = false;
+    {
+        AutoInitSpan autoInitSpan(this);
+        AssertReturn(autoInitSpan.isOk(), E_FAIL);
+
+        unconst(m->pVirtualBox) = aVirtualBox;
+        ComObjPtr<Medium> pActualThis = this;
+
+        // Do not inline this method call, as the purpose of having this separate
+        // is to save on stack size. Less local variables are the key for reaching
+        // deep recursion levels with small stack (XPCOM/g++ without optimization).
+        rc = initOne(aParent, aDeviceType, uuidMachineRegistry, data, strMachineFolder);
+        if (SUCCEEDED(rc))
+        {
+            /* In order to avoid duplicate instances of the medium object, we need
+               to register the parent before loading any children.  */
+            rc = m->pVirtualBox->i_registerMedium(pActualThis, &pActualThis, mediaTreeLock, true /*fCalledFromMediumInit*/);
+            if (SUCCEEDED(rc))
+            {
+                /* Don't call Medium::i_queryInfo for registered media to prevent the calling
+                 * thread (i.e. the VirtualBox server startup thread) from an unexpected
+                 * freeze but mark it as initially inaccessible instead. The vital UUID,
+                 * location and format properties are read from the registry file above; to
+                 * get the actual state and the rest of the data, the user will have to call
+                 * COMGETTER(State). */
+
+                /* load all children */
+                for (settings::MediaList::const_iterator it = data.llChildren.begin();
+                     it != data.llChildren.end();
+                     ++it)
+                {
+                    const settings::Medium &med = *it;
+
+                    ComObjPtr<Medium> pMedium;
+                    rc = pMedium.createObject();
+                    if (FAILED(rc)) break;
+
+                    rc = pMedium->initFromSettings(aVirtualBox,
+                                                   pActualThis,       // parent
+                                                   aDeviceType,
+                                                   uuidMachineRegistry,
+                                                   med,               // child data
+                                                   strMachineFolder,
+                                                   mediaTreeLock,
+                                                   NULL /*ppRegistered - must _not_ be &pMedium*/);
+                    if (FAILED(rc)) break;
+                }
+            }
+        }
+
+        /* Confirm a successful initialization when it's the case.  Do not confirm duplicates. */
+        if (SUCCEEDED(rc) && (Medium *)pActualThis == this)
+            autoInitSpan.setSucceeded();
+        /* Otherwise we have release the media tree lock so that Medium::uninit()
+           doesn't freak out when it is called by AutoInitSpan::~AutoInitSpan().
+           In the case of duplicates, the uninit will i_deparent this object. */
+        else
+        {
+            /** @todo Non-duplicate: Deregister? What about child load errors, should they
+             *        affect the parents? */
+            mediaTreeLock.release();
+            fRetakeLock = true;
+        }
+
+        /* Must be done after the mediaTreeLock.release above. */
+        if (ppRegistered)
+            *ppRegistered = pActualThis;
+    }
+
+    if (fRetakeLock)
+        mediaTreeLock.acquire();
 
     return rc;
@@ -4059 +4104 @@
 
 /**
+ * Same as i_addRegistry() except that we don't check the object state, making
+ * it safe to call with initFromSettings() on the call stack.
+ */
+bool Medium::i_addRegistryNoCallerCheck(const Guid &id)
+{
+    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
+
+    bool fAdd = true;
+
+    // hard disks cannot be in more than one registry
+    if (   m->devType == DeviceType_HardDisk
+        && m->llRegistryIDs.size() > 0)
+        fAdd = false;
+
+    // no need to add the UUID twice
+    if (fAdd)
+    {
+        for (GuidList::const_iterator it = m->llRegistryIDs.begin();
+             it != m->llRegistryIDs.end();
+             ++it)
+        {
+            if ((*it) == id)
+            {
+                fAdd = false;
+                break;
+            }
+        }
+    }
+
+    if (fAdd)
+        m->llRegistryIDs.push_back(id);
+
+    return fAdd;
+}
+
+/**
  * This adds the given UUID to the list of media registries in which this
  * medium should be registered. The UUID can either be a machine UUID,
@@ -4072 +4153 @@
  * @return true if the registry was added; false if the given id was already on the list.
  */
-bool Medium::i_addRegistry(const Guid& id)
+bool Medium::i_addRegistry(const Guid &id)
 {
     AutoCaller autoCaller(this);
     if (FAILED(autoCaller.rc()))
         return false;
-    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
-
-    bool fAdd = true;
-
-    // hard disks cannot be in more than one registry
-    if (   m->devType == DeviceType_HardDisk
-        && m->llRegistryIDs.size() > 0)
-        fAdd = false;
-
-    // no need to add the UUID twice
-    if (fAdd)
-    {
-        for (GuidList::const_iterator it = m->llRegistryIDs.begin();
-             it != m->llRegistryIDs.end();
-             ++it)
-        {
-            if ((*it) == id)
-            {
-                fAdd = false;
-                break;
-            }
-        }
-    }
-
-    if (fAdd)
-        m->llRegistryIDs.push_back(id);
-
-    return fAdd;
+    return i_addRegistryNoCallerCheck(id);
 }
 
@@ -4129 +4183 @@
         return false;
 
-    bool fAdd = i_addRegistry(id);
+    bool fAdd = i_addRegistryNoCallerCheck(id);
 
     // protected by the medium tree lock held by our original caller

trunk/src/VBox/Main/src-server/VirtualBoxImpl.cpp

@@ -921 +921 @@
 
         ComObjPtr<Medium> pHardDisk;
-        if (SUCCEEDED(rc = pHardDisk.createObject()))
-            rc = pHardDisk->init(this,
-                                 NULL,          // parent
-                                 DeviceType_HardDisk,
-                                 uuidRegistry,
-                                 xmlHD,         // XML data; this recurses to processes the children
-                                 strMachineFolder,
-                                 treeLock);
+        rc = pHardDisk.createObject();
         if (FAILED(rc)) return rc;
-
-        rc = i_registerMedium(pHardDisk, &pHardDisk, treeLock);
+        ComObjPtr<Medium> pHardDiskActual(pHardDisk);
+        rc = pHardDisk->initFromSettings(this,
+                                         NULL,          // parent
+                                         DeviceType_HardDisk,
+                                         uuidRegistry,
+                                         xmlHD,         // XML data; this recurses to processes the children
+                                         strMachineFolder,
+                                         treeLock,
+                                         &pHardDiskActual /*never &pHardDisk!*/);
         if (SUCCEEDED(rc))
         {
-            uIdsForNotify.push_back(std::pair<Guid, DeviceType_T>(pHardDisk->i_getId(), DeviceType_HardDisk));
+            /** @todo r=bird: should we really do notifications for duplicates?
+             *  ((Medium *)pHardDisk != (Medium *)pHardDiskActual)
+             * The problem with that, though, is that for the children we don't quite know 
+             * which are duplicates and which aren't.   The above initFromSettings is 
+             * essentially a merge operation now, so in the duplicate case, we may just 
+             * have added a new (grand)child. */ 
+
+            uIdsForNotify.push_back(std::pair<Guid, DeviceType_T>(pHardDiskActual->i_getId(), DeviceType_HardDisk));
             // Add children IDs to notification using non-recursive children enumeration.
             std::vector<std::pair<MediaList::const_iterator, ComObjPtr<Medium> > > llEnumStack;
-            const MediaList& mediaList = pHardDisk->i_getChildren();
-            llEnumStack.push_back(std::pair<MediaList::const_iterator, ComObjPtr<Medium> >(mediaList.begin(), pHardDisk));
+            const MediaList& mediaList = pHardDiskActual->i_getChildren();
+            llEnumStack.push_back(std::pair<MediaList::const_iterator, ComObjPtr<Medium> >(mediaList.begin(), pHardDiskActual));
             while (!llEnumStack.empty())
             {
@@ -962 +969 @@
         treeLock.release();
         pHardDisk.setNull();
+        pHardDiskActual.setNull();
+        if (FAILED(rc)) return rc;
         treeLock.acquire();
-        if (FAILED(rc)) return rc;
     }
 
@@ -973 +981 @@
 
         ComObjPtr<Medium> pImage;
-        if (SUCCEEDED(pImage.createObject()))
-            rc = pImage->init(this,
-                              NULL,
-                              DeviceType_DVD,
-                              uuidRegistry,
-                              xmlDvd,
-                              strMachineFolder,
-                              treeLock);
+        rc = pImage.createObject();
         if (FAILED(rc)) return rc;
 
-        rc = i_registerMedium(pImage, &pImage, treeLock);
+        ComObjPtr<Medium> pImageActually = pImage;
+        rc = pImage->initFromSettings(this,
+                                      NULL,
+                                      DeviceType_DVD,
+                                      uuidRegistry,
+                                      xmlDvd,
+                                      strMachineFolder,
+                                      treeLock,
+                                      &pImageActually);
         if (SUCCEEDED(rc))
-            uIdsForNotify.push_back(std::pair<Guid, DeviceType_T>(pImage->i_getId(), DeviceType_DVD));
+            uIdsForNotify.push_back(std::pair<Guid, DeviceType_T>(pImageActually->i_getId(), DeviceType_DVD));
+
         // Avoid trouble with lock/refcount, before returning or not.
         treeLock.release();
         pImage.setNull();
+        pImageActually.setNull();
+        if (FAILED(rc)) return rc;
         treeLock.acquire();
-        if (FAILED(rc)) return rc;
     }
 
@@ -1000 +1011 @@
 
         ComObjPtr<Medium> pImage;
-        if (SUCCEEDED(pImage.createObject()))
-            rc = pImage->init(this,
-                              NULL,
-                              DeviceType_Floppy,
-                              uuidRegistry,
-                              xmlFloppy,
-                              strMachineFolder,
-                              treeLock);
+        rc = pImage.createObject();
         if (FAILED(rc)) return rc;
 
-        rc = i_registerMedium(pImage, &pImage, treeLock);
+        ComObjPtr<Medium> pImageActually = pImage;
+        rc = pImage->initFromSettings(this,
+                                      NULL,
+                                      DeviceType_Floppy,
+                                      uuidRegistry,
+                                      xmlFloppy,
+                                      strMachineFolder,
+                                      treeLock,
+                                      &pImageActually);
         if (SUCCEEDED(rc))
             uIdsForNotify.push_back(std::pair<Guid, DeviceType_T>(pImage->i_getId(), DeviceType_Floppy));
+
         // Avoid trouble with lock/refcount, before returning or not.
         treeLock.release();
         pImage.setNull();
+        pImageActually.setNull();
+        if (FAILED(rc)) return rc;
         treeLock.acquire();
-        if (FAILED(rc)) return rc;
     }
 
@@ -5109 +5123 @@
 HRESULT VirtualBox::i_registerMedium(const ComObjPtr<Medium> &pMedium,
                                      ComObjPtr<Medium> *ppMedium,
-                                     AutoWriteLock &mediaTreeLock)
+                                     AutoWriteLock &mediaTreeLock,
+                                     bool fCalledFromMediumInit)
 {
     AssertReturn(pMedium != NULL, E_INVALIDARG);
@@ -5213 +5228 @@
     {
         AutoWriteLock mediumLock(pMedium COMMA_LOCKVAL_SRC_POS);
-        if (pMedium->i_addRegistry(m->uuidMediaRegistry))
+        if (  fCalledFromMediumInit
+            ? (*ppMedium)->i_addRegistryNoCallerCheck(m->uuidMediaRegistry)
+            : (*ppMedium)->i_addRegistry(m->uuidMediaRegistry))
             i_markRegistryModified(m->uuidMediaRegistry);
     }