[1/8] ide: fix leak from qemu_allocate_irqs

Message ID	1569936988-635-2-git-send-email-pbonzini@redhat.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=Oiic=X2=nongnu.org=qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 12DDA20815 From: Paolo Bonzini <pbonzini@redhat.com> To: qemu-devel@nongnu.org Subject: [PATCH 1/8] ide: fix leak from qemu_allocate_irqs Date: Tue, 1 Oct 2019 15:36:21 +0200 Message-Id: <1569936988-635-2-git-send-email-pbonzini@redhat.com> In-Reply-To: <1569936988-635-1-git-send-email-pbonzini@redhat.com> References: <1569936988-635-1-git-send-email-pbonzini@redhat.com> Precedence: list Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>
Series	fix various memory leaks (but not all) \| expand [ci-fix,0/8] fix various memory leaks (but not all) [1/8] ide: fix leak from qemu_allocate_irqs [2/8] microblaze: fix leak of fdevice tree blob [3/8] mcf5208: fix leak from qemu_allocate_irqs [4/8] hppa: fix leak from g_strdup_printf [5/8] mips: fix memory leaks in board initialization [6/8] cris: do not leak struct cris_disasm_data [7/8] lm32: do not leak memory on object_new/object_unref [8/8] docker: test-debug: disable LeakSanitizer

Message ID

1569936988-635-2-git-send-email-pbonzini@redhat.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 12DDA20815
From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Subject: [PATCH 1/8] ide: fix leak from qemu_allocate_irqs
Date: Tue,  1 Oct 2019 15:36:21 +0200
Message-Id: <1569936988-635-2-git-send-email-pbonzini@redhat.com>
In-Reply-To: <1569936988-635-1-git-send-email-pbonzini@redhat.com>
References: <1569936988-635-1-git-send-email-pbonzini@redhat.com>
Precedence: list
Errors-To: 
 qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org>

Series

fix various memory leaks (but not all) | expand

Comments

Thomas Huth Oct. 1, 2019, 2:25 p.m. UTC | #1

On 01/10/2019 15.36, Paolo Bonzini wrote:
> The array returned by qemu_allocate_irqs is malloced, free it.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  hw/ide/cmd646.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
> index f3ccd11..19984d2 100644
> --- a/hw/ide/cmd646.c
> +++ b/hw/ide/cmd646.c
> @@ -300,6 +300,7 @@ static void pci_cmd646_ide_realize(PCIDevice *dev, Error **errp)
>          d->bmdma[i].bus = &d->bus[i];
>          ide_register_restart_cb(&d->bus[i]);
>      }
> +    g_free(irq);
>  
>      vmstate_register(DEVICE(dev), 0, &vmstate_ide_pci, d);
>      qemu_register_reset(cmd646_reset, d);
> 

Maybe you could also update the description of qemu_allocate_irqs() to
state that the returned pointer should be g_free'd later?

Reviewed-by: Thomas Huth <thuth@redhat.com>

Eric Blake Oct. 1, 2019, 3:28 p.m. UTC | #2

On 10/1/19 8:36 AM, Paolo Bonzini wrote:
> The array returned by qemu_allocate_irqs is malloced, free it.
> 
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>   hw/ide/cmd646.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
> index f3ccd11..19984d2 100644
> --- a/hw/ide/cmd646.c
> +++ b/hw/ide/cmd646.c
> @@ -300,6 +300,7 @@ static void pci_cmd646_ide_realize(PCIDevice *dev, Error **errp)
>           d->bmdma[i].bus = &d->bus[i];
>           ide_register_restart_cb(&d->bus[i]);
>       }
> +    g_free(irq);

How many of these patches could be fixed by using g_autofree or similar 
instead?

Peter Maydell Oct. 1, 2019, 3:58 p.m. UTC | #3

On Tue, 1 Oct 2019 at 14:38, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> The array returned by qemu_allocate_irqs is malloced, free it.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  hw/ide/cmd646.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
> index f3ccd11..19984d2 100644
> --- a/hw/ide/cmd646.c
> +++ b/hw/ide/cmd646.c
> @@ -300,6 +300,7 @@ static void pci_cmd646_ide_realize(PCIDevice *dev, Error **errp)
>          d->bmdma[i].bus = &d->bus[i];
>          ide_register_restart_cb(&d->bus[i]);
>      }
> +    g_free(irq);
>
>      vmstate_register(DEVICE(dev), 0, &vmstate_ide_pci, d);
>      qemu_register_reset(cmd646_reset, d);
> --
> 1.8.3.1

It's a bit weird to be calling qemu_allocate_irqs() here in the
first place -- usually you'd just have a qemu_irq irqs[2] array
in the device state struct, qemu_allocate_irq(irq[i], ...) and
pass irq[i] to the ide_init2() function to tell it what
qemu_irq to use. Or else you'd keep the pointer to the
allocated irqs array in the device state struct, so as
to be able to free it on any theoretical hot-unplug your
device might support. Calling qemu_allocate_irqs() and then
immediately freeing the array means that there are now
two actual qemu_irqs floating around which are supposed
to be owned by this device but which it has no way to
get hold of any more. This is only not a leak because
the cmd646 doesn't support hot-unplug.

(Hot take version : we should be getting rid of qemu_allocate_irqs()
entirely: it is essentially a "pre-QOM" API and there are better
ways to phrase code that's currently calling it.)

thanks
-- PMM

Paolo Bonzini Oct. 1, 2019, 4:52 p.m. UTC | #4

On 01/10/19 17:58, Peter Maydell wrote:
> On Tue, 1 Oct 2019 at 14:38, Paolo Bonzini <pbonzini@redhat.com> wrote:
>>
>> The array returned by qemu_allocate_irqs is malloced, free it.
>>
>> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
>> ---
>>  hw/ide/cmd646.c | 1 +
>>  1 file changed, 1 insertion(+)
>>
>> diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
>> index f3ccd11..19984d2 100644
>> --- a/hw/ide/cmd646.c
>> +++ b/hw/ide/cmd646.c
>> @@ -300,6 +300,7 @@ static void pci_cmd646_ide_realize(PCIDevice *dev, Error **errp)
>>          d->bmdma[i].bus = &d->bus[i];
>>          ide_register_restart_cb(&d->bus[i]);
>>      }
>> +    g_free(irq);
>>
>>      vmstate_register(DEVICE(dev), 0, &vmstate_ide_pci, d);
>>      qemu_register_reset(cmd646_reset, d);
>> --
>> 1.8.3.1
> 
> It's a bit weird to be calling qemu_allocate_irqs() here in the
> first place -- usually you'd just have a qemu_irq irqs[2] array
> in the device state struct, qemu_allocate_irq(irq[i], ...) and
> pass irq[i] to the ide_init2() function to tell it what
> qemu_irq to use. Or else you'd keep the pointer to the
> allocated irqs array in the device state struct, so as
> to be able to free it on any theoretical hot-unplug your
> device might support. Calling qemu_allocate_irqs() and then
> immediately freeing the array means that there are now
> two actual qemu_irqs floating around which are supposed
> to be owned by this device but which it has no way to
> get hold of any more. This is only not a leak because
> the cmd646 doesn't support hot-unplug.
> 
> (Hot take version : we should be getting rid of qemu_allocate_irqs()
> entirely: it is essentially a "pre-QOM" API and there are better
> ways to phrase code that's currently calling it.)

Yes, I agree, and it's why I didn't mind doing the quick fix that gets
rid of the boot-serial-test leak the easy way.

Paolo

diff --git a/hw/ide/cmd646.c b/hw/ide/cmd646.c
index f3ccd11..19984d2 100644
--- a/hw/ide/cmd646.c
+++ b/hw/ide/cmd646.c
@@ -300,6 +300,7 @@  static void pci_cmd646_ide_realize(PCIDevice *dev, Error **errp)
         d->bmdma[i].bus = &d->bus[i];
         ide_register_restart_cb(&d->bus[i]);
     }
+    g_free(irq);
 
     vmstate_register(DEVICE(dev), 0, &vmstate_ide_pci, d);
     qemu_register_reset(cmd646_reset, d);

[1/8] ide: fix leak from qemu_allocate_irqs

Commit Message

Comments

Patch