Message ID | 20200612173227.4103-1-andrew.cooper3@citrix.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | [for-4.13] tools/libxl: Fix memory leak in libxl_cpuid_set() | expand |
Andrew Cooper writes ("[PATCH for-4.13] tools/libxl: Fix memory leak in libxl_cpuid_set()"): > xc_cpuid_set() returns allocated memory via cpuid_res, which libxl needs to > free() seeing as it discards the results. > > This is logically a backport of c/s b91825f628 "tools/libxc: Drop > config_transformed parameter from xc_cpuid_set()" but rewritten as one caller > of xc_cpuid_set() does use returned values. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> > --- > CC: Ian Jackson <Ian.Jackson@citrix.com> > > Applicable for 4.13 and older. Thanks. I have committed this to 4.13 and 4.12. 4.12 is no longer supported for bugfixes like this one. > I'm not going to touch the Ocaml bindings - they're wrong in multiple ways > including this memory leak, and we deleted them in 4.14 because they were > totally unused. That makes sense to me. Ian.
On 12.06.2020 19:32, Andrew Cooper wrote: > xc_cpuid_set() returns allocated memory via cpuid_res, which libxl needs to > free() seeing as it discards the results. > > This is logically a backport of c/s b91825f628 "tools/libxc: Drop > config_transformed parameter from xc_cpuid_set()" but rewritten as one caller > of xc_cpuid_set() does use returned values. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Jan Beulich <jbeulich@suse.com> in case it helps. Jan
diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c index a78f08b927..083869dcf4 100644 --- a/tools/libxl/libxl_cpuid.c +++ b/tools/libxl/libxl_cpuid.c @@ -420,12 +420,17 @@ void libxl_cpuid_apply_policy(libxl_ctx *ctx, uint32_t domid) void libxl_cpuid_set(libxl_ctx *ctx, uint32_t domid, libxl_cpuid_policy_list cpuid) { - int i; + int i, j; char *cpuid_res[4]; for (i = 0; cpuid[i].input[0] != XEN_CPUID_INPUT_UNUSED; i++) + { xc_cpuid_set(ctx->xch, domid, cpuid[i].input, (const char**)(cpuid[i].policy), cpuid_res); + + for (j = 0; j < ARRAY_SIZE(cpuid_res); ++j) + free(cpuid_res[j]); + } } static const char *input_names[2] = { "leaf", "subleaf" };
xc_cpuid_set() returns allocated memory via cpuid_res, which libxl needs to free() seeing as it discards the results. This is logically a backport of c/s b91825f628 "tools/libxc: Drop config_transformed parameter from xc_cpuid_set()" but rewritten as one caller of xc_cpuid_set() does use returned values. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Ian Jackson <Ian.Jackson@citrix.com> Applicable for 4.13 and older. I'm not going to touch the Ocaml bindings - they're wrong in multiple ways including this memory leak, and we deleted them in 4.14 because they were totally unused. --- tools/libxl/libxl_cpuid.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-)