diff mbox series

[for-4.13] tools/libxl: Fix memory leak in libxl_cpuid_set()

Message ID 20200612173227.4103-1-andrew.cooper3@citrix.com (mailing list archive)
State New, archived
Headers show
Series [for-4.13] tools/libxl: Fix memory leak in libxl_cpuid_set() | expand

Commit Message

Andrew Cooper June 12, 2020, 5:32 p.m. UTC 
xc_cpuid_set() returns allocated memory via cpuid_res, which libxl needs to
free() seeing as it discards the results.

This is logically a backport of c/s b91825f628 "tools/libxc: Drop
config_transformed parameter from xc_cpuid_set()" but rewritten as one caller
of xc_cpuid_set() does use returned values.

Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
CC: Ian Jackson <Ian.Jackson@citrix.com>

Applicable for 4.13 and older.

I'm not going to touch the Ocaml bindings - they're wrong in multiple ways
including this memory leak, and we deleted them in 4.14 because they were
totally unused.
---
 tools/libxl/libxl_cpuid.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Ian Jackson June 15, 2020, 2:48 p.m. UTC | #1 
Andrew Cooper writes ("[PATCH for-4.13] tools/libxl: Fix memory leak in libxl_cpuid_set()"):
> xc_cpuid_set() returns allocated memory via cpuid_res, which libxl needs to
> free() seeing as it discards the results.
> 
> This is logically a backport of c/s b91825f628 "tools/libxc: Drop
> config_transformed parameter from xc_cpuid_set()" but rewritten as one caller
> of xc_cpuid_set() does use returned values.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>
> ---
> CC: Ian Jackson <Ian.Jackson@citrix.com>
> 
> Applicable for 4.13 and older.

Thanks.  I have committed this to 4.13 and 4.12.
4.12 is no longer supported for bugfixes like this one.

> I'm not going to touch the Ocaml bindings - they're wrong in multiple ways
> including this memory leak, and we deleted them in 4.14 because they were
> totally unused.

That makes sense to me.

Ian.
Jan Beulich June 16, 2020, 7:57 a.m. UTC | #2 
On 12.06.2020 19:32, Andrew Cooper wrote:
> xc_cpuid_set() returns allocated memory via cpuid_res, which libxl needs to
> free() seeing as it discards the results.
> 
> This is logically a backport of c/s b91825f628 "tools/libxc: Drop
> config_transformed parameter from xc_cpuid_set()" but rewritten as one caller
> of xc_cpuid_set() does use returned values.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com>

Reviewed-by: Jan Beulich <jbeulich@suse.com>
in case it helps.

Jan
diff mbox series

Patch

diff --git a/tools/libxl/libxl_cpuid.c b/tools/libxl/libxl_cpuid.c
index a78f08b927..083869dcf4 100644
--- a/tools/libxl/libxl_cpuid.c
+++ b/tools/libxl/libxl_cpuid.c
@@ -420,12 +420,17 @@  void libxl_cpuid_apply_policy(libxl_ctx *ctx, uint32_t domid)
 void libxl_cpuid_set(libxl_ctx *ctx, uint32_t domid,
                      libxl_cpuid_policy_list cpuid)
 {
-    int i;
+    int i, j;
     char *cpuid_res[4];
 
     for (i = 0; cpuid[i].input[0] != XEN_CPUID_INPUT_UNUSED; i++)
+    {
         xc_cpuid_set(ctx->xch, domid, cpuid[i].input,
                      (const char**)(cpuid[i].policy), cpuid_res);
+
+        for (j = 0; j < ARRAY_SIZE(cpuid_res); ++j)
+            free(cpuid_res[j]);
+    }
 }
 
 static const char *input_names[2] = { "leaf", "subleaf" };