[v3,2/3] virtio-balloon: fix memory leak while attach virtio-balloon device

Commit Message

Pan Nengyuan Dec. 9, 2019, 2 a.m. UTC

From: Pan Nengyuan <pannengyuan@huawei.com>

ivq/dvq/svq/free_page_vq forgot to cleanup in
virtio_balloon_device_unrealize, the memory leak stack is as follow:

Direct leak of 14336 byte(s) in 2 object(s) allocated from:
    #0 0x7f99fd9d8560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
    #1 0x7f99fcb20015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
    #2 0x557d90638437 in virtio_add_queue hw/virtio/virtio.c:2327
    #3 0x557d9064401d in virtio_balloon_device_realize hw/virtio/virtio-balloon.c:793
    #4 0x557d906356f7 in virtio_device_realize hw/virtio/virtio.c:3504
    #5 0x557d9073f081 in device_set_realized hw/core/qdev.c:876
    #6 0x557d908b1f4d in property_set_bool qom/object.c:2080
    #7 0x557d908b655e in object_property_set_qobject qom/qom-qobject.c:26

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
Cc: Amit Shah <amit@kernel.org>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
---
Changes v2 to v1:
- use virtio_delete_queue to cleanup vq through a vq pointer (suggested by
  Michael S. Tsirkin)
---
Changes v3 to v2:
- change virtio_delete_queue to virtio_queue_cleanup
---
 hw/virtio/virtio-balloon.c | 7 +++++++
 1 file changed, 7 insertions(+)

Comments

David Hildenbrand Dec. 12, 2019, 2:51 p.m. UTC | #1

On 09.12.19 03:00, pannengyuan@huawei.com wrote:
> From: Pan Nengyuan <pannengyuan@huawei.com>
> 
> ivq/dvq/svq/free_page_vq forgot to cleanup in
> virtio_balloon_device_unrealize, the memory leak stack is as follow:
> 
> Direct leak of 14336 byte(s) in 2 object(s) allocated from:
>     #0 0x7f99fd9d8560 in calloc (/usr/lib64/libasan.so.3+0xc7560)
>     #1 0x7f99fcb20015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015)
>     #2 0x557d90638437 in virtio_add_queue hw/virtio/virtio.c:2327
>     #3 0x557d9064401d in virtio_balloon_device_realize hw/virtio/virtio-balloon.c:793
>     #4 0x557d906356f7 in virtio_device_realize hw/virtio/virtio.c:3504
>     #5 0x557d9073f081 in device_set_realized hw/core/qdev.c:876
>     #6 0x557d908b1f4d in property_set_bool qom/object.c:2080
>     #7 0x557d908b655e in object_property_set_qobject qom/qom-qobject.c:26
> 
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
> Cc: Amit Shah <amit@kernel.org>
> Reviewed-by: Laurent Vivier <lvivier@redhat.com>
> ---
> Changes v2 to v1:
> - use virtio_delete_queue to cleanup vq through a vq pointer (suggested by
>   Michael S. Tsirkin)
> ---
> Changes v3 to v2:
> - change virtio_delete_queue to virtio_queue_cleanup
> ---
>  hw/virtio/virtio-balloon.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
> index 40b04f5..681a2b2 100644
> --- a/hw/virtio/virtio-balloon.c
> +++ b/hw/virtio/virtio-balloon.c
> @@ -831,6 +831,13 @@ static void virtio_balloon_device_unrealize(DeviceState *dev, Error **errp)
>      }
>      balloon_stats_destroy_timer(s);
>      qemu_remove_balloon_handler(s);
> +
> +    virtio_queue_cleanup(s->ivq);
> +    virtio_queue_cleanup(s->dvq);
> +    virtio_queue_cleanup(s->svq);
> +    if (s->free_page_vq) {
> +        virtio_queue_cleanup(s->free_page_vq);
> +    }
>      virtio_cleanup(vdev);
>  }
>  
> 

Reviewed-by: David Hildenbrand <david@redhat.com>

Patch

diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c
index 40b04f5..681a2b2 100644
--- a/hw/virtio/virtio-balloon.c
+++ b/hw/virtio/virtio-balloon.c
@@ -831,6 +831,13 @@  static void virtio_balloon_device_unrealize(DeviceState *dev, Error **errp)
     }
     balloon_stats_destroy_timer(s);
     qemu_remove_balloon_handler(s);
+
+    virtio_queue_cleanup(s->ivq);
+    virtio_queue_cleanup(s->dvq);
+    virtio_queue_cleanup(s->svq);
+    if (s->free_page_vq) {
+        virtio_queue_cleanup(s->free_page_vq);
+    }
     virtio_cleanup(vdev);
 }