vfio: Fix memory leak of hostwin

Message ID	20211116115626.1627186-1-liangpeng10@huawei.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=iNjW=QD=nongnu.org=qemu-devel-bounces+qemu-devel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1D00661414 From: Peng Liang <liangpeng10@huawei.com> To: <qemu-devel@nongnu.org>, <alex.williamson@redhat.com> Subject: [PATCH] vfio: Fix memory leak of hostwin Date: Tue, 16 Nov 2021 19:56:26 +0800 Message-ID: <20211116115626.1627186-1-liangpeng10@huawei.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Content-Type: text/plain Received-SPF: pass client-ip=45.249.212.255; envelope-from=liangpeng10@huawei.com; helo=szxga08-in.huawei.com X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Cc: zhengchuan@huawei.com, liangpeng10@huawei.com, wanghao232@huawei.com, qemu-stable@nongnu.org, xiexiangyou@huawei.com Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>
Series	vfio: Fix memory leak of hostwin \| expand vfio: Fix memory leak of hostwin

Message ID

20211116115626.1627186-1-liangpeng10@huawei.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.4.1 mail.kernel.org 1D00661414
From: Peng Liang <liangpeng10@huawei.com>
To: <qemu-devel@nongnu.org>, <alex.williamson@redhat.com>
Subject: [PATCH] vfio: Fix memory leak of hostwin
Date: Tue, 16 Nov 2021 19:56:26 +0800
Message-ID: <20211116115626.1627186-1-liangpeng10@huawei.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
Received-SPF: pass client-ip=45.249.212.255;
 envelope-from=liangpeng10@huawei.com; helo=szxga08-in.huawei.com
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3,
 RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Cc: zhengchuan@huawei.com, liangpeng10@huawei.com, wanghao232@huawei.com,
 qemu-stable@nongnu.org, xiexiangyou@huawei.com
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>

Series

vfio: Fix memory leak of hostwin | expand

Commit Message

Peng Liang Nov. 16, 2021, 11:56 a.m. UTC

hostwin is allocated and added to hostwin_list in vfio_host_win_add, but
it is only deleted from hostwin_list in vfio_host_win_del, which causes
a memory leak.  Also, freeing all elements in hostwin_list is missing in
vfio_disconnect_container.

Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)")
CC: qemu-stable@nongnu.org
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
---
 hw/vfio/common.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

Comments

Alex Williamson Nov. 16, 2021, 7:01 p.m. UTC | #1

On Tue, 16 Nov 2021 19:56:26 +0800
Peng Liang <liangpeng10@huawei.com> wrote:

> hostwin is allocated and added to hostwin_list in vfio_host_win_add, but
> it is only deleted from hostwin_list in vfio_host_win_del, which causes
> a memory leak.  Also, freeing all elements in hostwin_list is missing in
> vfio_disconnect_container.
> 
> Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)")
> CC: qemu-stable@nongnu.org
> Signed-off-by: Peng Liang <liangpeng10@huawei.com>
> ---
>  hw/vfio/common.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> index dd387b0d3959..2cce60c5fac3 100644
> --- a/hw/vfio/common.c
> +++ b/hw/vfio/common.c
> @@ -546,11 +546,12 @@ static void vfio_host_win_add(VFIOContainer *container,
>  static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova,
>                               hwaddr max_iova)
>  {
> -    VFIOHostDMAWindow *hostwin;
> +    VFIOHostDMAWindow *hostwin, *next;
>  
> -    QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
> +    QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, next) {

Unnecessary conversion to _SAFE variant here, we don't continue to walk
the list after removing an object.

>          if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) {
>              QLIST_REMOVE(hostwin, hostwin_next);
> +            g_free(hostwin);
>              return 0;
>          }
>      }
> @@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group)
>      if (QLIST_EMPTY(&container->group_list)) {
>          VFIOAddressSpace *space = container->space;
>          VFIOGuestIOMMU *giommu, *tmp;
> +        VFIOHostDMAWindow *hostwin, *next;
>  
>          QLIST_REMOVE(container, next);
>  
> @@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group)
>              g_free(giommu);
>          }
>  
> +        QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next,
> +                           next) {
> +            QLIST_REMOVE(hostwin, hostwin_next);
> +            g_free(hostwin);
> +        }
> +

This usage looks good.  Thanks,

Alex

>          trace_vfio_disconnect_container(container->fd);
>          close(container->fd);
>          g_free(container);

Peng Liang Nov. 17, 2021, 1:43 a.m. UTC | #2

On 11/17/2021 3:01 AM, Alex Williamson wrote:
> On Tue, 16 Nov 2021 19:56:26 +0800
> Peng Liang <liangpeng10@huawei.com> wrote:
> 
>> hostwin is allocated and added to hostwin_list in vfio_host_win_add, but
>> it is only deleted from hostwin_list in vfio_host_win_del, which causes
>> a memory leak.  Also, freeing all elements in hostwin_list is missing in
>> vfio_disconnect_container.
>>
>> Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)")
>> CC: qemu-stable@nongnu.org
>> Signed-off-by: Peng Liang <liangpeng10@huawei.com>
>> ---
>>  hw/vfio/common.c | 12 ++++++++++--
>>  1 file changed, 10 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
>> index dd387b0d3959..2cce60c5fac3 100644
>> --- a/hw/vfio/common.c
>> +++ b/hw/vfio/common.c
>> @@ -546,11 +546,12 @@ static void vfio_host_win_add(VFIOContainer *container,
>>  static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova,
>>                               hwaddr max_iova)
>>  {
>> -    VFIOHostDMAWindow *hostwin;
>> +    VFIOHostDMAWindow *hostwin, *next;
>>  
>> -    QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
>> +    QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, next) {
> 
> Unnecessary conversion to _SAFE variant here, we don't continue to walk
> the list after removing an object.

Ok, I'll remove it in the next version.


Thanks,
Peng

> 
>>          if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) {
>>              QLIST_REMOVE(hostwin, hostwin_next);
>> +            g_free(hostwin);
>>              return 0;
>>          }
>>      }
>> @@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group)
>>      if (QLIST_EMPTY(&container->group_list)) {
>>          VFIOAddressSpace *space = container->space;
>>          VFIOGuestIOMMU *giommu, *tmp;
>> +        VFIOHostDMAWindow *hostwin, *next;
>>  
>>          QLIST_REMOVE(container, next);
>>  
>> @@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group)
>>              g_free(giommu);
>>          }
>>  
>> +        QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next,
>> +                           next) {
>> +            QLIST_REMOVE(hostwin, hostwin_next);
>> +            g_free(hostwin);
>> +        }
>> +
> 
> This usage looks good.  Thanks,
> 
> Alex
> 
>>          trace_vfio_disconnect_container(container->fd);
>>          close(container->fd);
>>          g_free(container);
> 
> .
>

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index dd387b0d3959..2cce60c5fac3 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -546,11 +546,12 @@  static void vfio_host_win_add(VFIOContainer *container,
 static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova,
                              hwaddr max_iova)
 {
-    VFIOHostDMAWindow *hostwin;
+    VFIOHostDMAWindow *hostwin, *next;
 
-    QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
+    QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, next) {
         if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) {
             QLIST_REMOVE(hostwin, hostwin_next);
+            g_free(hostwin);
             return 0;
         }
     }
@@ -2239,6 +2240,7 @@  static void vfio_disconnect_container(VFIOGroup *group)
     if (QLIST_EMPTY(&container->group_list)) {
         VFIOAddressSpace *space = container->space;
         VFIOGuestIOMMU *giommu, *tmp;
+        VFIOHostDMAWindow *hostwin, *next;
 
         QLIST_REMOVE(container, next);
 
@@ -2249,6 +2251,12 @@  static void vfio_disconnect_container(VFIOGroup *group)
             g_free(giommu);
         }
 
+        QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next,
+                           next) {
+            QLIST_REMOVE(hostwin, hostwin_next);
+            g_free(hostwin);
+        }
+
         trace_vfio_disconnect_container(container->fd);
         close(container->fd);
         g_free(container);

vfio: Fix memory leak of hostwin

Commit Message

Comments

Patch