1. Patchew
  2. QEMU
  3. [Qemu-devel] [PATCH v2 0/2] vfio-ccw: fix memory leak + cleanup
  4. View patch

[Qemu-devel] [PATCH v2 1/2] vfio-ccw: fix memory leaks in vfio_ccw_realize()

Greg Kurz posted 2 patches 7 years, 6 months ago
[Qemu-devel] [PATCH v2 1/2] vfio-ccw: fix memory leaks in vfio_ccw_realize()
Posted by Greg Kurz 7 years, 6 months ago 
If the subchannel is already attached or if vfio_get_device() fails, the
code jumps to the 'out_device_err' label and doesn't free the string it
has just allocated.

The code should be reworked so that vcdev->vdev.name only gets set when
the device has been attached, and freed when it is about to be detached.
This could be achieved  with the addition of a vfio_ccw_get_device()
function that would be the counterpart of vfio_put_device(). But this is
a more elaborate cleanup that should be done in a follow-up. For now,
let's just add calls to g_free() on the buggy error paths.

Signed-off-by: Greg Kurz <groug@kaod.org>
---
 hw/vfio/ccw.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
index 4e5855741a64..fe34b507699f 100644
--- a/hw/vfio/ccw.c
+++ b/hw/vfio/ccw.c
@@ -357,11 +357,13 @@ static void vfio_ccw_realize(DeviceState *dev, Error **errp)
         if (strcmp(vbasedev->name, vcdev->vdev.name) == 0) {
             error_setg(&err, "vfio: subchannel %s has already been attached",
                        vcdev->vdev.name);
+            g_free(vcdev->vdev.name);
             goto out_device_err;
         }
     }
 
     if (vfio_get_device(group, cdev->mdevid, &vcdev->vdev, &err)) {
+        g_free(vcdev->vdev.name);
         goto out_device_err;
     }
Re: [Qemu-devel] [PATCH v2 1/2] vfio-ccw: fix memory leaks in vfio_ccw_realize()
Posted by Cornelia Huck 7 years, 6 months ago 
On Sat, 07 Apr 2018 16:43:46 +0200
Greg Kurz <groug@kaod.org> wrote:

> If the subchannel is already attached or if vfio_get_device() fails, the
> code jumps to the 'out_device_err' label and doesn't free the string it
> has just allocated.
> 
> The code should be reworked so that vcdev->vdev.name only gets set when
> the device has been attached, and freed when it is about to be detached.
> This could be achieved  with the addition of a vfio_ccw_get_device()
> function that would be the counterpart of vfio_put_device(). But this is
> a more elaborate cleanup that should be done in a follow-up. For now,
> let's just add calls to g_free() on the buggy error paths.
> 
> Signed-off-by: Greg Kurz <groug@kaod.org>
> ---
>  hw/vfio/ccw.c |    2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c
> index 4e5855741a64..fe34b507699f 100644
> --- a/hw/vfio/ccw.c
> +++ b/hw/vfio/ccw.c
> @@ -357,11 +357,13 @@ static void vfio_ccw_realize(DeviceState *dev, Error **errp)
>          if (strcmp(vbasedev->name, vcdev->vdev.name) == 0) {
>              error_setg(&err, "vfio: subchannel %s has already been attached",
>                         vcdev->vdev.name);
> +            g_free(vcdev->vdev.name);
>              goto out_device_err;
>          }
>      }
>  
>      if (vfio_get_device(group, cdev->mdevid, &vcdev->vdev, &err)) {
> +        g_free(vcdev->vdev.name);
>          goto out_device_err;
>      }
>  
> 

Thanks, applied to s390-fixes.

Patchew 2.1-devel-b67e4c2

© 2016 - 2025 Red Hat, Inc.