[v2] ivshmem: fix memory backend leak

[Qemu-devel] [PATCH v2] ivshmem: fix memory backend leak

Igor Mammedov posted 1 patch 5 years, 5 months ago

Diff against v1
Download mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/1541085319-211335-1-git-send-email-imammedo@redhat.com

Test docker-clang@ubuntu passed

Test checkpatch passed

Test asan passed

Test docker-mingw@fedora passed

Test docker-quick@centos7 passed

hw/misc/ivshmem.c | 1 +
1 file changed, 1 insertion(+)

Expand all Fold all

[Qemu-devel] [PATCH v2] ivshmem: fix memory backend leak

Posted by Igor Mammedov 5 years, 5 months ago

object_new() returns a new backend with refcount == 1 and
then later object_property_add_child() increases refcount to 2
So when ivshmem is destroyed, the backend it has created isn't
destroyed along with it as children cleanup will bring
backend's refcount only to 1, which leaks backend including
resources it is using.

Drop the original reference from object_new() once backend
is attached to its parent.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
 v2:
  *   s/desroyed/destroyed/
        Philippe Mathieu-Daudé <philmd@redhat.com>
  * pick up Mark's Rb
---
 hw/misc/ivshmem.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/misc/ivshmem.c b/hw/misc/ivshmem.c
index f88910e..ecfd10a 100644
--- a/hw/misc/ivshmem.c
+++ b/hw/misc/ivshmem.c
@@ -1279,6 +1279,7 @@ static void desugar_shm(IVShmemState *s)
     object_property_set_bool(obj, true, "share", &error_abort);
     object_property_add_child(OBJECT(s), "internal-shm-backend", obj,
                               &error_abort);
+    object_unref(obj);
     user_creatable_complete(obj, &error_abort);
     s->hostmem = MEMORY_BACKEND(obj);
 }
-- 
2.7.4