1. Patchew
  2. QEMU
  3. View series

[PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers

Lei Xiang posted 1 patch 3 years, 6 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/1660004709-61572-1-git-send-email-ninollx@163.com
Maintainers: "Michael S. Tsirkin" <mst@redhat.com>
There is a newer version of this series
hw/virtio/virtio-pci.c | 4 ++++
1 file changed, 4 insertions(+)
[PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers
Posted by Lei Xiang 3 years, 6 months ago 
From: Lei Xiang <ninollx@hotmail.com>

proxy->vector_irqfd did not free when set guest notifier failed.

Signed-off-by: Lei Xiang <leixiang@kylinos.cn>
Tested-by: Zeng Chi <zengchi@kylinos.cn>
Suggested-by: Xie Ming <xieming@kylinos.cn>
---
 hw/virtio/virtio-pci.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index 45327f0..75188a9 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1058,6 +1058,10 @@ assign_error:
     while (--n >= 0) {
         virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
     }
+
+    g_free(proxy->vector_irqfd);
+    proxy->vector_irqfd = NULL;
+
     return r;
 }
 
-- 
1.9.1
[RESEND PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers
Posted by leixiang 3 years, 5 months ago 
proxy->vector_irqfd did not free when set guest notifier failed.

Signed-off-by: Lei Xiang <leixiang@kylinos.cn>
Tested-by: Zeng Chi <zengchi@kylinos.cn>
Suggested-by: Xie Ming <xieming@kylinos.cn>
---
 hw/virtio/virtio-pci.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index c6b47a9c..4862f83b 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1038,6 +1038,12 @@ assign_error:
     while (--n >= 0) {
         virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
     }
+
+   g_free(proxy->vector_irqfd);
+   proxy->vector_irqfd = NULL;
+
     return r;
 }
 
-- 


No virus found
		Checked by Hillstone Network AntiVirus
[RESEND PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers
Posted by leixiang 3 years, 2 months ago 
proxy->vector_irqfd did not free when set guest notifier failed.

Signed-off-by: Lei Xiang <leixiang@kylinos.cn>
Tested-by: Zeng Chi <zengchi@kylinos.cn>
Suggested-by: Xie Ming <xieming@kylinos.cn>
---
 hw/virtio/virtio-pci.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index c6b47a9c..4862f83b 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1038,6 +1038,12 @@ assign_error:
     while (--n >= 0) {
         virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
     }
+
+   g_free(proxy->vector_irqfd);
+   proxy->vector_irqfd = NULL;
+
     return r;
 }
 
-- 


No virus found
		Checked by Hillstone Network AntiVirus
Re: [RESEND PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers
Posted by Michael S. Tsirkin 3 years, 1 month ago 
On Wed, Nov 30, 2022 at 01:56:11PM +0800, leixiang wrote:
> proxy->vector_irqfd did not free when set guest notifier failed.

Can you pls add a Fixes tag so people know where to backport this?

> Signed-off-by: Lei Xiang <leixiang@kylinos.cn>
> Tested-by: Zeng Chi <zengchi@kylinos.cn>
> Suggested-by: Xie Ming <xieming@kylinos.cn>

Looking at the code I see this:

    /* Must set vector notifier after guest notifier has been assigned */
    if ((with_irqfd ||
         (vdev->use_guest_notifier_mask && k->guest_notifier_mask)) &&
        assign) {
        if (with_irqfd) {
            proxy->vector_irqfd =
                g_malloc0(sizeof(*proxy->vector_irqfd) *
                          msix_nr_vectors_allocated(&proxy->pci_dev));
            r = kvm_virtio_pci_vector_vq_use(proxy, nvqs);
            if (r < 0) {
                goto config_assign_error;
            }
            r = kvm_virtio_pci_vector_config_use(proxy);
            if (r < 0) {
                goto config_error;
            }
        }

        r = msix_set_vector_notifiers(&proxy->pci_dev, virtio_pci_vector_unmask,
                                      virtio_pci_vector_mask,
                                      virtio_pci_vector_poll);
        if (r < 0) {
            goto notifiers_error;
        }
    }


doesn't this mean g_free belongs at the label config_assign_error?


> ---
>  hw/virtio/virtio-pci.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index c6b47a9c..4862f83b 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -1038,6 +1038,12 @@ assign_error:
>      while (--n >= 0) {
>          virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
>      }
> +
> +   g_free(proxy->vector_irqfd);
> +   proxy->vector_irqfd = NULL;
> +
>      return r;
>  }
>  
> -- 
> 
> 
> No virus found
> 		Checked by Hillstone Network AntiVirus


The patch is corrupted. Line counts are wrong, and your antivirus added
trash at the end.

-- 
MST
[RESEND PATCH] virtio-pci: fix proxy->vector_irqfd leak in virtio_pci_set_guest_notifiers
Posted by leixiang 3 years, 1 month ago 
proxy->vector_irqfd did not free when kvm_virtio_pci_vector_use or
msix_set_vector_notifiers failed in virtio_pci_set_guest_notifiers.

Fixes: 7d37d351

Signed-off-by: Lei Xiang <leixiang@kylinos.cn>
Tested-by: Zeng Chi <zengchi@kylinos.cn>
Suggested-by: Xie Ming <xieming@kylinos.cn>
---
 hw/virtio/virtio-pci.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index a50c5a57d7..5339be4e01 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1063,6 +1063,8 @@ assign_error:
     while (--n >= 0) {
         virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
     }
+    g_free(proxy->vector_irqfd);
+    proxy->vector_irqfd = NULL;
     return r;
 }
 
-- 
2.25.1
Re: [RESEND PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers
Posted by Michael S. Tsirkin 3 years, 2 months ago 
On Wed, Nov 30, 2022 at 01:56:11PM +0800, leixiang wrote:
> proxy->vector_irqfd did not free when set guest notifier failed.
> 
> Signed-off-by: Lei Xiang <leixiang@kylinos.cn>
> Tested-by: Zeng Chi <zengchi@kylinos.cn>
> Suggested-by: Xie Ming <xieming@kylinos.cn>

Thanks a lot!  Fixes tag? When was the leak introduced?

> ---
>  hw/virtio/virtio-pci.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
> index c6b47a9c..4862f83b 100644
> --- a/hw/virtio/virtio-pci.c
> +++ b/hw/virtio/virtio-pci.c
> @@ -1038,6 +1038,12 @@ assign_error:
>      while (--n >= 0) {
>          virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
>      }
> +
> +   g_free(proxy->vector_irqfd);
> +   proxy->vector_irqfd = NULL;
> +
>      return r;
>  }
>  
> -- 
> 
> 
> No virus found
> 		Checked by Hillstone Network AntiVirus
[RESEND PATCH] virtio-pci: fix vector_irqfd leak in virtio_pci_set_guest_notifiers
Posted by leixiang 3 years, 2 months ago 
proxy->vector_irqfd did not free when set guest notifier failed.

Signed-off-by: Lei Xiang <leixiang@kylinos.cn>
Tested-by: Zeng Chi <zengchi@kylinos.cn>
Suggested-by: Xie Ming <xieming@kylinos.cn>
---
 hw/virtio/virtio-pci.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index c6b47a9c..4862f83b 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -1038,6 +1038,12 @@ assign_error:
     while (--n >= 0) {
         virtio_pci_set_guest_notifier(d, n, !assign, with_irqfd);
     }
+
+   g_free(proxy->vector_irqfd);
+   proxy->vector_irqfd = NULL;
+
     return r;
 }
 
-- 


No virus found
		Checked by Hillstone Network AntiVirus

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.