hw/vfio/common.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)
hostwin is allocated and added to hostwin_list in vfio_host_win_add, but
it is only deleted from hostwin_list in vfio_host_win_del, which causes
a memory leak. Also, freeing all elements in hostwin_list is missing in
vfio_disconnect_container.
Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)")
CC: qemu-stable@nongnu.org
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
---
hw/vfio/common.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index dd387b0d3959..2cce60c5fac3 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -546,11 +546,12 @@ static void vfio_host_win_add(VFIOContainer *container,
static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova,
hwaddr max_iova)
{
- VFIOHostDMAWindow *hostwin;
+ VFIOHostDMAWindow *hostwin, *next;
- QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
+ QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, next) {
if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) {
QLIST_REMOVE(hostwin, hostwin_next);
+ g_free(hostwin);
return 0;
}
}
@@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group)
if (QLIST_EMPTY(&container->group_list)) {
VFIOAddressSpace *space = container->space;
VFIOGuestIOMMU *giommu, *tmp;
+ VFIOHostDMAWindow *hostwin, *next;
QLIST_REMOVE(container, next);
@@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group)
g_free(giommu);
}
+ QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next,
+ next) {
+ QLIST_REMOVE(hostwin, hostwin_next);
+ g_free(hostwin);
+ }
+
trace_vfio_disconnect_container(container->fd);
close(container->fd);
g_free(container);
--
2.33.1
On Tue, 16 Nov 2021 19:56:26 +0800 Peng Liang <liangpeng10@huawei.com> wrote: > hostwin is allocated and added to hostwin_list in vfio_host_win_add, but > it is only deleted from hostwin_list in vfio_host_win_del, which causes > a memory leak. Also, freeing all elements in hostwin_list is missing in > vfio_disconnect_container. > > Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)") > CC: qemu-stable@nongnu.org > Signed-off-by: Peng Liang <liangpeng10@huawei.com> > --- > hw/vfio/common.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/hw/vfio/common.c b/hw/vfio/common.c > index dd387b0d3959..2cce60c5fac3 100644 > --- a/hw/vfio/common.c > +++ b/hw/vfio/common.c > @@ -546,11 +546,12 @@ static void vfio_host_win_add(VFIOContainer *container, > static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova, > hwaddr max_iova) > { > - VFIOHostDMAWindow *hostwin; > + VFIOHostDMAWindow *hostwin, *next; > > - QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) { > + QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, next) { Unnecessary conversion to _SAFE variant here, we don't continue to walk the list after removing an object. > if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) { > QLIST_REMOVE(hostwin, hostwin_next); > + g_free(hostwin); > return 0; > } > } > @@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group) > if (QLIST_EMPTY(&container->group_list)) { > VFIOAddressSpace *space = container->space; > VFIOGuestIOMMU *giommu, *tmp; > + VFIOHostDMAWindow *hostwin, *next; > > QLIST_REMOVE(container, next); > > @@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group) > g_free(giommu); > } > > + QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, > + next) { > + QLIST_REMOVE(hostwin, hostwin_next); > + g_free(hostwin); > + } > + This usage looks good. Thanks, Alex > trace_vfio_disconnect_container(container->fd); > close(container->fd); > g_free(container);
On 11/17/2021 3:01 AM, Alex Williamson wrote: > On Tue, 16 Nov 2021 19:56:26 +0800 > Peng Liang <liangpeng10@huawei.com> wrote: > >> hostwin is allocated and added to hostwin_list in vfio_host_win_add, but >> it is only deleted from hostwin_list in vfio_host_win_del, which causes >> a memory leak. Also, freeing all elements in hostwin_list is missing in >> vfio_disconnect_container. >> >> Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)") >> CC: qemu-stable@nongnu.org >> Signed-off-by: Peng Liang <liangpeng10@huawei.com> >> --- >> hw/vfio/common.c | 12 ++++++++++-- >> 1 file changed, 10 insertions(+), 2 deletions(-) >> >> diff --git a/hw/vfio/common.c b/hw/vfio/common.c >> index dd387b0d3959..2cce60c5fac3 100644 >> --- a/hw/vfio/common.c >> +++ b/hw/vfio/common.c >> @@ -546,11 +546,12 @@ static void vfio_host_win_add(VFIOContainer *container, >> static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova, >> hwaddr max_iova) >> { >> - VFIOHostDMAWindow *hostwin; >> + VFIOHostDMAWindow *hostwin, *next; >> >> - QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) { >> + QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, next) { > > Unnecessary conversion to _SAFE variant here, we don't continue to walk > the list after removing an object. Ok, I'll remove it in the next version. Thanks, Peng > >> if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) { >> QLIST_REMOVE(hostwin, hostwin_next); >> + g_free(hostwin); >> return 0; >> } >> } >> @@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group) >> if (QLIST_EMPTY(&container->group_list)) { >> VFIOAddressSpace *space = container->space; >> VFIOGuestIOMMU *giommu, *tmp; >> + VFIOHostDMAWindow *hostwin, *next; >> >> QLIST_REMOVE(container, next); >> >> @@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group) >> g_free(giommu); >> } >> >> + QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, >> + next) { >> + QLIST_REMOVE(hostwin, hostwin_next); >> + g_free(hostwin); >> + } >> + > > This usage looks good. Thanks, > > Alex > >> trace_vfio_disconnect_container(container->fd); >> close(container->fd); >> g_free(container); > > . >
© 2016 - 2024 Red Hat, Inc.