1. Patchew
  2. QEMU
  3. View series

[PATCH] vfio: Fix memory leak of hostwin

Peng Liang posted 1 patch 4 years, 2 months ago
Test checkpatch passed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20211116115626.1627186-1-liangpeng10@huawei.com
Maintainers: Alex Williamson <alex.williamson@redhat.com>
There is a newer version of this series
hw/vfio/common.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
[PATCH] vfio: Fix memory leak of hostwin
Posted by Peng Liang 4 years, 2 months ago 
hostwin is allocated and added to hostwin_list in vfio_host_win_add, but
it is only deleted from hostwin_list in vfio_host_win_del, which causes
a memory leak.  Also, freeing all elements in hostwin_list is missing in
vfio_disconnect_container.

Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)")
CC: qemu-stable@nongnu.org
Signed-off-by: Peng Liang <liangpeng10@huawei.com>
---
 hw/vfio/common.c | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index dd387b0d3959..2cce60c5fac3 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -546,11 +546,12 @@ static void vfio_host_win_add(VFIOContainer *container,
 static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova,
                              hwaddr max_iova)
 {
-    VFIOHostDMAWindow *hostwin;
+    VFIOHostDMAWindow *hostwin, *next;
 
-    QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
+    QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, next) {
         if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) {
             QLIST_REMOVE(hostwin, hostwin_next);
+            g_free(hostwin);
             return 0;
         }
     }
@@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group)
     if (QLIST_EMPTY(&container->group_list)) {
         VFIOAddressSpace *space = container->space;
         VFIOGuestIOMMU *giommu, *tmp;
+        VFIOHostDMAWindow *hostwin, *next;
 
         QLIST_REMOVE(container, next);
 
@@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group)
             g_free(giommu);
         }
 
+        QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next,
+                           next) {
+            QLIST_REMOVE(hostwin, hostwin_next);
+            g_free(hostwin);
+        }
+
         trace_vfio_disconnect_container(container->fd);
         close(container->fd);
         g_free(container);
-- 
2.33.1
Re: [PATCH] vfio: Fix memory leak of hostwin
Posted by Alex Williamson 4 years, 2 months ago 
On Tue, 16 Nov 2021 19:56:26 +0800
Peng Liang <liangpeng10@huawei.com> wrote:

> hostwin is allocated and added to hostwin_list in vfio_host_win_add, but
> it is only deleted from hostwin_list in vfio_host_win_del, which causes
> a memory leak.  Also, freeing all elements in hostwin_list is missing in
> vfio_disconnect_container.
> 
> Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)")
> CC: qemu-stable@nongnu.org
> Signed-off-by: Peng Liang <liangpeng10@huawei.com>
> ---
>  hw/vfio/common.c | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
> index dd387b0d3959..2cce60c5fac3 100644
> --- a/hw/vfio/common.c
> +++ b/hw/vfio/common.c
> @@ -546,11 +546,12 @@ static void vfio_host_win_add(VFIOContainer *container,
>  static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova,
>                               hwaddr max_iova)
>  {
> -    VFIOHostDMAWindow *hostwin;
> +    VFIOHostDMAWindow *hostwin, *next;
>  
> -    QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
> +    QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, next) {

Unnecessary conversion to _SAFE variant here, we don't continue to walk
the list after removing an object.

>          if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) {
>              QLIST_REMOVE(hostwin, hostwin_next);
> +            g_free(hostwin);
>              return 0;
>          }
>      }
> @@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group)
>      if (QLIST_EMPTY(&container->group_list)) {
>          VFIOAddressSpace *space = container->space;
>          VFIOGuestIOMMU *giommu, *tmp;
> +        VFIOHostDMAWindow *hostwin, *next;
>  
>          QLIST_REMOVE(container, next);
>  
> @@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group)
>              g_free(giommu);
>          }
>  
> +        QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next,
> +                           next) {
> +            QLIST_REMOVE(hostwin, hostwin_next);
> +            g_free(hostwin);
> +        }
> +

This usage looks good.  Thanks,

Alex

>          trace_vfio_disconnect_container(container->fd);
>          close(container->fd);
>          g_free(container);
Re: [PATCH] vfio: Fix memory leak of hostwin
Posted by Peng Liang 4 years, 2 months ago 
On 11/17/2021 3:01 AM, Alex Williamson wrote:
> On Tue, 16 Nov 2021 19:56:26 +0800
> Peng Liang <liangpeng10@huawei.com> wrote:
> 
>> hostwin is allocated and added to hostwin_list in vfio_host_win_add, but
>> it is only deleted from hostwin_list in vfio_host_win_del, which causes
>> a memory leak.  Also, freeing all elements in hostwin_list is missing in
>> vfio_disconnect_container.
>>
>> Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)")
>> CC: qemu-stable@nongnu.org
>> Signed-off-by: Peng Liang <liangpeng10@huawei.com>
>> ---
>>  hw/vfio/common.c | 12 ++++++++++--
>>  1 file changed, 10 insertions(+), 2 deletions(-)
>>
>> diff --git a/hw/vfio/common.c b/hw/vfio/common.c
>> index dd387b0d3959..2cce60c5fac3 100644
>> --- a/hw/vfio/common.c
>> +++ b/hw/vfio/common.c
>> @@ -546,11 +546,12 @@ static void vfio_host_win_add(VFIOContainer *container,
>>  static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova,
>>                               hwaddr max_iova)
>>  {
>> -    VFIOHostDMAWindow *hostwin;
>> +    VFIOHostDMAWindow *hostwin, *next;
>>  
>> -    QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
>> +    QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, next) {
> 
> Unnecessary conversion to _SAFE variant here, we don't continue to walk
> the list after removing an object.

Ok, I'll remove it in the next version.


Thanks,
Peng

> 
>>          if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) {
>>              QLIST_REMOVE(hostwin, hostwin_next);
>> +            g_free(hostwin);
>>              return 0;
>>          }
>>      }
>> @@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group)
>>      if (QLIST_EMPTY(&container->group_list)) {
>>          VFIOAddressSpace *space = container->space;
>>          VFIOGuestIOMMU *giommu, *tmp;
>> +        VFIOHostDMAWindow *hostwin, *next;
>>  
>>          QLIST_REMOVE(container, next);
>>  
>> @@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group)
>>              g_free(giommu);
>>          }
>>  
>> +        QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next,
>> +                           next) {
>> +            QLIST_REMOVE(hostwin, hostwin_next);
>> +            g_free(hostwin);
>> +        }
>> +
> 
> This usage looks good.  Thanks,
> 
> Alex
> 
>>          trace_vfio_disconnect_container(container->fd);
>>          close(container->fd);
>>          g_free(container);
> 
> .
>

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.