hw: Fix qemu_init_irq() leaks

[PATCH 0/3] hw: Fix qemu_init_irq() leaks

Peter Maydell posted 3 patches 2 months, 1 week ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20250821154053.2417090-1-peter.maydell@linaro.org

Maintainers: "Michael S. Tsirkin" <mst@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>, "Marc-André Lureau" <marcandre.lureau@redhat.com>, John Snow <jsnow@redhat.com>

include/hw/irq.h           | 23 ++++++++++++++++++++++-
hw/char/serial-pci-multi.c |  4 +++-
hw/core/irq.c              |  8 ++++++++
hw/ide/ich.c               |  3 ++-
4 files changed, 35 insertions(+), 3 deletions(-)

Expand all Fold all

[PATCH 0/3] hw: Fix qemu_init_irq() leaks

Posted by Peter Maydell 2 months, 1 week ago

The qemu_init_irq() method initializes an IRQ object, but
the caller is responsible for eventually freeing it by calling
qemu_free_irq(). Generally we don't remember to do this.

Implement a harder-to-misuse API, qemu_init_irq_child().  This is to
qemu_init_irq() what object_initialize_child() is to
object_initialize(): it both initializes the object and makes it a
child of the parent QOM object.  If you use this in a device's
realize or instance_init method then the IRQ will be automatically
freed when the device is destroyed.

Patch 1 is the new function; patches 2 and 3 are bugfixes for
leaks that show up with ASAN in device-introspect-test (which
does an instance_init -> deinit on every device).

The other callers of qemu_init_irq() could also be changed over
to use this new function, but they don't cause in-practice
leaks because they call the function in realize, and they
are devices which are never unrealized.

thanks
-- PMM

Peter Maydell (3):
  hw/irq: New qemu_init_irq_child() function
  hw/char/serial-pci-multi: Use qemu_init_irq_child() to avoid leak
  hw/ide/ich.c: Use qemu_init_irq_child() to avoid memory leak

 include/hw/irq.h           | 23 ++++++++++++++++++++++-
 hw/char/serial-pci-multi.c |  4 +++-
 hw/core/irq.c              |  8 ++++++++
 hw/ide/ich.c               |  3 ++-
 4 files changed, 35 insertions(+), 3 deletions(-)

-- 
2.43.0

Re: [PATCH 0/3] hw: Fix qemu_init_irq() leaks

Posted by Philippe Mathieu-Daudé 1 month, 4 weeks ago

On 21/8/25 17:40, Peter Maydell wrote:
> The qemu_init_irq() method initializes an IRQ object, but
> the caller is responsible for eventually freeing it by calling
> qemu_free_irq(). Generally we don't remember to do this.
> 
> Implement a harder-to-misuse API, qemu_init_irq_child().  This is to
> qemu_init_irq() what object_initialize_child() is to
> object_initialize(): it both initializes the object and makes it a
> child of the parent QOM object.  If you use this in a device's
> realize or instance_init method then the IRQ will be automatically
> freed when the device is destroyed.
> 
> Patch 1 is the new function; patches 2 and 3 are bugfixes for
> leaks that show up with ASAN in device-introspect-test (which
> does an instance_init -> deinit on every device).
> 
> The other callers of qemu_init_irq() could also be changed over
> to use this new function, but they don't cause in-practice
> leaks because they call the function in realize, and they
> are devices which are never unrealized.

There are only 4 uses left. I don't see any good reason to keep
qemu_init_irq() over qemu_init_irq_child(). Maybe better fully
remove the former by the latter?

> Peter Maydell (3):
>    hw/irq: New qemu_init_irq_child() function
>    hw/char/serial-pci-multi: Use qemu_init_irq_child() to avoid leak
>    hw/ide/ich.c: Use qemu_init_irq_child() to avoid memory leak

Series queued, thanks!