1. Patchew
  2. QEMU
  3. View series

[PATCH] hw/misc/riscv_cpc: Free CPU array in instance_finalize

Peter Maydell posted 1 patch 1 month ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/qemu tags/patchew/20260309095328.1406779-1-peter.maydell@linaro.org
hw/misc/riscv_cpc.c | 8 ++++++++
1 file changed, 8 insertions(+)
[PATCH] hw/misc/riscv_cpc: Free CPU array in instance_finalize
Posted by Peter Maydell 1 month ago 
The TYPE_RISCV_CPC device allocates an array in its instance_init,
but does not free this, leading to leaks like this from QOM/QMP
introspection:

Direct leak of 512 byte in 1 object allocated from:
    #0  in calloc
    #1  in g_malloc0
    #2  in riscv_cpc_init /home/pm215/qemu/build/san/../../hw/misc/riscv_cpc.c:175:15
    #3  in object_initialize_with_type /home/pm215/qemu/build/san/../../qom/object.c:570:5
    #4  in object_new_with_type /home/pm215/qemu/build/san/../../qom/object.c:774:5
    #5  in qmp_device_list_properties /home/pm215/qemu/build/san/../../qom/qom-qmp-cmds.c:206:11
    #6  in qdev_device_help /home/pm215/qemu/build/san/../../system/qdev-monitor.c:313:17
    #7  in hmp_device_add /home/pm215/qemu/build/san/../../system/qdev-monitor.c:1005:9

Free the array in instance_finalize.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 hw/misc/riscv_cpc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/hw/misc/riscv_cpc.c b/hw/misc/riscv_cpc.c
index 231a419062..4bf2fd8db1 100644
--- a/hw/misc/riscv_cpc.c
+++ b/hw/misc/riscv_cpc.c
@@ -185,6 +185,13 @@ static void riscv_cpc_init(Object *obj)
     }
 }
 
+static void riscv_cpc_finalize(Object *obj)
+{
+    RISCVCPCState *s = RISCV_CPC(obj);
+
+    g_free(s->cpus);
+}
+
 static void riscv_cpc_realize(DeviceState *dev, Error **errp)
 {
     RISCVCPCState *s = RISCV_CPC(dev);
@@ -254,6 +261,7 @@ static const TypeInfo riscv_cpc_info = {
     .parent        = TYPE_SYS_BUS_DEVICE,
     .instance_size = sizeof(RISCVCPCState),
     .instance_init = riscv_cpc_init,
+    .instance_finalize = riscv_cpc_finalize,
     .class_init    = riscv_cpc_class_init,
 };
 
-- 
2.43.0
Re: [PATCH] hw/misc/riscv_cpc: Free CPU array in instance_finalize
Posted by Philippe Mathieu-Daudé 1 month ago 
On 9/3/26 10:53, Peter Maydell wrote:
> The TYPE_RISCV_CPC device allocates an array in its instance_init,
> but does not free this, leading to leaks like this from QOM/QMP
> introspection:
> 
> Direct leak of 512 byte in 1 object allocated from:
>      #0  in calloc
>      #1  in g_malloc0
>      #2  in riscv_cpc_init /home/pm215/qemu/build/san/../../hw/misc/riscv_cpc.c:175:15
>      #3  in object_initialize_with_type /home/pm215/qemu/build/san/../../qom/object.c:570:5
>      #4  in object_new_with_type /home/pm215/qemu/build/san/../../qom/object.c:774:5
>      #5  in qmp_device_list_properties /home/pm215/qemu/build/san/../../qom/qom-qmp-cmds.c:206:11
>      #6  in qdev_device_help /home/pm215/qemu/build/san/../../system/qdev-monitor.c:313:17
>      #7  in hmp_device_add /home/pm215/qemu/build/san/../../system/qdev-monitor.c:1005:9
> 
> Free the array in instance_finalize.
> 
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>   hw/misc/riscv_cpc.c | 8 ++++++++
>   1 file changed, 8 insertions(+)

Patch queued via hw-misc, thanks.
Re: [PATCH] hw/misc/riscv_cpc: Free CPU array in instance_finalize
Posted by Peter Maydell 1 month ago 
On Mon, 9 Mar 2026 at 09:53, Peter Maydell <peter.maydell@linaro.org> wrote:
>
> The TYPE_RISCV_CPC device allocates an array in its instance_init,
> but does not free this, leading to leaks like this from QOM/QMP
> introspection:
>
> Direct leak of 512 byte in 1 object allocated from:
>     #0  in calloc
>     #1  in g_malloc0
>     #2  in riscv_cpc_init /home/pm215/qemu/build/san/../../hw/misc/riscv_cpc.c:175:15
>     #3  in object_initialize_with_type /home/pm215/qemu/build/san/../../qom/object.c:570:5
>     #4  in object_new_with_type /home/pm215/qemu/build/san/../../qom/object.c:774:5
>     #5  in qmp_device_list_properties /home/pm215/qemu/build/san/../../qom/qom-qmp-cmds.c:206:11
>     #6  in qdev_device_help /home/pm215/qemu/build/san/../../system/qdev-monitor.c:313:17
>     #7  in hmp_device_add /home/pm215/qemu/build/san/../../system/qdev-monitor.c:1005:9
>
> Free the array in instance_finalize.
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/misc/riscv_cpc.c | 8 ++++++++
>  1 file changed, 8 insertions(+)

PS: this file isn't listed in any MAINTAINERS section -- which
section should it be under ?

-- PMM
Re: [PATCH] hw/misc/riscv_cpc: Free CPU array in instance_finalize
Posted by Alistair Francis 1 month ago 
On Mon, Mar 9, 2026 at 7:54 PM Peter Maydell <peter.maydell@linaro.org> wrote:
>
> On Mon, 9 Mar 2026 at 09:53, Peter Maydell <peter.maydell@linaro.org> wrote:
> >
> > The TYPE_RISCV_CPC device allocates an array in its instance_init,
> > but does not free this, leading to leaks like this from QOM/QMP
> > introspection:
> >
> > Direct leak of 512 byte in 1 object allocated from:
> >     #0  in calloc
> >     #1  in g_malloc0
> >     #2  in riscv_cpc_init /home/pm215/qemu/build/san/../../hw/misc/riscv_cpc.c:175:15
> >     #3  in object_initialize_with_type /home/pm215/qemu/build/san/../../qom/object.c:570:5
> >     #4  in object_new_with_type /home/pm215/qemu/build/san/../../qom/object.c:774:5
> >     #5  in qmp_device_list_properties /home/pm215/qemu/build/san/../../qom/qom-qmp-cmds.c:206:11
> >     #6  in qdev_device_help /home/pm215/qemu/build/san/../../system/qdev-monitor.c:313:17
> >     #7  in hmp_device_add /home/pm215/qemu/build/san/../../system/qdev-monitor.c:1005:9
> >
> > Free the array in instance_finalize.
> >
> > Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
> > ---
> >  hw/misc/riscv_cpc.c | 8 ++++++++
> >  1 file changed, 8 insertions(+)
>
> PS: this file isn't listed in any MAINTAINERS section -- which
> section should it be under ?

Djordje can you add this to MAINTAINERS please

Alistair
Re: [PATCH] hw/misc/riscv_cpc: Free CPU array in instance_finalize
Posted by Philippe Mathieu-Daudé 1 month ago 
On 9/3/26 10:53, Peter Maydell wrote:
> On Mon, 9 Mar 2026 at 09:53, Peter Maydell <peter.maydell@linaro.org> wrote:
>>
>> The TYPE_RISCV_CPC device allocates an array in its instance_init,
>> but does not free this, leading to leaks like this from QOM/QMP
>> introspection:
>>
>> Direct leak of 512 byte in 1 object allocated from:
>>      #0  in calloc
>>      #1  in g_malloc0
>>      #2  in riscv_cpc_init /home/pm215/qemu/build/san/../../hw/misc/riscv_cpc.c:175:15
>>      #3  in object_initialize_with_type /home/pm215/qemu/build/san/../../qom/object.c:570:5
>>      #4  in object_new_with_type /home/pm215/qemu/build/san/../../qom/object.c:774:5
>>      #5  in qmp_device_list_properties /home/pm215/qemu/build/san/../../qom/qom-qmp-cmds.c:206:11
>>      #6  in qdev_device_help /home/pm215/qemu/build/san/../../system/qdev-monitor.c:313:17
>>      #7  in hmp_device_add /home/pm215/qemu/build/san/../../system/qdev-monitor.c:1005:9
>>
>> Free the array in instance_finalize.
>>
>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>

>> ---
>>   hw/misc/riscv_cpc.c | 8 ++++++++
>>   1 file changed, 8 insertions(+)
> 
> PS: this file isn't listed in any MAINTAINERS section -- which
> section should it be under ?

A missing "MIPS Boston-aia board" section under "RISC-V Machines"
(see commit 2264f637da7 "hw/riscv: Add support for MIPS Boston-aia
board mode"). Commit authors Cc'ed.

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.