[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH v2] xen: use qdev_unplug() instead of g_free() i
From: |
Stefano Stabellini |
Subject: |
Re: [Qemu-devel] [PATCH v2] xen: use qdev_unplug() instead of g_free() in xen_pv_find_xendev() |
Date: |
Wed, 1 Feb 2017 11:37:40 -0800 (PST) |
User-agent: |
Alpine 2.10 (DEB 1266 2009-07-14) |
Hi Peter,
do you think this is acceptable?
Thanks,
Stefano
On Wed, 1 Feb 2017, Juergen Gross wrote:
> The error exits of xen_pv_find_xendev() free the new xen-device via
> g_free() which is wrong.
>
> As the xen-device has been initialized as qdev it must be removed
> via qdev_unplug().
>
> This bug has been introduced with commit 3a6c9172ac5951e6dac2b3f6
> ("xen: create qdev for each backend device").
>
> Reported-by: Roger Pau Monné <address@hidden>
> Tested-by: Roger Pau Monné <address@hidden>
> Signed-off-by: Juergen Gross <address@hidden>
> ---
> V2: set free method to avoid memory leak (Peter Maydell)
> use DEVICE(xendev) instead of &xendev->qdev (Peter Maydell)
> ---
> hw/xen/xen_backend.c | 13 +++++++------
> 1 file changed, 7 insertions(+), 6 deletions(-)
>
> diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c
> index d119004..6c21c37 100644
> --- a/hw/xen/xen_backend.c
> +++ b/hw/xen/xen_backend.c
> @@ -124,10 +124,11 @@ static struct XenDevice *xen_be_get_xendev(const char
> *type, int dom, int dev,
> /* init new xendev */
> xendev = g_malloc0(ops->size);
> object_initialize(&xendev->qdev, ops->size, TYPE_XENBACKEND);
> - qdev_set_parent_bus(&xendev->qdev, xen_sysbus);
> - qdev_set_id(&xendev->qdev, g_strdup_printf("xen-%s-%d", type, dev));
> - qdev_init_nofail(&xendev->qdev);
> - object_unref(OBJECT(&xendev->qdev));
> + OBJECT(xendev)->free = g_free;
> + qdev_set_parent_bus(DEVICE(xendev), xen_sysbus);
> + qdev_set_id(DEVICE(xendev), g_strdup_printf("xen-%s-%d", type, dev));
> + qdev_init_nofail(DEVICE(xendev));
> + object_unref(OBJECT(xendev));
>
> xendev->type = type;
> xendev->dom = dom;
> @@ -145,7 +146,7 @@ static struct XenDevice *xen_be_get_xendev(const char
> *type, int dom, int dev,
> xendev->evtchndev = xenevtchn_open(NULL, 0);
> if (xendev->evtchndev == NULL) {
> xen_pv_printf(NULL, 0, "can't open evtchn device\n");
> - g_free(xendev);
> + qdev_unplug(DEVICE(xendev), NULL);
> return NULL;
> }
> fcntl(xenevtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC);
> @@ -155,7 +156,7 @@ static struct XenDevice *xen_be_get_xendev(const char
> *type, int dom, int dev,
> if (xendev->gnttabdev == NULL) {
> xen_pv_printf(NULL, 0, "can't open gnttab device\n");
> xenevtchn_close(xendev->evtchndev);
> - g_free(xendev);
> + qdev_unplug(DEVICE(xendev), NULL);
> return NULL;
> }
> } else {
> --
> 2.10.2
>