[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] bugfix: irq: Avoid covering object refcount of qemu_irq
From: |
zhukeqian |
Subject: |
Re: [PATCH] bugfix: irq: Avoid covering object refcount of qemu_irq |
Date: |
Tue, 28 Jul 2020 09:36:05 +0800 |
User-agent: |
Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 |
Hi Peter,
On 2020/7/27 22:41, Peter Maydell wrote:
> On Mon, 27 Jul 2020 at 14:03, Keqian Zhu <zhukeqian1@huawei.com> wrote:
>>
>> Avoid covering object refcount of qemu_irq, otherwise it may causes
>> memory leak.
>>
>> Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
>> ---
>> hw/core/irq.c | 4 +++-
>> 1 file changed, 3 insertions(+), 1 deletion(-)
>>
>> diff --git a/hw/core/irq.c b/hw/core/irq.c
>> index fb3045b912..59af4dfc74 100644
>> --- a/hw/core/irq.c
>> +++ b/hw/core/irq.c
>> @@ -125,7 +125,9 @@ void qemu_irq_intercept_in(qemu_irq *gpio_in,
>> qemu_irq_handler handler, int n)
>> int i;
>> qemu_irq *old_irqs = qemu_allocate_irqs(NULL, NULL, n);
>> for (i = 0; i < n; i++) {
>> - *old_irqs[i] = *gpio_in[i];
>> + old_irqs[i]->handler = gpio_in[i]->handler;
>> + old_irqs[i]->opaque = gpio_in[i]->opaque;
>> +
>> gpio_in[i]->handler = handler;
>> gpio_in[i]->opaque = &old_irqs[i];
>> }
>
> This function is leaky by design, because it doesn't do anything
> with the old_irqs array and there's no function for un-intercepting
> the IRQs (which would need to free that memory). This is not ideal
> but OK because it's only used in the test suite.
One of our internal self-developed module also use this function, and we
implemented a function to remove intercepting, so there is no memory leak
after this bugfix.
I suggest to merge this bugfix to prepare for future code which may invoke
this function.
>
> Is there a specific bug you're trying to fix here?
The memory leak is reported by ASAN.
>
Thanks,
Keqian
> thanks
> -- PMM
> .
>