From: Paolo Bonzini <pbonzini@redhat.com>
To: Jason Baron <jbaron@redhat.com>
Cc: kwolf@redhat.com, aliguori@us.ibm.com, qemu-devel@nongnu.org,
armbru@redhat.com, agraf@suse.de, alex.williamson@redhat.com,
avi@redhat.com
Subject: Re: [Qemu-devel] [PATCH 2/2] ahci: Fix sglist memleak in ahci_dma_rw_buf()
Date: Fri, 27 Jul 2012 09:16:05 +0200 [thread overview]
Message-ID: <50124035.4030703@redhat.com> (raw)
In-Reply-To: <bcc22e1608bee5bea31d03ac855257301bd40dcc.1343330684.git.jbaron@redhat.com>
Il 26/07/2012 21:40, Jason Baron ha scritto:
> I noticed that in hw/ide/ahci:ahci_dma_rw_buf() does not appear to free the
> sglist. Thus, I've added a call to qemu_sglist_destroy() to fix this memory
> leak.
>
> I'm wondering though if 'ahci_populate_sglist()' can return 0, and not
> populate the sglist, thus causing us to call free on NULL pointer. However, I
> see that ahci_start_transfer() always calls the free if the return is 0.
A free(NULL) is ok, but a double-free would not be. Something like this
would make me feel better:
diff --git a/dma-helpers.c b/dma-helpers.c
index 35cb500..57725d0 100644
--- a/dma-helpers.c
+++ b/dma-helpers.c
@@ -65,6 +65,7 @@
void qemu_sglist_destroy(QEMUSGList *qsg)
{
g_free(qsg->sg);
+ memset(qsg, 0, sizeof(qsg));
}
typedef struct {
Paolo
> Signed-off-by: Jason Baron <jbaron@redhat.com>
> ---
> hw/ide/ahci.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
> index 9c95714..b48401d 100644
> --- a/hw/ide/ahci.c
> +++ b/hw/ide/ahci.c
> @@ -1073,6 +1073,9 @@ static int ahci_dma_rw_buf(IDEDMA *dma, int is_write)
> dma_buf_write(p, l, &s->sg);
> }
>
> + /* free sglist that was created in ahci_populate_sglist() */
> + qemu_sglist_destroy(&s->sg);
> +
> /* update number of transferred bytes */
> ad->cur_cmd->status = cpu_to_le32(le32_to_cpu(ad->cur_cmd->status) + l);
> s->io_buffer_index += l;
>
prev parent reply other threads:[~2012-07-27 7:16 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-26 19:40 [Qemu-devel] [PATCH 0/2] ahci: fix cdrom read corruption Jason Baron
2012-07-26 19:40 ` [Qemu-devel] [PATCH 1/2] ahci: Fix ahci cdrom read corruptions for reads > 128k Jason Baron
2012-07-27 7:59 ` Kevin Wolf
2012-07-27 14:50 ` Jason Baron
2012-07-27 11:28 ` Andreas Färber
2012-07-26 19:40 ` [Qemu-devel] [PATCH 2/2] ahci: Fix sglist memleak in ahci_dma_rw_buf() Jason Baron
2012-07-27 7:16 ` Paolo Bonzini [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50124035.4030703@redhat.com \
--to=pbonzini@redhat.com \
--cc=agraf@suse.de \
--cc=alex.williamson@redhat.com \
--cc=aliguori@us.ibm.com \
--cc=armbru@redhat.com \
--cc=avi@redhat.com \
--cc=jbaron@redhat.com \
--cc=kwolf@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.