From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50876) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1X1p9R-0004UQ-U6 for qemu-devel@nongnu.org; Mon, 30 Jun 2014 23:54:42 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1X1p9N-0005x5-C4 for qemu-devel@nongnu.org; Mon, 30 Jun 2014 23:54:37 -0400 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Tue, 1 Jul 2014 05:08:11 +0200 Message-Id: <1404184093-966-4-git-send-email-afaerber@suse.de> In-Reply-To: <1404184093-966-1-git-send-email-afaerber@suse.de> References: <1404184093-966-1-git-send-email-afaerber@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Subject: [Qemu-devel] [PULL 3/5] hw: Fix qemu_allocate_irqs() leaks List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: Kevin Wolf , Peter Maydell , Peter Crosthwaite , qemu-stable@nongnu.org, Markus Armbruster , =?UTF-8?q?Andreas=20F=C3=A4rber?= , Aurelien Jarno Replace qemu_allocate_irqs(foo, bar, 1)[0] with qemu_allocate_irq(foo, bar, 0). This avoids leaking the dereferenced qemu_irq *. Cc: Markus Armbruster Reviewed-by: Peter Crosthwaite Reviewed-by: Peter Maydell Signed-off-by: Andreas F=C3=A4rber [PC Changes: * Applied change to instance in sh4/sh7750.c ] Signed-off-by: Peter Crosthwaite Reviewed-by: Kirill Batuzov [AF: Fix IRQ index in sh4/sh7750.c] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas F=C3=A4rber --- hw/arm/omap1.c | 14 +++++++------- hw/arm/omap2.c | 2 +- hw/arm/pxa2xx.c | 4 ++-- hw/arm/spitz.c | 4 ++-- hw/arm/z2.c | 2 +- hw/core/irq.c | 4 ++-- hw/dma/omap_dma.c | 4 ++-- hw/ide/microdrive.c | 2 +- hw/misc/cbus.c | 6 +++--- hw/pcmcia/pxa2xx.c | 2 +- hw/sd/omap_mmc.c | 2 +- hw/sd/sdhci.c | 4 ++-- hw/sh4/sh7750.c | 3 +-- hw/timer/omap_gptimer.c | 4 ++-- 14 files changed, 28 insertions(+), 29 deletions(-) diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c index b28e052..e7cc5d7 100644 --- a/hw/arm/omap1.c +++ b/hw/arm/omap1.c @@ -172,7 +172,7 @@ static void omap_timer_clk_update(void *opaque, int l= ine, int on) static void omap_timer_clk_setup(struct omap_mpu_timer_s *timer) { omap_clk_adduser(timer->clk, - qemu_allocate_irqs(omap_timer_clk_update, timer, 1)[= 0]); + qemu_allocate_irq(omap_timer_clk_update, timer, 0)); timer->rate =3D omap_clk_getrate(timer->clk); } =20 @@ -2098,7 +2098,7 @@ static struct omap_mpuio_s *omap_mpuio_init(MemoryR= egion *memory, "omap-mpuio", 0x800); memory_region_add_subregion(memory, base, &s->iomem); =20 - omap_clk_adduser(clk, qemu_allocate_irqs(omap_mpuio_onoff, s, 1)[0])= ; + omap_clk_adduser(clk, qemu_allocate_irq(omap_mpuio_onoff, s, 0)); =20 return s; } @@ -2401,7 +2401,7 @@ static struct omap_pwl_s *omap_pwl_init(MemoryRegio= n *system_memory, "omap-pwl", 0x800); memory_region_add_subregion(system_memory, base, &s->iomem); =20 - omap_clk_adduser(clk, qemu_allocate_irqs(omap_pwl_clk_update, s, 1)[= 0]); + omap_clk_adduser(clk, qemu_allocate_irq(omap_pwl_clk_update, s, 0)); return s; } =20 @@ -3485,8 +3485,8 @@ static void omap_mcbsp_i2s_start(void *opaque, int = line, int level) void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave) { s->codec =3D slave; - slave->rx_swallow =3D qemu_allocate_irqs(omap_mcbsp_i2s_swallow, s, = 1)[0]; - slave->tx_start =3D qemu_allocate_irqs(omap_mcbsp_i2s_start, s, 1)[0= ]; + slave->rx_swallow =3D qemu_allocate_irq(omap_mcbsp_i2s_swallow, s, 0= ); + slave->tx_start =3D qemu_allocate_irq(omap_mcbsp_i2s_start, s, 0); } =20 /* LED Pulse Generators */ @@ -3634,7 +3634,7 @@ static struct omap_lpg_s *omap_lpg_init(MemoryRegio= n *system_memory, memory_region_init_io(&s->iomem, NULL, &omap_lpg_ops, s, "omap-lpg",= 0x800); memory_region_add_subregion(system_memory, base, &s->iomem); =20 - omap_clk_adduser(clk, qemu_allocate_irqs(omap_lpg_clk_update, s, 1)[= 0]); + omap_clk_adduser(clk, qemu_allocate_irq(omap_lpg_clk_update, s, 0)); =20 return s; } @@ -3848,7 +3848,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryReg= ion *system_memory, s->sdram_size =3D sdram_size; s->sram_size =3D OMAP15XX_SRAM_SIZE; =20 - s->wakeup =3D qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0]; + s->wakeup =3D qemu_allocate_irq(omap_mpu_wakeup, s, 0); =20 /* Clocks */ omap_clk_init(s); diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c index 36efde0..dc53a7a 100644 --- a/hw/arm/omap2.c +++ b/hw/arm/omap2.c @@ -2260,7 +2260,7 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRe= gion *sysmem, s->sdram_size =3D sdram_size; s->sram_size =3D OMAP242X_SRAM_SIZE; =20 - s->wakeup =3D qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0]; + s->wakeup =3D qemu_allocate_irq(omap_mpu_wakeup, s, 0); =20 /* Clocks */ omap_clk_init(s); diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c index 2d28a11..557e0f1 100644 --- a/hw/arm/pxa2xx.c +++ b/hw/arm/pxa2xx.c @@ -2052,7 +2052,7 @@ PXA2xxState *pxa270_init(MemoryRegion *address_spac= e, fprintf(stderr, "Unable to find CPU definition\n"); exit(1); } - s->reset =3D qemu_allocate_irqs(pxa2xx_reset, s, 1)[0]; + s->reset =3D qemu_allocate_irq(pxa2xx_reset, s, 0); =20 /* SDRAM & Internal Memory Storage */ memory_region_init_ram(&s->sdram, NULL, "pxa270.sdram", sdram_size); @@ -2183,7 +2183,7 @@ PXA2xxState *pxa255_init(MemoryRegion *address_spac= e, unsigned int sdram_size) fprintf(stderr, "Unable to find CPU definition\n"); exit(1); } - s->reset =3D qemu_allocate_irqs(pxa2xx_reset, s, 1)[0]; + s->reset =3D qemu_allocate_irq(pxa2xx_reset, s, 0); =20 /* SDRAM & Internal Memory Storage */ memory_region_init_ram(&s->sdram, NULL, "pxa255.sdram", sdram_size); diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c index 45e7508..03cc6ce 100644 --- a/hw/arm/spitz.c +++ b/hw/arm/spitz.c @@ -752,7 +752,7 @@ static void spitz_i2c_setup(PXA2xxState *cpu) =20 spitz_wm8750_addr(wm, 0, 0); qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_WM, - qemu_allocate_irqs(spitz_wm8750_addr, wm, 1)[0]); + qemu_allocate_irq(spitz_wm8750_addr, wm, 0)); /* .. and to the sound interface. */ cpu->i2s->opaque =3D wm; cpu->i2s->codec_out =3D wm8750_dac_dat; @@ -858,7 +858,7 @@ static void spitz_gpio_setup(PXA2xxState *cpu, int sl= ots) * wouldn't guarantee that a guest ever exits the loop. */ spitz_hsync =3D 0; - lcd_hsync =3D qemu_allocate_irqs(spitz_lcd_hsync_handler, cpu, 1)[0]= ; + lcd_hsync =3D qemu_allocate_irq(spitz_lcd_hsync_handler, cpu, 0); pxa2xx_gpio_read_notifier(cpu->gpio, lcd_hsync); pxa2xx_lcd_vsync_notifier(cpu->lcd, lcd_hsync); =20 diff --git a/hw/arm/z2.c b/hw/arm/z2.c index ab9e4c9..36b3b50 100644 --- a/hw/arm/z2.c +++ b/hw/arm/z2.c @@ -363,7 +363,7 @@ static void z2_init(MachineState *machine) wm8750_data_req_set(wm, mpu->i2s->data_req, mpu->i2s); =20 qdev_connect_gpio_out(mpu->gpio, Z2_GPIO_LCD_CS, - qemu_allocate_irqs(z2_lcd_cs, z2_lcd, 1)[0]); + qemu_allocate_irq(z2_lcd_cs, z2_lcd, 0)); =20 z2_binfo.kernel_filename =3D kernel_filename; z2_binfo.kernel_cmdline =3D kernel_cmdline; diff --git a/hw/core/irq.c b/hw/core/irq.c index 03c8cb3..3d284c6 100644 --- a/hw/core/irq.c +++ b/hw/core/irq.c @@ -102,7 +102,7 @@ qemu_irq qemu_irq_invert(qemu_irq irq) { /* The default state for IRQs is low, so raise the output now. */ qemu_irq_raise(irq); - return qemu_allocate_irqs(qemu_notirq, irq, 1)[0]; + return qemu_allocate_irq(qemu_notirq, irq, 0); } =20 static void qemu_splitirq(void *opaque, int line, int level) @@ -117,7 +117,7 @@ qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2) qemu_irq *s =3D g_malloc0(2 * sizeof(qemu_irq)); s[0] =3D irq1; s[1] =3D irq2; - return qemu_allocate_irqs(qemu_splitirq, s, 1)[0]; + return qemu_allocate_irq(qemu_splitirq, s, 0); } =20 static void proxy_irq_handler(void *opaque, int n, int level) diff --git a/hw/dma/omap_dma.c b/hw/dma/omap_dma.c index 0f35c42..756a87a 100644 --- a/hw/dma/omap_dma.c +++ b/hw/dma/omap_dma.c @@ -1660,7 +1660,7 @@ struct soc_dma_s *omap_dma_init(hwaddr base, qemu_i= rq *irqs, } =20 omap_dma_setcaps(s); - omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, = 1)[0]); + omap_clk_adduser(s->clk, qemu_allocate_irq(omap_dma_clk_update, s, 0= )); omap_dma_reset(s->dma); omap_dma_clk_update(s, 0, 1); =20 @@ -2082,7 +2082,7 @@ struct soc_dma_s *omap_dma4_init(hwaddr base, qemu_= irq *irqs, s->intr_update =3D omap_dma_interrupts_4_update; =20 omap_dma_setcaps(s); - omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, = 1)[0]); + omap_clk_adduser(s->clk, qemu_allocate_irq(omap_dma_clk_update, s, 0= )); omap_dma_reset(s->dma); omap_dma_clk_update(s, 0, !!s->dma->freq); =20 diff --git a/hw/ide/microdrive.c b/hw/ide/microdrive.c index f24946d..2d70ddb 100644 --- a/hw/ide/microdrive.c +++ b/hw/ide/microdrive.c @@ -593,7 +593,7 @@ static void microdrive_realize(DeviceState *dev, Erro= r **errp) { MicroDriveState *md =3D MICRODRIVE(dev); =20 - ide_init2(&md->bus, qemu_allocate_irqs(md_set_irq, md, 1)[0]); + ide_init2(&md->bus, qemu_allocate_irq(md_set_irq, md, 0)); } =20 static void microdrive_init(Object *obj) diff --git a/hw/misc/cbus.c b/hw/misc/cbus.c index 29b467b..495d507 100644 --- a/hw/misc/cbus.c +++ b/hw/misc/cbus.c @@ -135,9 +135,9 @@ CBus *cbus_init(qemu_irq dat) CBusPriv *s =3D (CBusPriv *) g_malloc0(sizeof(*s)); =20 s->dat_out =3D dat; - s->cbus.clk =3D qemu_allocate_irqs(cbus_clk, s, 1)[0]; - s->cbus.dat =3D qemu_allocate_irqs(cbus_dat, s, 1)[0]; - s->cbus.sel =3D qemu_allocate_irqs(cbus_sel, s, 1)[0]; + s->cbus.clk =3D qemu_allocate_irq(cbus_clk, s, 0); + s->cbus.dat =3D qemu_allocate_irq(cbus_dat, s, 0); + s->cbus.sel =3D qemu_allocate_irq(cbus_sel, s, 0); =20 s->sel =3D 1; s->clk =3D 0; diff --git a/hw/pcmcia/pxa2xx.c b/hw/pcmcia/pxa2xx.c index 96f3774..55e8a2a 100644 --- a/hw/pcmcia/pxa2xx.c +++ b/hw/pcmcia/pxa2xx.c @@ -195,7 +195,7 @@ static void pxa2xx_pcmcia_initfn(Object *obj) memory_region_add_subregion(&s->container_mem, 0x0c000000, &s->common_iomem); =20 - s->slot.irq =3D qemu_allocate_irqs(pxa2xx_pcmcia_set_irq, s, 1)[0]; + s->slot.irq =3D qemu_allocate_irq(pxa2xx_pcmcia_set_irq, s, 0); =20 object_property_add_link(obj, "card", TYPE_PCMCIA_CARD, (Object **)&s->card, diff --git a/hw/sd/omap_mmc.c b/hw/sd/omap_mmc.c index 937a478..6c92149 100644 --- a/hw/sd/omap_mmc.c +++ b/hw/sd/omap_mmc.c @@ -625,7 +625,7 @@ struct omap_mmc_s *omap2_mmc_init(struct omap_target_= agent_s *ta, exit(1); } =20 - s->cdet =3D qemu_allocate_irqs(omap_mmc_cover_cb, s, 1)[0]; + s->cdet =3D qemu_allocate_irq(omap_mmc_cover_cb, s, 0); sd_set_cb(s->card, NULL, s->cdet); =20 return s; diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index 3e13d70..b5a9eee 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -1168,8 +1168,8 @@ static void sdhci_initfn(Object *obj) if (s->card =3D=3D NULL) { exit(1); } - s->eject_cb =3D qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0]; - s->ro_cb =3D qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0]; + s->eject_cb =3D qemu_allocate_irq(sdhci_insert_eject_cb, s, 0); + s->ro_cb =3D qemu_allocate_irq(sdhci_card_readonly_cb, s, 0); sd_set_cb(s->card, s->ro_cb, s->eject_cb); =20 s->insert_timer =3D timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_raise_ins= ertion_irq, s); diff --git a/hw/sh4/sh7750.c b/hw/sh4/sh7750.c index 4a39357..5dda5de 100644 --- a/hw/sh4/sh7750.c +++ b/hw/sh4/sh7750.c @@ -838,6 +838,5 @@ SH7750State *sh7750_init(SuperHCPU *cpu, MemoryRegion= *sysmem) qemu_irq sh7750_irl(SH7750State *s) { sh_intc_toggle_source(sh_intc_source(&s->intc, IRL), 1, 0); /* enabl= e */ - return qemu_allocate_irqs(sh_intc_set_irl, sh_intc_source(&s->intc, = IRL), - 1)[0]; + return qemu_allocate_irq(sh_intc_set_irl, sh_intc_source(&s->intc, I= RL), 0); } diff --git a/hw/timer/omap_gptimer.c b/hw/timer/omap_gptimer.c index 016207f..b7f3d49 100644 --- a/hw/timer/omap_gptimer.c +++ b/hw/timer/omap_gptimer.c @@ -227,7 +227,7 @@ static void omap_gp_timer_clk_update(void *opaque, in= t line, int on) static void omap_gp_timer_clk_setup(struct omap_gp_timer_s *timer) { omap_clk_adduser(timer->clk, - qemu_allocate_irqs(omap_gp_timer_clk_update, timer, = 1)[0]); + qemu_allocate_irq(omap_gp_timer_clk_update, timer, = 0)); timer->rate =3D omap_clk_getrate(timer->clk); } =20 @@ -476,7 +476,7 @@ struct omap_gp_timer_s *omap_gp_timer_init(struct oma= p_target_agent_s *ta, s->clk =3D fclk; s->timer =3D timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_gp_timer_tick, s)= ; s->match =3D timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_gp_timer_match, s= ); - s->in =3D qemu_allocate_irqs(omap_gp_timer_input, s, 1)[0]; + s->in =3D qemu_allocate_irq(omap_gp_timer_input, s, 0); omap_gp_timer_reset(s); omap_gp_timer_clk_setup(s); =20 --=20 1.8.4.5