From: "Andreas Färber" <afaerber@suse.de>
To: qemu-devel@nongnu.org
Cc: Gonglei <arei.gonglei@huawei.com>,
qemu-stable@nongnu.org, "Andreas Färber" <afaerber@suse.de>
Subject: [Qemu-devel] [PULL 7/7] qdev: Add cleanup logic in device_set_realized() to avoid resource leak
Date: Thu, 4 Sep 2014 19:21:15 +0200 [thread overview]
Message-ID: <1409851275-14941-8-git-send-email-afaerber@suse.de> (raw)
In-Reply-To: <1409851275-14941-1-git-send-email-afaerber@suse.de>
From: Gonglei <arei.gonglei@huawei.com>
At present, this function doesn't have partial cleanup implemented,
which will cause resource leaks in some scenarios.
Example:
1. Assume that "dc->realize(dev, &local_err)" executes successful
and local_err == NULL;
2. device hotplug in hotplug_handler_plug() executes but fails
(it is prone to occur). Then local_err != NULL;
3. error_propagate(errp, local_err) and return. But the resources
which have been allocated in dc->realize() will be leaked.
Simple backtrace:
dc->realize()
|->device_realize
|->pci_qdev_init()
|->do_pci_register_device()
|->etc.
Add fuller cleanup logic which assures that function can
goto appropriate error label as local_err population is
detected at each relevant point.
Signed-off-by: Gonglei <arei.gonglei@huawei.com>
Reviewed-by: Peter Crosthwaite <peter.crosthwaite@xilinx.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Andreas Färber <afaerber@suse.de>
---
hw/core/qdev.c | 52 ++++++++++++++++++++++++++++++++++++++--------------
1 file changed, 38 insertions(+), 14 deletions(-)
diff --git a/hw/core/qdev.c b/hw/core/qdev.c
index 6f37cd3..fcb1638 100644
--- a/hw/core/qdev.c
+++ b/hw/core/qdev.c
@@ -834,12 +834,14 @@ static void device_set_realized(Object *obj, bool value, Error **errp)
dc->realize(dev, &local_err);
}
- if (dev->parent_bus && dev->parent_bus->hotplug_handler &&
- local_err == NULL) {
+ if (local_err != NULL) {
+ goto fail;
+ }
+
+ if (dev->parent_bus && dev->parent_bus->hotplug_handler) {
hotplug_handler_plug(dev->parent_bus->hotplug_handler,
dev, &local_err);
- } else if (local_err == NULL &&
- object_dynamic_cast(qdev_get_machine(), TYPE_MACHINE)) {
+ } else if (object_dynamic_cast(qdev_get_machine(), TYPE_MACHINE)) {
HotplugHandler *hotplug_ctrl;
MachineState *machine = MACHINE(qdev_get_machine());
MachineClass *mc = MACHINE_GET_CLASS(machine);
@@ -852,21 +854,24 @@ static void device_set_realized(Object *obj, bool value, Error **errp)
}
}
- if (qdev_get_vmsd(dev) && local_err == NULL) {
+ if (local_err != NULL) {
+ goto post_realize_fail;
+ }
+
+ if (qdev_get_vmsd(dev)) {
vmstate_register_with_alias_id(dev, -1, qdev_get_vmsd(dev), dev,
dev->instance_id_alias,
dev->alias_required_for_version);
}
- if (local_err == NULL) {
- QLIST_FOREACH(bus, &dev->child_bus, sibling) {
- object_property_set_bool(OBJECT(bus), true, "realized",
+
+ QLIST_FOREACH(bus, &dev->child_bus, sibling) {
+ object_property_set_bool(OBJECT(bus), true, "realized",
&local_err);
- if (local_err != NULL) {
- break;
- }
+ if (local_err != NULL) {
+ goto child_realize_fail;
}
}
- if (dev->hotplugged && local_err == NULL) {
+ if (dev->hotplugged) {
device_reset(dev);
}
dev->pending_deleted_event = false;
@@ -888,11 +893,30 @@ static void device_set_realized(Object *obj, bool value, Error **errp)
}
if (local_err != NULL) {
- error_propagate(errp, local_err);
- return;
+ goto fail;
}
dev->realized = value;
+ return;
+
+child_realize_fail:
+ QLIST_FOREACH(bus, &dev->child_bus, sibling) {
+ object_property_set_bool(OBJECT(bus), false, "realized",
+ NULL);
+ }
+
+ if (qdev_get_vmsd(dev)) {
+ vmstate_unregister(dev, qdev_get_vmsd(dev), dev);
+ }
+
+post_realize_fail:
+ if (dc->unrealize) {
+ dc->unrealize(dev, NULL);
+ }
+
+fail:
+ error_propagate(errp, local_err);
+ return;
}
static bool device_get_hotpluggable(Object *obj, Error **errp)
--
1.8.4.5
next prev parent reply other threads:[~2014-09-04 17:21 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-04 17:21 [Qemu-devel] [PULL for-2.1 0/7] QOM devices patch queue 2014-09-04 Andreas Färber
2014-09-04 17:21 ` [Qemu-devel] [PULL 1/7] qom: Make object_child_foreach() safe for objects removal Andreas Färber
2014-09-04 17:21 ` [Qemu-devel] [PULL 2/7] machine: Clean up -machine handling Andreas Färber
2014-09-04 17:21 ` [Qemu-devel] [PULL 3/7] qom: Add automatic arrayification to object_property_add() Andreas Färber
2014-09-04 17:21 ` [Qemu-devel] [PULL 4/7] memory: Remove object_property_add_child_array() Andreas Färber
2014-09-04 17:21 ` [Qemu-devel] [PULL 5/7] qdev: Use error_abort instead of using local_err Andreas Färber
2014-09-04 17:21 ` [Qemu-devel] [PULL 6/7] qdev: Use NULL instead of local_err for qbus_child unrealize Andreas Färber
2014-09-04 17:21 ` Andreas Färber [this message]
2014-09-05 10:15 ` [Qemu-devel] [PULL for-2.1 0/7] QOM devices patch queue 2014-09-04 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1409851275-14941-8-git-send-email-afaerber@suse.de \
--to=afaerber@suse.de \
--cc=arei.gonglei@huawei.com \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).