From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:47945) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZBGbj-0006DQ-R5 for qemu-devel@nongnu.org; Sat, 04 Jul 2015 02:07:25 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZBGbe-0003Pu-Pk for qemu-devel@nongnu.org; Sat, 04 Jul 2015 02:07:23 -0400 Received: from mx1.redhat.com ([209.132.183.28]:41245) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZBGbe-0003Pj-Jw for qemu-devel@nongnu.org; Sat, 04 Jul 2015 02:07:18 -0400 From: John Snow Date: Sat, 4 Jul 2015 02:06:42 -0400 Message-Id: <1435990034-8945-4-git-send-email-jsnow@redhat.com> In-Reply-To: <1435990034-8945-1-git-send-email-jsnow@redhat.com> References: <1435990034-8945-1-git-send-email-jsnow@redhat.com> Subject: [Qemu-devel] [PULL 03/35] libqos/ahci: fix memory management bugs List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org Cc: peter.maydell@linaro.org, jsnow@redhat.com There's a handful of trivial bugs in the libqos/ahci functions, squish them together. - Zero cached pointers after freeing them - The Command List Buffer is an array of 32x 32 byte structures, not 32x 8 byte pointers -- it's 1MiB, not 256 bytes. Zero it ALL. - Free the correct command in ahci_pick_cmd. Signed-off-by: John Snow Message-id: 1434470575-21625-4-git-send-email-jsnow@redhat.com --- tests/libqos/ahci.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/tests/libqos/ahci.c b/tests/libqos/ahci.c index 7e17bb6..08e1c98 100644 --- a/tests/libqos/ahci.c +++ b/tests/libqos/ahci.c @@ -138,12 +138,14 @@ void ahci_clean_mem(AHCIQState *ahci) for (port = 0; port < 32; ++port) { if (ahci->port[port].fb) { ahci_free(ahci, ahci->port[port].fb); + ahci->port[port].fb = 0; } if (ahci->port[port].clb) { for (slot = 0; slot < 32; slot++) { ahci_destroy_command(ahci, port, slot); } ahci_free(ahci, ahci->port[port].clb); + ahci->port[port].clb = 0; } } } @@ -252,7 +254,7 @@ void ahci_hba_enable(AHCIQState *ahci) /* Allocate Memory for the Command List Buffer & FIS Buffer */ /* PxCLB space ... 0x20 per command, as in 4.2.2 p 36 */ ahci->port[i].clb = ahci_alloc(ahci, num_cmd_slots * 0x20); - qmemset(ahci->port[i].clb, 0x00, 0x100); + qmemset(ahci->port[i].clb, 0x00, num_cmd_slots * 0x20); g_test_message("CLB: 0x%08" PRIx64, ahci->port[i].clb); ahci_px_wreg(ahci, i, AHCI_PX_CLB, ahci->port[i].clb); g_assert_cmphex(ahci->port[i].clb, ==, @@ -549,7 +551,7 @@ unsigned ahci_pick_cmd(AHCIQState *ahci, uint8_t port) if (reg & (1 << j)) { continue; } - ahci_destroy_command(ahci, port, i); + ahci_destroy_command(ahci, port, j); ahci->port[port].next = (j + 1) % 32; return j; } -- 2.1.0