From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:54308) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmlkh-000517-HT for qemu-devel@nongnu.org; Wed, 21 Sep 2016 13:56:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bmlkc-0004T4-KI for qemu-devel@nongnu.org; Wed, 21 Sep 2016 13:56:11 -0400 Received: from mail-pa0-f65.google.com ([209.85.220.65]:33896) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bmlkc-0004Sm-Dy for qemu-devel@nongnu.org; Wed, 21 Sep 2016 13:56:06 -0400 Received: by mail-pa0-f65.google.com with SMTP id s3so1192030pay.1 for ; Wed, 21 Sep 2016 10:56:06 -0700 (PDT) From: Ashijeet Acharya Date: Wed, 21 Sep 2016 23:23:32 +0530 Message-Id: <1474480412-18353-1-git-send-email-ashijeetacharya@gmail.com> Subject: [Qemu-devel] [PATCH v2] ide: Fix memory leak in ide_register_restart_cb() List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: jsnow@redhat.com Cc: qemu-devel@nongnu.org, Ashijeet Acharya Fix a memory leak in ide_register_restart_cb() in hw/ide/core.c and add idebus_unrealize() in hw/ide/qdev.c to have calls to qemu_del_vm_change_state_handler() to deal with the dangling change state handler during hot-unplugging ide devices which might lead to a crash. Signed-off-by: Ashijeet Acharya --- Changes in v2: -v1 was corrupted at line 64 -Move idebus_unrealize() below ide_bus_class_init() --- hw/ide/core.c | 2 +- hw/ide/qdev.c | 13 +++++++++++++ include/hw/ide/internal.h | 1 + 3 files changed, 15 insertions(+), 1 deletion(-) diff --git a/hw/ide/core.c b/hw/ide/core.c index 45b6df1..eecbb47 100644 --- a/hw/ide/core.c +++ b/hw/ide/core.c @@ -2582,7 +2582,7 @@ static void ide_restart_cb(void *opaque, int running, RunState state) void ide_register_restart_cb(IDEBus *bus) { if (bus->dma->ops->restart_dma) { - qemu_add_vm_change_state_handler(ide_restart_cb, bus); + bus->vmstate = qemu_add_vm_change_state_handler(ide_restart_cb, bus); } } diff --git a/hw/ide/qdev.c b/hw/ide/qdev.c index 2eb055a..c94f9f8 100644 --- a/hw/ide/qdev.c +++ b/hw/ide/qdev.c @@ -31,6 +31,7 @@ /* --------------------------------- */ static char *idebus_get_fw_dev_path(DeviceState *dev); +static void idebus_unrealize(DeviceState *qdev, Error **errp); static Property ide_props[] = { DEFINE_PROP_UINT32("unit", IDEDevice, unit, -1), @@ -44,6 +45,17 @@ static void ide_bus_class_init(ObjectClass *klass, void *data) k->get_fw_dev_path = idebus_get_fw_dev_path; } +static void idebus_unrealize(DeviceState *qdev, Error **errp) +{ + IDEBus *bus = DO_UPCAST(IDEBus, qbus, qdev->parent_bus); + + if (bus->dma->ops->restart_dma) { + if (bus->vmstate) { + qemu_del_vm_change_state_handler(bus->vmstate); + } + } +} + static const TypeInfo ide_bus_info = { .name = TYPE_IDE_BUS, .parent = TYPE_BUS, @@ -355,6 +367,7 @@ static void ide_device_class_init(ObjectClass *klass, void *data) k->init = ide_qdev_init; set_bit(DEVICE_CATEGORY_STORAGE, k->categories); k->bus_type = TYPE_IDE_BUS; + k->unrealize = idebus_unrealize; k->props = ide_props; } diff --git a/include/hw/ide/internal.h b/include/hw/ide/internal.h index 7824bc3..2103261 100644 --- a/include/hw/ide/internal.h +++ b/include/hw/ide/internal.h @@ -480,6 +480,7 @@ struct IDEBus { uint8_t retry_unit; int64_t retry_sector_num; uint32_t retry_nsector; + VMChangeStateEntry *vmstate; }; #define TYPE_IDE_DEVICE "ide-device" -- 2.6.2