From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Marc-André Lureau" <marcandre.lureau@redhat.com>
Subject: [Qemu-devel] [PULL 08/74] megasas: fix sglist leak
Date: Tue, 21 Aug 2018 19:01:40 +0200 [thread overview]
Message-ID: <1534870966-9287-9-git-send-email-pbonzini@redhat.com> (raw)
In-Reply-To: <1534870966-9287-1-git-send-email-pbonzini@redhat.com>
From: Marc-André Lureau <marcandre.lureau@redhat.com>
tests/cdrom-test -p /x86_64/cdrom/boot/megasas
Produces the following ASAN leak.
==25700==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 16 byte(s) in 1 object(s) allocated from:
#0 0x7f06f8faac48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x7f06f87a73c5 in g_malloc (/lib64/libglib-2.0.so.0+0x523c5)
#2 0x55a729f17738 in pci_dma_sglist_init /home/elmarco/src/qq/include/hw/pci/pci.h:818
#3 0x55a729f2a706 in megasas_map_dcmd /home/elmarco/src/qq/hw/scsi/megasas.c:698
#4 0x55a729f39421 in megasas_handle_dcmd /home/elmarco/src/qq/hw/scsi/megasas.c:1574
#5 0x55a729f3f70d in megasas_handle_frame /home/elmarco/src/qq/hw/scsi/megasas.c:1955
#6 0x55a729f40939 in megasas_mmio_write /home/elmarco/src/qq/hw/scsi/megasas.c:2119
#7 0x55a729f41102 in megasas_port_write /home/elmarco/src/qq/hw/scsi/megasas.c:2170
#8 0x55a729220e60 in memory_region_write_accessor /home/elmarco/src/qq/memory.c:527
#9 0x55a7292212b3 in access_with_adjusted_size /home/elmarco/src/qq/memory.c:594
#10 0x55a72922cf70 in memory_region_dispatch_write /home/elmarco/src/qq/memory.c:1473
#11 0x55a7290f5907 in flatview_write_continue /home/elmarco/src/qq/exec.c:3255
#12 0x55a7290f5ceb in flatview_write /home/elmarco/src/qq/exec.c:3294
#13 0x55a7290f6457 in address_space_write /home/elmarco/src/qq/exec.c:3384
#14 0x55a7290f64a8 in address_space_rw /home/elmarco/src/qq/exec.c:3395
#15 0x55a72929ecb0 in kvm_handle_io /home/elmarco/src/qq/accel/kvm/kvm-all.c:1729
#16 0x55a7292a0db5 in kvm_cpu_exec /home/elmarco/src/qq/accel/kvm/kvm-all.c:1969
#17 0x55a7291c4212 in qemu_kvm_cpu_thread_fn /home/elmarco/src/qq/cpus.c:1215
#18 0x55a72a966a6c in qemu_thread_start /home/elmarco/src/qq/util/qemu-thread-posix.c:504
#19 0x7f06ed486593 in start_thread (/lib64/libpthread.so.0+0x7593)
Move the qemu_sglist_destroy() from megasas_complete_command() to
megasas_unmap_frame(), so map/unmap are balanced.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20180814141247.32336-1-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
hw/scsi/megasas.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
index ba1afa3..a56317e 100644
--- a/hw/scsi/megasas.c
+++ b/hw/scsi/megasas.c
@@ -464,6 +464,7 @@ static void megasas_unmap_frame(MegasasState *s, MegasasCmd *cmd)
cmd->frame = NULL;
cmd->pa = 0;
cmd->pa_size = 0;
+ qemu_sglist_destroy(&cmd->qsg);
clear_bit(cmd->index, s->frame_map);
}
@@ -580,7 +581,6 @@ static void megasas_complete_frame(MegasasState *s, uint64_t context)
static void megasas_complete_command(MegasasCmd *cmd)
{
- qemu_sglist_destroy(&cmd->qsg);
cmd->iov_size = 0;
cmd->iov_offset = 0;
--
1.8.3.1
next prev parent reply other threads:[~2018-08-21 17:03 UTC|newest]
Thread overview: 83+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-08-21 17:01 [Qemu-devel] [PULL 00/74] Misc patches for 2018-08-21 Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 01/74] tests: virtio: separate ccw tests from libqos Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 02/74] scsi: mptsas: Mark as storage device Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 03/74] es1370: simplify MemoryRegionOps Paolo Bonzini
2018-08-24 15:04 ` Peter Maydell
2018-08-24 15:15 ` Peter Maydell
2018-08-25 7:48 ` Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 04/74] fix "Missing break in switch" coverity reports Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 05/74] checkpatch: fix filename detection when using -f Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 06/74] qemu-pr-helper: Fix build on CentOS 7 Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 07/74] chardev/char-fe: Fix typos Paolo Bonzini
2018-08-21 17:01 ` Paolo Bonzini [this message]
2018-08-21 17:01 ` [Qemu-devel] [PULL 09/74] MAINTAINERS: add maintainers for qtest Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 10/74] tests/migration-test: Silence the kvm_hv message by default Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 11/74] net: Silence 'has no peer' messages in testing mode Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 12/74] hw/timer/mc146818rtc: White space clean-up Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 13/74] hw/timer/mc146818rtc: Fix introspection problem Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 14/74] tests: Skip old versioned machine types in quick testing mode Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 15/74] tests/device-introspection: Check that the qom-tree and qtree do not change Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 16/74] tests/device-introspect: Test with all machines, not only with "none" Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 17/74] seqlock: constify seqlock_read_begin Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 18/74] qsp: QEMU's Synchronization Profiler Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 19/74] qsp: add sort_by option to qsp_report Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 20/74] qsp: add qsp_reset Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 21/74] qsp: support call site coalescing Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 22/74] qsp: track BQL callers explicitly Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 23/74] tests/atomic_add-bench: add -p to enable sync profiler Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 24/74] vl: add -enable-sync-profile Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 25/74] hmp-commands: add sync-profile Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 26/74] hmp-commands-info: " Paolo Bonzini
2018-08-21 17:01 ` [Qemu-devel] [PULL 27/74] checkpatch: allow space in more places before a bracket Paolo Bonzini
2018-08-21 18:38 ` Linus Torvalds
2018-08-22 8:56 ` Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 28/74] update-linux-headers.sh: add qemu_fw_cfg.h Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 29/74] fw_cfg: import & use linux/qemu_fw_cfg.h Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 30/74] i386: Fix arch_query_cpu_model_expansion() leak Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 31/74] lsi_scsi: add support for PPR Extended Message Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 32/74] kvm: add call to qemu_add_opts() for -overcommit option Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 33/74] build-sys: remove glib_subprocess check Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 34/74] target-i386: Fix lcall/ljmp to call gate in IA-32e mode Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 35/74] target-i386: fix segment limit check in ljmp Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 36/74] rcu_queue: use atomic_set in QLIST_REMOVE_RCU Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 37/74] rcu_queue: remove barrier from QLIST_EMPTY_RCU Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 38/74] rcu_queue: add RCU QSIMPLEQ Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 39/74] rcu_queue: add RCU QTAILQ Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 40/74] test-rcu-list: access goflag with atomics Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 41/74] test-rcu-list: access counters " Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 42/74] test-rcu-list: abstract the list implementation Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 43/74] tests: add test-list-simpleq Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 44/74] tests: add test-rcu-tailq Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 45/74] spapr: do not use CPU_FOREACH_REVERSE Paolo Bonzini
2018-08-24 15:20 ` Peter Maydell
2018-08-24 20:24 ` Emilio G. Cota
2018-08-21 17:02 ` [Qemu-devel] [PULL 46/74] qom: convert the CPU list to RCU Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 47/74] hw/intc/apic: Switch away from old_mmio Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 48/74] qemu-guest-agent: freeze-hook to ignore dpkg files as well Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 49/74] module: Use QEMU_MODULE_DIR as a search path Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 50/74] cpus: protect all icount computation with seqlock Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 51/74] seqlock: add QemuLockable support Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 52/74] cpus: protect TimerState writes with a spinlock Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 53/74] cpus: allow cpu_get_ticks out of BQL Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 54/74] vhost-user-scsi: move host_features into VHostSCSICommon Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 55/74] vhost-scsi: unify vhost-scsi get_features implementations Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 56/74] vhost-scsi: expose 't10_pi' property for VIRTIO_SCSI_F_T10_PI Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 57/74] ipmi: Use proper struct reference for BT vmstate Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 58/74] pc-dimm: assign and verify the "slot" property during pre_plug Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 59/74] util/oslib-win32: indicate alignment for qemu_anon_ram_alloc() Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 60/74] pc: drop memory region alignment check for 0 Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 61/74] pc-dimm: assign and verify the "addr" property during pre_plug Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 62/74] i2c: pm_smbus: Clean up some style issues Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 63/74] i2c: pm_smbus: Fix the semantics of block I2C transfers Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 64/74] i2c: pm_smbus: Make the I2C block read command read-only Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 65/74] i2c: pm_smbus: Add block transfer capability Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 66/74] i2c: pm_smbus: Add interrupt handling Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 67/74] i2c: pm_smbus: Don't delay host status register busy bit when interrupts are enabled Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 68/74] i2c: pm_smbus: Add the ability to force block transfer enable Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 69/74] target/i386: update MPX flags when CPL changes Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 70/74] KVM: cleanup unnecessary #ifdef KVM_CAP_ Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 71/74] Revert "chardev: tcp: postpone TLS work until machine done" Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 72/74] Revert "chardev: tcp: postpone async connection setup" Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 73/74] char-socket: update all ioc handlers when changing context Paolo Bonzini
2018-08-21 17:02 ` [Qemu-devel] [PULL 74/74] test-char: add socket reconnect test Paolo Bonzini
2018-08-23 11:25 ` [Qemu-devel] [PULL 00/74] Misc patches for 2018-08-21 Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1534870966-9287-9-git-send-email-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=marcandre.lureau@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).