From: Gerd Hoffmann <kraxel@redhat.com>
To: qemu-devel@nongnu.org
Cc: fangying <fangying1@huawei.com>, Gerd Hoffmann <kraxel@redhat.com>
Subject: [Qemu-devel] [PULL 2/3] xhci: Fix memory leak in xhci_kick_epctx
Date: Thu, 29 Aug 2019 09:10:15 +0200 [thread overview]
Message-ID: <20190829071016.16589-3-kraxel@redhat.com> (raw)
In-Reply-To: <20190829071016.16589-1-kraxel@redhat.com>
From: fangying <fangying1@huawei.com>
Address Sanitizer shows memory leak in xhci_kick_epctx hw/usb/hcd-xhci.c:1912.
A sglist is leaked when a packet is retired and returns USB_RET_NAK status.
The leak stack is as bellow:
Direct leak of 2688 byte(s) in 168 object(s) allocated from:
#0 0xffffae8b11db in __interceptor_malloc (/lib64/libasan.so.4+0xd31db)
#1 0xffffae5c9163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163)
#2 0xaaaabb6fb3f7 in qemu_sglist_init dma-helpers.c:43
#3 0xaaaabba705a7 in pci_dma_sglist_init include/hw/pci/pci.h:837
#4 0xaaaabba705a7 in xhci_xfer_create_sgl hw/usb/hcd-xhci.c:1443
#5 0xaaaabba705a7 in xhci_setup_packet hw/usb/hcd-xhci.c:1615
#6 0xaaaabba77a6f in xhci_kick_epctx hw/usb/hcd-xhci.c:1912
#7 0xaaaabbdaad27 in timerlist_run_timers util/qemu-timer.c:592
#8 0xaaaabbdab19f in qemu_clock_run_timers util/qemu-timer.c:606
#9 0xaaaabbdab19f in qemu_clock_run_all_timers util/qemu-timer.c:692
#10 0xaaaabbdab9a3 in main_loop_wait util/main-loop.c:524
#11 0xaaaabb6ff5e7 in main_loop vl.c:1806
#12 0xaaaabb1e1453 in main vl.c:4488
Signed-off-by: Ying Fang <fangying1@huawei.com>
Message-id: 20190828062535.1573-1-fangying1@huawei.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
---
hw/usb/hcd-xhci.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 471759cd4cc0..80988bb305a1 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1914,6 +1914,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
}
usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
if (xfer->packet.status == USB_RET_NAK) {
+ xhci_xfer_unmap(xfer);
return;
}
xhci_try_complete_packet(xfer);
--
2.18.1
next prev parent reply other threads:[~2019-08-29 7:12 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-29 7:10 [Qemu-devel] [PULL 0/3] Usb 20190829 patches Gerd Hoffmann
2019-08-29 7:10 ` [Qemu-devel] [PULL 1/3] xhci: Fix memory leak in xhci_address_slot Gerd Hoffmann
2019-08-29 7:10 ` Gerd Hoffmann [this message]
2019-08-29 7:10 ` [Qemu-devel] [PULL 3/3] usb-mtp: add sanity checks on rootdir Gerd Hoffmann
2019-09-04 9:15 ` [Qemu-devel] [PULL 0/3] Usb 20190829 patches Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190829071016.16589-3-kraxel@redhat.com \
--to=kraxel@redhat.com \
--cc=fangying1@huawei.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).