qemu-devel.nongnu.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] s390x: Fix leak in machine_set_loadparm
@ 2025-05-09 17:49 Fabiano Rosas
  2025-05-09 18:00 ` Thomas Huth
                   ` (2 more replies)
  0 siblings, 3 replies; 9+ messages in thread
From: Fabiano Rosas @ 2025-05-09 17:49 UTC (permalink / raw)
  To: qemu-devel
  Cc: Thomas Huth, Halil Pasic, Christian Borntraeger, Eric Farman,
	Richard Henderson, David Hildenbrand, Ilya Leoshkevich

ASAN spotted a leaking string in machine_set_loadparm():

Direct leak of 9 byte(s) in 1 object(s) allocated from:
    #0 0x560ffb5bb379 in malloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0x7f1aca926518 in g_malloc ../glib/gmem.c:106
    #2 0x7f1aca94113e in g_strdup ../glib/gstrfuncs.c:364
    #3 0x560ffc8afbf9 in qobject_input_type_str ../qapi/qobject-input-visitor.c:542:12
    #4 0x560ffc8a80ff in visit_type_str ../qapi/qapi-visit-core.c:349:10
    #5 0x560ffbe6053a in machine_set_loadparm ../hw/s390x/s390-virtio-ccw.c:802:10
    #6 0x560ffc0c5e52 in object_property_set ../qom/object.c:1450:5
    #7 0x560ffc0d4175 in object_property_set_qobject ../qom/qom-qobject.c:28:10
    #8 0x560ffc0c6004 in object_property_set_str ../qom/object.c:1458:15
    #9 0x560ffbe2ae60 in update_machine_ipl_properties ../hw/s390x/ipl.c:569:9
    #10 0x560ffbe2aa65 in s390_ipl_update_diag308 ../hw/s390x/ipl.c:594:5
    #11 0x560ffbdee132 in handle_diag_308 ../target/s390x/diag.c:147:9
    #12 0x560ffbebb956 in helper_diag ../target/s390x/tcg/misc_helper.c:137:9
    #13 0x7f1a3c51c730  (/memfd:tcg-jit (deleted)+0x39730)

Signed-off-by: Fabiano Rosas <farosas@suse.de>
---
 hw/s390x/s390-virtio-ccw.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
index d5658afed9..744e901db8 100644
--- a/hw/s390x/s390-virtio-ccw.c
+++ b/hw/s390x/s390-virtio-ccw.c
@@ -804,6 +804,7 @@ static void machine_set_loadparm(Object *obj, Visitor *v,
     }
 
     s390_ipl_fmt_loadparm(ms->loadparm, val, errp);
+    g_free(val);
 }
 
 static void ccw_machine_class_init(ObjectClass *oc, const void *data)
-- 
2.35.3



^ permalink raw reply related	[flat|nested] 9+ messages in thread
* Re: [PATCH] s390x: Fix leak in machine_set_loadparm
  2025-05-09 17:49 [PATCH] s390x: Fix leak in machine_set_loadparm Fabiano Rosas
@ 2025-05-09 18:00 ` Thomas Huth
  2025-05-12 14:07 ` Philippe Mathieu-Daudé
  2025-05-15 12:51 ` Halil Pasic
  2 siblings, 0 replies; 9+ messages in thread
From: Thomas Huth @ 2025-05-09 18:00 UTC (permalink / raw)
  To: Fabiano Rosas, qemu-devel
  Cc: Halil Pasic, Christian Borntraeger, Eric Farman,
	Richard Henderson, David Hildenbrand, Ilya Leoshkevich

On 09/05/2025 19.49, Fabiano Rosas wrote:
> ASAN spotted a leaking string in machine_set_loadparm():
> 
> Direct leak of 9 byte(s) in 1 object(s) allocated from:
>      #0 0x560ffb5bb379 in malloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
>      #1 0x7f1aca926518 in g_malloc ../glib/gmem.c:106
>      #2 0x7f1aca94113e in g_strdup ../glib/gstrfuncs.c:364
>      #3 0x560ffc8afbf9 in qobject_input_type_str ../qapi/qobject-input-visitor.c:542:12
>      #4 0x560ffc8a80ff in visit_type_str ../qapi/qapi-visit-core.c:349:10
>      #5 0x560ffbe6053a in machine_set_loadparm ../hw/s390x/s390-virtio-ccw.c:802:10
>      #6 0x560ffc0c5e52 in object_property_set ../qom/object.c:1450:5
>      #7 0x560ffc0d4175 in object_property_set_qobject ../qom/qom-qobject.c:28:10
>      #8 0x560ffc0c6004 in object_property_set_str ../qom/object.c:1458:15
>      #9 0x560ffbe2ae60 in update_machine_ipl_properties ../hw/s390x/ipl.c:569:9
>      #10 0x560ffbe2aa65 in s390_ipl_update_diag308 ../hw/s390x/ipl.c:594:5
>      #11 0x560ffbdee132 in handle_diag_308 ../target/s390x/diag.c:147:9
>      #12 0x560ffbebb956 in helper_diag ../target/s390x/tcg/misc_helper.c:137:9
>      #13 0x7f1a3c51c730  (/memfd:tcg-jit (deleted)+0x39730)
> 
> Signed-off-by: Fabiano Rosas <farosas@suse.de>
> ---
>   hw/s390x/s390-virtio-ccw.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/hw/s390x/s390-virtio-ccw.c b/hw/s390x/s390-virtio-ccw.c
> index d5658afed9..744e901db8 100644
> --- a/hw/s390x/s390-virtio-ccw.c
> +++ b/hw/s390x/s390-virtio-ccw.c
> @@ -804,6 +804,7 @@ static void machine_set_loadparm(Object *obj, Visitor *v,
>       }
>   
>       s390_ipl_fmt_loadparm(ms->loadparm, val, errp);
> +    g_free(val);
>   }
>   
>   static void ccw_machine_class_init(ObjectClass *oc, const void *data)

Reviewed-by: Thomas Huth <thuth@redhat.com>

and queued it!



^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH] s390x: Fix leak in machine_set_loadparm
  2025-05-09 17:49 [PATCH] s390x: Fix leak in machine_set_loadparm Fabiano Rosas
  2025-05-09 18:00 ` Thomas Huth
@ 2025-05-12 14:07 ` Philippe Mathieu-Daudé
  2025-05-12 14:13   ` Philippe Mathieu-Daudé
  2025-05-15 12:51 ` Halil Pasic
  2 siblings, 1 reply; 9+ messages in thread
From: Philippe Mathieu-Daudé @ 2025-05-12 14:07 UTC (permalink / raw)
  To: Fabiano Rosas, qemu-devel
  Cc: Thomas Huth, Halil Pasic, Christian Borntraeger, Eric Farman,
	Richard Henderson, David Hildenbrand, Ilya Leoshkevich

On 9/5/25 19:49, Fabiano Rosas wrote:
> ASAN spotted a leaking string in machine_set_loadparm():
> 
> Direct leak of 9 byte(s) in 1 object(s) allocated from:
>      #0 0x560ffb5bb379 in malloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
>      #1 0x7f1aca926518 in g_malloc ../glib/gmem.c:106
>      #2 0x7f1aca94113e in g_strdup ../glib/gstrfuncs.c:364
>      #3 0x560ffc8afbf9 in qobject_input_type_str ../qapi/qobject-input-visitor.c:542:12
>      #4 0x560ffc8a80ff in visit_type_str ../qapi/qapi-visit-core.c:349:10
>      #5 0x560ffbe6053a in machine_set_loadparm ../hw/s390x/s390-virtio-ccw.c:802:10
>      #6 0x560ffc0c5e52 in object_property_set ../qom/object.c:1450:5
>      #7 0x560ffc0d4175 in object_property_set_qobject ../qom/qom-qobject.c:28:10
>      #8 0x560ffc0c6004 in object_property_set_str ../qom/object.c:1458:15
>      #9 0x560ffbe2ae60 in update_machine_ipl_properties ../hw/s390x/ipl.c:569:9
>      #10 0x560ffbe2aa65 in s390_ipl_update_diag308 ../hw/s390x/ipl.c:594:5
>      #11 0x560ffbdee132 in handle_diag_308 ../target/s390x/diag.c:147:9
>      #12 0x560ffbebb956 in helper_diag ../target/s390x/tcg/misc_helper.c:137:9
>      #13 0x7f1a3c51c730  (/memfd:tcg-jit (deleted)+0x39730)
> 
> Signed-off-by: Fabiano Rosas <farosas@suse.de>
> ---
>   hw/s390x/s390-virtio-ccw.c | 1 +
>   1 file changed, 1 insertion(+)

Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>



^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH] s390x: Fix leak in machine_set_loadparm
  2025-05-12 14:07 ` Philippe Mathieu-Daudé
@ 2025-05-12 14:13   ` Philippe Mathieu-Daudé
  2025-05-12 15:37     ` Fabiano Rosas
  0 siblings, 1 reply; 9+ messages in thread
From: Philippe Mathieu-Daudé @ 2025-05-12 14:13 UTC (permalink / raw)
  To: Fabiano Rosas, qemu-devel
  Cc: Thomas Huth, Halil Pasic, Christian Borntraeger, Eric Farman,
	Richard Henderson, David Hildenbrand, Ilya Leoshkevich

On 12/5/25 16:07, Philippe Mathieu-Daudé wrote:
> On 9/5/25 19:49, Fabiano Rosas wrote:
>> ASAN spotted a leaking string in machine_set_loadparm():

What about ccw_device_set_loadparm() in hw/s390x/ccw-device.c?

>>
>> Direct leak of 9 byte(s) in 1 object(s) allocated from:
>>      #0 0x560ffb5bb379 in malloc ../projects/compiler-rt/lib/asan/ 
>> asan_malloc_linux.cpp:69:3
>>      #1 0x7f1aca926518 in g_malloc ../glib/gmem.c:106
>>      #2 0x7f1aca94113e in g_strdup ../glib/gstrfuncs.c:364
>>      #3 0x560ffc8afbf9 in qobject_input_type_str ../qapi/qobject- 
>> input-visitor.c:542:12
>>      #4 0x560ffc8a80ff in visit_type_str ../qapi/qapi-visit-core.c:349:10
>>      #5 0x560ffbe6053a in machine_set_loadparm ../hw/s390x/s390- 
>> virtio-ccw.c:802:10
>>      #6 0x560ffc0c5e52 in object_property_set ../qom/object.c:1450:5
>>      #7 0x560ffc0d4175 in object_property_set_qobject ../qom/qom- 
>> qobject.c:28:10
>>      #8 0x560ffc0c6004 in object_property_set_str ../qom/object.c:1458:15
>>      #9 0x560ffbe2ae60 in update_machine_ipl_properties ../hw/s390x/ 
>> ipl.c:569:9
>>      #10 0x560ffbe2aa65 in s390_ipl_update_diag308 ../hw/s390x/ 
>> ipl.c:594:5
>>      #11 0x560ffbdee132 in handle_diag_308 ../target/s390x/diag.c:147:9
>>      #12 0x560ffbebb956 in helper_diag ../target/s390x/tcg/ 
>> misc_helper.c:137:9
>>      #13 0x7f1a3c51c730  (/memfd:tcg-jit (deleted)+0x39730)
>>
>> Signed-off-by: Fabiano Rosas <farosas@suse.de>
>> ---
>>   hw/s390x/s390-virtio-ccw.c | 1 +
>>   1 file changed, 1 insertion(+)
> 
> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
> 



^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH] s390x: Fix leak in machine_set_loadparm
  2025-05-12 14:13   ` Philippe Mathieu-Daudé
@ 2025-05-12 15:37     ` Fabiano Rosas
  2025-06-24  6:28       ` Thomas Huth
  0 siblings, 1 reply; 9+ messages in thread
From: Fabiano Rosas @ 2025-05-12 15:37 UTC (permalink / raw)
  To: Philippe Mathieu-Daudé, qemu-devel
  Cc: Thomas Huth, Halil Pasic, Christian Borntraeger, Eric Farman,
	Richard Henderson, David Hildenbrand, Ilya Leoshkevich

Philippe Mathieu-Daudé <philmd@linaro.org> writes:

> On 12/5/25 16:07, Philippe Mathieu-Daudé wrote:
>> On 9/5/25 19:49, Fabiano Rosas wrote:
>>> ASAN spotted a leaking string in machine_set_loadparm():
>
> What about ccw_device_set_loadparm() in hw/s390x/ccw-device.c?
>

Yep, that one as well. I'll send a patch. Thanks



^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH] s390x: Fix leak in machine_set_loadparm
  2025-05-09 17:49 [PATCH] s390x: Fix leak in machine_set_loadparm Fabiano Rosas
  2025-05-09 18:00 ` Thomas Huth
  2025-05-12 14:07 ` Philippe Mathieu-Daudé
@ 2025-05-15 12:51 ` Halil Pasic
  2 siblings, 0 replies; 9+ messages in thread
From: Halil Pasic @ 2025-05-15 12:51 UTC (permalink / raw)
  To: Fabiano Rosas
  Cc: qemu-devel, Thomas Huth, Christian Borntraeger, Eric Farman,
	Richard Henderson, David Hildenbrand, Ilya Leoshkevich,
	Halil Pasic

On Fri,  9 May 2025 14:49:38 -0300
Fabiano Rosas <farosas@suse.de> wrote:

> ASAN spotted a leaking string in machine_set_loadparm():
> 
> Direct leak of 9 byte(s) in 1 object(s) allocated from:
>     #0 0x560ffb5bb379 in malloc ../projects/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
>     #1 0x7f1aca926518 in g_malloc ../glib/gmem.c:106
>     #2 0x7f1aca94113e in g_strdup ../glib/gstrfuncs.c:364
>     #3 0x560ffc8afbf9 in qobject_input_type_str ../qapi/qobject-input-visitor.c:542:12
>     #4 0x560ffc8a80ff in visit_type_str ../qapi/qapi-visit-core.c:349:10
>     #5 0x560ffbe6053a in machine_set_loadparm ../hw/s390x/s390-virtio-ccw.c:802:10
>     #6 0x560ffc0c5e52 in object_property_set ../qom/object.c:1450:5
>     #7 0x560ffc0d4175 in object_property_set_qobject ../qom/qom-qobject.c:28:10
>     #8 0x560ffc0c6004 in object_property_set_str ../qom/object.c:1458:15
>     #9 0x560ffbe2ae60 in update_machine_ipl_properties ../hw/s390x/ipl.c:569:9
>     #10 0x560ffbe2aa65 in s390_ipl_update_diag308 ../hw/s390x/ipl.c:594:5
>     #11 0x560ffbdee132 in handle_diag_308 ../target/s390x/diag.c:147:9
>     #12 0x560ffbebb956 in helper_diag ../target/s390x/tcg/misc_helper.c:137:9
>     #13 0x7f1a3c51c730  (/memfd:tcg-jit (deleted)+0x39730)
> 
> Signed-off-by: Fabiano Rosas <farosas@suse.de>

Reviewed-by: Halil Pasic <pasic@linux.ibm.com>



^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH] s390x: Fix leak in machine_set_loadparm
  2025-05-12 15:37     ` Fabiano Rosas
@ 2025-06-24  6:28       ` Thomas Huth
  2025-06-24 12:34         ` Fabiano Rosas
  0 siblings, 1 reply; 9+ messages in thread
From: Thomas Huth @ 2025-06-24  6:28 UTC (permalink / raw)
  To: Fabiano Rosas, Philippe Mathieu-Daudé, qemu-devel
  Cc: Halil Pasic, Christian Borntraeger, Eric Farman,
	Richard Henderson, David Hildenbrand, Ilya Leoshkevich,
	Kevin Wolf

On 12/05/2025 17.37, Fabiano Rosas wrote:
> Philippe Mathieu-Daudé <philmd@linaro.org> writes:
> 
>> On 12/5/25 16:07, Philippe Mathieu-Daudé wrote:
>>> On 9/5/25 19:49, Fabiano Rosas wrote:
>>>> ASAN spotted a leaking string in machine_set_loadparm():
>>
>> What about ccw_device_set_loadparm() in hw/s390x/ccw-device.c?
>>
> 
> Yep, that one as well. I'll send a patch. Thanks

Did you ever send it?

  Thomas



^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH] s390x: Fix leak in machine_set_loadparm
  2025-06-24  6:28       ` Thomas Huth
@ 2025-06-24 12:34         ` Fabiano Rosas
  2025-06-25  9:03           ` Kevin Wolf
  0 siblings, 1 reply; 9+ messages in thread
From: Fabiano Rosas @ 2025-06-24 12:34 UTC (permalink / raw)
  To: Thomas Huth, Philippe Mathieu-Daudé, qemu-devel
  Cc: Halil Pasic, Christian Borntraeger, Eric Farman,
	Richard Henderson, David Hildenbrand, Ilya Leoshkevich,
	Kevin Wolf

Thomas Huth <thuth@redhat.com> writes:

> On 12/05/2025 17.37, Fabiano Rosas wrote:
>> Philippe Mathieu-Daudé <philmd@linaro.org> writes:
>> 
>>> On 12/5/25 16:07, Philippe Mathieu-Daudé wrote:
>>>> On 9/5/25 19:49, Fabiano Rosas wrote:
>>>>> ASAN spotted a leaking string in machine_set_loadparm():
>>>
>>> What about ccw_device_set_loadparm() in hw/s390x/ccw-device.c?
>>>
>> 
>> Yep, that one as well. I'll send a patch. Thanks
>
> Did you ever send it?
>

Sorry, no. Got sidetracked as usual. I'll mark this email so I don't forget.

>   Thomas


^ permalink raw reply	[flat|nested] 9+ messages in thread
* Re: [PATCH] s390x: Fix leak in machine_set_loadparm
  2025-06-24 12:34         ` Fabiano Rosas
@ 2025-06-25  9:03           ` Kevin Wolf
  0 siblings, 0 replies; 9+ messages in thread
From: Kevin Wolf @ 2025-06-25  9:03 UTC (permalink / raw)
  To: Fabiano Rosas
  Cc: Thomas Huth, Philippe Mathieu-Daudé, qemu-devel, Halil Pasic,
	Christian Borntraeger, Eric Farman, Richard Henderson,
	David Hildenbrand, Ilya Leoshkevich

Am 24.06.2025 um 14:34 hat Fabiano Rosas geschrieben:
> Thomas Huth <thuth@redhat.com> writes:
> 
> > On 12/05/2025 17.37, Fabiano Rosas wrote:
> >> Philippe Mathieu-Daudé <philmd@linaro.org> writes:
> >> 
> >>> On 12/5/25 16:07, Philippe Mathieu-Daudé wrote:
> >>>> On 9/5/25 19:49, Fabiano Rosas wrote:
> >>>>> ASAN spotted a leaking string in machine_set_loadparm():
> >>>
> >>> What about ccw_device_set_loadparm() in hw/s390x/ccw-device.c?
> >>>
> >> 
> >> Yep, that one as well. I'll send a patch. Thanks
> >
> > Did you ever send it?
> 
> Sorry, no. Got sidetracked as usual. I'll mark this email so I don't forget.

I think Thomas asked because I posted the fix in our downstream bug
tracker. I just sent it as a proper patch.

Kevin



^ permalink raw reply	[flat|nested] 9+ messages in thread
end of thread, other threads:[~2025-06-25  9:04 UTC | newest]

Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-05-09 17:49 [PATCH] s390x: Fix leak in machine_set_loadparm Fabiano Rosas
2025-05-09 18:00 ` Thomas Huth
2025-05-12 14:07 ` Philippe Mathieu-Daudé
2025-05-12 14:13   ` Philippe Mathieu-Daudé
2025-05-12 15:37     ` Fabiano Rosas
2025-06-24  6:28       ` Thomas Huth
2025-06-24 12:34         ` Fabiano Rosas
2025-06-25  9:03           ` Kevin Wolf
2025-05-15 12:51 ` Halil Pasic

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).