From patchwork Wed Feb 1 06:52:02 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?b?SsO8cmdlbiBHcm/Dnw==?= X-Patchwork-Id: 9548971 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C119860415 for ; Wed, 1 Feb 2017 06:52:32 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B220B27E3E for ; Wed, 1 Feb 2017 06:52:32 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id A566B283EC; Wed, 1 Feb 2017 06:52:32 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id EFB3827E3E for ; Wed, 1 Feb 2017 06:52:30 +0000 (UTC) Received: from localhost ([::1]:43001 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cYomL-00037T-SC for patchwork-qemu-devel@patchwork.kernel.org; Wed, 01 Feb 2017 01:52:29 -0500 Received: from eggs.gnu.org ([2001:4830:134:3::10]:39869) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cYom5-00034h-Jn for qemu-devel@nongnu.org; Wed, 01 Feb 2017 01:52:14 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cYom0-0006LL-Nm for qemu-devel@nongnu.org; Wed, 01 Feb 2017 01:52:13 -0500 Received: from mx2.suse.de ([195.135.220.15]:45151) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1cYom0-0006L3-HY for qemu-devel@nongnu.org; Wed, 01 Feb 2017 01:52:08 -0500 X-Virus-Scanned: by amavisd-new at test-mx.suse.de Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254]) by mx2.suse.de (Postfix) with ESMTP id 81E3EAC57; Wed, 1 Feb 2017 06:52:05 +0000 (UTC) From: Juergen Gross To: qemu-devel@nongnu.org, xen-devel@lists.xenproject.org Date: Wed, 1 Feb 2017 07:52:02 +0100 Message-Id: <20170201065202.7746-1-jgross@suse.com> X-Mailer: git-send-email 2.10.2 MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x (no timestamps) [generic] [fuzzy] X-Received-From: 195.135.220.15 Subject: [Qemu-devel] [PATCH v2] xen: use qdev_unplug() instead of g_free() in xen_pv_find_xendev() X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: anthony.perard@citrix.com, Juergen Gross , sstabellini@kernel.org, kraxel@redhat.com Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP The error exits of xen_pv_find_xendev() free the new xen-device via g_free() which is wrong. As the xen-device has been initialized as qdev it must be removed via qdev_unplug(). This bug has been introduced with commit 3a6c9172ac5951e6dac2b3f6 ("xen: create qdev for each backend device"). Reported-by: Roger Pau Monné Tested-by: Roger Pau Monné Signed-off-by: Juergen Gross --- V2: set free method to avoid memory leak (Peter Maydell) use DEVICE(xendev) instead of &xendev->qdev (Peter Maydell) --- hw/xen/xen_backend.c | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c index d119004..6c21c37 100644 --- a/hw/xen/xen_backend.c +++ b/hw/xen/xen_backend.c @@ -124,10 +124,11 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev, /* init new xendev */ xendev = g_malloc0(ops->size); object_initialize(&xendev->qdev, ops->size, TYPE_XENBACKEND); - qdev_set_parent_bus(&xendev->qdev, xen_sysbus); - qdev_set_id(&xendev->qdev, g_strdup_printf("xen-%s-%d", type, dev)); - qdev_init_nofail(&xendev->qdev); - object_unref(OBJECT(&xendev->qdev)); + OBJECT(xendev)->free = g_free; + qdev_set_parent_bus(DEVICE(xendev), xen_sysbus); + qdev_set_id(DEVICE(xendev), g_strdup_printf("xen-%s-%d", type, dev)); + qdev_init_nofail(DEVICE(xendev)); + object_unref(OBJECT(xendev)); xendev->type = type; xendev->dom = dom; @@ -145,7 +146,7 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev, xendev->evtchndev = xenevtchn_open(NULL, 0); if (xendev->evtchndev == NULL) { xen_pv_printf(NULL, 0, "can't open evtchn device\n"); - g_free(xendev); + qdev_unplug(DEVICE(xendev), NULL); return NULL; } fcntl(xenevtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC); @@ -155,7 +156,7 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev, if (xendev->gnttabdev == NULL) { xen_pv_printf(NULL, 0, "can't open gnttab device\n"); xenevtchn_close(xendev->evtchndev); - g_free(xendev); + qdev_unplug(DEVICE(xendev), NULL); return NULL; } } else {