| Message ID | 20211117014739.1839263-1-liangpeng10@huawei.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [v2] vfio: Fix memory leak of hostwin | expand |
On Wed, 17 Nov 2021 09:47:39 +0800 Peng Liang <liangpeng10@huawei.com> wrote: > hostwin is allocated and added to hostwin_list in vfio_host_win_add, but > it is only deleted from hostwin_list in vfio_host_win_del, which causes > a memory leak. Also, freeing all elements in hostwin_list is missing in > vfio_disconnect_container. > > Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)") > CC: qemu-stable@nongnu.org > Signed-off-by: Peng Liang <liangpeng10@huawei.com> > --- > v1 -> v2: > - Don't change to _SAFE variant in vfio_host_win_del. [Alex] > --- > hw/vfio/common.c | 8 ++++++++ > 1 file changed, 8 insertions(+) Thanks, pull request sent to include this in 6.2. Alex > > diff --git a/hw/vfio/common.c b/hw/vfio/common.c > index dd387b0d3959..080046e3f511 100644 > --- a/hw/vfio/common.c > +++ b/hw/vfio/common.c > @@ -551,6 +551,7 @@ static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova, > QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) { > if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) { > QLIST_REMOVE(hostwin, hostwin_next); > + g_free(hostwin); > return 0; > } > } > @@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group) > if (QLIST_EMPTY(&container->group_list)) { > VFIOAddressSpace *space = container->space; > VFIOGuestIOMMU *giommu, *tmp; > + VFIOHostDMAWindow *hostwin, *next; > > QLIST_REMOVE(container, next); > > @@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group) > g_free(giommu); > } > > + QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, > + next) { > + QLIST_REMOVE(hostwin, hostwin_next); > + g_free(hostwin); > + } > + > trace_vfio_disconnect_container(container->fd); > close(container->fd); > g_free(container);
diff --git a/hw/vfio/common.c b/hw/vfio/common.c index dd387b0d3959..080046e3f511 100644 --- a/hw/vfio/common.c +++ b/hw/vfio/common.c @@ -551,6 +551,7 @@ static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova, QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) { if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) { QLIST_REMOVE(hostwin, hostwin_next); + g_free(hostwin); return 0; } } @@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group) if (QLIST_EMPTY(&container->group_list)) { VFIOAddressSpace *space = container->space; VFIOGuestIOMMU *giommu, *tmp; + VFIOHostDMAWindow *hostwin, *next; QLIST_REMOVE(container, next); @@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group) g_free(giommu); } + QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next, + next) { + QLIST_REMOVE(hostwin, hostwin_next); + g_free(hostwin); + } + trace_vfio_disconnect_container(container->fd); close(container->fd); g_free(container);
hostwin is allocated and added to hostwin_list in vfio_host_win_add, but it is only deleted from hostwin_list in vfio_host_win_del, which causes a memory leak. Also, freeing all elements in hostwin_list is missing in vfio_disconnect_container. Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)") CC: qemu-stable@nongnu.org Signed-off-by: Peng Liang <liangpeng10@huawei.com> --- v1 -> v2: - Don't change to _SAFE variant in vfio_host_win_del. [Alex] --- hw/vfio/common.c | 8 ++++++++ 1 file changed, 8 insertions(+)