From patchwork Mon Sep 19 02:48:35 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Li Qiang X-Patchwork-Id: 9338451 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 7DC706022E for ; Mon, 19 Sep 2016 02:50:19 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5F46528EF5 for ; Mon, 19 Sep 2016 02:50:19 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 5085728EFE; Mon, 19 Sep 2016 02:50:19 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM, T_DKIM_INVALID autolearn=ham version=3.3.1 Received: from lists.gnu.org (lists.gnu.org [208.118.235.17]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id B691B28EF5 for ; Mon, 19 Sep 2016 02:50:18 +0000 (UTC) Received: from localhost ([::1]:52438 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bloeu-0004D3-Qn for patchwork-qemu-devel@patchwork.kernel.org; Sun, 18 Sep 2016 22:50:16 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:45605) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bloea-0004Cg-BM for qemu-devel@nongnu.org; Sun, 18 Sep 2016 22:49:57 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bloeW-0005e1-9A for qemu-devel@nongnu.org; Sun, 18 Sep 2016 22:49:55 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:32831) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bloeW-0005dJ-2M for qemu-devel@nongnu.org; Sun, 18 Sep 2016 22:49:52 -0400 Received: by mail-wm0-f68.google.com with SMTP id w84so5536146wmg.0 for ; Sun, 18 Sep 2016 19:49:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:from:to:cc:subject:date; bh=e5QIOnl0YRl9YTBNm/1KYMzpq/Dd1Et1tQPdiTQF7Tw=; b=Wh4fOer2Nomzj55IWwwAaVlB0JBwS5FWcVxNVBpw67LZeNsbc1M2QyMT9ziIG4baoj qL0SrsqW67dSZL/I/Unxm/pn2eAe2Koq5d17qDD6ck2GoEnCOwzi1UTCSA6QQt5JYEB0 BsHCdA4XX/4kpj2ZxvQrdgxnEcPpOvai7g1S/L27TnYAOAtI6JjXxc6uPjmFwGTZbEvX NuWAKFI1lIJCnshLLCGB8h9w7YjD0RFk1fdCpvKbi947AhIeizCIauF3mIPgWWs4R4Ck GdC3jnBfAsNr1xhmg3ZJmPoeX+zeY1RNFiGb+QG5Sd4bDeKJ47wAn7peUp2NWZh/tehD XuZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:from:to:cc:subject:date; bh=e5QIOnl0YRl9YTBNm/1KYMzpq/Dd1Et1tQPdiTQF7Tw=; b=C19cuEpbokJb/Z9OjJWjOp8k456FkjLIaEunOAlZHcbg4sDslbbSY5t66iLeVjNcKQ 3CnFzEhi4uBintTviDMxIsd0nfaFti+errjJRYwBcGkECzART9CXiaEj1hxxBNU0ULeB xS4LhH6/5qLff1L6/hTTc0ArmXVFuLfdOUrgGtC4qffOKQfiO49Re2OpFdm695sR69jl 5tti0AUVXqJZ+JHssboIEfodf5AWGipLsRtEyyuG8L1SakXuEzmjtgwtZF0cf/1NJu2S n9YZZZL7LOKGUAZc7rBp+5D3KM4kXVfAU/Gcg1MbKQQT9Oksrsbjs6KqLikj9PALYTsX DEWQ== X-Gm-Message-State: AE9vXwOUQYgmbOcfROemtJQ/mogbg6ADSKYugIh8S6bIRMo2iBAHZtAP5CTvWzlLjBuPMw== X-Received: by 10.194.95.36 with SMTP id dh4mr21205811wjb.156.1474253331127; Sun, 18 Sep 2016 19:48:51 -0700 (PDT) Received: from localhost.localdomain.localdomain ([104.192.110.250]) by smtp.gmail.com with ESMTPSA id bk7sm20641462wjc.36.2016.09.18.19.48.48 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sun, 18 Sep 2016 19:48:50 -0700 (PDT) Message-ID: <57df5212.87adc20a.7f06f.fda3@mx.google.com> X-Google-Original-Message-ID: <1474253315-6312-1-git-send-email-Qiang(liqiang6-s@360.cn)> From: Li Qiang X-Google-Original-From: Li Qiang(liqiang6-s@360.cn) To: kraxel@redhat.com, qemu-devel@nongnu.org Date: Sun, 18 Sep 2016 19:48:35 -0700 X-Mailer: git-send-email 1.8.3.1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 74.125.82.68 Subject: [Qemu-devel] [PATCH] usb: ehci: fix memory leak in ehci_process_itd X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Li Qiang Errors-To: qemu-devel-bounces+patchwork-qemu-devel=patchwork.kernel.org@nongnu.org Sender: "Qemu-devel" X-Virus-Scanned: ClamAV using ClamSMTP From: Li Qiang While processing isochronous transfer descriptors(iTD), if the page select(PG) field value is out of bands it will return. In this situation the ehci's sg list doesn't be freed thus leading a memory leak issue. This patch avoid this. Signed-off-by: Li Qiang Reviewed-by: Thomas Huth --- hw/usb/hcd-ehci.c | 1 + 1 file changed, 1 insertion(+) diff --git a/hw/usb/hcd-ehci.c b/hw/usb/hcd-ehci.c index b093db7..f4ece9a 100644 --- a/hw/usb/hcd-ehci.c +++ b/hw/usb/hcd-ehci.c @@ -1426,6 +1426,7 @@ static int ehci_process_itd(EHCIState *ehci, if (off + len > 4096) { /* transfer crosses page border */ if (pg == 6) { + qemu_sglist_destroy(&ehci->isgl); return -1; /* avoid page pg + 1 */ } ptr2 = (itd->bufptr[pg + 1] & ITD_BUFPTR_MASK);