| Message ID | 20230403074124.3925-3-shentey@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | Resolve TYPE_PIIX3_XEN_DEVICE | expand |
Am 3. April 2023 07:41:19 UTC schrieb Bernhard Beschow <shentey@gmail.com>: >When calling pci_bus_irqs() multiple times on the same object without calling >pci_bus_irqs_cleanup() in between PCIBus::irq_count[] is currently leaked. >Let's fix this because Xen will do just that in a few commits, and because >calling pci_bus_irqs_cleanup() in between seems fragile and cumbersome. > >Note that pci_bus_irqs_cleanup() now has to NULL irq_count such that >pci_bus_irqs() doesn't do a double free. > >Signed-off-by: Bernhard Beschow <shentey@gmail.com> Ping PCI maintainers >--- > hw/pci/pci.c | 2 ++ > 1 file changed, 2 insertions(+) > >diff --git a/hw/pci/pci.c b/hw/pci/pci.c >index def5000e7b..be1c5d16ec 100644 >--- a/hw/pci/pci.c >+++ b/hw/pci/pci.c >@@ -558,6 +558,7 @@ void pci_bus_irqs(PCIBus *bus, pci_set_irq_fn set_irq, > bus->set_irq = set_irq; > bus->irq_opaque = irq_opaque; > bus->nirq = nirq; >+ g_free(bus->irq_count); > bus->irq_count = g_malloc0(nirq * sizeof(bus->irq_count[0])); > } > >@@ -573,6 +574,7 @@ void pci_bus_irqs_cleanup(PCIBus *bus) > bus->irq_opaque = NULL; > bus->nirq = 0; > g_free(bus->irq_count); >+ bus->irq_count = NULL; > } > > PCIBus *pci_register_root_bus(DeviceState *parent, const char *name,
On Mon, Apr 03, 2023 at 09:41:19AM +0200, Bernhard Beschow wrote: > When calling pci_bus_irqs() multiple times on the same object without calling > pci_bus_irqs_cleanup() in between PCIBus::irq_count[] is currently leaked. > Let's fix this because Xen will do just that in a few commits, and because > calling pci_bus_irqs_cleanup() in between seems fragile and cumbersome. > > Note that pci_bus_irqs_cleanup() now has to NULL irq_count such that > pci_bus_irqs() doesn't do a double free. > > Signed-off-by: Bernhard Beschow <shentey@gmail.com> ok Reviewed-by: Michael S. Tsirkin <mst@redhat.com> > --- > hw/pci/pci.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/hw/pci/pci.c b/hw/pci/pci.c > index def5000e7b..be1c5d16ec 100644 > --- a/hw/pci/pci.c > +++ b/hw/pci/pci.c > @@ -558,6 +558,7 @@ void pci_bus_irqs(PCIBus *bus, pci_set_irq_fn set_irq, > bus->set_irq = set_irq; > bus->irq_opaque = irq_opaque; > bus->nirq = nirq; > + g_free(bus->irq_count); > bus->irq_count = g_malloc0(nirq * sizeof(bus->irq_count[0])); > } > > @@ -573,6 +574,7 @@ void pci_bus_irqs_cleanup(PCIBus *bus) > bus->irq_opaque = NULL; > bus->nirq = 0; > g_free(bus->irq_count); > + bus->irq_count = NULL; > } > > PCIBus *pci_register_root_bus(DeviceState *parent, const char *name, > -- > 2.40.0
diff --git a/hw/pci/pci.c b/hw/pci/pci.c index def5000e7b..be1c5d16ec 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -558,6 +558,7 @@ void pci_bus_irqs(PCIBus *bus, pci_set_irq_fn set_irq, bus->set_irq = set_irq; bus->irq_opaque = irq_opaque; bus->nirq = nirq; + g_free(bus->irq_count); bus->irq_count = g_malloc0(nirq * sizeof(bus->irq_count[0])); } @@ -573,6 +574,7 @@ void pci_bus_irqs_cleanup(PCIBus *bus) bus->irq_opaque = NULL; bus->nirq = 0; g_free(bus->irq_count); + bus->irq_count = NULL; } PCIBus *pci_register_root_bus(DeviceState *parent, const char *name,
When calling pci_bus_irqs() multiple times on the same object without calling pci_bus_irqs_cleanup() in between PCIBus::irq_count[] is currently leaked. Let's fix this because Xen will do just that in a few commits, and because calling pci_bus_irqs_cleanup() in between seems fragile and cumbersome. Note that pci_bus_irqs_cleanup() now has to NULL irq_count such that pci_bus_irqs() doesn't do a double free. Signed-off-by: Bernhard Beschow <shentey@gmail.com> --- hw/pci/pci.c | 2 ++ 1 file changed, 2 insertions(+)