Re: [PULL 24/30] spapr_pci: populate ibm,loc-code - Philippe Mathieu-Daudé

From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: Peter Maydell <peter.maydell@linaro.org>,
	David Gibson <david@gibson.dropbear.id.au>
Cc: qemu-ppc <qemu-ppc@nongnu.org>,
	QEMU Developers <qemu-devel@nongnu.org>,
	Nikunj A Dadhania <nikunj@linux.vnet.ibm.com>,
	Greg Kurz <groug@kaod.org>
Subject: Re: [PULL 24/30] spapr_pci: populate ibm,loc-code
Date: Sun, 15 Aug 2021 16:36:18 +0200	[thread overview]
Message-ID: <1daaacdf-4725-3350-601f-24025d3944f4@redhat.com> (raw)
In-Reply-To: <CAFEAcA-GGNcm09xu5v65jQcghjBnj6cBtb0p0xYhOPPNt1g_sg@mail.gmail.com>

On 8/13/21 5:17 PM, Peter Maydell wrote:
> On Tue, 10 Aug 2021 at 05:40, David Gibson <david@gibson.dropbear.id.au> wrote:
>>
>> On Mon, Aug 09, 2021 at 10:57:00AM +0100, Peter Maydell wrote:
>>>
>>> Cleanest fix would be to declare 'path' and 'host' as
>>>    g_autofree char *path = NULL;
>>>    g_autofree char *host = NULL;
>>> and then you can remove all the manual g_free(path) and g_free(host) calls.
>>
>> Thanks for the report.  I've committed the fix (I hope) below to ppc-for-6.1:
>>
>> From 70ae61b510dc571c407b28c46498cae60e60ca66 Mon Sep 17 00:00:00 2001
>> From: David Gibson <david@gibson.dropbear.id.au>
>> Date: Tue, 10 Aug 2021 14:28:19 +1000
>> Subject: [PATCH] spapr_pci: Fix leak in spapr_phb_vfio_get_loc_code() with
>>  g_autofree
>>
>> This uses g_autofree to simplify logic in spapr_phb_vfio_get_loc_code(),
>> in the process fixing a leak in one of the paths.  I'm told this fixes
>> Coverity error CID 1460454
>>
>> Reported-by: Peter Maydell <peter.maydell@linaro.org>
>> Fixes: 16b0ea1d852 ("spapr_pci: populate ibm,loc-code")
>> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
>> ---
>>  hw/ppc/spapr_pci.c | 17 ++++++-----------
>>  1 file changed, 6 insertions(+), 11 deletions(-)
>>
>> diff --git a/hw/ppc/spapr_pci.c b/hw/ppc/spapr_pci.c
>> index 7a725855f9..13d806f390 100644
>> --- a/hw/ppc/spapr_pci.c
>> +++ b/hw/ppc/spapr_pci.c
>> @@ -782,33 +782,28 @@ static AddressSpace *spapr_pci_dma_iommu(PCIBus *bus, void *opaque, int devfn)
>>
>>  static char *spapr_phb_vfio_get_loc_code(SpaprPhbState *sphb,  PCIDevice *pdev)
>>  {
>> -    char *path = NULL, *buf = NULL, *host = NULL;
>> +    g_autofree char *path = NULL;
>> +    g_autofree char *host = NULL;
>> +    char *buf = NULL;
>>
>>      /* Get the PCI VFIO host id */
>>      host = object_property_get_str(OBJECT(pdev), "host", NULL);
>>      if (!host) {
>> -        goto err_out;
>> +        return NULL;
>>      }
>>
>>      /* Construct the path of the file that will give us the DT location */
>>      path = g_strdup_printf("/sys/bus/pci/devices/%s/devspec", host);
>> -    g_free(host);
>>      if (!g_file_get_contents(path, &buf, NULL, NULL)) {
>> -        goto err_out;
>> +        return NULL;
>>      }
>> -    g_free(path);
>>
>>      /* Construct and read from host device tree the loc-code */
>>      path = g_strdup_printf("/proc/device-tree%s/ibm,loc-code", buf);
>> -    g_free(buf);
> 
> This deletion doesn't look right -- 'buf' is not autofree
> (and shouldn't be, since we're returning it).

Oops, good catch!

> If you want to delete this 'g_free' you need to make the
> first g_file_get_contents() use a separate char* variable from
> the variable we use to return the eventual result data buffer;
> then you can make that new variable be g_autofree.
> 
>>      if (!g_file_get_contents(path, &buf, NULL, NULL)) {
>> -        goto err_out;
>> +        return NULL;
>>      }
>>      return buf;
>> -
>> -err_out:
>> -    g_free(path);
>> -    return NULL;
>>  }
> 
> thanks
> -- PMM
> 