[PATCH v2 0/2] Fix some memleaks caused by timer_new_ns

[PATCH v2 0/2] Fix some memleaks caused by timer_new_ns

[Gan Qixin]

v1->v2:

patch1:
  Delete the modification of unrelated whitespace.
patch2:
  Add David Gibson acked tag.
patch3:
  Has been applied, so delete it.

Gan Qixin (2):
  pl031: Use timer_free() in the finalize function to avoid memleaks
  misc/mos6522: Use timer_free() in the finalize function to avoid
    memleak

 hw/misc/mos6522.c | 11 +++++++++++
 hw/rtc/pl031.c    |  9 +++++++++
 2 files changed, 20 insertions(+)

-- 
2.27.0

[PATCH v2 1/2] pl031: Use timer_free() in the finalize function to avoid memleaks

[Gan Qixin]

When running device-introspect-test, a memory leak occurred in the pl031_init
function, this patch use timer_free() in the finalize function to fix it.

ASAN shows memory leak stack:

Direct leak of 48 byte(s) in 1 object(s) allocated from:
    #0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
    #1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
    #2 0xaaabf5621cfc in timer_new_full qemu/include/qemu/timer.h:523
    #3 0xaaabf5621cfc in timer_new qemu/include/qemu/timer.h:544
    #4 0xaaabf5621cfc in timer_new_ns qemu/include/qemu/timer.h:562
    #5 0xaaabf5621cfc in pl031_init qemu/hw/rtc/pl031.c:194
    #6 0xaaabf6339f6c in object_initialize_with_type qemu/qom/object.c:515
    #7 0xaaabf633a1e0 in object_new_with_type qemu/qom/object.c:729
    #8 0xaaabf6375e40 in qmp_device_list_properties qemu/qom/qom-qmp-cmds.c:153
    #9 0xaaabf5a95540 in qdev_device_help qemu/softmmu/qdev-monitor.c:283
    #10 0xaaabf5a96940 in qmp_device_add qemu/softmmu/qdev-monitor.c:801
    #11 0xaaabf5a96e70 in hmp_device_add qemu/softmmu/qdev-monitor.c:916
    #12 0xaaabf5ac0a2c in handle_hmp_command qemu/monitor/hmp.c:1100

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
---
Cc: Peter Maydell <peter.maydell@linaro.org>
---
 hw/rtc/pl031.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/hw/rtc/pl031.c b/hw/rtc/pl031.c
index ae47f09635..f0981e6c21 100644
--- a/hw/rtc/pl031.c
+++ b/hw/rtc/pl031.c
@@ -194,6 +194,14 @@ static void pl031_init(Object *obj)
     s->timer = timer_new_ns(rtc_clock, pl031_interrupt, s);
 }
 
+static void pl031_finalize(Object *obj)
+{
+    PL031State *s = PL031(obj);
+
+    timer_del(s->timer);
+    timer_free(s->timer);
+}
+
 static int pl031_pre_save(void *opaque)
 {
     PL031State *s = opaque;
@@ -329,6 +337,7 @@ static const TypeInfo pl031_info = {
     .parent        = TYPE_SYS_BUS_DEVICE,
     .instance_size = sizeof(PL031State),
     .instance_init = pl031_init,
+    .instance_finalize = pl031_finalize,
     .class_init    = pl031_class_init,
 };
 
-- 
2.27.0

[PATCH v2 2/2] misc/mos6522: Use timer_free() in the finalize function to avoid memleak

[Gan Qixin]

When running device-introspect-test, a memory leak occurred in the mos6522_init
function, this patch use timer_free() in the finalize function to fix it.

ASAN shows memory leak stack:

Direct leak of 96 byte(s) in 2 object(s) allocated from:
    #0 0xfffd5fe9e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
    #1 0xfffd5f7b6800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
    #2 0xaaae50303d0c in timer_new_full qemu/include/qemu/timer.h:523
    #3 0xaaae50303d0c in timer_new qemu/include/qemu/timer.h:544
    #4 0xaaae50303d0c in timer_new_ns qemu/include/qemu/timer.h:562
    #5 0xaaae50303d0c in mos6522_init qemu/hw/misc/mos6522.c:490
    #6 0xaaae50b77d70 in object_init_with_type qemu/qom/object.c:371
    #7 0xaaae50b7ae84 in object_initialize_with_type qemu/qom/object.c:515
    #8 0xaaae50b7b0f8 in object_new_with_type qemu/qom/object.c:729
    #9 0xaaae50bb6d58 in qmp_device_list_properties qemu/qom/qom-qmp-cmds.c:153
    #10 0xaaae50d7e1dc in qmp_marshal_device_list_properties qemu/qapi/qapi-commands-qdev.c:59
    #11 0xaaae50dc87a0 in do_qmp_dispatch_bh qemu/qapi/qmp-dispatch.c:110
    #12 0xaaae50d931a0 in aio_bh_call qemu/util/async.c:136

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
---
Cc: David Gibson <david@gibson.dropbear.id.au>
---
 hw/misc/mos6522.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/hw/misc/mos6522.c b/hw/misc/mos6522.c
index ac4cd1d58e..0236eeece1 100644
--- a/hw/misc/mos6522.c
+++ b/hw/misc/mos6522.c
@@ -490,6 +490,16 @@ static void mos6522_init(Object *obj)
     s->timers[1].timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, mos6522_timer2, s);
 }
 
+static void mos6522_finalize(Object *obj)
+{
+    MOS6522State *s = MOS6522(obj);
+
+    timer_del(s->timers[0].timer);
+    timer_free(s->timers[0].timer);
+    timer_del(s->timers[1].timer);
+    timer_free(s->timers[1].timer);
+}
+
 static Property mos6522_properties[] = {
     DEFINE_PROP_UINT64("frequency", MOS6522State, frequency, 0),
     DEFINE_PROP_END_OF_LIST()
@@ -519,6 +529,7 @@ static const TypeInfo mos6522_type_info = {
     .parent = TYPE_SYS_BUS_DEVICE,
     .instance_size = sizeof(MOS6522State),
     .instance_init = mos6522_init,
+    .instance_finalize = mos6522_finalize,
     .abstract = true,
     .class_size = sizeof(MOS6522DeviceClass),
     .class_init = mos6522_class_init,
-- 
2.27.0

Re: [PATCH v2 1/2] pl031: Use timer_free() in the finalize function to avoid memleaks

[Peter Maydell]

On Tue, 12 Jan 2021 at 10:20, Gan Qixin <ganqixin@huawei.com> wrote:
>
> When running device-introspect-test, a memory leak occurred in the pl031_init
> function, this patch use timer_free() in the finalize function to fix it.
>
> ASAN shows memory leak stack:
>
> Direct leak of 48 byte(s) in 1 object(s) allocated from:
>     #0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
>     #1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
>     #2 0xaaabf5621cfc in timer_new_full qemu/include/qemu/timer.h:523
>     #3 0xaaabf5621cfc in timer_new qemu/include/qemu/timer.h:544
>     #4 0xaaabf5621cfc in timer_new_ns qemu/include/qemu/timer.h:562
>     #5 0xaaabf5621cfc in pl031_init qemu/hw/rtc/pl031.c:194
>     #6 0xaaabf6339f6c in object_initialize_with_type qemu/qom/object.c:515
>     #7 0xaaabf633a1e0 in object_new_with_type qemu/qom/object.c:729
>     #8 0xaaabf6375e40 in qmp_device_list_properties qemu/qom/qom-qmp-cmds.c:153
>     #9 0xaaabf5a95540 in qdev_device_help qemu/softmmu/qdev-monitor.c:283
>     #10 0xaaabf5a96940 in qmp_device_add qemu/softmmu/qdev-monitor.c:801
>     #11 0xaaabf5a96e70 in hmp_device_add qemu/softmmu/qdev-monitor.c:916
>     #12 0xaaabf5ac0a2c in handle_hmp_command qemu/monitor/hmp.c:1100
>
> Reported-by: Euler Robot <euler.robot@huawei.com>
> Signed-off-by: Gan Qixin <ganqixin@huawei.com>
> ---
> Cc: Peter Maydell <peter.maydell@linaro.org>
> ---
>  hw/rtc/pl031.c | 9 +++++++++
>  1 file changed, 9 insertions(+)
>
> diff --git a/hw/rtc/pl031.c b/hw/rtc/pl031.c
> index ae47f09635..f0981e6c21 100644
> --- a/hw/rtc/pl031.c
> +++ b/hw/rtc/pl031.c
> @@ -194,6 +194,14 @@ static void pl031_init(Object *obj)
>      s->timer = timer_new_ns(rtc_clock, pl031_interrupt, s);
>  }
>
> +static void pl031_finalize(Object *obj)
> +{
> +    PL031State *s = PL031(obj);
> +
> +    timer_del(s->timer);
> +    timer_free(s->timer);

You don't need to call timer_del() before timer_free() any more:
see commit 5f8e93c3e262ab.

thanks
-- PMM

RE: [PATCH v2 1/2] pl031: Use timer_free() in the finalize function to avoid memleaks

[ganqixin]

> -----Original Message-----
> From: Peter Maydell [mailto:peter.maydell@linaro.org]
> Sent: Tuesday, January 12, 2021 6:22 PM
> To: ganqixin <ganqixin@huawei.com>
> Cc: QEMU Developers <qemu-devel@nongnu.org>; QEMU Trivial
> <qemu-trivial@nongnu.org>; David Gibson <david@gibson.dropbear.id.au>;
> Chenqun (kuhn) <kuhn.chenqun@huawei.com>; Zhanghailiang
> <zhang.zhanghailiang@huawei.com>; Euler Robot <euler.robot@huawei.com>
> Subject: Re: [PATCH v2 1/2] pl031: Use timer_free() in the finalize function to
> avoid memleaks
> 
> On Tue, 12 Jan 2021 at 10:20, Gan Qixin <ganqixin@huawei.com> wrote:
> >
> > When running device-introspect-test, a memory leak occurred in the
> > pl031_init function, this patch use timer_free() in the finalize function to fix
> it.
> >
> > ASAN shows memory leak stack:
> >
> > Direct leak of 48 byte(s) in 1 object(s) allocated from:
> >     #0 0xffffab97e1f0 in __interceptor_calloc
> (/lib64/libasan.so.5+0xee1f0)
> >     #1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
> >     #2 0xaaabf5621cfc in timer_new_full
> qemu/include/qemu/timer.h:523
> >     #3 0xaaabf5621cfc in timer_new qemu/include/qemu/timer.h:544
> >     #4 0xaaabf5621cfc in timer_new_ns qemu/include/qemu/timer.h:562
> >     #5 0xaaabf5621cfc in pl031_init qemu/hw/rtc/pl031.c:194
> >     #6 0xaaabf6339f6c in object_initialize_with_type
> qemu/qom/object.c:515
> >     #7 0xaaabf633a1e0 in object_new_with_type
> qemu/qom/object.c:729
> >     #8 0xaaabf6375e40 in qmp_device_list_properties
> qemu/qom/qom-qmp-cmds.c:153
> >     #9 0xaaabf5a95540 in qdev_device_help
> qemu/softmmu/qdev-monitor.c:283
> >     #10 0xaaabf5a96940 in qmp_device_add
> qemu/softmmu/qdev-monitor.c:801
> >     #11 0xaaabf5a96e70 in hmp_device_add
> qemu/softmmu/qdev-monitor.c:916
> >     #12 0xaaabf5ac0a2c in handle_hmp_command
> qemu/monitor/hmp.c:1100
> >
> > Reported-by: Euler Robot <euler.robot@huawei.com>
> > Signed-off-by: Gan Qixin <ganqixin@huawei.com>
> > ---
> > Cc: Peter Maydell <peter.maydell@linaro.org>
> > ---
> >  hw/rtc/pl031.c | 9 +++++++++
> >  1 file changed, 9 insertions(+)
> >
> > diff --git a/hw/rtc/pl031.c b/hw/rtc/pl031.c index
> > ae47f09635..f0981e6c21 100644
> > --- a/hw/rtc/pl031.c
> > +++ b/hw/rtc/pl031.c
> > @@ -194,6 +194,14 @@ static void pl031_init(Object *obj)
> >      s->timer = timer_new_ns(rtc_clock, pl031_interrupt, s);  }
> >
> > +static void pl031_finalize(Object *obj) {
> > +    PL031State *s = PL031(obj);
> > +
> > +    timer_del(s->timer);
> > +    timer_free(s->timer);
> 
> You don't need to call timer_del() before timer_free() any more:
> see commit 5f8e93c3e262ab.
> 

Thanks for your reply, I didn't notice this new change, I will resend these patches later.