From mboxrd@z Thu Jan 1 00:00:00 1970 From: Stefano Stabellini Subject: Re: [PATCH v2] xen: use qdev_unplug() instead of g_free() in xen_pv_find_xendev() Date: Wed, 1 Feb 2017 11:37:40 -0800 (PST) Message-ID: References: <20170201065202.7746-1-jgross@suse.com> Mime-Version: 1.0 Content-Type: MULTIPART/MIXED; BOUNDARY="8323329-386694112-1485977648=:17946" Return-path: Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xenproject.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cZ0iw-0001oO-SB for xen-devel@lists.xenproject.org; Wed, 01 Feb 2017 19:37:46 +0000 In-Reply-To: <20170201065202.7746-1-jgross@suse.com> Content-ID: List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xen.org Sender: "Xen-devel" Cc: jgross@suse.com, peter.maydell@linaro.org, sstabellini@kernel.org, qemu-devel@nongnu.org, kraxel@redhat.com, anthony.perard@citrix.com, xen-devel@lists.xenproject.org List-Id: xen-devel@lists.xenproject.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323329-386694112-1485977648=:17946 Content-Type: TEXT/PLAIN; CHARSET=UTF-8 Content-Transfer-Encoding: 8BIT Content-ID: Hi Peter, do you think this is acceptable? Thanks, Stefano On Wed, 1 Feb 2017, Juergen Gross wrote: > The error exits of xen_pv_find_xendev() free the new xen-device via > g_free() which is wrong. > > As the xen-device has been initialized as qdev it must be removed > via qdev_unplug(). > > This bug has been introduced with commit 3a6c9172ac5951e6dac2b3f6 > ("xen: create qdev for each backend device"). > > Reported-by: Roger Pau Monné > Tested-by: Roger Pau Monné > Signed-off-by: Juergen Gross > --- > V2: set free method to avoid memory leak (Peter Maydell) > use DEVICE(xendev) instead of &xendev->qdev (Peter Maydell) > --- > hw/xen/xen_backend.c | 13 +++++++------ > 1 file changed, 7 insertions(+), 6 deletions(-) > > diff --git a/hw/xen/xen_backend.c b/hw/xen/xen_backend.c > index d119004..6c21c37 100644 > --- a/hw/xen/xen_backend.c > +++ b/hw/xen/xen_backend.c > @@ -124,10 +124,11 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev, > /* init new xendev */ > xendev = g_malloc0(ops->size); > object_initialize(&xendev->qdev, ops->size, TYPE_XENBACKEND); > - qdev_set_parent_bus(&xendev->qdev, xen_sysbus); > - qdev_set_id(&xendev->qdev, g_strdup_printf("xen-%s-%d", type, dev)); > - qdev_init_nofail(&xendev->qdev); > - object_unref(OBJECT(&xendev->qdev)); > + OBJECT(xendev)->free = g_free; > + qdev_set_parent_bus(DEVICE(xendev), xen_sysbus); > + qdev_set_id(DEVICE(xendev), g_strdup_printf("xen-%s-%d", type, dev)); > + qdev_init_nofail(DEVICE(xendev)); > + object_unref(OBJECT(xendev)); > > xendev->type = type; > xendev->dom = dom; > @@ -145,7 +146,7 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev, > xendev->evtchndev = xenevtchn_open(NULL, 0); > if (xendev->evtchndev == NULL) { > xen_pv_printf(NULL, 0, "can't open evtchn device\n"); > - g_free(xendev); > + qdev_unplug(DEVICE(xendev), NULL); > return NULL; > } > fcntl(xenevtchn_fd(xendev->evtchndev), F_SETFD, FD_CLOEXEC); > @@ -155,7 +156,7 @@ static struct XenDevice *xen_be_get_xendev(const char *type, int dom, int dev, > if (xendev->gnttabdev == NULL) { > xen_pv_printf(NULL, 0, "can't open gnttab device\n"); > xenevtchn_close(xendev->evtchndev); > - g_free(xendev); > + qdev_unplug(DEVICE(xendev), NULL); > return NULL; > } > } else { > -- > 2.10.2 > --8323329-386694112-1485977648=:17946 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KWGVuLWRldmVs IG1haWxpbmcgbGlzdApYZW4tZGV2ZWxAbGlzdHMueGVuLm9yZwpodHRwczovL2xpc3RzLnhlbi5v cmcveGVuLWRldmVsCg== --8323329-386694112-1485977648=:17946--