Re: [PATCH] pc: fix leak in pc_system_flash_cleanup_unused

From: Paolo Bonzini <pbonzini@redhat.com>
To: Alexander Bulekov <alxndr@bu.edu>, qemu-devel@nongnu.org
Cc: "Michael S. Tsirkin" <mst@redhat.com>,
	Eduardo Habkost <ehabkost@redhat.com>,
	Richard Henderson <rth@twiddle.net>
Subject: Re: [PATCH] pc: fix leak in pc_system_flash_cleanup_unused
Date: Wed, 1 Jul 2020 07:49:41 +0200	[thread overview]
Message-ID: <edb74f76-57a0-ef4b-17fa-f9f4b5dae8bc@redhat.com> (raw)
In-Reply-To: <20200701015859.29820-1-alxndr@bu.edu>

On 01/07/20 03:58, Alexander Bulekov wrote:
> fix a leak detected when building with --enable-sanitizers:
> ./i386-softmmu/qemu-system-i386
> Upon exit:
> ==13576==ERROR: LeakSanitizer: detected memory leaks
> 
> Direct leak of 1216 byte(s) in 1 object(s) allocated from:
>     #0 0x7f9d2ed5c628 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5)
>     #1 0x7f9d2e963500 in g_malloc (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.)
>     #2 0x55fa646d25cc in object_new_with_type /tmp/qemu/qom/object.c:686
>     #3 0x55fa63dbaa88 in qdev_new /tmp/qemu/hw/core/qdev.c:140
>     #4 0x55fa638a533f in pc_pflash_create /tmp/qemu/hw/i386/pc_sysfw.c:88
>     #5 0x55fa638a54c4 in pc_system_flash_create /tmp/qemu/hw/i386/pc_sysfw.c:106
>     #6 0x55fa646caa1d in object_init_with_type /tmp/qemu/qom/object.c:369
>     #7 0x55fa646d20b5 in object_initialize_with_type /tmp/qemu/qom/object.c:511
>     #8 0x55fa646d2606 in object_new_with_type /tmp/qemu/qom/object.c:687
>     #9 0x55fa639431e9 in qemu_init /tmp/qemu/softmmu/vl.c:3878
>     #10 0x55fa6335c1b8 in main /tmp/qemu/softmmu/main.c:48
>     #11 0x7f9d2cf06e0a in __libc_start_main ../csu/libc-start.c:308
>     #12 0x55fa6335f8e9 in _start (/tmp/qemu/build/i386-softmmu/qemu-system-i386)
> 
> Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
> ---
> 
> I am not very familiar with the QOM, so maybe this isn't the right way
> of going about this. With the call to object_property_add_child in
> pc_sysfw.c:pc_pflash_create, object_ref is called on the pflash device.
> In the pc_system_flash_cleanup_unused function, there are calls to
> object_propery_del and object_unparent, but it seems neither of these
> calls object_unref. So do we need to manually decrement the refcount?

Yes; you can also add it in pc_pflash_create, because

    /*
     * Since object_property_add_child added a reference to the child object,
     * we can drop the reference added by object_initialize(), so the child
     * property will own the only reference to the object.
     */

(from object_initialize_childv).

Paolo

>  hw/i386/pc_sysfw.c | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/hw/i386/pc_sysfw.c b/hw/i386/pc_sysfw.c
> index ec2a3b3e7e..f69a93671a 100644
> --- a/hw/i386/pc_sysfw.c
> +++ b/hw/i386/pc_sysfw.c
> @@ -123,6 +123,7 @@ static void pc_system_flash_cleanup_unused(PCMachineState *pcms)
>              object_property_del(OBJECT(pcms), prop_name);
>              g_free(prop_name);
>              object_unparent(dev_obj);
> +            object_unref(dev_obj);
>              pcms->flash[i] = NULL;
>          }
>      }
> 