-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1 iQIcBAABAgAGBQJXp5QCAAoJENro4Ql1lpzlTE0P/0ICcWZrPEGc/dExA8++7WLf hUIe1WUDBY7uQF8r1/Z2sqkjoqztxceMW59sa/cOWHADunkFRn8dQywo+q+sSs+P l5UNhC3mo2U0U4fvj7MW2IA6KtOte9Ah0XDPG5/GG2BBFnphuwtAZ8yhI4lP/LBq ZTCub0hqXvYT5mMmfmRq0ut0sfCtzvpJLct44ilgbTzujCNO9CYBYd5tVtYFimSh lqy93Q4tTLkdRqwy8gdw/zCIX2MCAgknrkvR43jnGU9O8/1urNoOS1Y+z1/07RTK I7wXpRy2c/Dg7xmvzo4DdupaShYiCRioK3sEy0gexpwY/UCJIhdkdmLww2UNynV1 pijyb0z0JhEzan9qmmphoqOylcxL7JiyiJyhA2pf095hWzaDjSJ5yoHpV8tcFB4V rQm8jFEMEyeYzKUku21c3X3inROXuiq3S4Mb4HMuJ+Is9k57OrEAIXP1PwLjhE8c ajJ0Oaq7c8LyL1lIp2+p6kXfpaj1X9q4l+ebCJkxYFhIK4qdSJxRtzBg9dAW0qPm AWmKlSS7HOQxFLQKFsq3heyCcuxpEKT20ln5DJdUFC3Cm6U9+EyBKE4LdXXPR3QD vZ/puTgl7/ZYhldqab6LZnWHtutEjoMcEil5E2J6glLWqvOdJH/gjv+mjD+6Brs9 u5rziFKGL2ab7lEeK9rD =dx19 -----END PGP SIGNATURE----- Merge remote-tracking branch 'remotes/elmarco/tags/leaks-for-2.7-pull-request' into staging # gpg: Signature made Sun 07 Aug 2016 21:03:14 BST # gpg: using RSA key 0xDAE8E10975969CE5 # gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" # gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5 * remotes/elmarco/tags/leaks-for-2.7-pull-request: ahci: fix sglist leak on retry usb: free leaking path usb: free USBDevice.strings virtio-input: free config list qjson: free str ahci: free irqs array char: free MuxDriver when closing char: free the tcp connection data when closing numa: do not leak NumaOptions Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
commit
9efaf7f5f5
@ -919,6 +919,7 @@ static void ncq_err(NCQTransferState *ncq_tfs)
|
||||
ide_state->error = ABRT_ERR;
|
||||
ide_state->status = READY_STAT | ERR_STAT;
|
||||
ncq_tfs->drive->port_regs.scr_err |= (1 << ncq_tfs->tag);
|
||||
qemu_sglist_destroy(&ncq_tfs->sglist);
|
||||
ncq_tfs->used = 0;
|
||||
}
|
||||
|
||||
@ -1025,7 +1026,6 @@ static void execute_ncq_command(NCQTransferState *ncq_tfs)
|
||||
default:
|
||||
DPRINTF(port, "error: unsupported NCQ command (0x%02x) received\n",
|
||||
ncq_tfs->cmd);
|
||||
qemu_sglist_destroy(&ncq_tfs->sglist);
|
||||
ncq_err(ncq_tfs);
|
||||
}
|
||||
}
|
||||
@ -1092,7 +1092,6 @@ static void process_ncq_command(AHCIState *s, int port, uint8_t *cmd_fis,
|
||||
error_report("ahci: PRDT length for NCQ command (0x%zx) "
|
||||
"is smaller than the requested size (0x%zx)",
|
||||
ncq_tfs->sglist.size, size);
|
||||
qemu_sglist_destroy(&ncq_tfs->sglist);
|
||||
ncq_err(ncq_tfs);
|
||||
ahci_trigger_irq(ad->hba, ad, PORT_IRQ_OVERFLOW);
|
||||
return;
|
||||
@ -1478,6 +1477,7 @@ void ahci_realize(AHCIState *s, DeviceState *qdev, AddressSpace *as, int ports)
|
||||
ad->port.dma->ops = &ahci_dma_ops;
|
||||
ide_register_restart_cb(&ad->port);
|
||||
}
|
||||
g_free(irqs);
|
||||
}
|
||||
|
||||
void ahci_uninit(AHCIState *s)
|
||||
|
@ -824,6 +824,7 @@ static void ide_dma_cb(void *opaque, int ret)
|
||||
if (ret < 0) {
|
||||
if (ide_handle_rw_error(s, -ret, ide_dma_cmd_to_retry(s->dma_cmd))) {
|
||||
s->bus->dma->aiocb = NULL;
|
||||
dma_buf_commit(s, 0);
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
@ -270,6 +270,16 @@ static void virtio_input_device_realize(DeviceState *dev, Error **errp)
|
||||
vinput->sts = virtio_add_queue(vdev, 64, virtio_input_handle_sts);
|
||||
}
|
||||
|
||||
static void virtio_input_finalize(Object *obj)
|
||||
{
|
||||
VirtIOInput *vinput = VIRTIO_INPUT(obj);
|
||||
VirtIOInputConfig *cfg, *next;
|
||||
|
||||
QTAILQ_FOREACH_SAFE(cfg, &vinput->cfg_list, node, next) {
|
||||
QTAILQ_REMOVE(&vinput->cfg_list, cfg, node);
|
||||
g_free(cfg);
|
||||
}
|
||||
}
|
||||
static void virtio_input_device_unrealize(DeviceState *dev, Error **errp)
|
||||
{
|
||||
VirtIOInputClass *vic = VIRTIO_INPUT_GET_CLASS(dev);
|
||||
@ -318,6 +328,7 @@ static const TypeInfo virtio_input_info = {
|
||||
.class_size = sizeof(VirtIOInputClass),
|
||||
.class_init = virtio_input_class_init,
|
||||
.abstract = true,
|
||||
.instance_finalize = virtio_input_finalize,
|
||||
};
|
||||
|
||||
/* ----------------------------------------------------------------- */
|
||||
|
@ -279,6 +279,13 @@ static void usb_qdev_realize(DeviceState *qdev, Error **errp)
|
||||
static void usb_qdev_unrealize(DeviceState *qdev, Error **errp)
|
||||
{
|
||||
USBDevice *dev = USB_DEVICE(qdev);
|
||||
USBDescString *s, *next;
|
||||
|
||||
QLIST_FOREACH_SAFE(s, &dev->strings, next, next) {
|
||||
QLIST_REMOVE(s, next);
|
||||
g_free(s->str);
|
||||
g_free(s);
|
||||
}
|
||||
|
||||
if (dev->attached) {
|
||||
usb_device_detach(dev);
|
||||
|
@ -574,6 +574,7 @@ void usb_desc_create_serial(USBDevice *dev)
|
||||
}
|
||||
dst += snprintf(serial+dst, sizeof(serial)-dst, "-%s", dev->port->path);
|
||||
usb_desc_set_string(dev, index, serial);
|
||||
g_free(path);
|
||||
}
|
||||
|
||||
const char *usb_desc_get_string(USBDevice *dev, uint8_t index)
|
||||
|
@ -109,5 +109,6 @@ void qjson_finish(QJSON *json)
|
||||
|
||||
void qjson_destroy(QJSON *json)
|
||||
{
|
||||
QDECREF(json->str);
|
||||
g_free(json);
|
||||
}
|
||||
|
15
numa.c
15
numa.c
@ -223,14 +223,14 @@ static int parse_numa(void *opaque, QemuOpts *opts, Error **errp)
|
||||
}
|
||||
|
||||
if (err) {
|
||||
goto error;
|
||||
goto end;
|
||||
}
|
||||
|
||||
switch (object->type) {
|
||||
case NUMA_OPTIONS_KIND_NODE:
|
||||
numa_node_parse(object->u.node.data, opts, &err);
|
||||
if (err) {
|
||||
goto error;
|
||||
goto end;
|
||||
}
|
||||
nb_numa_nodes++;
|
||||
break;
|
||||
@ -238,13 +238,14 @@ static int parse_numa(void *opaque, QemuOpts *opts, Error **errp)
|
||||
abort();
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
error:
|
||||
error_report_err(err);
|
||||
end:
|
||||
qapi_free_NumaOptions(object);
|
||||
if (err) {
|
||||
error_report_err(err);
|
||||
return -1;
|
||||
}
|
||||
|
||||
return -1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static char *enumerate_cpus(unsigned long *cpus, int max_cpus)
|
||||
|
64
qemu-char.c
64
qemu-char.c
@ -786,6 +786,13 @@ static GSource *mux_chr_add_watch(CharDriverState *s, GIOCondition cond)
|
||||
return d->drv->chr_add_watch(d->drv, cond);
|
||||
}
|
||||
|
||||
static void mux_chr_close(struct CharDriverState *chr)
|
||||
{
|
||||
MuxDriver *d = chr->opaque;
|
||||
|
||||
g_free(d);
|
||||
}
|
||||
|
||||
static CharDriverState *qemu_chr_open_mux(const char *id,
|
||||
ChardevBackend *backend,
|
||||
ChardevReturn *ret, Error **errp)
|
||||
@ -810,6 +817,7 @@ static CharDriverState *qemu_chr_open_mux(const char *id,
|
||||
chr->opaque = d;
|
||||
d->drv = drv;
|
||||
d->focus = -1;
|
||||
chr->chr_close = mux_chr_close;
|
||||
chr->chr_write = mux_chr_write;
|
||||
chr->chr_update_read_handler = mux_chr_update_read_handler;
|
||||
chr->chr_accept_input = mux_chr_accept_input;
|
||||
@ -2763,6 +2771,7 @@ static int tcp_set_msgfds(CharDriverState *chr, int *fds, int num)
|
||||
/* clear old pending fd array */
|
||||
g_free(s->write_msgfds);
|
||||
s->write_msgfds = NULL;
|
||||
s->write_msgfds_num = 0;
|
||||
|
||||
if (!s->connected ||
|
||||
!qio_channel_has_feature(s->ioc,
|
||||
@ -2843,6 +2852,35 @@ static GSource *tcp_chr_add_watch(CharDriverState *chr, GIOCondition cond)
|
||||
return qio_channel_create_watch(s->ioc, cond);
|
||||
}
|
||||
|
||||
static void tcp_chr_free_connection(CharDriverState *chr)
|
||||
{
|
||||
TCPCharDriver *s = chr->opaque;
|
||||
int i;
|
||||
|
||||
if (!s->connected) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (s->read_msgfds_num) {
|
||||
for (i = 0; i < s->read_msgfds_num; i++) {
|
||||
close(s->read_msgfds[i]);
|
||||
}
|
||||
g_free(s->read_msgfds);
|
||||
s->read_msgfds = NULL;
|
||||
s->read_msgfds_num = 0;
|
||||
}
|
||||
|
||||
tcp_set_msgfds(chr, NULL, 0);
|
||||
remove_fd_in_watch(chr);
|
||||
object_unref(OBJECT(s->sioc));
|
||||
s->sioc = NULL;
|
||||
object_unref(OBJECT(s->ioc));
|
||||
s->ioc = NULL;
|
||||
g_free(chr->filename);
|
||||
chr->filename = NULL;
|
||||
s->connected = 0;
|
||||
}
|
||||
|
||||
static void tcp_chr_disconnect(CharDriverState *chr)
|
||||
{
|
||||
TCPCharDriver *s = chr->opaque;
|
||||
@ -2851,18 +2889,12 @@ static void tcp_chr_disconnect(CharDriverState *chr)
|
||||
return;
|
||||
}
|
||||
|
||||
s->connected = 0;
|
||||
tcp_chr_free_connection(chr);
|
||||
|
||||
if (s->listen_ioc) {
|
||||
s->listen_tag = qio_channel_add_watch(
|
||||
QIO_CHANNEL(s->listen_ioc), G_IO_IN, tcp_chr_accept, chr, NULL);
|
||||
}
|
||||
tcp_set_msgfds(chr, NULL, 0);
|
||||
remove_fd_in_watch(chr);
|
||||
object_unref(OBJECT(s->sioc));
|
||||
s->sioc = NULL;
|
||||
object_unref(OBJECT(s->ioc));
|
||||
s->ioc = NULL;
|
||||
g_free(chr->filename);
|
||||
chr->filename = SocketAddress_to_str("disconnected:", s->addr,
|
||||
s->is_listen, s->is_telnet);
|
||||
qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
|
||||
@ -3177,17 +3209,14 @@ int qemu_chr_wait_connected(CharDriverState *chr, Error **errp)
|
||||
static void tcp_chr_close(CharDriverState *chr)
|
||||
{
|
||||
TCPCharDriver *s = chr->opaque;
|
||||
int i;
|
||||
|
||||
tcp_chr_free_connection(chr);
|
||||
|
||||
if (s->reconnect_timer) {
|
||||
g_source_remove(s->reconnect_timer);
|
||||
s->reconnect_timer = 0;
|
||||
}
|
||||
qapi_free_SocketAddress(s->addr);
|
||||
remove_fd_in_watch(chr);
|
||||
if (s->ioc) {
|
||||
object_unref(OBJECT(s->ioc));
|
||||
}
|
||||
if (s->listen_tag) {
|
||||
g_source_remove(s->listen_tag);
|
||||
s->listen_tag = 0;
|
||||
@ -3195,18 +3224,9 @@ static void tcp_chr_close(CharDriverState *chr)
|
||||
if (s->listen_ioc) {
|
||||
object_unref(OBJECT(s->listen_ioc));
|
||||
}
|
||||
if (s->read_msgfds_num) {
|
||||
for (i = 0; i < s->read_msgfds_num; i++) {
|
||||
close(s->read_msgfds[i]);
|
||||
}
|
||||
g_free(s->read_msgfds);
|
||||
}
|
||||
if (s->tls_creds) {
|
||||
object_unref(OBJECT(s->tls_creds));
|
||||
}
|
||||
if (s->write_msgfds_num) {
|
||||
g_free(s->write_msgfds);
|
||||
}
|
||||
g_free(s);
|
||||
qemu_chr_be_event(chr, CHR_EVENT_CLOSED);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user