hw/scsi/vhost-scsi: don't leak vqs on error

vhost_dev_init calls vhost_dev_cleanup in case of an error during
initialization, which zeroes out the entire vsc->dev as well as the
vsc->dev.vqs pointer. This prevents us from properly freeing it in free_vqs.
Keep a local copy of the pointer so we can free it later.

Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru>
Message-Id: <20211129132358.1110372-1-d-tatianin@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
This commit is contained in:
Daniil Tatianin 2021-11-29 16:23:57 +03:00 committed by Michael S. Tsirkin
parent 14dc58e3e0
commit b259772afc

View File

@ -170,6 +170,7 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp)
Error *err = NULL; Error *err = NULL;
int vhostfd = -1; int vhostfd = -1;
int ret; int ret;
struct vhost_virtqueue *vqs = NULL;
if (!vs->conf.wwpn) { if (!vs->conf.wwpn) {
error_setg(errp, "vhost-scsi: missing wwpn"); error_setg(errp, "vhost-scsi: missing wwpn");
@ -213,7 +214,8 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp)
} }
vsc->dev.nvqs = VHOST_SCSI_VQ_NUM_FIXED + vs->conf.num_queues; vsc->dev.nvqs = VHOST_SCSI_VQ_NUM_FIXED + vs->conf.num_queues;
vsc->dev.vqs = g_new0(struct vhost_virtqueue, vsc->dev.nvqs); vqs = g_new0(struct vhost_virtqueue, vsc->dev.nvqs);
vsc->dev.vqs = vqs;
vsc->dev.vq_index = 0; vsc->dev.vq_index = 0;
vsc->dev.backend_features = 0; vsc->dev.backend_features = 0;
@ -232,7 +234,7 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp)
return; return;
free_vqs: free_vqs:
g_free(vsc->dev.vqs); g_free(vqs);
if (!vsc->migratable) { if (!vsc->migratable) {
migrate_del_blocker(vsc->migration_blocker); migrate_del_blocker(vsc->migration_blocker);
} }