qemu/qom/qom-qmp-cmds.c
Pan Nengyuan 9b6abdcfae qom-qmp-cmds: fix two memleaks in qmp_object_add
'type/id' forgot to free in qmp_object_add, this patch fix that.

The leak stack:
Direct leak of 84 byte(s) in 6 object(s) allocated from:
    #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768)
    #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445)
    #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92)
    #3 0x56344954e692 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:258
    #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132
    #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175
    #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145
    #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234
    #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136

Direct leak of 54 byte(s) in 6 object(s) allocated from:
    #0 0x7fe2a5ebf768 in __interceptor_malloc (/lib64/libasan.so.5+0xef768)
    #1 0x7fe2a5044445 in g_malloc (/lib64/libglib-2.0.so.0+0x52445)
    #2 0x7fe2a505dd92 in g_strdup (/lib64/libglib-2.0.so.0+0x6bd92)
    #3 0x56344954e6c4 in qmp_object_add /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qmp-cmds.c:267
    #4 0x563449960f5a in do_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:132
    #5 0x563449960f5a in qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/qapi/qmp-dispatch.c:175
    #6 0x563449498a30 in monitor_qmp_dispatch /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:145
    #7 0x56344949a64f in monitor_qmp_bh_dispatcher /mnt/sdb/qemu-new/qemu_test/qemu/monitor/qmp.c:234
    #8 0x563449a92a3a in aio_bh_call /mnt/sdb/qemu-new/qemu_test/qemu/util/async.c:136

Fixes: 5f07c4d60d
Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Pan Nengyuan <pannengyuan@huawei.com>
Message-Id: <20200310064640.5059-1-pannengyuan@huawei.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-03-11 15:54:38 +01:00

298 lines
8.3 KiB
C

/*
* QMP commands related to QOM
*
* Copyright IBM, Corp. 2011
*
* Authors:
* Anthony Liguori <aliguori@us.ibm.com>
*
* This work is licensed under the terms of the GNU GPL, version 2. See
* the COPYING file in the top-level directory.
*
* Contributions after 2012-01-13 are licensed under the terms of the
* GNU GPL, version 2 or (at your option) any later version.
*/
#include "qemu/osdep.h"
#include "block/qdict.h"
#include "hw/qdev-core.h"
#include "qapi/error.h"
#include "qapi/qapi-commands-qdev.h"
#include "qapi/qapi-commands-qom.h"
#include "qapi/qmp/qdict.h"
#include "qapi/qmp/qerror.h"
#include "qapi/qobject-input-visitor.h"
#include "qemu/cutils.h"
#include "qom/object_interfaces.h"
#include "qom/qom-qobject.h"
ObjectPropertyInfoList *qmp_qom_list(const char *path, Error **errp)
{
Object *obj;
bool ambiguous = false;
ObjectPropertyInfoList *props = NULL;
ObjectProperty *prop;
ObjectPropertyIterator iter;
obj = object_resolve_path(path, &ambiguous);
if (obj == NULL) {
if (ambiguous) {
error_setg(errp, "Path '%s' is ambiguous", path);
} else {
error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
"Device '%s' not found", path);
}
return NULL;
}
object_property_iter_init(&iter, obj);
while ((prop = object_property_iter_next(&iter))) {
ObjectPropertyInfoList *entry = g_malloc0(sizeof(*entry));
entry->value = g_malloc0(sizeof(ObjectPropertyInfo));
entry->next = props;
props = entry;
entry->value->name = g_strdup(prop->name);
entry->value->type = g_strdup(prop->type);
}
return props;
}
void qmp_qom_set(const char *path, const char *property, QObject *value,
Error **errp)
{
Object *obj;
obj = object_resolve_path(path, NULL);
if (!obj) {
error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
"Device '%s' not found", path);
return;
}
object_property_set_qobject(obj, value, property, errp);
}
QObject *qmp_qom_get(const char *path, const char *property, Error **errp)
{
Object *obj;
obj = object_resolve_path(path, NULL);
if (!obj) {
error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
"Device '%s' not found", path);
return NULL;
}
return object_property_get_qobject(obj, property, errp);
}
static void qom_list_types_tramp(ObjectClass *klass, void *data)
{
ObjectTypeInfoList *e, **pret = data;
ObjectTypeInfo *info;
ObjectClass *parent = object_class_get_parent(klass);
info = g_malloc0(sizeof(*info));
info->name = g_strdup(object_class_get_name(klass));
info->has_abstract = info->abstract = object_class_is_abstract(klass);
if (parent) {
info->has_parent = true;
info->parent = g_strdup(object_class_get_name(parent));
}
e = g_malloc0(sizeof(*e));
e->value = info;
e->next = *pret;
*pret = e;
}
ObjectTypeInfoList *qmp_qom_list_types(bool has_implements,
const char *implements,
bool has_abstract,
bool abstract,
Error **errp)
{
ObjectTypeInfoList *ret = NULL;
object_class_foreach(qom_list_types_tramp, implements, abstract, &ret);
return ret;
}
ObjectPropertyInfoList *qmp_device_list_properties(const char *typename,
Error **errp)
{
ObjectClass *klass;
Object *obj;
ObjectProperty *prop;
ObjectPropertyIterator iter;
ObjectPropertyInfoList *prop_list = NULL;
klass = object_class_by_name(typename);
if (klass == NULL) {
error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
"Device '%s' not found", typename);
return NULL;
}
klass = object_class_dynamic_cast(klass, TYPE_DEVICE);
if (klass == NULL) {
error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "typename", TYPE_DEVICE);
return NULL;
}
if (object_class_is_abstract(klass)) {
error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "typename",
"non-abstract device type");
return NULL;
}
obj = object_new(typename);
object_property_iter_init(&iter, obj);
while ((prop = object_property_iter_next(&iter))) {
ObjectPropertyInfo *info;
ObjectPropertyInfoList *entry;
/* Skip Object and DeviceState properties */
if (strcmp(prop->name, "type") == 0 ||
strcmp(prop->name, "realized") == 0 ||
strcmp(prop->name, "hotpluggable") == 0 ||
strcmp(prop->name, "hotplugged") == 0 ||
strcmp(prop->name, "parent_bus") == 0) {
continue;
}
/* Skip legacy properties since they are just string versions of
* properties that we already list.
*/
if (strstart(prop->name, "legacy-", NULL)) {
continue;
}
info = g_new0(ObjectPropertyInfo, 1);
info->name = g_strdup(prop->name);
info->type = g_strdup(prop->type);
info->has_description = !!prop->description;
info->description = g_strdup(prop->description);
info->default_value = qobject_ref(prop->defval);
info->has_default_value = !!info->default_value;
entry = g_malloc0(sizeof(*entry));
entry->value = info;
entry->next = prop_list;
prop_list = entry;
}
object_unref(obj);
return prop_list;
}
ObjectPropertyInfoList *qmp_qom_list_properties(const char *typename,
Error **errp)
{
ObjectClass *klass;
Object *obj = NULL;
ObjectProperty *prop;
ObjectPropertyIterator iter;
ObjectPropertyInfoList *prop_list = NULL;
klass = object_class_by_name(typename);
if (klass == NULL) {
error_set(errp, ERROR_CLASS_DEVICE_NOT_FOUND,
"Class '%s' not found", typename);
return NULL;
}
klass = object_class_dynamic_cast(klass, TYPE_OBJECT);
if (klass == NULL) {
error_setg(errp, QERR_INVALID_PARAMETER_VALUE, "typename", TYPE_OBJECT);
return NULL;
}
if (object_class_is_abstract(klass)) {
object_class_property_iter_init(&iter, klass);
} else {
obj = object_new(typename);
object_property_iter_init(&iter, obj);
}
while ((prop = object_property_iter_next(&iter))) {
ObjectPropertyInfo *info;
ObjectPropertyInfoList *entry;
info = g_malloc0(sizeof(*info));
info->name = g_strdup(prop->name);
info->type = g_strdup(prop->type);
info->has_description = !!prop->description;
info->description = g_strdup(prop->description);
entry = g_malloc0(sizeof(*entry));
entry->value = info;
entry->next = prop_list;
prop_list = entry;
}
object_unref(obj);
return prop_list;
}
void qmp_object_add(QDict *qdict, QObject **ret_data, Error **errp)
{
QObject *props;
QDict *pdict;
Visitor *v;
Object *obj;
g_autofree char *type = NULL;
g_autofree char *id = NULL;
type = g_strdup(qdict_get_try_str(qdict, "qom-type"));
if (!type) {
error_setg(errp, QERR_MISSING_PARAMETER, "qom-type");
return;
}
qdict_del(qdict, "qom-type");
id = g_strdup(qdict_get_try_str(qdict, "id"));
if (!id) {
error_setg(errp, QERR_MISSING_PARAMETER, "id");
return;
}
qdict_del(qdict, "id");
props = qdict_get(qdict, "props");
if (props) {
pdict = qobject_to(QDict, props);
if (!pdict) {
error_setg(errp, QERR_INVALID_PARAMETER_TYPE, "props", "dict");
return;
}
qobject_ref(pdict);
qdict_del(qdict, "props");
qdict_join(qdict, pdict, false);
if (qdict_size(pdict) != 0) {
error_setg(errp, "Option in 'props' conflicts with top level");
qobject_unref(pdict);
return;
}
qobject_unref(pdict);
}
v = qobject_input_visitor_new(QOBJECT(qdict));
obj = user_creatable_add_type(type, id, qdict, v, errp);
visit_free(v);
if (obj) {
object_unref(obj);
}
*ret_data = QOBJECT(qdict_new());
}
void qmp_object_del(const char *id, Error **errp)
{
user_creatable_del(id, errp);
}