From ba07cf5d3f58be697700b67d24e6277a7822b629 Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Tue, 25 Feb 2020 15:55:51 +0800 Subject: vhost-user-fs: do delete virtio_queues in unrealize Similar to other virtio device(https://patchwork.kernel.org/patch/11399237/), virtio queues forgot to delete in unrealize, and aslo error path in realize, this patch fix these memleaks, the leak stack is as follow: Direct leak of 57344 byte(s) in 1 object(s) allocated from: #0 0x7f15784fb970 in __interceptor_calloc (/lib64/libasan.so.5+0xef970) #1 0x7f157790849d in g_malloc0 (/lib64/libglib-2.0.so.0+0x5249d) #2 0x55587a1bf859 in virtio_add_queue /mnt/sdb/qemu-new/qemu_test/qemu/hw/virtio/virtio.c:2333 #3 0x55587a2071d5 in vuf_device_realize /mnt/sdb/qemu-new/qemu_test/qemu/hw/virtio/vhost-user-fs.c:212 #4 0x55587a1ae360 in virtio_device_realize /mnt/sdb/qemu-new/qemu_test/qemu/hw/virtio/virtio.c:3531 #5 0x55587a63fb7b in device_set_realized /mnt/sdb/qemu-new/qemu_test/qemu/hw/core/qdev.c:891 #6 0x55587acf03f5 in property_set_bool /mnt/sdb/qemu-new/qemu_test/qemu/qom/object.c:2238 #7 0x55587acfce0d in object_property_set_qobject /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qobject.c:26 #8 0x55587acf5c8c in object_property_set_bool /mnt/sdb/qemu-new/qemu_test/qemu/qom/object.c:1390 #9 0x55587a8e22a2 in pci_qdev_realize /mnt/sdb/qemu-new/qemu_test/qemu/hw/pci/pci.c:2095 #10 0x55587a63fb7b in device_set_realized /mnt/sdb/qemu-new/qemu_test/qemu/hw/core/qdev.c:891 #11 0x55587acf03f5 in property_set_bool /mnt/sdb/qemu-new/qemu_test/qemu/qom/object.c:2238 #12 0x55587acfce0d in object_property_set_qobject /mnt/sdb/qemu-new/qemu_test/qemu/qom/qom-qobject.c:26 #13 0x55587acf5c8c in object_property_set_bool /mnt/sdb/qemu-new/qemu_test/qemu/qom/object.c:1390 #14 0x55587a496d65 in qdev_device_add /mnt/sdb/qemu-new/qemu_test/qemu/qdev-monitor.c:679 Reported-by: Euler Robot Signed-off-by: Pan Nengyuan Cc: "Dr. David Alan Gilbert" Cc: Stefan Hajnoczi Message-Id: <20200225075554.10835-2-pannengyuan@huawei.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/virtio/vhost-user-fs.c | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'hw/virtio/vhost-user-fs.c') diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c index 33b17848c2..4554d123b7 100644 --- a/hw/virtio/vhost-user-fs.c +++ b/hw/virtio/vhost-user-fs.c @@ -230,6 +230,10 @@ static void vuf_device_realize(DeviceState *dev, Error **errp) err_virtio: vhost_user_cleanup(&fs->vhost_user); + virtio_del_queue(vdev, 0); + for (i = 0; i < fs->conf.num_request_queues; i++) { + virtio_del_queue(vdev, i + 1); + } virtio_cleanup(vdev); g_free(fs->vhost_dev.vqs); return; @@ -239,6 +243,7 @@ static void vuf_device_unrealize(DeviceState *dev, Error **errp) { VirtIODevice *vdev = VIRTIO_DEVICE(dev); VHostUserFS *fs = VHOST_USER_FS(dev); + int i; /* This will stop vhost backend if appropriate. */ vuf_set_status(vdev, 0); @@ -247,6 +252,10 @@ static void vuf_device_unrealize(DeviceState *dev, Error **errp) vhost_user_cleanup(&fs->vhost_user); + virtio_del_queue(vdev, 0); + for (i = 0; i < fs->conf.num_request_queues; i++) { + virtio_del_queue(vdev, i + 1); + } virtio_cleanup(vdev); g_free(fs->vhost_dev.vqs); fs->vhost_dev.vqs = NULL; -- cgit 1.4.1 From 2e5bc65935ddf8ee152c1317a3d3bb4bb73e727d Mon Sep 17 00:00:00 2001 From: Pan Nengyuan Date: Tue, 25 Feb 2020 15:55:52 +0800 Subject: vhost-user-fs: convert to the new virtio_delete_queue function use the new virtio_delete_queue function to cleanup. Signed-off-by: Pan Nengyuan Cc: "Dr. David Alan Gilbert" Cc: Stefan Hajnoczi Message-Id: <20200225075554.10835-3-pannengyuan@huawei.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/virtio/vhost-user-fs.c | 15 +++++++++------ include/hw/virtio/vhost-user-fs.h | 2 ++ 2 files changed, 11 insertions(+), 6 deletions(-) (limited to 'hw/virtio/vhost-user-fs.c') diff --git a/hw/virtio/vhost-user-fs.c b/hw/virtio/vhost-user-fs.c index 4554d123b7..6136768875 100644 --- a/hw/virtio/vhost-user-fs.c +++ b/hw/virtio/vhost-user-fs.c @@ -209,11 +209,12 @@ static void vuf_device_realize(DeviceState *dev, Error **errp) sizeof(struct virtio_fs_config)); /* Hiprio queue */ - virtio_add_queue(vdev, fs->conf.queue_size, vuf_handle_output); + fs->hiprio_vq = virtio_add_queue(vdev, fs->conf.queue_size, vuf_handle_output); /* Request queues */ + fs->req_vqs = g_new(VirtQueue *, fs->conf.num_request_queues); for (i = 0; i < fs->conf.num_request_queues; i++) { - virtio_add_queue(vdev, fs->conf.queue_size, vuf_handle_output); + fs->req_vqs[i] = virtio_add_queue(vdev, fs->conf.queue_size, vuf_handle_output); } /* 1 high prio queue, plus the number configured */ @@ -230,10 +231,11 @@ static void vuf_device_realize(DeviceState *dev, Error **errp) err_virtio: vhost_user_cleanup(&fs->vhost_user); - virtio_del_queue(vdev, 0); + virtio_delete_queue(fs->hiprio_vq); for (i = 0; i < fs->conf.num_request_queues; i++) { - virtio_del_queue(vdev, i + 1); + virtio_delete_queue(fs->req_vqs[i]); } + g_free(fs->req_vqs); virtio_cleanup(vdev); g_free(fs->vhost_dev.vqs); return; @@ -252,10 +254,11 @@ static void vuf_device_unrealize(DeviceState *dev, Error **errp) vhost_user_cleanup(&fs->vhost_user); - virtio_del_queue(vdev, 0); + virtio_delete_queue(fs->hiprio_vq); for (i = 0; i < fs->conf.num_request_queues; i++) { - virtio_del_queue(vdev, i + 1); + virtio_delete_queue(fs->req_vqs[i]); } + g_free(fs->req_vqs); virtio_cleanup(vdev); g_free(fs->vhost_dev.vqs); fs->vhost_dev.vqs = NULL; diff --git a/include/hw/virtio/vhost-user-fs.h b/include/hw/virtio/vhost-user-fs.h index 9ff1bdb7cf..6f3030d288 100644 --- a/include/hw/virtio/vhost-user-fs.h +++ b/include/hw/virtio/vhost-user-fs.h @@ -37,6 +37,8 @@ typedef struct { struct vhost_virtqueue *vhost_vqs; struct vhost_dev vhost_dev; VhostUserState vhost_user; + VirtQueue **req_vqs; + VirtQueue *hiprio_vq; /*< public >*/ } VHostUserFS; -- cgit 1.4.1