aboutsummaryrefslogtreecommitdiff
path: root/block
diff options
context:
space:
mode:
authorStefan Hajnoczi <stefanha@redhat.com>2014-05-08 16:34:48 +0200
committerStefan Hajnoczi <stefanha@redhat.com>2014-06-04 09:56:11 +0200
commitabd269b7cf1f084a067731acb8f3272c193cb5f0 (patch)
tree62f15b0771a9e495eb90be2621e0c3df23060c6a /block
parentc2f3426c9bba0195b15a919587f794b110a2dcfc (diff)
block/linux-aio: fix memory and fd leak
Hot unplugging -drive aio=native,file=test.img,format=raw images leaves the Linux AIO event notifier and struct qemu_laio_state allocated. Luckily nothing will use the event notifier after the BlockDriverState has been closed so the handler function is never called. It's still worth fixing this resource leak. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Diffstat (limited to 'block')
-rw-r--r--block/linux-aio.c8
-rw-r--r--block/raw-aio.h1
-rw-r--r--block/raw-posix.c5
3 files changed, 14 insertions, 0 deletions
diff --git a/block/linux-aio.c b/block/linux-aio.c
index 7ff3897fec..f0a2c087b2 100644
--- a/block/linux-aio.c
+++ b/block/linux-aio.c
@@ -212,3 +212,11 @@ out_free_state:
g_free(s);
return NULL;
}
+
+void laio_cleanup(void *s_)
+{
+ struct qemu_laio_state *s = s_;
+
+ event_notifier_cleanup(&s->e);
+ g_free(s);
+}
diff --git a/block/raw-aio.h b/block/raw-aio.h
index 9a761eeade..55e0ccc6ed 100644
--- a/block/raw-aio.h
+++ b/block/raw-aio.h
@@ -34,6 +34,7 @@
/* linux-aio.c - Linux native implementation */
#ifdef CONFIG_LINUX_AIO
void *laio_init(void);
+void laio_cleanup(void *s);
BlockDriverAIOCB *laio_submit(BlockDriverState *bs, void *aio_ctx, int fd,
int64_t sector_num, QEMUIOVector *qiov, int nb_sectors,
BlockDriverCompletionFunc *cb, void *opaque, int type);
diff --git a/block/raw-posix.c b/block/raw-posix.c
index cce10a45a8..ffdb1763f8 100644
--- a/block/raw-posix.c
+++ b/block/raw-posix.c
@@ -1087,6 +1087,11 @@ static void raw_close(BlockDriverState *bs)
raw_detach_aio_context(bs);
+#ifdef CONFIG_LINUX_AIO
+ if (s->use_aio) {
+ laio_cleanup(s->aio_ctx);
+ }
+#endif
if (s->fd >= 0) {
qemu_close(s->fd);
s->fd = -1;