aboutsummaryrefslogtreecommitdiff
path: root/hw
diff options
context:
space:
mode:
authorPeng Liang <liangpeng10@huawei.com>2021-11-17 09:47:39 +0800
committerAlex Williamson <alex.williamson@redhat.com>2021-11-17 11:25:55 -0700
commitf3bc3a73c908df15966e66f88d5a633bd42fd029 (patch)
tree5cb488903ab08148ca94ce3b32d0caf43a36309f /hw
parent3bb87484e77d22cf4e580a78856529c982195d32 (diff)
vfio: Fix memory leak of hostwin
hostwin is allocated and added to hostwin_list in vfio_host_win_add, but it is only deleted from hostwin_list in vfio_host_win_del, which causes a memory leak. Also, freeing all elements in hostwin_list is missing in vfio_disconnect_container. Fix: 2e4109de8e58 ("vfio/spapr: Create DMA window dynamically (SPAPR IOMMU v2)") CC: qemu-stable@nongnu.org Signed-off-by: Peng Liang <liangpeng10@huawei.com> Link: https://lore.kernel.org/r/20211117014739.1839263-1-liangpeng10@huawei.com Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Diffstat (limited to 'hw')
-rw-r--r--hw/vfio/common.c8
1 files changed, 8 insertions, 0 deletions
diff --git a/hw/vfio/common.c b/hw/vfio/common.c
index dd387b0d39..080046e3f5 100644
--- a/hw/vfio/common.c
+++ b/hw/vfio/common.c
@@ -551,6 +551,7 @@ static int vfio_host_win_del(VFIOContainer *container, hwaddr min_iova,
QLIST_FOREACH(hostwin, &container->hostwin_list, hostwin_next) {
if (hostwin->min_iova == min_iova && hostwin->max_iova == max_iova) {
QLIST_REMOVE(hostwin, hostwin_next);
+ g_free(hostwin);
return 0;
}
}
@@ -2239,6 +2240,7 @@ static void vfio_disconnect_container(VFIOGroup *group)
if (QLIST_EMPTY(&container->group_list)) {
VFIOAddressSpace *space = container->space;
VFIOGuestIOMMU *giommu, *tmp;
+ VFIOHostDMAWindow *hostwin, *next;
QLIST_REMOVE(container, next);
@@ -2249,6 +2251,12 @@ static void vfio_disconnect_container(VFIOGroup *group)
g_free(giommu);
}
+ QLIST_FOREACH_SAFE(hostwin, &container->hostwin_list, hostwin_next,
+ next) {
+ QLIST_REMOVE(hostwin, hostwin_next);
+ g_free(hostwin);
+ }
+
trace_vfio_disconnect_container(container->fd);
close(container->fd);
g_free(container);