diff mbox series

vfio/iommufd: Fix memory leak

Message ID 20240313210628.786224-1-clg@redhat.com
State New
Headers show
Series vfio/iommufd: Fix memory leak | expand

Commit Message

Cédric Le Goater March 13, 2024, 9:06 p.m. UTC 
Make sure variable contents is freed if scanf fails.

Cc: Eric Auger <eric.auger@redhat.com>
Cc: Yi Liu <yi.l.liu@intel.com>
Cc: Zhenzhong Duan <zhenzhong.duan@intel.com>
Fixes: CID 1540007
Fixes: 5ee3dc7af785 ("vfio/iommufd: Implement the iommufd backend")
Signed-off-by: Cédric Le Goater <clg@redhat.com>
---
 hw/vfio/iommufd.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

Comments

Eric Auger March 13, 2024, 9:11 p.m. UTC | #1 
On 3/13/24 22:06, Cédric Le Goater wrote:
> Make sure variable contents is freed if scanf fails.
>
> Cc: Eric Auger <eric.auger@redhat.com>
> Cc: Yi Liu <yi.l.liu@intel.com>
> Cc: Zhenzhong Duan <zhenzhong.duan@intel.com>
> Fixes: CID 1540007
> Fixes: 5ee3dc7af785 ("vfio/iommufd: Implement the iommufd backend")
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>

Thanks!

Eric
> ---
>  hw/vfio/iommufd.c | 5 +++--
>  1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
> index a75a785e90c64cdcc4d10c88d217801b3f536cdb..cd549e0ee8573e75772c51cc96153762a6bc8550 100644
> --- a/hw/vfio/iommufd.c
> +++ b/hw/vfio/iommufd.c
> @@ -152,9 +152,8 @@ static int iommufd_cdev_getfd(const char *sysfs_path, Error **errp)
>  
>      if (sscanf(contents, "%d:%d", &major, &minor) != 2) {
>          error_setg(errp, "failed to get major:minor for \"%s\"", vfio_dev_path);
> -        goto out_free_dev_path;
> +        goto out_free_contents;
>      }
> -    g_free(contents);
>      vfio_devt = makedev(major, minor);
>  
>      vfio_path = g_strdup_printf("/dev/vfio/devices/%s", dent->d_name);
> @@ -166,6 +165,8 @@ static int iommufd_cdev_getfd(const char *sysfs_path, Error **errp)
>      trace_iommufd_cdev_getfd(vfio_path, ret);
>      g_free(vfio_path);
>  
> +out_free_contents:
> +    g_free(contents);
>  out_free_dev_path:
>      g_free(vfio_dev_path);
>  out_close_dir:
Yi Liu March 14, 2024, 3:25 a.m. UTC | #2 
On 2024/3/14 05:06, Cédric Le Goater wrote:
> Make sure variable contents is freed if scanf fails.
> 
> Cc: Eric Auger <eric.auger@redhat.com>
> Cc: Yi Liu <yi.l.liu@intel.com>
> Cc: Zhenzhong Duan <zhenzhong.duan@intel.com>
> Fixes: CID 1540007
> Fixes: 5ee3dc7af785 ("vfio/iommufd: Implement the iommufd backend")
> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> ---
>   hw/vfio/iommufd.c | 5 +++--
>   1 file changed, 3 insertions(+), 2 deletions(-)
> 
> diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
> index a75a785e90c64cdcc4d10c88d217801b3f536cdb..cd549e0ee8573e75772c51cc96153762a6bc8550 100644
> --- a/hw/vfio/iommufd.c
> +++ b/hw/vfio/iommufd.c
> @@ -152,9 +152,8 @@ static int iommufd_cdev_getfd(const char *sysfs_path, Error **errp)
>   
>       if (sscanf(contents, "%d:%d", &major, &minor) != 2) {
>           error_setg(errp, "failed to get major:minor for \"%s\"", vfio_dev_path);
> -        goto out_free_dev_path;
> +        goto out_free_contents;
>       }
> -    g_free(contents);
>       vfio_devt = makedev(major, minor);
>   
>       vfio_path = g_strdup_printf("/dev/vfio/devices/%s", dent->d_name);
> @@ -166,6 +165,8 @@ static int iommufd_cdev_getfd(const char *sysfs_path, Error **errp)
>       trace_iommufd_cdev_getfd(vfio_path, ret);
>       g_free(vfio_path);
>   
> +out_free_contents:
> +    g_free(contents);
>   out_free_dev_path:
>       g_free(vfio_dev_path);
>   out_close_dir:

good catch.

Reviewed-by: Yi Liu <yi.l.liu@intel.com>
Duan, Zhenzhong March 14, 2024, 3:31 a.m. UTC | #3 
>-----Original Message-----
>From: Cédric Le Goater <clg@redhat.com>
>Sent: Thursday, March 14, 2024 5:06 AM
>To: qemu-devel@nongnu.org
>Cc: Alex Williamson <alex.williamson@redhat.com>; Cédric Le Goater
><clg@redhat.com>; Eric Auger <eric.auger@redhat.com>; Liu, Yi L
><yi.l.liu@intel.com>; Duan, Zhenzhong <zhenzhong.duan@intel.com>
>Subject: [PATCH] vfio/iommufd: Fix memory leak
>
>Make sure variable contents is freed if scanf fails.
>
>Cc: Eric Auger <eric.auger@redhat.com>
>Cc: Yi Liu <yi.l.liu@intel.com>
>Cc: Zhenzhong Duan <zhenzhong.duan@intel.com>
>Fixes: CID 1540007
>Fixes: 5ee3dc7af785 ("vfio/iommufd: Implement the iommufd backend")
>Signed-off-by: Cédric Le Goater <clg@redhat.com>

Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>

Unrelated to this patch, I see there are four g_free calls, not clear if it's deserved
to cleanup with g_autofree.

Thanks
Zhenzhong

>---
> hw/vfio/iommufd.c | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
>diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
>index
>a75a785e90c64cdcc4d10c88d217801b3f536cdb..cd549e0ee8573e75772c5
>1cc96153762a6bc8550 100644
>--- a/hw/vfio/iommufd.c
>+++ b/hw/vfio/iommufd.c
>@@ -152,9 +152,8 @@ static int iommufd_cdev_getfd(const char
>*sysfs_path, Error **errp)
>
>     if (sscanf(contents, "%d:%d", &major, &minor) != 2) {
>         error_setg(errp, "failed to get major:minor for \"%s\"", vfio_dev_path);
>-        goto out_free_dev_path;
>+        goto out_free_contents;
>     }
>-    g_free(contents);
>     vfio_devt = makedev(major, minor);
>
>     vfio_path = g_strdup_printf("/dev/vfio/devices/%s", dent->d_name);
>@@ -166,6 +165,8 @@ static int iommufd_cdev_getfd(const char
>*sysfs_path, Error **errp)
>     trace_iommufd_cdev_getfd(vfio_path, ret);
>     g_free(vfio_path);
>
>+out_free_contents:
>+    g_free(contents);
> out_free_dev_path:
>     g_free(vfio_dev_path);
> out_close_dir:
>--
>2.44.0
Cédric Le Goater March 14, 2024, 8:22 a.m. UTC | #4 
On 3/14/24 04:31, Duan, Zhenzhong wrote:
> 
> 
>> -----Original Message-----
>> From: Cédric Le Goater <clg@redhat.com>
>> Sent: Thursday, March 14, 2024 5:06 AM
>> To: qemu-devel@nongnu.org
>> Cc: Alex Williamson <alex.williamson@redhat.com>; Cédric Le Goater
>> <clg@redhat.com>; Eric Auger <eric.auger@redhat.com>; Liu, Yi L
>> <yi.l.liu@intel.com>; Duan, Zhenzhong <zhenzhong.duan@intel.com>
>> Subject: [PATCH] vfio/iommufd: Fix memory leak
>>
>> Make sure variable contents is freed if scanf fails.
>>
>> Cc: Eric Auger <eric.auger@redhat.com>
>> Cc: Yi Liu <yi.l.liu@intel.com>
>> Cc: Zhenzhong Duan <zhenzhong.duan@intel.com>
>> Fixes: CID 1540007
>> Fixes: 5ee3dc7af785 ("vfio/iommufd: Implement the iommufd backend")
>> Signed-off-by: Cédric Le Goater <clg@redhat.com>
> 
> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
> 
> Unrelated to this patch, I see there are four g_free calls, not clear if it's deserved
> to cleanup with g_autofree.

Ah yes. This is much better indeed.


Thanks,

C.
diff mbox series

Patch

diff --git a/hw/vfio/iommufd.c b/hw/vfio/iommufd.c
index a75a785e90c64cdcc4d10c88d217801b3f536cdb..cd549e0ee8573e75772c51cc96153762a6bc8550 100644
--- a/hw/vfio/iommufd.c
+++ b/hw/vfio/iommufd.c
@@ -152,9 +152,8 @@  static int iommufd_cdev_getfd(const char *sysfs_path, Error **errp)
 
     if (sscanf(contents, "%d:%d", &major, &minor) != 2) {
         error_setg(errp, "failed to get major:minor for \"%s\"", vfio_dev_path);
-        goto out_free_dev_path;
+        goto out_free_contents;
     }
-    g_free(contents);
     vfio_devt = makedev(major, minor);
 
     vfio_path = g_strdup_printf("/dev/vfio/devices/%s", dent->d_name);
@@ -166,6 +165,8 @@  static int iommufd_cdev_getfd(const char *sysfs_path, Error **errp)
     trace_iommufd_cdev_getfd(vfio_path, ret);
     g_free(vfio_path);
 
+out_free_contents:
+    g_free(contents);
 out_free_dev_path:
     g_free(vfio_dev_path);
 out_close_dir: