Message ID | 20170525035132.24268-14-david@gibson.dropbear.id.au |
---|---|
State | New |
Headers | show |
On 25 May 2017 at 04:51, David Gibson <david@gibson.dropbear.id.au> wrote: > From: Laurent Vivier <lvivier@redhat.com> > > This allows to manage errors before the memory > has started to be hotplugged. We already have > the function for the CPU cores. > +static void spapr_memory_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev, > + Error **errp) > +{ > + PCDIMMDevice *dimm = PC_DIMM(dev); > + PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm); > + MemoryRegion *mr = ddc->get_memory_region(dimm); > + uint64_t size = memory_region_size(mr); > + char *mem_dev; > + > + if (size % SPAPR_MEMORY_BLOCK_SIZE) { > + error_setg(errp, "Hotplugged memory size must be a multiple of " > + "%lld MB", SPAPR_MEMORY_BLOCK_SIZE / M_BYTE); > + return; > + } > + > + mem_dev = object_property_get_str(OBJECT(dimm), PC_DIMM_MEMDEV_PROP, NULL); > + if (mem_dev && !kvmppc_is_mem_backend_page_size_ok(mem_dev)) { > + error_setg(errp, "Memory backend has bad page size. " > + "Use 'memory-backend-file' with correct mem-path."); > + return; > + } > +} Coverity points out that this leaks memory -- object_property_get_str() returns a copy of a string which the caller is supposed to free, but this code doesn't free it. (CID 1375942.) thanks -- PMM
On Tue, 6 Jun 2017 16:00:32 +0100 Peter Maydell <peter.maydell@linaro.org> wrote: > On 25 May 2017 at 04:51, David Gibson <david@gibson.dropbear.id.au> wrote: > > From: Laurent Vivier <lvivier@redhat.com> > > > > This allows to manage errors before the memory > > has started to be hotplugged. We already have > > the function for the CPU cores. > > > +static void spapr_memory_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev, > > + Error **errp) > > +{ > > + PCDIMMDevice *dimm = PC_DIMM(dev); > > + PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm); > > + MemoryRegion *mr = ddc->get_memory_region(dimm); > > + uint64_t size = memory_region_size(mr); > > + char *mem_dev; > > + > > + if (size % SPAPR_MEMORY_BLOCK_SIZE) { > > + error_setg(errp, "Hotplugged memory size must be a multiple of " > > + "%lld MB", SPAPR_MEMORY_BLOCK_SIZE / M_BYTE); > > + return; > > + } > > + > > + mem_dev = object_property_get_str(OBJECT(dimm), PC_DIMM_MEMDEV_PROP, NULL); > > + if (mem_dev && !kvmppc_is_mem_backend_page_size_ok(mem_dev)) { > > + error_setg(errp, "Memory backend has bad page size. " > > + "Use 'memory-backend-file' with correct mem-path."); > > + return; > > + } > > +} > > Coverity points out that this leaks memory -- object_property_get_str() > returns a copy of a string which the caller is supposed to free, but > this code doesn't free it. (CID 1375942.) > Yeah, I've received the Coverity report as well. This is a regression introduced in 2.9 by commit df58713396f8 ("hw/ppc/spapr: Check for valid page size when hot plugging memory") actually. The same commit also introduces a similar leak in kvmppc_is_mem_backend_page_size_ok(). I'm about to send a series to fix both. Cheers. -- Greg > thanks > -- PMM >
diff --git a/hw/ppc/spapr.c b/hw/ppc/spapr.c index bcb0e18..3760d37 100644 --- a/hw/ppc/spapr.c +++ b/hw/ppc/spapr.c @@ -2578,20 +2578,6 @@ static void spapr_memory_plug(HotplugHandler *hotplug_dev, DeviceState *dev, uint64_t align = memory_region_get_alignment(mr); uint64_t size = memory_region_size(mr); uint64_t addr; - char *mem_dev; - - if (size % SPAPR_MEMORY_BLOCK_SIZE) { - error_setg(&local_err, "Hotplugged memory size must be a multiple of " - "%lld MB", SPAPR_MEMORY_BLOCK_SIZE/M_BYTE); - goto out; - } - - mem_dev = object_property_get_str(OBJECT(dimm), PC_DIMM_MEMDEV_PROP, NULL); - if (mem_dev && !kvmppc_is_mem_backend_page_size_ok(mem_dev)) { - error_setg(&local_err, "Memory backend has bad page size. " - "Use 'memory-backend-file' with correct mem-path."); - goto out; - } pc_dimm_memory_plug(dev, &ms->hotplug_memory, mr, align, &local_err); if (local_err) { @@ -2612,6 +2598,29 @@ out: error_propagate(errp, local_err); } +static void spapr_memory_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev, + Error **errp) +{ + PCDIMMDevice *dimm = PC_DIMM(dev); + PCDIMMDeviceClass *ddc = PC_DIMM_GET_CLASS(dimm); + MemoryRegion *mr = ddc->get_memory_region(dimm); + uint64_t size = memory_region_size(mr); + char *mem_dev; + + if (size % SPAPR_MEMORY_BLOCK_SIZE) { + error_setg(errp, "Hotplugged memory size must be a multiple of " + "%lld MB", SPAPR_MEMORY_BLOCK_SIZE / M_BYTE); + return; + } + + mem_dev = object_property_get_str(OBJECT(dimm), PC_DIMM_MEMDEV_PROP, NULL); + if (mem_dev && !kvmppc_is_mem_backend_page_size_ok(mem_dev)) { + error_setg(errp, "Memory backend has bad page size. " + "Use 'memory-backend-file' with correct mem-path."); + return; + } +} + typedef struct sPAPRDIMMState { uint32_t nr_lmbs; } sPAPRDIMMState; @@ -3006,7 +3015,9 @@ static void spapr_machine_device_unplug_request(HotplugHandler *hotplug_dev, static void spapr_machine_device_pre_plug(HotplugHandler *hotplug_dev, DeviceState *dev, Error **errp) { - if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_CPU_CORE)) { + if (object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) { + spapr_memory_pre_plug(hotplug_dev, dev, errp); + } else if (object_dynamic_cast(OBJECT(dev), TYPE_SPAPR_CPU_CORE)) { spapr_core_pre_plug(hotplug_dev, dev, errp); } }