From patchwork Wed Oct 29 14:07:02 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Nikita Belov <zodiac@ispras.ru>
X-Patchwork-Id: 404718
Return-Path: <qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11])
	(using TLSv1 with cipher AES256-SHA (256/256 bits))
	(No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 0DF2A140096
	for <incoming@patchwork.ozlabs.org>;
	Thu, 30 Oct 2014 03:53:13 +1100 (AEDT)
Received: from localhost ([::1]:47573 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org>)
	id 1XjWUg-0002GJ-IA
	for incoming@patchwork.ozlabs.org; Wed, 29 Oct 2014 12:53:10 -0400
Received: from eggs.gnu.org ([2001:4830:134:3::10]:59820)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <zodiac@ispras.ru>) id 1XjUs9-0005u8-NC
	for qemu-devel@nongnu.org; Wed, 29 Oct 2014 11:09:23 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <zodiac@ispras.ru>) id 1XjUs3-0003FE-ER
	for qemu-devel@nongnu.org; Wed, 29 Oct 2014 11:09:17 -0400
Received: from smtp.ispras.ru ([83.149.199.79]:59599)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <zodiac@ispras.ru>) id 1XjUs3-0003F6-7K
	for qemu-devel@nongnu.org; Wed, 29 Oct 2014 11:09:11 -0400
Received: from localhost.localdomain (unknown [83.149.199.91])
	by smtp.ispras.ru (Postfix) with ESMTP id 83464224A7;
	Wed, 29 Oct 2014 19:09:10 +0400 (MSK)
From: Nikita Belov <zodiac@ispras.ru>
To: qemu-devel@nongnu.org
Date: Wed, 29 Oct 2014 18:07:02 +0400
Message-Id: <1414591622-5620-1-git-send-email-zodiac@ispras.ru>
X-Mailer: git-send-email 1.8.5.2.msysgit.0
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x
X-Received-From: 83.149.199.79
X-Mailman-Approved-At: Wed, 29 Oct 2014 12:52:40 -0400
Cc: Kirill Batuzov <batuzovk@ispras.ru>, Nikita Belov <zodiac@ispras.ru>,
	Vasily Efimov <real@ispras.ru>, "Michael S. Tsirkin" <mst@redhat.com>
Subject: [Qemu-devel] [PATCH] hw/i386/acpi-build.c: Fix memory leak in
	acpi_build_tables_cleanup()
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org
Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org

There are three ACPI tables: 'linker_data', 'rsdp' and 'table_data'. They are
used differently. Two of them are being copied before using and only the copy
is used later. But the third is used directly. Because of that we need to free
two tables completely and delete only wrapper for the third one.

Valgrind output:
==23931== 131,072 bytes in 1 blocks are definitely lost in loss record 7,729 of 7,734
==23931==    at 0x4C2CE8E: realloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==23931==    by 0x2EA920: realloc_and_trace (vl.c:2811)
==23931==    by 0x509E6AE: g_realloc (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==23931==    by 0x506DB32: ??? (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==23931==    by 0x506E463: g_array_set_size (in /lib/x86_64-linux-gnu/libglib-2.0.so.0.4000.0)
==23931==    by 0x256A4F: acpi_align_size (acpi-build.c:487)
==23931==    by 0x259F92: acpi_build (acpi-build.c:1601)
==23931==    by 0x25A212: acpi_setup (acpi-build.c:1682)
==23931==    by 0x24F346: pc_guest_info_machine_done (pc.c:1110)
==23931==    by 0x55FAAB: notifier_list_notify (notify.c:39)
==23931==    by 0x2EA704: qemu_run_machine_init_done_notifiers (vl.c:2759)
==23931==    by 0x2EEC3C: main (vl.c:4504)

Signed-off-by: Nikita Belov <zodiac@ispras.ru>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
---
 hw/i386/acpi-build.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

--
1.9.0.msysgit.0

diff --git a/hw/i386/acpi-build.c b/hw/i386/acpi-build.c
index 00be4bb..c1778db 100644
--- a/hw/i386/acpi-build.c
+++ b/hw/i386/acpi-build.c
@@ -1498,11 +1498,9 @@ static inline void acpi_build_tables_init(AcpiBuildTables *tables)
 static inline void acpi_build_tables_cleanup(AcpiBuildTables *tables, bool mfre)
 {
     void *linker_data = bios_linker_loader_cleanup(tables->linker);
-    if (mfre) {
-        g_free(linker_data);
-    }
+    g_free(linker_data);
     g_array_free(tables->rsdp, mfre);
-    g_array_free(tables->table_data, mfre);
+    g_array_free(tables->table_data, true);
 }

 typedef