From patchwork Wed Sep 23 20:23:11 2015 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alex Williamson X-Patchwork-Id: 521833 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from lists.gnu.org (lists.gnu.org [IPv6:2001:4830:134:3::11]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 852BC1401DE for ; Thu, 24 Sep 2015 06:23:58 +1000 (AEST) Received: from localhost ([::1]:50509 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zeqa4-0001HZ-Jm for incoming@patchwork.ozlabs.org; Wed, 23 Sep 2015 16:23:56 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:42684) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZeqZR-0000IB-Sq for qemu-devel@nongnu.org; Wed, 23 Sep 2015 16:23:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZeqZM-00032a-Vi for qemu-devel@nongnu.org; Wed, 23 Sep 2015 16:23:17 -0400 Received: from mx1.redhat.com ([209.132.183.28]:44926) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZeqZM-00032U-Nv for qemu-devel@nongnu.org; Wed, 23 Sep 2015 16:23:12 -0400 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id 508A8C0AD288 for ; Wed, 23 Sep 2015 20:23:12 +0000 (UTC) Received: from gimli.home (ovpn-113-42.phx2.redhat.com [10.3.113.42]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id t8NKNBdk007464; Wed, 23 Sep 2015 16:23:11 -0400 From: Alex Williamson To: qemu-devel@nongnu.org Date: Wed, 23 Sep 2015 14:23:11 -0600 Message-ID: <20150923202311.6569.41046.stgit@gimli.home> In-Reply-To: <20150923202200.6569.64538.stgit@gimli.home> References: <20150923202200.6569.64538.stgit@gimli.home> User-Agent: StGit/0.17.1-dirty MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 209.132.183.28 Subject: [Qemu-devel] [PULL 02/19] vfio/pci: Cleanup vfio_early_setup_msix() error path X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org Sender: qemu-devel-bounces+incoming=patchwork.ozlabs.org@nongnu.org With the addition of the Chelsio quirk we have an error path out of vfio_early_setup_msix() that doesn't free the allocated VFIOMSIXInfo struct. This doesn't introduce a leak as it still gets freed in the vfio_put_device() path, but it's complicated and sloppy to rely on that. Restructure to free the allocated data on error and only link it into the vdev on success. Signed-off-by: Alex Williamson Reported-by: Laszlo Ersek Reviewed-by: Laszlo Ersek --- hw/vfio/pci.c | 27 +++++++++++++-------------- 1 file changed, 13 insertions(+), 14 deletions(-) diff --git a/hw/vfio/pci.c b/hw/vfio/pci.c index 77f92f1..839751d 100644 --- a/hw/vfio/pci.c +++ b/hw/vfio/pci.c @@ -2203,6 +2203,7 @@ static int vfio_early_setup_msix(VFIOPCIDevice *vdev) uint16_t ctrl; uint32_t table, pba; int fd = vdev->vbasedev.fd; + VFIOMSIXInfo *msix; pos = pci_find_capability(&vdev->pdev, PCI_CAP_ID_MSIX); if (!pos) { @@ -2228,21 +2229,19 @@ static int vfio_early_setup_msix(VFIOPCIDevice *vdev) table = le32_to_cpu(table); pba = le32_to_cpu(pba); - vdev->msix = g_malloc0(sizeof(*(vdev->msix))); - vdev->msix->table_bar = table & PCI_MSIX_FLAGS_BIRMASK; - vdev->msix->table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK; - vdev->msix->pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK; - vdev->msix->pba_offset = pba & ~PCI_MSIX_FLAGS_BIRMASK; - vdev->msix->entries = (ctrl & PCI_MSIX_FLAGS_QSIZE) + 1; + msix = g_malloc0(sizeof(*msix)); + msix->table_bar = table & PCI_MSIX_FLAGS_BIRMASK; + msix->table_offset = table & ~PCI_MSIX_FLAGS_BIRMASK; + msix->pba_bar = pba & PCI_MSIX_FLAGS_BIRMASK; + msix->pba_offset = pba & ~PCI_MSIX_FLAGS_BIRMASK; + msix->entries = (ctrl & PCI_MSIX_FLAGS_QSIZE) + 1; /* * Test the size of the pba_offset variable and catch if it extends outside * of the specified BAR. If it is the case, we need to apply a hardware * specific quirk if the device is known or we have a broken configuration. */ - if (vdev->msix->pba_offset >= - vdev->bars[vdev->msix->pba_bar].region.size) { - + if (msix->pba_offset >= vdev->bars[msix->pba_bar].region.size) { PCIDevice *pdev = &vdev->pdev; uint16_t vendor = pci_get_word(pdev->config + PCI_VENDOR_ID); uint16_t device = pci_get_word(pdev->config + PCI_DEVICE_ID); @@ -2254,18 +2253,18 @@ static int vfio_early_setup_msix(VFIOPCIDevice *vdev) * is 0x1000, so we hard code that here. */ if (vendor == PCI_VENDOR_ID_CHELSIO && (device & 0xff00) == 0x5800) { - vdev->msix->pba_offset = 0x1000; + msix->pba_offset = 0x1000; } else { error_report("vfio: Hardware reports invalid configuration, " "MSIX PBA outside of specified BAR"); + g_free(msix); return -EINVAL; } } - trace_vfio_early_setup_msix(vdev->vbasedev.name, pos, - vdev->msix->table_bar, - vdev->msix->table_offset, - vdev->msix->entries); + trace_vfio_early_setup_msix(vdev->vbasedev.name, pos, msix->table_bar, + msix->table_offset, msix->entries); + vdev->msix = msix; return 0; }