Message ID | 20180103180805.18140-8-f4bug@amsat.org |
---|---|
State | Superseded, archived |
Headers | show |
Series | SDHCI: housekeeping | expand |
On Wed, Jan 3, 2018 at 10:07 AM, Philippe Mathieu-Daudé <f4bug@amsat.org> wrote: > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > --- > hw/sd/sdhci.c | 25 ++++++++++++++++++++++--- > 1 file changed, 22 insertions(+), 3 deletions(-) > > diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c > index b3dbd994fd..089961bd66 100644 > --- a/hw/sd/sdhci.c > +++ b/hw/sd/sdhci.c > @@ -31,6 +31,7 @@ > #include "qemu/bitops.h" > #include "hw/sd/sdhci.h" > #include "sdhci-internal.h" > +#include "qapi/error.h" > #include "qemu/log.h" > > /* host controller debug messages */ > @@ -1203,15 +1204,23 @@ static void sdhci_common_realize(SDHCIState *s, Error **errp) > SDHC_REGISTERS_MAP_SIZE); > } > > +static void sdhci_common_unrealize(SDHCIState *s, Error **errp) > +{ > + /* This function is expected to be called only once for each class: > + * - SysBus: via DeviceClass->unrealize(), > + * - PCI: via PCIDeviceClass->exit(). > + * However to avoid double-free and/or use-after-free we still nullify > + * this variable (better safe than sorry!). */ > + g_free(s->fifo_buffer); > + s->fifo_buffer = NULL; Can we assert() on s->fifo_buffer? That way if we are double freeing it can be caught by developers. Alistair > +} > + > static void sdhci_uninitfn(SDHCIState *s) > { > timer_del(s->insert_timer); > timer_free(s->insert_timer); > timer_del(s->transfer_timer); > timer_free(s->transfer_timer); > - > - g_free(s->fifo_buffer); > - s->fifo_buffer = NULL; > } > > static bool sdhci_pending_insert_vmstate_needed(void *opaque) > @@ -1315,6 +1324,8 @@ static void sdhci_pci_realize(PCIDevice *dev, Error **errp) > static void sdhci_pci_exit(PCIDevice *dev) > { > SDHCIState *s = PCI_SDHCI(dev); > + > + sdhci_common_unrealize(s, &error_abort); > sdhci_uninitfn(s); > } > > @@ -1371,11 +1382,19 @@ static void sdhci_sysbus_realize(DeviceState *dev, Error ** errp) > sysbus_init_mmio(sbd, &s->iomem); > } > > +static void sdhci_sysbus_unrealize(DeviceState *dev, Error **errp) > +{ > + SDHCIState *s = SYSBUS_SDHCI(dev); > + > + sdhci_common_unrealize(s, &error_abort); > +} > + > static void sdhci_sysbus_class_init(ObjectClass *klass, void *data) > { > DeviceClass *dc = DEVICE_CLASS(klass); > > dc->realize = sdhci_sysbus_realize; > + dc->unrealize = sdhci_sysbus_unrealize; > > sdhci_common_class_init(klass, data); > } > -- > 2.15.1 > >
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index b3dbd994fd..089961bd66 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -31,6 +31,7 @@ #include "qemu/bitops.h" #include "hw/sd/sdhci.h" #include "sdhci-internal.h" +#include "qapi/error.h" #include "qemu/log.h" /* host controller debug messages */ @@ -1203,15 +1204,23 @@ static void sdhci_common_realize(SDHCIState *s, Error **errp) SDHC_REGISTERS_MAP_SIZE); } +static void sdhci_common_unrealize(SDHCIState *s, Error **errp) +{ + /* This function is expected to be called only once for each class: + * - SysBus: via DeviceClass->unrealize(), + * - PCI: via PCIDeviceClass->exit(). + * However to avoid double-free and/or use-after-free we still nullify + * this variable (better safe than sorry!). */ + g_free(s->fifo_buffer); + s->fifo_buffer = NULL; +} + static void sdhci_uninitfn(SDHCIState *s) { timer_del(s->insert_timer); timer_free(s->insert_timer); timer_del(s->transfer_timer); timer_free(s->transfer_timer); - - g_free(s->fifo_buffer); - s->fifo_buffer = NULL; } static bool sdhci_pending_insert_vmstate_needed(void *opaque) @@ -1315,6 +1324,8 @@ static void sdhci_pci_realize(PCIDevice *dev, Error **errp) static void sdhci_pci_exit(PCIDevice *dev) { SDHCIState *s = PCI_SDHCI(dev); + + sdhci_common_unrealize(s, &error_abort); sdhci_uninitfn(s); } @@ -1371,11 +1382,19 @@ static void sdhci_sysbus_realize(DeviceState *dev, Error ** errp) sysbus_init_mmio(sbd, &s->iomem); } +static void sdhci_sysbus_unrealize(DeviceState *dev, Error **errp) +{ + SDHCIState *s = SYSBUS_SDHCI(dev); + + sdhci_common_unrealize(s, &error_abort); +} + static void sdhci_sysbus_class_init(ObjectClass *klass, void *data) { DeviceClass *dc = DEVICE_CLASS(klass); dc->realize = sdhci_sysbus_realize; + dc->unrealize = sdhci_sysbus_unrealize; sdhci_common_class_init(klass, data); }
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> --- hw/sd/sdhci.c | 25 ++++++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-)