On Sat, Mar 07, 2026 at 12:52:22PM +0000, Peter Maydell wrote: > The riscv-iommu device makes various allocations in its > instance_init method. These will leak when QMP inits an > object of this type to introspect it, as can be seen if you > run 'make check' with the address sanitizer enabled: > > Direct leak of 4096 byte(s) in 1 object(s) allocated from: > #0 0x5d8415b6ed9d in calloc > (/home/pm215/qemu/build/san/qemu-system-riscv32+0x1832d9d) (BuildId: > fedcc313e48ba803d63837329c37fd609dd50849) > #1 0x75c0502f1771 in g_malloc0 > (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x63771) (BuildId: > 116e142b9b52c8a4dfd403e759e71ab8f95d8bb3) > #2 0x5d8416d09391 in riscv_iommu_instance_init > /home/pm215/qemu/build/san/../../hw/riscv/riscv-iommu.c:2463:18 > #3 0x5d841710483f in object_initialize_with_type > /home/pm215/qemu/build/san/../../qom/object.c:570:5 > #4 0x5d8417104ee9 in object_initialize > /home/pm215/qemu/build/san/../../qom/object.c:578:5 > #5 0x5d8417104ee9 in object_initialize_child_with_propsv > /home/pm215/qemu/build/san/../../qom/object.c:608:5 > #6 0x5d8417104db1 in object_initialize_child_with_props > /home/pm215/qemu/build/san/../../qom/object.c:591:10 > #7 0x5d8417106506 in object_initialize_child_internal > /home/pm215/qemu/build/san/../../qom/object.c:645:5 > #8 0x5d8416d16a12 in riscv_iommu_sys_init > /home/pm215/qemu/build/san/../../hw/riscv/riscv-iommu-sys.c:199:5 > #9 0x5d841710483f in object_initialize_with_type > /home/pm215/qemu/build/san/../../qom/object.c:570:5 > #10 0x5d841710661f in object_new_with_type > /home/pm215/qemu/build/san/../../qom/object.c:774:5 > #11 0x5d841755d956 in qmp_device_list_properties > /home/pm215/qemu/build/san/../../qom/qom-qmp-cmds.c:206:11 > > (and other similar backtraces). > > Fix these by freeing the resources we allocate in instance_init in > instance_finalize. In some cases we were freeing these in unrealize, > and in some cases not at all. > Reviewed-by: Chao Liu <[email protected]>
Thanks, Chao > Signed-off-by: Peter Maydell <[email protected]> > --- > hw/riscv/riscv-iommu.c | 16 +++++++++++++--- > 1 file changed, 13 insertions(+), 3 deletions(-) > > diff --git a/hw/riscv/riscv-iommu.c b/hw/riscv/riscv-iommu.c > index 98345b1280..225394ea83 100644 > --- a/hw/riscv/riscv-iommu.c > +++ b/hw/riscv/riscv-iommu.c > @@ -2479,6 +2479,18 @@ static void riscv_iommu_instance_init(Object *obj) > QLIST_INIT(&s->spaces); > } > > +static void riscv_iommu_instance_finalize(Object *obj) > +{ > + RISCVIOMMUState *s = RISCV_IOMMU(obj); > + > + g_free(s->regs_rw); > + g_free(s->regs_ro); > + g_free(s->regs_wc); > + > + g_hash_table_unref(s->ctx_cache); > + g_hash_table_unref(s->iot_cache); > +} > + > static void riscv_iommu_realize(DeviceState *dev, Error **errp) > { > RISCVIOMMUState *s = RISCV_IOMMU(dev); > @@ -2597,9 +2609,6 @@ static void riscv_iommu_unrealize(DeviceState *dev) > { > RISCVIOMMUState *s = RISCV_IOMMU(dev); > > - g_hash_table_unref(s->iot_cache); > - g_hash_table_unref(s->ctx_cache); > - > if (s->cap & RISCV_IOMMU_CAP_HPM) { > g_hash_table_unref(s->hpm_event_ctr_map); > timer_free(s->hpm_timer); > @@ -2675,6 +2684,7 @@ static const TypeInfo riscv_iommu_info = { > .parent = TYPE_DEVICE, > .instance_size = sizeof(RISCVIOMMUState), > .instance_init = riscv_iommu_instance_init, > + .instance_finalize = riscv_iommu_instance_finalize, > .class_init = riscv_iommu_class_init, > }; > > -- > 2.43.0 > >
