On Tue, Dec 03, 2019 at 09:44:19AM +0800, pannengy...@huawei.com wrote: > From: PanNengyuan <pannengy...@huawei.com> > > ivq/dvq/svq/free_page_vq is forgot to cleanup in > virtio_balloon_device_unrealize, the memory leak stack is as follow: > > Direct leak of 14336 byte(s) in 2 object(s) allocated from: > #0 0x7f99fd9d8560 in calloc (/usr/lib64/libasan.so.3+0xc7560) > #1 0x7f99fcb20015 in g_malloc0 (/usr/lib64/libglib-2.0.so.0+0x50015) > #2 0x557d90638437 in virtio_add_queue > /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:2327 > #3 0x557d9064401d in virtio_balloon_device_realize > /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio-balloon.c:793 > #4 0x557d906356f7 in virtio_device_realize > /mnt/sdb/qemu-4.2.0-rc0/hw/virtio/virtio.c:3504 > #5 0x557d9073f081 in device_set_realized > /mnt/sdb/qemu-4.2.0-rc0/hw/core/qdev.c:876 > #6 0x557d908b1f4d in property_set_bool > /mnt/sdb/qemu-4.2.0-rc0/qom/object.c:2080 > #7 0x557d908b655e in object_property_set_qobject > /mnt/sdb/qemu-4.2.0-rc0/qom/qom-qobject.c:26 > > Reported-by: Euler Robot <euler.ro...@huawei.com> > Signed-off-by: PanNengyuan <pannengy...@huawei.com> > --- > hw/virtio/virtio-balloon.c | 7 +++++++ > 1 file changed, 7 insertions(+) > > diff --git a/hw/virtio/virtio-balloon.c b/hw/virtio/virtio-balloon.c > index 40b04f5..5329c65 100644 > --- a/hw/virtio/virtio-balloon.c > +++ b/hw/virtio/virtio-balloon.c > @@ -831,6 +831,13 @@ static void virtio_balloon_device_unrealize(DeviceState > *dev, Error **errp) > } > balloon_stats_destroy_timer(s); > qemu_remove_balloon_handler(s); > + > + virtio_del_queue(vdev, 0); > + virtio_del_queue(vdev, 1); > + virtio_del_queue(vdev, 2); > + if (s->free_page_vq) { > + virtio_del_queue(vdev, 3); > + } > virtio_cleanup(vdev); > }
Hmm ok, but how about just doing it through a vq pointer then? Seems cleaner. E.g. use patch below and add your on top using the new virtio_delete_queue? --> virtio: add ability to delete vq through a pointer Devices tend to maintain vq pointers, allow deleting them like this. Signed-off-by: Michael S. Tsirkin <m...@redhat.com> -- diff --git a/include/hw/virtio/virtio.h b/include/hw/virtio/virtio.h index c32a815303..e18756d50d 100644 --- a/include/hw/virtio/virtio.h +++ b/include/hw/virtio/virtio.h @@ -183,6 +183,8 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, void virtio_del_queue(VirtIODevice *vdev, int n); +void virtio_delete_queue(VirtQueue *vq); + void virtqueue_push(VirtQueue *vq, const VirtQueueElement *elem, unsigned int len); void virtqueue_flush(VirtQueue *vq, unsigned int count); diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index 04716b5f6c..31dd140990 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -2330,17 +2330,22 @@ VirtQueue *virtio_add_queue(VirtIODevice *vdev, int queue_size, return &vdev->vq[i]; } +void virtio_delete_queue(VirtQueue *vq) +{ + vq->vring.num = 0; + vq->vring.num_default = 0; + vq->handle_output = NULL; + vq->handle_aio_output = NULL; + g_free(vq->used_elems); +} + void virtio_del_queue(VirtIODevice *vdev, int n) { if (n < 0 || n >= VIRTIO_QUEUE_MAX) { abort(); } - vdev->vq[n].vring.num = 0; - vdev->vq[n].vring.num_default = 0; - vdev->vq[n].handle_output = NULL; - vdev->vq[n].handle_aio_output = NULL; - g_free(vdev->vq[n].used_elems); + virtio_delete_queue(&vdev->vq[n]); } static void virtio_set_isr(VirtIODevice *vdev, int value)