On Sat, 15 Feb 2020 at 15:48, Philippe Mathieu-Daudé <phi...@redhat.com> wrote:
>
> In commit f3a508eb4e the Euler Robot reported calling timer_new()
> in instance_init() can leak heap memory. The easier fix is to
> delay the timer creation at instance realize(). Similarly move
> timer_del() into a new instance unrealize() method.
> diff --git a/hw/sd/sd.c b/hw/sd/sd.c
> index 71a9af09ab..d72cf3de2a 100644
> --- a/hw/sd/sd.c
> +++ b/hw/sd/sd.c
> @@ -2058,14 +2058,12 @@ static void sd_instance_init(Object *obj)
> SDState *sd = SD_CARD(obj);
>
> sd->enable = true;
> - sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup,
> sd);
> }
>
> static void sd_instance_finalize(Object *obj)
> {
> SDState *sd = SD_CARD(obj);
>
> - timer_del(sd->ocr_power_timer);
> timer_free(sd->ocr_power_timer);
> }
>
> @@ -2098,6 +2096,15 @@ static void sd_realize(DeviceState *dev, Error **errp)
> }
> blk_set_dev_ops(sd->blk, &sd_block_ops, sd);
> }
> +
> + sd->ocr_power_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sd_ocr_powerup,
> sd);
> +}
> +
> +static void sd_unrealize(DeviceState *dev, Error **errp)
> +{
> + SDState *sd = SD_CARD(dev);
> +
> + timer_del(sd->ocr_power_timer);
> }
Here too the old code was doing things correctly in that
it does a timer_del/timer_free on the timer it allocates
in instance_init, and the new code has weirdly split the
freeing between unrealize and finalize.
thanks
-- PMM
