As virtio_gpu_handle_ctrl() fills the cmdq calling virtqueue_pop(), we need to release it with free() in virtio_gpu_reset().
virtio_gpu_handle_ctrl() allocates memory calling virtqueue_pop(), release it in virtio_gpu_process_cmdq() with free(). virtio_gpu_process_cmdq() move commands from cmdq to fenceq, so we also have to release them with free(). Signed-off-by: Philippe Mathieu-Daudé <phi...@redhat.com> --- hw/display/virtio-gpu-3d.c | 2 +- hw/display/virtio-gpu.c | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c index 96621576c2..3a97d267e5 100644 --- a/hw/display/virtio-gpu-3d.c +++ b/hw/display/virtio-gpu-3d.c @@ -506,7 +506,7 @@ static void virgl_write_fence(void *opaque, uint32_t fence) trace_virtio_gpu_fence_resp(cmd->cmd_hdr.fence_id); virtio_gpu_ctrl_response_nodata(g, cmd, VIRTIO_GPU_RESP_OK_NODATA); QTAILQ_REMOVE(&g->fenceq, cmd, next); - g_free(cmd); + free(cmd); g->inflight--; if (virtio_gpu_stats_enabled(g->parent_obj.conf)) { fprintf(stderr, "inflight: %3d (-)\r", g->inflight); diff --git a/hw/display/virtio-gpu.c b/hw/display/virtio-gpu.c index 5f0dd7c150..f5fbb722ee 100644 --- a/hw/display/virtio-gpu.c +++ b/hw/display/virtio-gpu.c @@ -835,7 +835,7 @@ void virtio_gpu_process_cmdq(VirtIOGPU *g) fprintf(stderr, "inflight: %3d (+)\r", g->inflight); } } else { - g_free(cmd); + free(cmd); } } } @@ -921,7 +921,7 @@ static void virtio_gpu_handle_cursor(VirtIODevice *vdev, VirtQueue *vq) } virtqueue_push(vq, elem, 0); virtio_notify(vdev, vq); - g_free(elem); + free(elem); } } @@ -1157,14 +1157,14 @@ static void virtio_gpu_reset(VirtIODevice *vdev) while (!QTAILQ_EMPTY(&g->cmdq)) { cmd = QTAILQ_FIRST(&g->cmdq); QTAILQ_REMOVE(&g->cmdq, cmd, next); - g_free(cmd); + free(cmd); } while (!QTAILQ_EMPTY(&g->fenceq)) { cmd = QTAILQ_FIRST(&g->fenceq); QTAILQ_REMOVE(&g->fenceq, cmd, next); g->inflight--; - g_free(cmd); + free(cmd); } #ifdef CONFIG_VIRGL -- 2.21.1