From: Li Qiang <liq...@163.com>
If error occurs while processing the virtio request we should call
'virtqueue_detach_element' to detach the element from the virtqueue
before free the elem.
Signed-off-by: Li Qiang <liq...@163.com>
Message-Id: <20200816142245.17556-1-liq...@163.com>
Fixes: 910b25766b ("virtio-mem: Paravirtualized memory hot(un)plug")
Acked-by: David Hildenbrand <da...@redhat.com>
Reviewed-by: Michael S. Tsirkin <m...@redhat.com>
Signed-off-by: Michael S. Tsirkin <m...@redhat.com>
---
hw/virtio/virtio-mem.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c
index 8fbec77ccc..7c8ca9f28b 100644
--- a/hw/virtio/virtio-mem.c
+++ b/hw/virtio/virtio-mem.c
@@ -318,6 +318,7 @@ static void virtio_mem_handle_request(VirtIODevice *vdev,
VirtQueue *vq)
if (iov_to_buf(elem->out_sg, elem->out_num, 0, &req, len) < len) {
virtio_error(vdev, "virtio-mem protocol violation: invalid request"
" size: %d", len);
+ virtqueue_detach_element(vq, elem, 0);
g_free(elem);
return;
}
@@ -327,6 +328,7 @@ static void virtio_mem_handle_request(VirtIODevice *vdev,
VirtQueue *vq)
virtio_error(vdev, "virtio-mem protocol violation: not enough
space"
" for response: %zu",
iov_size(elem->in_sg, elem->in_num));
+ virtqueue_detach_element(vq, elem, 0);
g_free(elem);
return;
}
@@ -348,6 +350,7 @@ static void virtio_mem_handle_request(VirtIODevice *vdev,
VirtQueue *vq)
default:
virtio_error(vdev, "virtio-mem protocol violation: unknown request"
" type: %d", type);
+ virtqueue_detach_element(vq, elem, 0);
g_free(elem);
return;
}
--
MST
