|
|
9ae3a8 |
From 56c66eefb296121eca5c78c7ab17215671712045 Mon Sep 17 00:00:00 2001
|
|
|
9ae3a8 |
From: Fam Zheng <famz@redhat.com>
|
|
|
9ae3a8 |
Date: Mon, 3 Nov 2014 04:56:41 +0100
|
|
|
9ae3a8 |
Subject: [PATCH 4/9] virtio-scsi: Plug memory leak on virtio_scsi_push_event()
|
|
|
9ae3a8 |
error path
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Message-id: <1414990601-21198-1-git-send-email-famz@redhat.com>
|
|
|
9ae3a8 |
Patchwork-id: 62029
|
|
|
9ae3a8 |
O-Subject: [RHEL-7.1 qemu-kvm PATCH] virtio-scsi: Plug memory leak on virtio_scsi_push_event() error path
|
|
|
9ae3a8 |
Bugzilla: 1088822
|
|
|
9ae3a8 |
RH-Acked-by: Markus Armbruster <armbru@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
9ae3a8 |
RH-Acked-by: Marcel Apfelbaum <marcel.a@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
From: Markus Armbruster <armbru@redhat.com>
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Spotted by Coverity.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
calling virtqueue_pop() without checking VIRTIO_CONFIG_S_DRIVER_OK first
|
|
|
9ae3a8 |
is racy: we may use the queues before the guest set them up.
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
Signed-off-by: Markus Armbruster <armbru@redhat.com>
|
|
|
9ae3a8 |
Cc: qemu-stable@nongnu.org
|
|
|
9ae3a8 |
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
|
9ae3a8 |
(cherry picked from commit 91e7fcca4743cf694eb0c8e7a8d938cf359b5bd8)
|
|
|
9ae3a8 |
Signed-off-by: Fam Zheng <famz@redhat.com>
|
|
|
9ae3a8 |
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
|
|
|
9ae3a8 |
---
|
|
|
9ae3a8 |
hw/scsi/virtio-scsi.c | 3 ++-
|
|
|
9ae3a8 |
1 file changed, 2 insertions(+), 1 deletion(-)
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
diff --git a/hw/scsi/virtio-scsi.c b/hw/scsi/virtio-scsi.c
|
|
|
9ae3a8 |
index 7cf3e4b..35b3d65 100644
|
|
|
9ae3a8 |
--- a/hw/scsi/virtio-scsi.c
|
|
|
9ae3a8 |
+++ b/hw/scsi/virtio-scsi.c
|
|
|
9ae3a8 |
@@ -490,7 +490,7 @@ static void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
|
|
|
9ae3a8 |
uint32_t event, uint32_t reason)
|
|
|
9ae3a8 |
{
|
|
|
9ae3a8 |
VirtIOSCSICommon *vs = VIRTIO_SCSI_COMMON(s);
|
|
|
9ae3a8 |
- VirtIOSCSIReq *req = virtio_scsi_pop_req(s, vs->event_vq);
|
|
|
9ae3a8 |
+ VirtIOSCSIReq *req;
|
|
|
9ae3a8 |
VirtIOSCSIEvent *evt;
|
|
|
9ae3a8 |
VirtIODevice *vdev = VIRTIO_DEVICE(s);
|
|
|
9ae3a8 |
int in_size;
|
|
|
9ae3a8 |
@@ -499,6 +499,7 @@ static void virtio_scsi_push_event(VirtIOSCSI *s, SCSIDevice *dev,
|
|
|
9ae3a8 |
return;
|
|
|
9ae3a8 |
}
|
|
|
9ae3a8 |
|
|
|
9ae3a8 |
+ req = virtio_scsi_pop_req(s, vs->event_vq);
|
|
|
9ae3a8 |
if (!req) {
|
|
|
9ae3a8 |
s->events_dropped = true;
|
|
|
9ae3a8 |
return;
|
|
|
9ae3a8 |
--
|
|
|
9ae3a8 |
1.8.3.1
|
|
|
9ae3a8 |
|