aboutsummaryrefslogtreecommitdiff
path: root/hw/scsi
diff options
context:
space:
mode:
authorDaniil Tatianin <d-tatianin@yandex-team.ru>2021-11-29 16:23:57 +0300
committerMichael S. Tsirkin <mst@redhat.com>2022-01-07 19:30:13 -0500
commitb259772afc29ef6af4e911d8e695dd7e2ed31066 (patch)
tree455bd86eac705929b2aba44a73a6c89a871f248e /hw/scsi
parent14dc58e3e0b12595e407502b93a8bb7e69621cbb (diff)
downloadqemu-b259772afc29ef6af4e911d8e695dd7e2ed31066.zip
qemu-b259772afc29ef6af4e911d8e695dd7e2ed31066.tar.gz
qemu-b259772afc29ef6af4e911d8e695dd7e2ed31066.tar.bz2
hw/scsi/vhost-scsi: don't leak vqs on error
vhost_dev_init calls vhost_dev_cleanup in case of an error during initialization, which zeroes out the entire vsc->dev as well as the vsc->dev.vqs pointer. This prevents us from properly freeing it in free_vqs. Keep a local copy of the pointer so we can free it later. Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru> Message-Id: <20211129132358.1110372-1-d-tatianin@yandex-team.ru> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Diffstat (limited to 'hw/scsi')
-rw-r--r--hw/scsi/vhost-scsi.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c
index 039caf2..efb3e14 100644
--- a/hw/scsi/vhost-scsi.c
+++ b/hw/scsi/vhost-scsi.c
@@ -170,6 +170,7 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp)
Error *err = NULL;
int vhostfd = -1;
int ret;
+ struct vhost_virtqueue *vqs = NULL;
if (!vs->conf.wwpn) {
error_setg(errp, "vhost-scsi: missing wwpn");
@@ -213,7 +214,8 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp)
}
vsc->dev.nvqs = VHOST_SCSI_VQ_NUM_FIXED + vs->conf.num_queues;
- vsc->dev.vqs = g_new0(struct vhost_virtqueue, vsc->dev.nvqs);
+ vqs = g_new0(struct vhost_virtqueue, vsc->dev.nvqs);
+ vsc->dev.vqs = vqs;
vsc->dev.vq_index = 0;
vsc->dev.backend_features = 0;
@@ -232,7 +234,7 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp)
return;
free_vqs:
- g_free(vsc->dev.vqs);
+ g_free(vqs);
if (!vsc->migratable) {
migrate_del_blocker(vsc->migration_blocker);
}