aboutsummaryrefslogtreecommitdiff
path: root/hw/usb
diff options
context:
space:
mode:
authorfangying <fangying1@huawei.com>2019-08-28 14:25:35 +0800
committerGerd Hoffmann <kraxel@redhat.com>2019-08-29 07:30:04 +0200
commit7cec2ed9d7aeeb6f873188b96c9f8ae17ab88da1 (patch)
treee5e952f8c5e3b3475a2fdb00e263c5831e902b90 /hw/usb
parentc9e385926232f30b7ea84e10725df57795ad0eb7 (diff)
downloadqemu-7cec2ed9d7aeeb6f873188b96c9f8ae17ab88da1.zip
qemu-7cec2ed9d7aeeb6f873188b96c9f8ae17ab88da1.tar.gz
qemu-7cec2ed9d7aeeb6f873188b96c9f8ae17ab88da1.tar.bz2
xhci: Fix memory leak in xhci_kick_epctx
Address Sanitizer shows memory leak in xhci_kick_epctx hw/usb/hcd-xhci.c:1912. A sglist is leaked when a packet is retired and returns USB_RET_NAK status. The leak stack is as bellow: Direct leak of 2688 byte(s) in 168 object(s) allocated from: #0 0xffffae8b11db in __interceptor_malloc (/lib64/libasan.so.4+0xd31db) #1 0xffffae5c9163 in g_malloc (/lib64/libglib-2.0.so.0+0x57163) #2 0xaaaabb6fb3f7 in qemu_sglist_init dma-helpers.c:43 #3 0xaaaabba705a7 in pci_dma_sglist_init include/hw/pci/pci.h:837 #4 0xaaaabba705a7 in xhci_xfer_create_sgl hw/usb/hcd-xhci.c:1443 #5 0xaaaabba705a7 in xhci_setup_packet hw/usb/hcd-xhci.c:1615 #6 0xaaaabba77a6f in xhci_kick_epctx hw/usb/hcd-xhci.c:1912 #7 0xaaaabbdaad27 in timerlist_run_timers util/qemu-timer.c:592 #8 0xaaaabbdab19f in qemu_clock_run_timers util/qemu-timer.c:606 #9 0xaaaabbdab19f in qemu_clock_run_all_timers util/qemu-timer.c:692 #10 0xaaaabbdab9a3 in main_loop_wait util/main-loop.c:524 #11 0xaaaabb6ff5e7 in main_loop vl.c:1806 #12 0xaaaabb1e1453 in main vl.c:4488 Signed-off-by: Ying Fang <fangying1@huawei.com> Message-id: 20190828062535.1573-1-fangying1@huawei.com Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Diffstat (limited to 'hw/usb')
-rw-r--r--hw/usb/hcd-xhci.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/hw/usb/hcd-xhci.c b/hw/usb/hcd-xhci.c
index 471759c..80988bb 100644
--- a/hw/usb/hcd-xhci.c
+++ b/hw/usb/hcd-xhci.c
@@ -1914,6 +1914,7 @@ static void xhci_kick_epctx(XHCIEPContext *epctx, unsigned int streamid)
}
usb_handle_packet(xfer->packet.ep->dev, &xfer->packet);
if (xfer->packet.status == USB_RET_NAK) {
+ xhci_xfer_unmap(xfer);
return;
}
xhci_try_complete_packet(xfer);