From b259772afc29ef6af4e911d8e695dd7e2ed31066 Mon Sep 17 00:00:00 2001 From: Daniil Tatianin Date: Mon, 29 Nov 2021 16:23:57 +0300 Subject: hw/scsi/vhost-scsi: don't leak vqs on error vhost_dev_init calls vhost_dev_cleanup in case of an error during initialization, which zeroes out the entire vsc->dev as well as the vsc->dev.vqs pointer. This prevents us from properly freeing it in free_vqs. Keep a local copy of the pointer so we can free it later. Signed-off-by: Daniil Tatianin Message-Id: <20211129132358.1110372-1-d-tatianin@yandex-team.ru> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/scsi/vhost-scsi.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hw/scsi/vhost-scsi.c b/hw/scsi/vhost-scsi.c index 039caf2..efb3e14 100644 --- a/hw/scsi/vhost-scsi.c +++ b/hw/scsi/vhost-scsi.c @@ -170,6 +170,7 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp) Error *err = NULL; int vhostfd = -1; int ret; + struct vhost_virtqueue *vqs = NULL; if (!vs->conf.wwpn) { error_setg(errp, "vhost-scsi: missing wwpn"); @@ -213,7 +214,8 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp) } vsc->dev.nvqs = VHOST_SCSI_VQ_NUM_FIXED + vs->conf.num_queues; - vsc->dev.vqs = g_new0(struct vhost_virtqueue, vsc->dev.nvqs); + vqs = g_new0(struct vhost_virtqueue, vsc->dev.nvqs); + vsc->dev.vqs = vqs; vsc->dev.vq_index = 0; vsc->dev.backend_features = 0; @@ -232,7 +234,7 @@ static void vhost_scsi_realize(DeviceState *dev, Error **errp) return; free_vqs: - g_free(vsc->dev.vqs); + g_free(vqs); if (!vsc->migratable) { migrate_del_blocker(vsc->migration_blocker); } -- cgit v1.1