From 0fad90955e3a56bfc45e623c1d96ae4a802ceda8 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 4 Mar 2024 23:41:33 +0100 Subject: hw/intc/apic: fix memory leak MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit deliver_bitmask is allocated on the heap in apic_deliver(), but there are many paths in the function that return before the corresponding g_free() is reached. Fix this by switching to g_autofree and, while at it, also switch to g_new. Do the same in apic_deliver_irq() as well for consistency. Fixes: b5ee0468e9d ("apic: add support for x2APIC mode", 2024-02-14) Signed-off-by: Paolo Bonzini Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Bui Quang Minh Reviewed-by: Alex Bennée Message-ID: <20240304224133.267640-1-pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/intc/apic.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) (limited to 'hw/intc') diff --git a/hw/intc/apic.c b/hw/intc/apic.c index 1d887d6..4186c57 100644 --- a/hw/intc/apic.c +++ b/hw/intc/apic.c @@ -291,14 +291,13 @@ static void apic_deliver_irq(uint32_t dest, uint8_t dest_mode, uint8_t delivery_mode, uint8_t vector_num, uint8_t trigger_mode) { - uint32_t *deliver_bitmask = g_malloc(max_apic_words * sizeof(uint32_t)); + g_autofree uint32_t *deliver_bitmask = g_new(uint32_t, max_apic_words); trace_apic_deliver_irq(dest, dest_mode, delivery_mode, vector_num, trigger_mode); apic_get_delivery_bitmask(deliver_bitmask, dest, dest_mode); apic_bus_deliver(deliver_bitmask, delivery_mode, vector_num, trigger_mode); - g_free(deliver_bitmask); } bool is_x2apic_mode(DeviceState *dev) @@ -662,7 +661,7 @@ static void apic_deliver(DeviceState *dev, uint32_t dest, uint8_t dest_mode, APICCommonState *s = APIC(dev); APICCommonState *apic_iter; uint32_t deliver_bitmask_size = max_apic_words * sizeof(uint32_t); - uint32_t *deliver_bitmask = g_malloc(deliver_bitmask_size); + g_autofree uint32_t *deliver_bitmask = g_new(uint32_t, max_apic_words); uint32_t current_apic_id; if (is_x2apic_mode(dev)) { @@ -708,7 +707,6 @@ static void apic_deliver(DeviceState *dev, uint32_t dest, uint8_t dest_mode, } apic_bus_deliver(deliver_bitmask, delivery_mode, vector_num, trigger_mode); - g_free(deliver_bitmask); } static bool apic_check_pic(APICCommonState *s) -- cgit v1.1 From c9ee67c3c64cb161a092d9af6be0c17643d92be2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Chigot?= Date: Fri, 8 Mar 2024 16:27:19 +0100 Subject: hw/intc/grlib_irqmp: abort realize when ncpus value is out of range MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Even if the error is set, the build is not aborted when the ncpus value is wrong, the return is missing. Signed-off-by: Clément Chigot Reviewed-by: Peter Maydell Fixes: 6bf1478543 ("hw/intc/grlib_irqmp: add ncpus property") Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20240308152719.591232-1-chigot@adacore.com> Signed-off-by: Philippe Mathieu-Daudé --- hw/intc/grlib_irqmp.c | 1 + 1 file changed, 1 insertion(+) (limited to 'hw/intc') diff --git a/hw/intc/grlib_irqmp.c b/hw/intc/grlib_irqmp.c index 144b121..c6c51a3 100644 --- a/hw/intc/grlib_irqmp.c +++ b/hw/intc/grlib_irqmp.c @@ -356,6 +356,7 @@ static void grlib_irqmp_realize(DeviceState *dev, Error **errp) error_setg(errp, "Invalid ncpus properties: " "%u, must be 0 < ncpus =< %u.", irqmp->ncpus, IRQMP_MAX_CPU); + return; } qdev_init_gpio_in(dev, grlib_irqmp_set_irq, MAX_PILS); -- cgit v1.1