From 0c404e45c592996f00f4473464b670f771d076ba Mon Sep 17 00:00:00 2001 From: Li Qiang Date: Sun, 16 Aug 2020 07:22:45 -0700 Subject: virtio-mem: detach the element from the virtqueue when error occurs If error occurs while processing the virtio request we should call 'virtqueue_detach_element' to detach the element from the virtqueue before free the elem. Signed-off-by: Li Qiang Message-Id: <20200816142245.17556-1-liq3ea@163.com> Fixes: 910b25766b ("virtio-mem: Paravirtualized memory hot(un)plug") Acked-by: David Hildenbrand Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin --- hw/virtio/virtio-mem.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'hw') diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c index 8fbec77..7c8ca9f 100644 --- a/hw/virtio/virtio-mem.c +++ b/hw/virtio/virtio-mem.c @@ -318,6 +318,7 @@ static void virtio_mem_handle_request(VirtIODevice *vdev, VirtQueue *vq) if (iov_to_buf(elem->out_sg, elem->out_num, 0, &req, len) < len) { virtio_error(vdev, "virtio-mem protocol violation: invalid request" " size: %d", len); + virtqueue_detach_element(vq, elem, 0); g_free(elem); return; } @@ -327,6 +328,7 @@ static void virtio_mem_handle_request(VirtIODevice *vdev, VirtQueue *vq) virtio_error(vdev, "virtio-mem protocol violation: not enough space" " for response: %zu", iov_size(elem->in_sg, elem->in_num)); + virtqueue_detach_element(vq, elem, 0); g_free(elem); return; } @@ -348,6 +350,7 @@ static void virtio_mem_handle_request(VirtIODevice *vdev, VirtQueue *vq) default: virtio_error(vdev, "virtio-mem protocol violation: unknown request" " type: %d", type); + virtqueue_detach_element(vq, elem, 0); g_free(elem); return; } -- cgit v1.1