[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[qemu-s390x] [PULL 05/10] block/pflash_cfi02: Fix memory leak and potent
|
From: |
Laurent Vivier |
|
Subject: |
[qemu-s390x] [PULL 05/10] block/pflash_cfi02: Fix memory leak and potential use-after-free |
|
Date: |
Wed, 6 Mar 2019 12:07:06 +0100 |
From: Stephen Checkoway <address@hidden>
Don't dynamically allocate the pflash's timer. But do use timer_del in
an unrealize function to make sure that the timer can't fire after the
pflash_t has been freed.
Signed-off-by: Stephen Checkoway <address@hidden>
Reviewed-by: Philippe Mathieu-Daudé <address@hidden>
Reviewed-by: Wei Yang <address@hidden>
Message-Id: <address@hidden>
Signed-off-by: Laurent Vivier <address@hidden>
---
hw/block/pflash_cfi02.c | 15 +++++++++++----
1 file changed, 11 insertions(+), 4 deletions(-)
diff --git a/hw/block/pflash_cfi02.c b/hw/block/pflash_cfi02.c
index 0f8b7b8c7b36..1588aeff5a95 100644
--- a/hw/block/pflash_cfi02.c
+++ b/hw/block/pflash_cfi02.c
@@ -84,7 +84,7 @@ struct pflash_t {
uint16_t unlock_addr0;
uint16_t unlock_addr1;
uint8_t cfi_table[0x52];
- QEMUTimer *timer;
+ QEMUTimer timer;
/* The device replicates the flash memory across its memory space. Emulate
* that by having a container (.mem) filled with an array of aliases
* (.mem_mappings) pointing to the flash memory (.orig_mem).
@@ -429,7 +429,7 @@ static void pflash_write (pflash_t *pfl, hwaddr offset,
}
pfl->status = 0x00;
/* Let's wait 5 seconds before chip erase is done */
- timer_mod(pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
+ timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
(NANOSECONDS_PER_SECOND * 5));
break;
case 0x30:
@@ -444,7 +444,7 @@ static void pflash_write (pflash_t *pfl, hwaddr offset,
}
pfl->status = 0x00;
/* Let's wait 1/2 second before sector erase is done */
- timer_mod(pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
+ timer_mod(&pfl->timer, qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL) +
(NANOSECONDS_PER_SECOND / 2));
break;
default:
@@ -596,7 +596,7 @@ static void pflash_cfi02_realize(DeviceState *dev, Error
**errp)
pfl->rom_mode = 1;
sysbus_init_mmio(SYS_BUS_DEVICE(dev), &pfl->mem);
- pfl->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
+ timer_init_ns(&pfl->timer, QEMU_CLOCK_VIRTUAL, pflash_timer, pfl);
pfl->wcycle = 0;
pfl->cmd = 0;
pfl->status = 0;
@@ -695,11 +695,18 @@ static Property pflash_cfi02_properties[] = {
DEFINE_PROP_END_OF_LIST(),
};
+static void pflash_cfi02_unrealize(DeviceState *dev, Error **errp)
+{
+ pflash_t *pfl = CFI_PFLASH02(dev);
+ timer_del(&pfl->timer);
+}
+
static void pflash_cfi02_class_init(ObjectClass *klass, void *data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
dc->realize = pflash_cfi02_realize;
+ dc->unrealize = pflash_cfi02_unrealize;
dc->props = pflash_cfi02_properties;
set_bit(DEVICE_CATEGORY_STORAGE, dc->categories);
}
--
2.20.1
- [qemu-s390x] [PULL 00/10] Trivial branch patches, Laurent Vivier, 2019/03/06
- [qemu-s390x] [PULL 05/10] block/pflash_cfi02: Fix memory leak and potential use-after-free,
Laurent Vivier <=
- [qemu-s390x] [PULL 07/10] bswap: Fix accessors syntax in comment, Laurent Vivier, 2019/03/06
- [qemu-s390x] [PULL 04/10] hw/acpi: remove unnecessary variable acpi_table_builtin, Laurent Vivier, 2019/03/06
- [qemu-s390x] [PULL 03/10] hw/acpi: remove unused function acpi_table_add_builtin(), Laurent Vivier, 2019/03/06
- [qemu-s390x] [PULL 02/10] hw/i386/pc.c: remove unused function pc_acpi_init(), Laurent Vivier, 2019/03/06
- [qemu-s390x] [PULL 10/10] thunk: fix of malloc to g_new, Laurent Vivier, 2019/03/06
- [qemu-s390x] [PULL 08/10] build: Correct explanation of unnest-vars example, Laurent Vivier, 2019/03/06
- [qemu-s390x] [PULL 09/10] hostmem-file: simplify ifdef-s in file_backend_memory_alloc(), Laurent Vivier, 2019/03/06
- [qemu-s390x] [PULL 06/10] doc: fix typos for documents in tree, Laurent Vivier, 2019/03/06
- [qemu-s390x] [PULL 01/10] tests: Remove (mostly) useless architecture checks, Laurent Vivier, 2019/03/06
- Re: [qemu-s390x] [Qemu-devel] [PULL 00/10] Trivial branch patches, Peter Maydell, 2019/03/06