jcs.org / qemu
qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio
fork atom

tap: fix memory leak on success to create a tap device

The memory leak on success to create a tap device. And the nfds and
nvhosts may not be the same and need to be processed separately.

Fixes: 07825977 ("tap: fix memory leak on failure to create a multiqueue tap device")
Fixes: 264986e2 ("tap: multiqueue support")
Cc: qemu-stable@nongnu.org
Signed-off-by: Yunjian Wang <wangyunjian@huawei.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 323e7c117754e4d4ce6b4282d74ad01c99d67714)
Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

authored by

Yunjian Wang and committed by
Michael Roth 1b817abc 0935356e

+10 -6
+10 -6
net/tap.c
··· 805 805 } else if (tap->has_fds) { 806 806 char **fds; 807 807 char **vhost_fds; 808 - int nfds, nvhosts; 808 + int nfds = 0, nvhosts = 0; 809 + int ret = 0; 809 810 810 811 if (tap->has_ifname || tap->has_script || tap->has_downscript || 811 812 tap->has_vnet_hdr || tap->has_helper || tap->has_queues || ··· 825 826 if (nfds != nvhosts) { 826 827 error_setg(errp, "The number of fds passed does not match " 827 828 "the number of vhostfds passed"); 829 + ret = -1; 828 830 goto free_fail; 829 831 } 830 832 } ··· 833 835 fd = monitor_fd_param(cur_mon, fds[i], &err); 834 836 if (fd == -1) { 835 837 error_propagate(errp, err); 838 + ret = -1; 836 839 goto free_fail; 837 840 } 838 841 ··· 843 846 } else if (vnet_hdr != tap_probe_vnet_hdr(fd)) { 844 847 error_setg(errp, 845 848 "vnet_hdr not consistent across given tap fds"); 849 + ret = -1; 846 850 goto free_fail; 847 851 } 848 852 ··· 852 856 vnet_hdr, fd, &err); 853 857 if (err) { 854 858 error_propagate(errp, err); 859 + ret = -1; 855 860 goto free_fail; 856 861 } 857 862 } 858 - g_free(fds); 859 - g_free(vhost_fds); 860 - return 0; 861 863 862 864 free_fail: 865 + for (i = 0; i < nvhosts; i++) { 866 + g_free(vhost_fds[i]); 867 + } 863 868 for (i = 0; i < nfds; i++) { 864 869 g_free(fds[i]); 865 - g_free(vhost_fds[i]); 866 870 } 867 871 g_free(fds); 868 872 g_free(vhost_fds); 869 - return -1; 873 + return ret; 870 874 } else if (tap->has_helper) { 871 875 if (tap->has_ifname || tap->has_script || tap->has_downscript || 872 876 tap->has_vnet_hdr || tap->has_queues || tap->has_vhostfds) {