peterdelevoryas / rpms / qemu

Forked from rpms/qemu 2 years ago
Clone

Blame 0003-net-vmxnet3-avoid-memory-leakage-in-activate_device.patch

b24b7f
From: P J P <ppandit@redhat.com>
b24b7f
Date: Tue, 15 Dec 2015 12:27:54 +0530
b24b7f
Subject: [PATCH] net: vmxnet3: avoid memory leakage in activate_device
b24b7f
b24b7f
Vmxnet3 device emulator does not check if the device is active
b24b7f
before activating it, also it did not free the transmit & receive
b24b7f
buffers while deactivating the device, thus resulting in memory
b24b7f
leakage on the host. This patch fixes both these issues to avoid
b24b7f
host memory leakage.
b24b7f
b24b7f
Reported-by: Qinghao Tang <luodalongde@gmail.com>
b24b7f
Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
b24b7f
Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
b24b7f
Cc: qemu-stable@nongnu.org
b24b7f
Signed-off-by: Jason Wang <jasowang@redhat.com>
b24b7f
(cherry picked from commit aa4a3dce1c88ed51b616806b8214b7c8428b7470)
b24b7f
---
b24b7f
 hw/net/vmxnet3.c | 24 ++++++++++++++++--------
b24b7f
 1 file changed, 16 insertions(+), 8 deletions(-)
b24b7f
b24b7f
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
b24b7f
index 37373e5..2b4aad7 100644
b24b7f
--- a/hw/net/vmxnet3.c
b24b7f
+++ b/hw/net/vmxnet3.c
b24b7f
@@ -1194,8 +1194,13 @@ static void vmxnet3_reset_mac(VMXNET3State *s)
b24b7f
 
b24b7f
 static void vmxnet3_deactivate_device(VMXNET3State *s)
b24b7f
 {
b24b7f
-    VMW_CBPRN("Deactivating vmxnet3...");
b24b7f
-    s->device_active = false;
b24b7f
+    if (s->device_active) {
b24b7f
+        VMW_CBPRN("Deactivating vmxnet3...");
b24b7f
+        vmxnet_tx_pkt_reset(s->tx_pkt);
b24b7f
+        vmxnet_tx_pkt_uninit(s->tx_pkt);
b24b7f
+        vmxnet_rx_pkt_uninit(s->rx_pkt);
b24b7f
+        s->device_active = false;
b24b7f
+    }
b24b7f
 }
b24b7f
 
b24b7f
 static void vmxnet3_reset(VMXNET3State *s)
b24b7f
@@ -1204,7 +1209,6 @@ static void vmxnet3_reset(VMXNET3State *s)
b24b7f
 
b24b7f
     vmxnet3_deactivate_device(s);
b24b7f
     vmxnet3_reset_interrupt_states(s);
b24b7f
-    vmxnet_tx_pkt_reset(s->tx_pkt);
b24b7f
     s->drv_shmem = 0;
b24b7f
     s->tx_sop = true;
b24b7f
     s->skip_current_tx_pkt = false;
b24b7f
@@ -1431,6 +1435,12 @@ static void vmxnet3_activate_device(VMXNET3State *s)
b24b7f
         return;
b24b7f
     }
b24b7f
 
b24b7f
+    /* Verify if device is active */
b24b7f
+    if (s->device_active) {
b24b7f
+        VMW_CFPRN("Vmxnet3 device is active");
b24b7f
+        return;
b24b7f
+    }
b24b7f
+
b24b7f
     vmxnet3_adjust_by_guest_type(s);
b24b7f
     vmxnet3_update_features(s);
b24b7f
     vmxnet3_update_pm_state(s);
b24b7f
@@ -1627,7 +1637,7 @@ static void vmxnet3_handle_command(VMXNET3State *s, uint64_t cmd)
b24b7f
         break;
b24b7f
 
b24b7f
     case VMXNET3_CMD_QUIESCE_DEV:
b24b7f
-        VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - pause the device");
b24b7f
+        VMW_CBPRN("Set: VMXNET3_CMD_QUIESCE_DEV - deactivate the device");
b24b7f
         vmxnet3_deactivate_device(s);
b24b7f
         break;
b24b7f
 
b24b7f
@@ -1741,7 +1751,7 @@ vmxnet3_io_bar1_write(void *opaque,
b24b7f
          * shared address only after we get the high part
b24b7f
          */
b24b7f
         if (val == 0) {
b24b7f
-            s->device_active = false;
b24b7f
+            vmxnet3_deactivate_device(s);
b24b7f
         }
b24b7f
         s->temp_shared_guest_driver_memory = val;
b24b7f
         s->drv_shmem = 0;
b24b7f
@@ -2021,9 +2031,7 @@ static bool vmxnet3_peer_has_vnet_hdr(VMXNET3State *s)
b24b7f
 static void vmxnet3_net_uninit(VMXNET3State *s)
b24b7f
 {
b24b7f
     g_free(s->mcast_list);
b24b7f
-    vmxnet_tx_pkt_reset(s->tx_pkt);
b24b7f
-    vmxnet_tx_pkt_uninit(s->tx_pkt);
b24b7f
-    vmxnet_rx_pkt_uninit(s->rx_pkt);
b24b7f
+    vmxnet3_deactivate_device(s);
b24b7f
     qemu_del_nic(s->nic);
b24b7f
 }
b24b7f