[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH 155/156] hw: Fix qemu_allocate_irqs() leaks
From: |
Michael Roth |
Subject: |
[Qemu-devel] [PATCH 155/156] hw: Fix qemu_allocate_irqs() leaks |
Date: |
Tue, 8 Jul 2014 12:19:06 -0500 |
From: Andreas Färber <address@hidden>
Replace qemu_allocate_irqs(foo, bar, 1)[0]
with qemu_allocate_irq(foo, bar, 0).
This avoids leaking the dereferenced qemu_irq *.
Cc: Markus Armbruster <address@hidden>
Reviewed-by: Peter Crosthwaite <address@hidden>
Reviewed-by: Peter Maydell <address@hidden>
Signed-off-by: Andreas Färber <address@hidden>
[PC Changes:
* Applied change to instance in sh4/sh7750.c
]
Signed-off-by: Peter Crosthwaite <address@hidden>
Reviewed-by: Kirill Batuzov <address@hidden>
[AF: Fix IRQ index in sh4/sh7750.c]
Cc: address@hidden
Signed-off-by: Andreas Färber <address@hidden>
(cherry picked from commit f3c7d0389fe8a2792fd4c1cf151b885de03c8f62)
Signed-off-by: Michael Roth <address@hidden>
---
hw/arm/omap1.c | 14 +++++++-------
hw/arm/omap2.c | 2 +-
hw/arm/pxa2xx.c | 4 ++--
hw/arm/spitz.c | 4 ++--
hw/arm/z2.c | 2 +-
hw/core/irq.c | 4 ++--
hw/dma/omap_dma.c | 4 ++--
hw/ide/microdrive.c | 2 +-
hw/misc/cbus.c | 6 +++---
hw/pcmcia/pxa2xx.c | 2 +-
hw/sd/omap_mmc.c | 2 +-
hw/sd/sdhci.c | 4 ++--
hw/sh4/sh7750.c | 3 +--
hw/timer/omap_gptimer.c | 4 ++--
14 files changed, 28 insertions(+), 29 deletions(-)
diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c
index 47511d2..e97eacd 100644
--- a/hw/arm/omap1.c
+++ b/hw/arm/omap1.c
@@ -172,7 +172,7 @@ static void omap_timer_clk_update(void *opaque, int line,
int on)
static void omap_timer_clk_setup(struct omap_mpu_timer_s *timer)
{
omap_clk_adduser(timer->clk,
- qemu_allocate_irqs(omap_timer_clk_update, timer, 1)[0]);
+ qemu_allocate_irq(omap_timer_clk_update, timer, 0));
timer->rate = omap_clk_getrate(timer->clk);
}
@@ -2094,7 +2094,7 @@ static struct omap_mpuio_s *omap_mpuio_init(MemoryRegion
*memory,
"omap-mpuio", 0x800);
memory_region_add_subregion(memory, base, &s->iomem);
- omap_clk_adduser(clk, qemu_allocate_irqs(omap_mpuio_onoff, s, 1)[0]);
+ omap_clk_adduser(clk, qemu_allocate_irq(omap_mpuio_onoff, s, 0));
return s;
}
@@ -2397,7 +2397,7 @@ static struct omap_pwl_s *omap_pwl_init(MemoryRegion
*system_memory,
"omap-pwl", 0x800);
memory_region_add_subregion(system_memory, base, &s->iomem);
- omap_clk_adduser(clk, qemu_allocate_irqs(omap_pwl_clk_update, s, 1)[0]);
+ omap_clk_adduser(clk, qemu_allocate_irq(omap_pwl_clk_update, s, 0));
return s;
}
@@ -3481,8 +3481,8 @@ static void omap_mcbsp_i2s_start(void *opaque, int line,
int level)
void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave)
{
s->codec = slave;
- slave->rx_swallow = qemu_allocate_irqs(omap_mcbsp_i2s_swallow, s, 1)[0];
- slave->tx_start = qemu_allocate_irqs(omap_mcbsp_i2s_start, s, 1)[0];
+ slave->rx_swallow = qemu_allocate_irq(omap_mcbsp_i2s_swallow, s, 0);
+ slave->tx_start = qemu_allocate_irq(omap_mcbsp_i2s_start, s, 0);
}
/* LED Pulse Generators */
@@ -3630,7 +3630,7 @@ static struct omap_lpg_s *omap_lpg_init(MemoryRegion
*system_memory,
memory_region_init_io(&s->iomem, NULL, &omap_lpg_ops, s, "omap-lpg",
0x800);
memory_region_add_subregion(system_memory, base, &s->iomem);
- omap_clk_adduser(clk, qemu_allocate_irqs(omap_lpg_clk_update, s, 1)[0]);
+ omap_clk_adduser(clk, qemu_allocate_irq(omap_lpg_clk_update, s, 0));
return s;
}
@@ -3844,7 +3844,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion
*system_memory,
s->sdram_size = sdram_size;
s->sram_size = OMAP15XX_SRAM_SIZE;
- s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0];
+ s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0);
/* Clocks */
omap_clk_init(s);
diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c
index 36efde0..dc53a7a 100644
--- a/hw/arm/omap2.c
+++ b/hw/arm/omap2.c
@@ -2260,7 +2260,7 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion
*sysmem,
s->sdram_size = sdram_size;
s->sram_size = OMAP242X_SRAM_SIZE;
- s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0];
+ s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0);
/* Clocks */
omap_clk_init(s);
diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c
index daec57d..30cf71f 100644
--- a/hw/arm/pxa2xx.c
+++ b/hw/arm/pxa2xx.c
@@ -2057,7 +2057,7 @@ PXA2xxState *pxa270_init(MemoryRegion *address_space,
fprintf(stderr, "Unable to find CPU definition\n");
exit(1);
}
- s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0];
+ s->reset = qemu_allocate_irq(pxa2xx_reset, s, 0);
/* SDRAM & Internal Memory Storage */
memory_region_init_ram(&s->sdram, NULL, "pxa270.sdram", sdram_size);
@@ -2188,7 +2188,7 @@ PXA2xxState *pxa255_init(MemoryRegion *address_space,
unsigned int sdram_size)
fprintf(stderr, "Unable to find CPU definition\n");
exit(1);
}
- s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0];
+ s->reset = qemu_allocate_irq(pxa2xx_reset, s, 0);
/* SDRAM & Internal Memory Storage */
memory_region_init_ram(&s->sdram, NULL, "pxa255.sdram", sdram_size);
diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c
index ba17283..54f2166 100644
--- a/hw/arm/spitz.c
+++ b/hw/arm/spitz.c
@@ -743,7 +743,7 @@ static void spitz_i2c_setup(PXA2xxState *cpu)
spitz_wm8750_addr(wm, 0, 0);
qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_WM,
- qemu_allocate_irqs(spitz_wm8750_addr, wm, 1)[0]);
+ qemu_allocate_irq(spitz_wm8750_addr, wm, 0));
/* .. and to the sound interface. */
cpu->i2s->opaque = wm;
cpu->i2s->codec_out = wm8750_dac_dat;
@@ -849,7 +849,7 @@ static void spitz_gpio_setup(PXA2xxState *cpu, int slots)
* wouldn't guarantee that a guest ever exits the loop.
*/
spitz_hsync = 0;
- lcd_hsync = qemu_allocate_irqs(spitz_lcd_hsync_handler, cpu, 1)[0];
+ lcd_hsync = qemu_allocate_irq(spitz_lcd_hsync_handler, cpu, 0);
pxa2xx_gpio_read_notifier(cpu->gpio, lcd_hsync);
pxa2xx_lcd_vsync_notifier(cpu->lcd, lcd_hsync);
diff --git a/hw/arm/z2.c b/hw/arm/z2.c
index d52c501..d662130 100644
--- a/hw/arm/z2.c
+++ b/hw/arm/z2.c
@@ -359,7 +359,7 @@ static void z2_init(QEMUMachineInitArgs *args)
wm8750_data_req_set(wm, mpu->i2s->data_req, mpu->i2s);
qdev_connect_gpio_out(mpu->gpio, Z2_GPIO_LCD_CS,
- qemu_allocate_irqs(z2_lcd_cs, z2_lcd, 1)[0]);
+ qemu_allocate_irq(z2_lcd_cs, z2_lcd, 0));
z2_binfo.kernel_filename = kernel_filename;
z2_binfo.kernel_cmdline = kernel_cmdline;
diff --git a/hw/core/irq.c b/hw/core/irq.c
index 03c8cb3..3d284c6 100644
--- a/hw/core/irq.c
+++ b/hw/core/irq.c
@@ -102,7 +102,7 @@ qemu_irq qemu_irq_invert(qemu_irq irq)
{
/* The default state for IRQs is low, so raise the output now. */
qemu_irq_raise(irq);
- return qemu_allocate_irqs(qemu_notirq, irq, 1)[0];
+ return qemu_allocate_irq(qemu_notirq, irq, 0);
}
static void qemu_splitirq(void *opaque, int line, int level)
@@ -117,7 +117,7 @@ qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2)
qemu_irq *s = g_malloc0(2 * sizeof(qemu_irq));
s[0] = irq1;
s[1] = irq2;
- return qemu_allocate_irqs(qemu_splitirq, s, 1)[0];
+ return qemu_allocate_irq(qemu_splitirq, s, 0);
}
static void proxy_irq_handler(void *opaque, int n, int level)
diff --git a/hw/dma/omap_dma.c b/hw/dma/omap_dma.c
index 0e8cccd..bb02279 100644
--- a/hw/dma/omap_dma.c
+++ b/hw/dma/omap_dma.c
@@ -1660,7 +1660,7 @@ struct soc_dma_s *omap_dma_init(hwaddr base, qemu_irq
*irqs,
}
omap_dma_setcaps(s);
- omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]);
+ omap_clk_adduser(s->clk, qemu_allocate_irq(omap_dma_clk_update, s, 0));
omap_dma_reset(s->dma);
omap_dma_clk_update(s, 0, 1);
@@ -2082,7 +2082,7 @@ struct soc_dma_s *omap_dma4_init(hwaddr base, qemu_irq
*irqs,
s->intr_update = omap_dma_interrupts_4_update;
omap_dma_setcaps(s);
- omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]);
+ omap_clk_adduser(s->clk, qemu_allocate_irq(omap_dma_clk_update, s, 0));
omap_dma_reset(s->dma);
omap_dma_clk_update(s, 0, !!s->dma->freq);
diff --git a/hw/ide/microdrive.c b/hw/ide/microdrive.c
index 21d6495..c73c5a7 100644
--- a/hw/ide/microdrive.c
+++ b/hw/ide/microdrive.c
@@ -594,7 +594,7 @@ static void microdrive_realize(DeviceState *dev, Error
**errp)
{
MicroDriveState *md = MICRODRIVE(dev);
- ide_init2(&md->bus, qemu_allocate_irqs(md_set_irq, md, 1)[0]);
+ ide_init2(&md->bus, qemu_allocate_irq(md_set_irq, md, 0));
}
static void microdrive_init(Object *obj)
diff --git a/hw/misc/cbus.c b/hw/misc/cbus.c
index 29b467b..495d507 100644
--- a/hw/misc/cbus.c
+++ b/hw/misc/cbus.c
@@ -135,9 +135,9 @@ CBus *cbus_init(qemu_irq dat)
CBusPriv *s = (CBusPriv *) g_malloc0(sizeof(*s));
s->dat_out = dat;
- s->cbus.clk = qemu_allocate_irqs(cbus_clk, s, 1)[0];
- s->cbus.dat = qemu_allocate_irqs(cbus_dat, s, 1)[0];
- s->cbus.sel = qemu_allocate_irqs(cbus_sel, s, 1)[0];
+ s->cbus.clk = qemu_allocate_irq(cbus_clk, s, 0);
+ s->cbus.dat = qemu_allocate_irq(cbus_dat, s, 0);
+ s->cbus.sel = qemu_allocate_irq(cbus_sel, s, 0);
s->sel = 1;
s->clk = 0;
diff --git a/hw/pcmcia/pxa2xx.c b/hw/pcmcia/pxa2xx.c
index 8f17596..4a126b3 100644
--- a/hw/pcmcia/pxa2xx.c
+++ b/hw/pcmcia/pxa2xx.c
@@ -195,7 +195,7 @@ static void pxa2xx_pcmcia_initfn(Object *obj)
memory_region_add_subregion(&s->container_mem, 0x0c000000,
&s->common_iomem);
- s->slot.irq = qemu_allocate_irqs(pxa2xx_pcmcia_set_irq, s, 1)[0];
+ s->slot.irq = qemu_allocate_irq(pxa2xx_pcmcia_set_irq, s, 0);
object_property_add_link(obj, "card", TYPE_PCMCIA_CARD,
(Object **)&s->card, NULL);
diff --git a/hw/sd/omap_mmc.c b/hw/sd/omap_mmc.c
index 937a478..6c92149 100644
--- a/hw/sd/omap_mmc.c
+++ b/hw/sd/omap_mmc.c
@@ -625,7 +625,7 @@ struct omap_mmc_s *omap2_mmc_init(struct
omap_target_agent_s *ta,
exit(1);
}
- s->cdet = qemu_allocate_irqs(omap_mmc_cover_cb, s, 1)[0];
+ s->cdet = qemu_allocate_irq(omap_mmc_cover_cb, s, 0);
sd_set_cb(s->card, NULL, s->cdet);
return s;
diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c
index 9e8a236..79a2b1d 100644
--- a/hw/sd/sdhci.c
+++ b/hw/sd/sdhci.c
@@ -1169,8 +1169,8 @@ static void sdhci_initfn(Object *obj)
if (s->card == NULL) {
exit(1);
}
- s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0];
- s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0];
+ s->eject_cb = qemu_allocate_irq(sdhci_insert_eject_cb, s, 0);
+ s->ro_cb = qemu_allocate_irq(sdhci_card_readonly_cb, s, 0);
sd_set_cb(s->card, s->ro_cb, s->eject_cb);
s->insert_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL,
sdhci_raise_insertion_irq, s);
diff --git a/hw/sh4/sh7750.c b/hw/sh4/sh7750.c
index 1439ba4..6ad66c9 100644
--- a/hw/sh4/sh7750.c
+++ b/hw/sh4/sh7750.c
@@ -838,6 +838,5 @@ SH7750State *sh7750_init(SuperHCPU *cpu, MemoryRegion
*sysmem)
qemu_irq sh7750_irl(SH7750State *s)
{
sh_intc_toggle_source(sh_intc_source(&s->intc, IRL), 1, 0); /* enable */
- return qemu_allocate_irqs(sh_intc_set_irl, sh_intc_source(&s->intc, IRL),
- 1)[0];
+ return qemu_allocate_irq(sh_intc_set_irl, sh_intc_source(&s->intc, IRL),
0);
}
diff --git a/hw/timer/omap_gptimer.c b/hw/timer/omap_gptimer.c
index 016207f..b7f3d49 100644
--- a/hw/timer/omap_gptimer.c
+++ b/hw/timer/omap_gptimer.c
@@ -227,7 +227,7 @@ static void omap_gp_timer_clk_update(void *opaque, int
line, int on)
static void omap_gp_timer_clk_setup(struct omap_gp_timer_s *timer)
{
omap_clk_adduser(timer->clk,
- qemu_allocate_irqs(omap_gp_timer_clk_update, timer, 1)[0]);
+ qemu_allocate_irq(omap_gp_timer_clk_update, timer, 0));
timer->rate = omap_clk_getrate(timer->clk);
}
@@ -476,7 +476,7 @@ struct omap_gp_timer_s *omap_gp_timer_init(struct
omap_target_agent_s *ta,
s->clk = fclk;
s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_gp_timer_tick, s);
s->match = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_gp_timer_match, s);
- s->in = qemu_allocate_irqs(omap_gp_timer_input, s, 1)[0];
+ s->in = qemu_allocate_irq(omap_gp_timer_input, s, 0);
omap_gp_timer_reset(s);
omap_gp_timer_clk_setup(s);
--
1.9.1
- [Qemu-devel] [PATCH 066/156] virtio: allow mapping up to max queue size, (continued)
- [Qemu-devel] [PATCH 066/156] virtio: allow mapping up to max queue size, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 083/156] vpc: Validate block size (CVE-2014-0142), Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 078/156] bochs: Use unsigned variables for offsets and sizes (CVE-2014-0147), Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 151/156] nbd: Shutdown socket before closing., Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 047/156] virtio: validate num_sg when mapping, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 117/156] qcow1: Check maximum cluster size, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 016/156] hw/net/stellaris_enet: Correct handling of packet padding, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 026/156] po/Makefile: fix $SRC_PATH reference, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 120/156] qcow1: Stricter backing file length check, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 057/156] virtio: validate config_len on load, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 155/156] hw: Fix qemu_allocate_irqs() leaks,
Michael Roth <=
- [Qemu-devel] [PATCH 100/156] qcow2: Protect against some integer overflows in bdrv_check, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 069/156] qemu-iotests: add ./check -cloop support, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 050/156] ssd0323: fix buffer overun on invalid state load, Michael Roth, 2014/07/09
- [Qemu-devel] [PATCH 073/156] block/cloop: refuse images with huge offsets arrays (CVE-2014-0144), Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 143/156] KVM: Fix GSI number space limit, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 049/156] ssi-sd: fix buffer overrun on invalid state load, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 109/156] block: Limit request size (CVE-2014-0143), Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 095/156] qcow2: Zero-initialise first cluster for new images, Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 108/156] dmg: prevent chunk buffer overflow (CVE-2014-0145), Michael Roth, 2014/07/10
- [Qemu-devel] [PATCH 113/156] qcow2: Check maximum L1 size in qcow2_snapshot_load_tmp() (CVE-2014-0143), Michael Roth, 2014/07/10