[Qemu-devel] [PULL v2 for-2.1 12/22] dataplane: do not free VirtQueueEle

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] [PULL v2 for-2.1 12/22] dataplane: do not free VirtQueueEle

From:	Kevin Wolf
Subject:	[Qemu-devel] [PULL v2 for-2.1 12/22] dataplane: do not free VirtQueueElement in vring_push()
Date:	Mon, 14 Jul 2014 13:43:02 +0200

From: Stefan Hajnoczi <address@hidden>

VirtQueueElement is allocated in vring_pop() so it seems to make sense
that vring_push() should free it.  Alas, virtio-blk frees
VirtQueueElement itself in virtio_blk_free_request().

This patch solves a double-free assertion in glib's g_slice_free().

Rename vring_free_element() to vring_unmap_element() since it no longer
frees the VirtQueueElement.

Signed-off-by: Stefan Hajnoczi <address@hidden>
Tested-by: Christian Borntraeger <address@hidden>
Signed-off-by: Kevin Wolf <address@hidden>
---
 hw/virtio/dataplane/vring.c         | 9 ++++-----
 include/hw/virtio/dataplane/vring.h | 1 -
 2 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/hw/virtio/dataplane/vring.c b/hw/virtio/dataplane/vring.c
index 665a1ff..5d17d39 100644
--- a/hw/virtio/dataplane/vring.c
+++ b/hw/virtio/dataplane/vring.c
@@ -272,7 +272,7 @@ static int get_indirect(Vring *vring, VirtQueueElement 
*elem,
     return 0;
 }
 
-void vring_free_element(VirtQueueElement *elem)
+static void vring_unmap_element(VirtQueueElement *elem)
 {
     int i;
 
@@ -287,8 +287,6 @@ void vring_free_element(VirtQueueElement *elem)
     for (i = 0; i < elem->in_num; i++) {
         vring_unmap(elem->in_sg[i].iov_base, true);
     }
-
-    g_slice_free(VirtQueueElement, elem);
 }
 
 /* This looks in the virtqueue and for the first available buffer, and converts
@@ -402,7 +400,8 @@ out:
         vring->broken = true;
     }
     if (elem) {
-        vring_free_element(elem);
+        vring_unmap_element(elem);
+        g_slice_free(VirtQueueElement, elem);
     }
     *p_elem = NULL;
     return ret;
@@ -418,7 +417,7 @@ void vring_push(Vring *vring, VirtQueueElement *elem, int 
len)
     unsigned int head = elem->index;
     uint16_t new;
 
-    vring_free_element(elem);
+    vring_unmap_element(elem);
 
     /* Don't touch vring if a fatal error occurred */
     if (vring->broken) {
diff --git a/include/hw/virtio/dataplane/vring.h 
b/include/hw/virtio/dataplane/vring.h
index 63e7bf4..b23edd2 100644
--- a/include/hw/virtio/dataplane/vring.h
+++ b/include/hw/virtio/dataplane/vring.h
@@ -55,6 +55,5 @@ bool vring_enable_notification(VirtIODevice *vdev, Vring 
*vring);
 bool vring_should_notify(VirtIODevice *vdev, Vring *vring);
 int vring_pop(VirtIODevice *vdev, Vring *vring, VirtQueueElement **elem);
 void vring_push(Vring *vring, VirtQueueElement *elem, int len);
-void vring_free_element(VirtQueueElement *elem);
 
 #endif /* VRING_H */
-- 
1.8.3.1

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] [PULL v2 for-2.1 04/22] block: drop aio functions that operate on the main AioContext, (continued)
- [Qemu-devel] [PULL v2 for-2.1 04/22] block: drop aio functions that operate on the main AioContext, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 05/22] test-aio: fix GSource-based timer test, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 06/22] AioContext: speed up aio_notify, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 08/22] qcow2: Make qiov match request size until backing file EOF, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 09/22] qed: Make qiov match request size until backing file EOF, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 10/22] block: Assert qiov length matches request length, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 07/22] block: Make qiov match the request size until EOF, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 11/22] virtio-blk: avoid dataplane VirtIOBlockReq early free, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 13/22] virtio-blk: avoid g_slice_new0() for VirtIOBlockReq and VirtQueueElement, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 16/22] tests: Fix unterminated string output visitor enum human string, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 12/22] dataplane: do not free VirtQueueElement in vring_push(), Kevin Wolf <=
- [Qemu-devel] [PULL v2 for-2.1 17/22] qtest: fix vhost-user-test compilation with old GLib, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 15/22] AioContext: do not rely on aio_poll(ctx, true) result to end a loop, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 14/22] virtio-blk: embed VirtQueueElement in VirtIOBlockReq, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 18/22] dma-helpers: Fix too long qiov, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 19/22] virtio-blk: Factor common checks out of virtio_blk_handle_read/write(), Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 20/22] virtio-blk: Bypass error action and I/O accounting on invalid r/w, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 21/22] virtio-blk: Treat read/write beyond end as invalid, Kevin Wolf, 2014/07/14
- [Qemu-devel] [PULL v2 for-2.1 22/22] ide: Treat read/write beyond end as invalid, Kevin Wolf, 2014/07/14
- Re: [Qemu-devel] [PULL v2 for-2.1 00/22] Block patches for 2.1.0-rc2, Peter Maydell, 2014/07/14

Prev by Date: [Qemu-devel] [PULL v2 for-2.1 16/22] tests: Fix unterminated string output visitor enum human string
Next by Date: [Qemu-devel] [PULL v2 for-2.1 17/22] qtest: fix vhost-user-test compilation with old GLib
Previous by thread: [Qemu-devel] [PULL v2 for-2.1 16/22] tests: Fix unterminated string output visitor enum human string
Next by thread: [Qemu-devel] [PULL v2 for-2.1 17/22] qtest: fix vhost-user-test compilation with old GLib
Index(es):
- Date
- Thread