Re: Memory leak in via_isa_realize()

[Cédric Le Goater]

On 3/21/22 13:11, BALATON Zoltan wrote:
> On Mon, 21 Mar 2022, Peter Maydell wrote:
> > On Mon, 21 Mar 2022 at 10:31, Thomas Huth <thuth@redhat.com> wrote:
> > > FYI, I'm seeing a memory leak in via_isa_realize() when building
> > > QEMU with sanitizers enabled or when running QEMU through valgrind:
> > > Same problem happens with qemu-system-ppc64 and the pegasos2 machine.
> > >
> > > No clue how to properly fix this... is it safe to free the pointer
> > > at the end of the function?
> >
> > This is because the code is still using the old function
> > qemu_allocate_irqs(), which is almost always going to involve
> > it leaking memory. The fix is usually to rewrite the code to not use
> > that function at all, i.e. to manage its irq/gpio lines differently.
> > Probably the i8259 code should have a named GPIO output line
> > rather than wanting to be passed a qemu_irq in an init function,
> > and the via code should have an input GPIO line which it connects
> > up to the i8259. It looks from a quick glance like the i8259 and
> > its callers have perhaps not been completely QOMified.
>
> Everything involving ISA emulation in QEMU is not completely QOMified and this 
> has caused some problems before but I did not want to try to fix it both 
> becuase it's too much unrelated work and because it's used by too many things 
> that could break that I can't even test. So I'd rather somebody more 
> comfortable with this would look at ISA QOMification.

Regarding the ppc44x and ppc40x machines, we have a lot of tests in place
and the QOM translation shouldn't be too complex. This is about changing
the board and device instantiation and not the CPU internal models,
like exceptions and SoftTLBs, which can be much more complex to test.

> > In this specific case, though, it seems like the only thing that
> > the via_isa_request_i8259_irq() function does is pass the interrupt
> > signal through to its own s->cpu_intr, so I think a relatively
> > self-contained way to deal with the leak is to pass s->cpu_intr
> > into i8259_init() and drop the isa_irq allocated irq and its
> > associated helper function entirely. (There might be some subtlety
> > I'm missing that means that wouldn't work, of course.)
>
> I think I've tried to do that first and it did not work for some reason then I 
> got this way from some other device model which works but I forgot the details. 
> You can test it by booting MorphOS or Debian Linux 8.11 PPC on pegasos2 which 
> support this machine or maybe I can have a look later this week if it's not 
> urgent and try something but I don't mind if somebody comes up with a fix 
> before that.

I will support this work and I can even send some patches I have started
for the 405 to cleanup the bit-rotting models.

Thanks,

C.