If error occurs while processing the virtio request we should call
'virtqueue_detach_element' to detach the element from the virtqueue
before free the elem.
Signed-off-by: Li Qiang <liq...@163.com>
---
Change since v1:
Change the subject
Avoid using the goto label
hw/virtio/virtio-mem.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/hw/virtio/virtio-mem.c b/hw/virtio/virtio-mem.c
index 7740fc613f..e6ffc781b3 100644
--- a/hw/virtio/virtio-mem.c
+++ b/hw/virtio/virtio-mem.c
@@ -318,6 +318,7 @@ static void virtio_mem_handle_request(VirtIODevice *vdev,
VirtQueue *vq)
if (iov_to_buf(elem->out_sg, elem->out_num, 0, &req, len) < len) {
virtio_error(vdev, "virtio-mem protocol violation: invalid request"
" size: %d", len);
+ virtqueue_detach_element(vq, elem, 0);
g_free(elem);
return;
}
@@ -327,6 +328,7 @@ static void virtio_mem_handle_request(VirtIODevice *vdev,
VirtQueue *vq)
virtio_error(vdev, "virtio-mem protocol violation: not enough
space"
" for response: %zu",
iov_size(elem->in_sg, elem->in_num));
+ virtqueue_detach_element(vq, elem, 0);
g_free(elem);
return;
}
@@ -348,6 +350,7 @@ static void virtio_mem_handle_request(VirtIODevice *vdev,
VirtQueue *vq)
default:
virtio_error(vdev, "virtio-mem protocol violation: unknown request"
" type: %d", type);
+ virtqueue_detach_element(vq, elem, 0);
g_free(elem);
return;
}
--
2.17.1
