On Sat, 07 Apr 2018 16:43:46 +0200 Greg Kurz <gr...@kaod.org> wrote: > If the subchannel is already attached or if vfio_get_device() fails, the > code jumps to the 'out_device_err' label and doesn't free the string it > has just allocated. > > The code should be reworked so that vcdev->vdev.name only gets set when > the device has been attached, and freed when it is about to be detached. > This could be achieved with the addition of a vfio_ccw_get_device() > function that would be the counterpart of vfio_put_device(). But this is > a more elaborate cleanup that should be done in a follow-up. For now, > let's just add calls to g_free() on the buggy error paths. > > Signed-off-by: Greg Kurz <gr...@kaod.org> > --- > hw/vfio/ccw.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/hw/vfio/ccw.c b/hw/vfio/ccw.c > index 4e5855741a64..fe34b507699f 100644 > --- a/hw/vfio/ccw.c > +++ b/hw/vfio/ccw.c > @@ -357,11 +357,13 @@ static void vfio_ccw_realize(DeviceState *dev, Error > **errp) > if (strcmp(vbasedev->name, vcdev->vdev.name) == 0) { > error_setg(&err, "vfio: subchannel %s has already been attached", > vcdev->vdev.name); > + g_free(vcdev->vdev.name); > goto out_device_err; > } > } > > if (vfio_get_device(group, cdev->mdevid, &vcdev->vdev, &err)) { > + g_free(vcdev->vdev.name); > goto out_device_err; > } > >
Thanks, applied to s390-fixes.