ahci: Fix sglist memleak in ahci_dma_rw_buf()

I noticed that in hw/ide/ahci:ahci_dma_rw_buf() we do not free the sglist. Thus,
I've added a call to qemu_sglist_destroy() to fix this memory leak.

In addition, I've adeed a call in qemu_sglist_destroy() to 0 all of the sglist
fields, in case there is some other codepath that tries to free the sglist.

Signed-off-by: Jason Baron <jbaron@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit ea8d82a1ed72634f089ed1bccccd9c84cc1ab855)

Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>

diff --git a/dma-helpers.c b/dma-helpers.c
index 7971a89c144b7f192b15a5b9691009e58dcc4a41..7e7e415cf9f1d065da43aec6bc60288a5cabe336 100644 (file)
--- a/dma-helpers.c
+++ b/dma-helpers.c
@@ -33,6 +33,7 @@ void qemu_sglist_add(QEMUSGList *qsg, dma_addr_t base, dma_addr_t len)
 void qemu_sglist_destroy(QEMUSGList *qsg)
 {
     g_free(qsg->sg);
+    memset(qsg, 0, sizeof(*qsg));
 }
 
 typedef struct {

diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index 2d7d03d7724c8746a069bc535e655113dce2157d..1669a75a8d4eadf85328055b685ec37d16f16856 100644 (file)
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -1041,6 +1041,9 @@ static int ahci_dma_rw_buf(IDEDMA *dma, int is_write)
         dma_buf_write(p, l, &s->sg);
     }
 
+    /* free sglist that was created in ahci_populate_sglist() */
+    qemu_sglist_destroy(&s->sg);
+
     /* update number of transferred bytes */
     ad->cur_cmd->status = cpu_to_le32(le32_to_cpu(ad->cur_cmd->status) + l);
     s->io_buffer_index += l;