From 347744507794a96b0125a8b395ae30ff952004a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20F=C3=A4rber?= Date: Wed, 18 Jun 2014 00:55:18 -0700 Subject: hw: Fix qemu_allocate_irqs() leaks MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Replace qemu_allocate_irqs(foo, bar, 1)[0] with qemu_allocate_irq(foo, bar, 0). This avoids leaking the dereferenced qemu_irq *. Cc: Markus Armbruster Reviewed-by: Peter Crosthwaite Reviewed-by: Peter Maydell Signed-off-by: Andreas Färber [PC Changes: * Applied change to instance in sh4/sh7750.c ] Signed-off-by: Peter Crosthwaite Reviewed-by: Kirill Batuzov [AF: Fix IRQ index in sh4/sh7750.c] Cc: qemu-stable@nongnu.org Signed-off-by: Andreas Färber (cherry picked from commit f3c7d0389fe8a2792fd4c1cf151b885de03c8f62) Signed-off-by: Michael Roth --- hw/arm/omap1.c | 14 +++++++------- hw/arm/omap2.c | 2 +- hw/arm/pxa2xx.c | 4 ++-- hw/arm/spitz.c | 4 ++-- hw/arm/z2.c | 2 +- hw/core/irq.c | 4 ++-- hw/dma/omap_dma.c | 4 ++-- hw/ide/microdrive.c | 2 +- hw/misc/cbus.c | 6 +++--- hw/pcmcia/pxa2xx.c | 2 +- hw/sd/omap_mmc.c | 2 +- hw/sd/sdhci.c | 4 ++-- hw/sh4/sh7750.c | 3 +-- hw/timer/omap_gptimer.c | 4 ++-- 14 files changed, 28 insertions(+), 29 deletions(-) diff --git a/hw/arm/omap1.c b/hw/arm/omap1.c index b433748c60..9f5d1598c4 100644 --- a/hw/arm/omap1.c +++ b/hw/arm/omap1.c @@ -172,7 +172,7 @@ static void omap_timer_clk_update(void *opaque, int line, int on) static void omap_timer_clk_setup(struct omap_mpu_timer_s *timer) { omap_clk_adduser(timer->clk, - qemu_allocate_irqs(omap_timer_clk_update, timer, 1)[0]); + qemu_allocate_irq(omap_timer_clk_update, timer, 0)); timer->rate = omap_clk_getrate(timer->clk); } @@ -2098,7 +2098,7 @@ static struct omap_mpuio_s *omap_mpuio_init(MemoryRegion *memory, "omap-mpuio", 0x800); memory_region_add_subregion(memory, base, &s->iomem); - omap_clk_adduser(clk, qemu_allocate_irqs(omap_mpuio_onoff, s, 1)[0]); + omap_clk_adduser(clk, qemu_allocate_irq(omap_mpuio_onoff, s, 0)); return s; } @@ -2401,7 +2401,7 @@ static struct omap_pwl_s *omap_pwl_init(MemoryRegion *system_memory, "omap-pwl", 0x800); memory_region_add_subregion(system_memory, base, &s->iomem); - omap_clk_adduser(clk, qemu_allocate_irqs(omap_pwl_clk_update, s, 1)[0]); + omap_clk_adduser(clk, qemu_allocate_irq(omap_pwl_clk_update, s, 0)); return s; } @@ -3485,8 +3485,8 @@ static void omap_mcbsp_i2s_start(void *opaque, int line, int level) void omap_mcbsp_i2s_attach(struct omap_mcbsp_s *s, I2SCodec *slave) { s->codec = slave; - slave->rx_swallow = qemu_allocate_irqs(omap_mcbsp_i2s_swallow, s, 1)[0]; - slave->tx_start = qemu_allocate_irqs(omap_mcbsp_i2s_start, s, 1)[0]; + slave->rx_swallow = qemu_allocate_irq(omap_mcbsp_i2s_swallow, s, 0); + slave->tx_start = qemu_allocate_irq(omap_mcbsp_i2s_start, s, 0); } /* LED Pulse Generators */ @@ -3634,7 +3634,7 @@ static struct omap_lpg_s *omap_lpg_init(MemoryRegion *system_memory, memory_region_init_io(&s->iomem, NULL, &omap_lpg_ops, s, "omap-lpg", 0x800); memory_region_add_subregion(system_memory, base, &s->iomem); - omap_clk_adduser(clk, qemu_allocate_irqs(omap_lpg_clk_update, s, 1)[0]); + omap_clk_adduser(clk, qemu_allocate_irq(omap_lpg_clk_update, s, 0)); return s; } @@ -3848,7 +3848,7 @@ struct omap_mpu_state_s *omap310_mpu_init(MemoryRegion *system_memory, s->sdram_size = sdram_size; s->sram_size = OMAP15XX_SRAM_SIZE; - s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0]; + s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0); /* Clocks */ omap_clk_init(s); diff --git a/hw/arm/omap2.c b/hw/arm/omap2.c index 36efde0d64..dc53a7abba 100644 --- a/hw/arm/omap2.c +++ b/hw/arm/omap2.c @@ -2260,7 +2260,7 @@ struct omap_mpu_state_s *omap2420_mpu_init(MemoryRegion *sysmem, s->sdram_size = sdram_size; s->sram_size = OMAP242X_SRAM_SIZE; - s->wakeup = qemu_allocate_irqs(omap_mpu_wakeup, s, 1)[0]; + s->wakeup = qemu_allocate_irq(omap_mpu_wakeup, s, 0); /* Clocks */ omap_clk_init(s); diff --git a/hw/arm/pxa2xx.c b/hw/arm/pxa2xx.c index e0cd847b95..c6521473d4 100644 --- a/hw/arm/pxa2xx.c +++ b/hw/arm/pxa2xx.c @@ -2059,7 +2059,7 @@ PXA2xxState *pxa270_init(MemoryRegion *address_space, fprintf(stderr, "Unable to find CPU definition\n"); exit(1); } - s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0]; + s->reset = qemu_allocate_irq(pxa2xx_reset, s, 0); /* SDRAM & Internal Memory Storage */ memory_region_init_ram(&s->sdram, NULL, "pxa270.sdram", sdram_size); @@ -2190,7 +2190,7 @@ PXA2xxState *pxa255_init(MemoryRegion *address_space, unsigned int sdram_size) fprintf(stderr, "Unable to find CPU definition\n"); exit(1); } - s->reset = qemu_allocate_irqs(pxa2xx_reset, s, 1)[0]; + s->reset = qemu_allocate_irq(pxa2xx_reset, s, 0); /* SDRAM & Internal Memory Storage */ memory_region_init_ram(&s->sdram, NULL, "pxa255.sdram", sdram_size); diff --git a/hw/arm/spitz.c b/hw/arm/spitz.c index 392ca84c81..713d021ddb 100644 --- a/hw/arm/spitz.c +++ b/hw/arm/spitz.c @@ -744,7 +744,7 @@ static void spitz_i2c_setup(PXA2xxState *cpu) spitz_wm8750_addr(wm, 0, 0); qdev_connect_gpio_out(cpu->gpio, SPITZ_GPIO_WM, - qemu_allocate_irqs(spitz_wm8750_addr, wm, 1)[0]); + qemu_allocate_irq(spitz_wm8750_addr, wm, 0)); /* .. and to the sound interface. */ cpu->i2s->opaque = wm; cpu->i2s->codec_out = wm8750_dac_dat; @@ -850,7 +850,7 @@ static void spitz_gpio_setup(PXA2xxState *cpu, int slots) * wouldn't guarantee that a guest ever exits the loop. */ spitz_hsync = 0; - lcd_hsync = qemu_allocate_irqs(spitz_lcd_hsync_handler, cpu, 1)[0]; + lcd_hsync = qemu_allocate_irq(spitz_lcd_hsync_handler, cpu, 0); pxa2xx_gpio_read_notifier(cpu->gpio, lcd_hsync); pxa2xx_lcd_vsync_notifier(cpu->lcd, lcd_hsync); diff --git a/hw/arm/z2.c b/hw/arm/z2.c index 67c1be84ac..ef5424d89c 100644 --- a/hw/arm/z2.c +++ b/hw/arm/z2.c @@ -365,7 +365,7 @@ static void z2_init(QEMUMachineInitArgs *args) wm8750_data_req_set(wm, mpu->i2s->data_req, mpu->i2s); qdev_connect_gpio_out(mpu->gpio, Z2_GPIO_LCD_CS, - qemu_allocate_irqs(z2_lcd_cs, z2_lcd, 1)[0]); + qemu_allocate_irq(z2_lcd_cs, z2_lcd, 0)); z2_binfo.kernel_filename = kernel_filename; z2_binfo.kernel_cmdline = kernel_cmdline; diff --git a/hw/core/irq.c b/hw/core/irq.c index 03c8cb31ea..3d284c6482 100644 --- a/hw/core/irq.c +++ b/hw/core/irq.c @@ -102,7 +102,7 @@ qemu_irq qemu_irq_invert(qemu_irq irq) { /* The default state for IRQs is low, so raise the output now. */ qemu_irq_raise(irq); - return qemu_allocate_irqs(qemu_notirq, irq, 1)[0]; + return qemu_allocate_irq(qemu_notirq, irq, 0); } static void qemu_splitirq(void *opaque, int line, int level) @@ -117,7 +117,7 @@ qemu_irq qemu_irq_split(qemu_irq irq1, qemu_irq irq2) qemu_irq *s = g_malloc0(2 * sizeof(qemu_irq)); s[0] = irq1; s[1] = irq2; - return qemu_allocate_irqs(qemu_splitirq, s, 1)[0]; + return qemu_allocate_irq(qemu_splitirq, s, 0); } static void proxy_irq_handler(void *opaque, int n, int level) diff --git a/hw/dma/omap_dma.c b/hw/dma/omap_dma.c index 0e8cccd27f..bb02279372 100644 --- a/hw/dma/omap_dma.c +++ b/hw/dma/omap_dma.c @@ -1660,7 +1660,7 @@ struct soc_dma_s *omap_dma_init(hwaddr base, qemu_irq *irqs, } omap_dma_setcaps(s); - omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]); + omap_clk_adduser(s->clk, qemu_allocate_irq(omap_dma_clk_update, s, 0)); omap_dma_reset(s->dma); omap_dma_clk_update(s, 0, 1); @@ -2082,7 +2082,7 @@ struct soc_dma_s *omap_dma4_init(hwaddr base, qemu_irq *irqs, s->intr_update = omap_dma_interrupts_4_update; omap_dma_setcaps(s); - omap_clk_adduser(s->clk, qemu_allocate_irqs(omap_dma_clk_update, s, 1)[0]); + omap_clk_adduser(s->clk, qemu_allocate_irq(omap_dma_clk_update, s, 0)); omap_dma_reset(s->dma); omap_dma_clk_update(s, 0, !!s->dma->freq); diff --git a/hw/ide/microdrive.c b/hw/ide/microdrive.c index 21d6495817..c73c5a700f 100644 --- a/hw/ide/microdrive.c +++ b/hw/ide/microdrive.c @@ -594,7 +594,7 @@ static void microdrive_realize(DeviceState *dev, Error **errp) { MicroDriveState *md = MICRODRIVE(dev); - ide_init2(&md->bus, qemu_allocate_irqs(md_set_irq, md, 1)[0]); + ide_init2(&md->bus, qemu_allocate_irq(md_set_irq, md, 0)); } static void microdrive_init(Object *obj) diff --git a/hw/misc/cbus.c b/hw/misc/cbus.c index 29b467b61f..495d5078fe 100644 --- a/hw/misc/cbus.c +++ b/hw/misc/cbus.c @@ -135,9 +135,9 @@ CBus *cbus_init(qemu_irq dat) CBusPriv *s = (CBusPriv *) g_malloc0(sizeof(*s)); s->dat_out = dat; - s->cbus.clk = qemu_allocate_irqs(cbus_clk, s, 1)[0]; - s->cbus.dat = qemu_allocate_irqs(cbus_dat, s, 1)[0]; - s->cbus.sel = qemu_allocate_irqs(cbus_sel, s, 1)[0]; + s->cbus.clk = qemu_allocate_irq(cbus_clk, s, 0); + s->cbus.dat = qemu_allocate_irq(cbus_dat, s, 0); + s->cbus.sel = qemu_allocate_irq(cbus_sel, s, 0); s->sel = 1; s->clk = 0; diff --git a/hw/pcmcia/pxa2xx.c b/hw/pcmcia/pxa2xx.c index 96f377453d..55e8a2a62e 100644 --- a/hw/pcmcia/pxa2xx.c +++ b/hw/pcmcia/pxa2xx.c @@ -195,7 +195,7 @@ static void pxa2xx_pcmcia_initfn(Object *obj) memory_region_add_subregion(&s->container_mem, 0x0c000000, &s->common_iomem); - s->slot.irq = qemu_allocate_irqs(pxa2xx_pcmcia_set_irq, s, 1)[0]; + s->slot.irq = qemu_allocate_irq(pxa2xx_pcmcia_set_irq, s, 0); object_property_add_link(obj, "card", TYPE_PCMCIA_CARD, (Object **)&s->card, diff --git a/hw/sd/omap_mmc.c b/hw/sd/omap_mmc.c index 937a47869a..6c92149c04 100644 --- a/hw/sd/omap_mmc.c +++ b/hw/sd/omap_mmc.c @@ -625,7 +625,7 @@ struct omap_mmc_s *omap2_mmc_init(struct omap_target_agent_s *ta, exit(1); } - s->cdet = qemu_allocate_irqs(omap_mmc_cover_cb, s, 1)[0]; + s->cdet = qemu_allocate_irq(omap_mmc_cover_cb, s, 0); sd_set_cb(s->card, NULL, s->cdet); return s; diff --git a/hw/sd/sdhci.c b/hw/sd/sdhci.c index 32f2d0f560..e79a8868c7 100644 --- a/hw/sd/sdhci.c +++ b/hw/sd/sdhci.c @@ -1168,8 +1168,8 @@ static void sdhci_initfn(Object *obj) if (s->card == NULL) { exit(1); } - s->eject_cb = qemu_allocate_irqs(sdhci_insert_eject_cb, s, 1)[0]; - s->ro_cb = qemu_allocate_irqs(sdhci_card_readonly_cb, s, 1)[0]; + s->eject_cb = qemu_allocate_irq(sdhci_insert_eject_cb, s, 0); + s->ro_cb = qemu_allocate_irq(sdhci_card_readonly_cb, s, 0); sd_set_cb(s->card, s->ro_cb, s->eject_cb); s->insert_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, sdhci_raise_insertion_irq, s); diff --git a/hw/sh4/sh7750.c b/hw/sh4/sh7750.c index 4a39357529..5dda5de34e 100644 --- a/hw/sh4/sh7750.c +++ b/hw/sh4/sh7750.c @@ -838,6 +838,5 @@ SH7750State *sh7750_init(SuperHCPU *cpu, MemoryRegion *sysmem) qemu_irq sh7750_irl(SH7750State *s) { sh_intc_toggle_source(sh_intc_source(&s->intc, IRL), 1, 0); /* enable */ - return qemu_allocate_irqs(sh_intc_set_irl, sh_intc_source(&s->intc, IRL), - 1)[0]; + return qemu_allocate_irq(sh_intc_set_irl, sh_intc_source(&s->intc, IRL), 0); } diff --git a/hw/timer/omap_gptimer.c b/hw/timer/omap_gptimer.c index 016207f626..b7f3d49ca6 100644 --- a/hw/timer/omap_gptimer.c +++ b/hw/timer/omap_gptimer.c @@ -227,7 +227,7 @@ static void omap_gp_timer_clk_update(void *opaque, int line, int on) static void omap_gp_timer_clk_setup(struct omap_gp_timer_s *timer) { omap_clk_adduser(timer->clk, - qemu_allocate_irqs(omap_gp_timer_clk_update, timer, 1)[0]); + qemu_allocate_irq(omap_gp_timer_clk_update, timer, 0)); timer->rate = omap_clk_getrate(timer->clk); } @@ -476,7 +476,7 @@ struct omap_gp_timer_s *omap_gp_timer_init(struct omap_target_agent_s *ta, s->clk = fclk; s->timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_gp_timer_tick, s); s->match = timer_new_ns(QEMU_CLOCK_VIRTUAL, omap_gp_timer_match, s); - s->in = qemu_allocate_irqs(omap_gp_timer_input, s, 1)[0]; + s->in = qemu_allocate_irq(omap_gp_timer_input, s, 0); omap_gp_timer_reset(s); omap_gp_timer_clk_setup(s); -- cgit v1.2.1