Changeset 83565 in vbox for trunk/src/VBox
- Timestamp:
- Apr 5, 2020 3:01:10 PM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/VBox/Devices/Storage/DevVirtioSCSI.cpp
r83492 r83565 768 768 PVIRTIO_DESC_CHAIN_T pDescChain, REQ_RESP_HDR_T *pRespHdr, uint8_t *pbSense) 769 769 { 770 /** @todo r=bird: There is too much allocating here and we'll leak stuff if 771 * we're low on memory and one of the RTMemAllocZ calls fail! */ 770 772 uint8_t *pabSenseBuf = (uint8_t *)RTMemAllocZ(pThis->virtioScsiConfig.uSenseSize); 771 773 AssertReturn(pabSenseBuf, VERR_NO_MEMORY); 772 774 773 775 Log2Func((" status: %s response: %s\n", 774 SCSIStatusText(pRespHdr->uStatus), virtioGetReqRespText(pRespHdr->uResponse)));776 SCSIStatusText(pRespHdr->uStatus), virtioGetReqRespText(pRespHdr->uResponse))); 775 777 776 778 PRTSGBUF pReqSegBuf = (PRTSGBUF)RTMemAllocZ(sizeof(RTSGBUF)); … … 791 793 792 794 /* Copy segment data to malloc'd memory to avoid stack out-of-scope errors sanitizer doesn't detect */ 795 /** @todo r=bird: The above comment makes zero sense as the memory is freed 796 * before we return, so there cannot be any trouble with out-of-scope 797 * stuff here. */ 793 798 for (int i = 0; i < 2; i++) 794 799 { 795 800 void *pv = paReqSegs[i].pvSeg; 796 paReqSegs[i].pvSeg = RTMem Alloc(paReqSegs[i].cbSeg);801 paReqSegs[i].pvSeg = RTMemDup(pv, paReqSegs[i].cbSeg); 797 802 AssertReturn(paReqSegs[i].pvSeg, VERR_NO_MEMORY); 798 memcpy(paReqSegs[i].pvSeg, pv, paReqSegs[i].cbSeg);799 803 } 800 804 … … 930 934 } 931 935 932 int cSegs = 0;933 934 936 if ( (VIRTIO_IS_IN_DIRECTION(pReq->enmTxDir) && cbXfer32 > pReq->cbDataIn) 935 937 || (VIRTIO_IS_OUT_DIRECTION(pReq->enmTxDir) && cbXfer32 > pReq->cbDataOut)) … … 950 952 951 953 /* req datain bytes already in guest phys mem. via virtioScsiIoReqCopyFromBuf() */ 954 /** @todo r=bird: There is too much allocating here and we'll leak stuff if 955 * we're low on memory and one of the RTMemAllocZ calls fail! */ 952 956 953 957 PRTSGBUF pReqSegBuf = (PRTSGBUF)RTMemAllocZ(sizeof(RTSGBUF)); … … 957 961 AssertReturn(paReqSegs, VERR_NO_MEMORY); 958 962 963 int cSegs = 0; 959 964 paReqSegs[cSegs].pvSeg = &respHdr; 960 965 paReqSegs[cSegs++].cbSeg = sizeof(respHdr); … … 964 969 965 970 /* Copy segment data to malloc'd memory to avoid stack out-of-scope errors sanitizer doesn't detect */ 971 /** @todo r=bird: The above comment makes zero sense as the memory is freed 972 * before we return, so there cannot be any trouble with out-of-scope 973 * stuff here. */ 966 974 for (int i = 0; i < cSegs; i++) 967 975 { 968 976 void *pv = paReqSegs[i].pvSeg; 969 paReqSegs[i].pvSeg = RTMem Alloc(paReqSegs[i].cbSeg);977 paReqSegs[i].pvSeg = RTMemDup(pv, paReqSegs[i].cbSeg); 970 978 AssertReturn(paReqSegs[i].pvSeg, VERR_NO_MEMORY); 971 memcpy(paReqSegs[i].pvSeg, pv, paReqSegs[i].cbSeg);972 979 } 973 980 … … 1126 1133 { 1127 1134 LogRel(("* * * REPORT LUNS LU ACCESSED * * * ")); 1128 /* Force rejection. todo:figure out right way to handle. Note this is a very1135 /* Force rejection. */ /** @todo figure out right way to handle. Note this is a very 1129 1136 * vague and confusing part of the VirtIO spec which deviates from the SCSI standard 1130 1137 * I have not been able to determine how to implement this properly. Guest drivers … … 1166 1173 respHdr.uResidual = cbDataIn + cbDataOut; 1167 1174 virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr , NULL); 1168 RTMemFree (pVirtqReq);1175 RTMemFreeZ(pVirtqReq, cbReqHdr); 1169 1176 return VINF_SUCCESS; 1170 1177 } … … 1186 1193 respHdr.uResidual = cbDataOut + cbDataIn; 1187 1194 virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr, abSense); 1188 RTMemFree (pVirtqReq);1195 RTMemFreeZ(pVirtqReq, cbReqHdr); 1189 1196 return VINF_SUCCESS; 1190 1197 … … 1204 1211 respHdr.uResidual = cbDataOut + cbDataIn; 1205 1212 virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr, abSense); 1206 RTMemFree (pVirtqReq);1213 RTMemFreeZ(pVirtqReq, cbReqHdr); 1207 1214 return VINF_SUCCESS; 1208 1215 } … … 1218 1225 respHdr.uResidual = cbDataIn + cbDataOut; 1219 1226 virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr, NULL); 1220 RTMemFree (pVirtqReq);1227 RTMemFreeZ(pVirtqReq, cbReqHdr); 1221 1228 return VINF_SUCCESS; 1222 1229 } … … 1237 1244 respHdr.uResidual = cbDataIn + cbDataOut; 1238 1245 virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr , abSense); 1239 RTMemFree (pVirtqReq);1246 RTMemFreeZ(pVirtqReq, cbReqHdr); 1240 1247 return VINF_SUCCESS; 1241 1248 } … … 1253 1260 if (RT_FAILURE(rc)) 1254 1261 { 1255 RTMemFree (pVirtqReq);1262 RTMemFreeZ(pVirtqReq, cbReqHdr); 1256 1263 AssertMsgRCReturn(rc, ("Failed to allocate I/O request, rc=%Rrc\n", rc), rc); 1257 1264 } … … 1269 1276 pReq->pbSense = (uint8_t *)RTMemAllocZ(pReq->cbSenseAlloc); 1270 1277 AssertMsgReturnStmt(pReq->pbSense, ("Out of memory allocating sense buffer"), 1271 virtioScsiR3FreeReq(pTarget, pReq); RTMemFree (pVirtqReq), VERR_NO_MEMORY);1278 virtioScsiR3FreeReq(pTarget, pReq); RTMemFreeZ(pVirtqReq, cbReqHdr);, VERR_NO_MEMORY); 1272 1279 1273 1280 /* Note: DrvSCSI allocates one virtual memory buffer for input and output phases of the request */ … … 1309 1316 } 1310 1317 1311 RTMemFree (pVirtqReq);1318 RTMemFreeZ(pVirtqReq, cbReqHdr); 1312 1319 return VINF_SUCCESS; 1313 1320 } … … 1348 1355 } 1349 1356 1357 /** @todo r=bird: Memory leak here. */ 1350 1358 AssertReturn( (pScsiCtrlUnion->scsiCtrl.uType == VIRTIOSCSI_T_TMF 1351 1359 && pDescChain->cbPhysSend >= sizeof(VIRTIOSCSI_CTRL_TMF_T)) … … 1354 1362 && pDescChain->cbPhysSend >= sizeof(VIRTIOSCSI_CTRL_AN_T)), 0); 1355 1363 1364 /** @todo r=bird: This segment handling is unnecessary. A stack array should 1365 * suffice. The stack variable w/ initializer + memcpy into paReqSegs 1366 * done in the switch below is also weird + suboptimal. */ 1356 1367 PRTSGSEG paReqSegs = (PRTSGSEG)RTMemAllocZ(sizeof(RTSGSEG) * 2); 1357 AssertReturn(paReqSegs, VERR_NO_MEMORY); 1368 AssertReturn(paReqSegs, VERR_NO_MEMORY); /** @todo r=bird: Memory leak here. */ 1358 1369 1359 1370 switch (pScsiCtrlUnion->scsiCtrl.uType) … … 1492 1503 1493 1504 PRTSGBUF pReqSegBuf = (PRTSGBUF)RTMemAllocZ(sizeof(RTSGBUF)); 1494 AssertReturn(pReqSegBuf, VERR_NO_MEMORY); 1505 AssertReturn(pReqSegBuf, VERR_NO_MEMORY); /** @todo r=bird: Memory leak here. */ 1495 1506 1496 1507 /* Copy segment data to malloc'd memory to avoid stack out-of-scope errors sanitizer doesn't detect */ 1508 /** @todo r=bird: The above comment makes zero sense as the memory is freed 1509 * before we return, so there cannot be any trouble with out-of-scope 1510 * stuff here. */ 1497 1511 for (int i = 0; i < cSegs; i++) 1498 1512 { 1499 1513 void *pv = paReqSegs[i].pvSeg; 1500 paReqSegs[i].pvSeg = RTMemAlloc(paReqSegs[i].cbSeg); 1501 AssertReturn(paReqSegs[i].pvSeg, VERR_NO_MEMORY); 1502 memcpy(paReqSegs[i].pvSeg, pv, paReqSegs[i].cbSeg); 1514 paReqSegs[i].pvSeg = RTMemDup(pv, paReqSegs[i].cbSeg); 1515 AssertReturn(paReqSegs[i].pvSeg, VERR_NO_MEMORY); /** @todo r=bird: Memory leak here. */ 1503 1516 } 1504 1517 … … 1513 1526 RTMemFree(paReqSegs); 1514 1527 RTMemFree(pReqSegBuf); 1528 /** @todo r=bird: Leaking pScsiCtrlUnion here! */ 1515 1529 1516 1530 return VINF_SUCCESS;
Note:
See TracChangeset
for help on using the changeset viewer.