VirtualBox

Changeset 83565 in vbox for trunk/src/VBox


Ignore:
Timestamp:
Apr 5, 2020 3:01:10 PM (5 years ago)
Author:
vboxsync
Message:

DevVirtioSCSI.cpp: Some memory todos. Use RTMemFreeZ for one allocation. bugref:9698

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Devices/Storage/DevVirtioSCSI.cpp

    r83492 r83565  
    768768                              PVIRTIO_DESC_CHAIN_T pDescChain, REQ_RESP_HDR_T *pRespHdr, uint8_t *pbSense)
    769769{
     770    /** @todo r=bird: There is too much allocating here and we'll leak stuff if
     771     *        we're low on memory and one of the RTMemAllocZ calls fail! */
    770772    uint8_t *pabSenseBuf = (uint8_t *)RTMemAllocZ(pThis->virtioScsiConfig.uSenseSize);
    771773    AssertReturn(pabSenseBuf, VERR_NO_MEMORY);
    772774
    773775    Log2Func(("   status: %s    response: %s\n",
    774         SCSIStatusText(pRespHdr->uStatus), virtioGetReqRespText(pRespHdr->uResponse)));
     776              SCSIStatusText(pRespHdr->uStatus), virtioGetReqRespText(pRespHdr->uResponse)));
    775777
    776778    PRTSGBUF pReqSegBuf = (PRTSGBUF)RTMemAllocZ(sizeof(RTSGBUF));
     
    791793
    792794    /* Copy segment data to malloc'd memory to avoid stack out-of-scope errors sanitizer doesn't detect */
     795    /** @todo r=bird: The above comment makes zero sense as the memory is freed
     796     *        before we return, so there cannot be any trouble with out-of-scope
     797     *        stuff here. */
    793798    for (int i = 0; i < 2; i++)
    794799    {
    795800        void *pv = paReqSegs[i].pvSeg;
    796         paReqSegs[i].pvSeg = RTMemAlloc(paReqSegs[i].cbSeg);
     801        paReqSegs[i].pvSeg = RTMemDup(pv, paReqSegs[i].cbSeg);
    797802        AssertReturn(paReqSegs[i].pvSeg, VERR_NO_MEMORY);
    798         memcpy(paReqSegs[i].pvSeg, pv, paReqSegs[i].cbSeg);
    799803    }
    800804
     
    930934    }
    931935
    932     int cSegs = 0;
    933 
    934936    if (   (VIRTIO_IS_IN_DIRECTION(pReq->enmTxDir)  && cbXfer32 > pReq->cbDataIn)
    935937        || (VIRTIO_IS_OUT_DIRECTION(pReq->enmTxDir) && cbXfer32 > pReq->cbDataOut))
     
    950952
    951953        /* req datain bytes already in guest phys mem. via virtioScsiIoReqCopyFromBuf() */
     954        /** @todo r=bird: There is too much allocating here and we'll leak stuff if
     955         *        we're low on memory and one of the RTMemAllocZ calls fail! */
    952956
    953957        PRTSGBUF pReqSegBuf = (PRTSGBUF)RTMemAllocZ(sizeof(RTSGBUF));
     
    957961        AssertReturn(paReqSegs, VERR_NO_MEMORY);
    958962
     963        int cSegs = 0;
    959964        paReqSegs[cSegs].pvSeg = &respHdr;
    960965        paReqSegs[cSegs++].cbSeg = sizeof(respHdr);
     
    964969
    965970        /* Copy segment data to malloc'd memory to avoid stack out-of-scope errors sanitizer doesn't detect */
     971        /** @todo r=bird: The above comment makes zero sense as the memory is freed
     972         *        before we return, so there cannot be any trouble with out-of-scope
     973         *        stuff here. */
    966974        for (int i = 0; i < cSegs; i++)
    967975        {
    968976            void *pv = paReqSegs[i].pvSeg;
    969             paReqSegs[i].pvSeg = RTMemAlloc(paReqSegs[i].cbSeg);
     977            paReqSegs[i].pvSeg = RTMemDup(pv, paReqSegs[i].cbSeg);
    970978            AssertReturn(paReqSegs[i].pvSeg, VERR_NO_MEMORY);
    971             memcpy(paReqSegs[i].pvSeg, pv, paReqSegs[i].cbSeg);
    972979        }
    973980
     
    11261133    {
    11271134        LogRel(("* * * REPORT LUNS LU ACCESSED * * * "));
    1128         /* Force rejection. todo: figure out right way to handle. Note this is a very
     1135        /* Force rejection. */ /** @todo figure out right way to handle. Note this is a very
    11291136         * vague and confusing part of the VirtIO spec which deviates from the SCSI standard
    11301137         * I have not been able to determine how to implement this properly.  Guest drivers
     
    11661173        respHdr.uResidual  = cbDataIn + cbDataOut;
    11671174        virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr , NULL);
    1168         RTMemFree(pVirtqReq);
     1175        RTMemFreeZ(pVirtqReq, cbReqHdr);
    11691176        return VINF_SUCCESS;
    11701177    }
     
    11861193        respHdr.uResidual  = cbDataOut + cbDataIn;
    11871194        virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr, abSense);
    1188         RTMemFree(pVirtqReq);
     1195        RTMemFreeZ(pVirtqReq, cbReqHdr);
    11891196        return VINF_SUCCESS;
    11901197
     
    12041211        respHdr.uResidual  = cbDataOut + cbDataIn;
    12051212        virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr, abSense);
    1206         RTMemFree(pVirtqReq);
     1213        RTMemFreeZ(pVirtqReq, cbReqHdr);
    12071214        return VINF_SUCCESS;
    12081215    }
     
    12181225        respHdr.uResidual  = cbDataIn + cbDataOut;
    12191226        virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr, NULL);
    1220         RTMemFree(pVirtqReq);
     1227        RTMemFreeZ(pVirtqReq, cbReqHdr);
    12211228        return VINF_SUCCESS;
    12221229    }
     
    12371244        respHdr.uResidual  = cbDataIn + cbDataOut;
    12381245        virtioScsiR3ReqErr(pDevIns, pThis, pThisCC, qIdx, pDescChain, &respHdr , abSense);
    1239         RTMemFree(pVirtqReq);
     1246        RTMemFreeZ(pVirtqReq, cbReqHdr);
    12401247        return VINF_SUCCESS;
    12411248    }
     
    12531260    if (RT_FAILURE(rc))
    12541261    {
    1255         RTMemFree(pVirtqReq);
     1262        RTMemFreeZ(pVirtqReq, cbReqHdr);
    12561263        AssertMsgRCReturn(rc, ("Failed to allocate I/O request, rc=%Rrc\n", rc), rc);
    12571264    }
     
    12691276    pReq->pbSense      = (uint8_t *)RTMemAllocZ(pReq->cbSenseAlloc);
    12701277    AssertMsgReturnStmt(pReq->pbSense, ("Out of memory allocating sense buffer"),
    1271                         virtioScsiR3FreeReq(pTarget, pReq); RTMemFree(pVirtqReq), VERR_NO_MEMORY);
     1278                        virtioScsiR3FreeReq(pTarget, pReq); RTMemFreeZ(pVirtqReq, cbReqHdr);, VERR_NO_MEMORY);
    12721279
    12731280    /* Note: DrvSCSI allocates one virtual memory buffer for input and output phases of the request */
     
    13091316    }
    13101317
    1311     RTMemFree(pVirtqReq);
     1318    RTMemFreeZ(pVirtqReq, cbReqHdr);
    13121319    return VINF_SUCCESS;
    13131320}
     
    13481355    }
    13491356
     1357    /** @todo r=bird: Memory leak here.  */
    13501358    AssertReturn(   (pScsiCtrlUnion->scsiCtrl.uType == VIRTIOSCSI_T_TMF
    13511359                     && pDescChain->cbPhysSend >= sizeof(VIRTIOSCSI_CTRL_TMF_T))
     
    13541362                     && pDescChain->cbPhysSend >= sizeof(VIRTIOSCSI_CTRL_AN_T)), 0);
    13551363
     1364    /** @todo r=bird: This segment handling is unnecessary. A stack array should
     1365     *        suffice.  The stack variable w/ initializer + memcpy into paReqSegs
     1366     *        done in the switch below is also weird + suboptimal. */
    13561367    PRTSGSEG paReqSegs = (PRTSGSEG)RTMemAllocZ(sizeof(RTSGSEG) * 2);
    1357     AssertReturn(paReqSegs, VERR_NO_MEMORY);
     1368    AssertReturn(paReqSegs, VERR_NO_MEMORY); /** @todo r=bird: Memory leak here.  */
    13581369
    13591370    switch (pScsiCtrlUnion->scsiCtrl.uType)
     
    14921503
    14931504    PRTSGBUF pReqSegBuf = (PRTSGBUF)RTMemAllocZ(sizeof(RTSGBUF));
    1494     AssertReturn(pReqSegBuf, VERR_NO_MEMORY);
     1505    AssertReturn(pReqSegBuf, VERR_NO_MEMORY); /** @todo r=bird: Memory leak here.  */
    14951506
    14961507    /* Copy segment data to malloc'd memory to avoid stack out-of-scope errors sanitizer doesn't detect */
     1508    /** @todo r=bird: The above comment makes zero sense as the memory is freed
     1509     *        before we return, so there cannot be any trouble with out-of-scope
     1510     *        stuff here. */
    14971511    for (int i = 0; i < cSegs; i++)
    14981512    {
    14991513        void *pv = paReqSegs[i].pvSeg;
    1500         paReqSegs[i].pvSeg = RTMemAlloc(paReqSegs[i].cbSeg);
    1501         AssertReturn(paReqSegs[i].pvSeg, VERR_NO_MEMORY);
    1502         memcpy(paReqSegs[i].pvSeg, pv, paReqSegs[i].cbSeg);
     1514        paReqSegs[i].pvSeg = RTMemDup(pv, paReqSegs[i].cbSeg);
     1515        AssertReturn(paReqSegs[i].pvSeg, VERR_NO_MEMORY); /** @todo r=bird: Memory leak here.  */
    15031516    }
    15041517
     
    15131526    RTMemFree(paReqSegs);
    15141527    RTMemFree(pReqSegBuf);
     1528    /** @todo r=bird: Leaking pScsiCtrlUnion here! */
    15151529
    15161530    return VINF_SUCCESS;
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette