From ac9dde499effc2e25449cb4b87aca3f9f9cfbd0a Mon Sep 17 00:00:00 2001 From: Peter Maydell Date: Mon, 9 Mar 2026 09:51:29 +0000 Subject: [PATCH] hw/misc/sifive_e_aon: Don't leak timer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The sifive_e_aon watchdog creates a timer with timer_new_ns() in its instance_init method, but does not free it in instance_finalize. This means that QMP introspection of the device leaks it: Direct leak of 48 byte in 1 object allocated from: #0 in calloc #1 in g_malloc0 #2 in timer_new_full /home/pm215/qemu/include/qemu/timer.h:520:21 #3 in timer_new /home/pm215/qemu/include/qemu/timer.h:543:12 #4 in timer_new_ns /home/pm215/qemu/include/qemu/timer.h:563:12 #5 in sifive_e_aon_init /home/pm215/qemu/build/san/../../hw/misc/sifive_e_aon.c:286:21 #6 in object_initialize_with_type /home/pm215/qemu/build/san/../../qom/object.c:570:5 #7 in object_initialize /home/pm215/qemu/build/san/../../qom/object.c:578:5 #8 in object_initialize_child_with_propsv /home/pm215/qemu/build/san/../../qom/object.c:608:5 #9 in object_initialize_child_with_props /home/pm215/qemu/build/san/../../qom/object.c:591:10 #10 in object_initialize_child_internal /home/pm215/qemu/build/san/../../qom/object.c:645:5 #11 in object_initialize_with_type /home/pm215/qemu/build/san/../../qom/object.c:570:5 #12 in object_new_with_type /home/pm215/qemu/build/san/../../qom/object.c:774:5 #13 in qmp_device_list_properties /home/pm215/qemu/build/san/../../qom/qom-qmp-cmds.c:206:11 Allocating a separate QEMUTimer with timer_new() is not the preferred interface (per the comments in include/qemu/timer.h); switch to an inline struct initialized with timer_init(), which we can clean up with timer_del() in finalize. Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé Message-ID: <20260309095129.1406506-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé --- hw/misc/sifive_e_aon.c | 16 ++++++++++++---- include/hw/misc/sifive_e_aon.h | 2 +- 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/hw/misc/sifive_e_aon.c b/hw/misc/sifive_e_aon.c index 0e82ae3758..e78f4f5672 100644 --- a/hw/misc/sifive_e_aon.c +++ b/hw/misc/sifive_e_aon.c @@ -94,9 +94,9 @@ static void sifive_e_aon_wdt_update_state(SiFiveEAONState *r) next += muldiv64((r->wdogcmp0 - wdogs) << FIELD_EX32(r->wdogcfg, AON_WDT_WDOGCFG, SCALE), NANOSECONDS_PER_SECOND, r->wdogclk_freq); - timer_mod(r->wdog_timer, next); + timer_mod(&r->wdog_timer, next); } else { - timer_mod(r->wdog_timer, INT64_MAX); + timer_mod(&r->wdog_timer, INT64_MAX); } } @@ -283,12 +283,19 @@ static void sifive_e_aon_init(Object *obj) sysbus_init_mmio(sbd, &r->mmio); /* watchdog timer */ - r->wdog_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, - sifive_e_aon_wdt_expired_cb, r); + timer_init_ns(&r->wdog_timer, QEMU_CLOCK_VIRTUAL, + sifive_e_aon_wdt_expired_cb, r); r->wdogclk_freq = SIFIVE_E_LFCLK_DEFAULT_FREQ; sysbus_init_irq(sbd, &r->wdog_irq); } +static void sifive_e_aon_finalize(Object *obj) +{ + SiFiveEAONState *r = SIFIVE_E_AON(obj); + + timer_del(&r->wdog_timer); +} + static const Property sifive_e_aon_properties[] = { DEFINE_PROP_UINT64("wdogclk-frequency", SiFiveEAONState, wdogclk_freq, SIFIVE_E_LFCLK_DEFAULT_FREQ), @@ -307,6 +314,7 @@ static const TypeInfo sifive_e_aon_info = { .parent = TYPE_SYS_BUS_DEVICE, .instance_size = sizeof(SiFiveEAONState), .instance_init = sifive_e_aon_init, + .instance_finalize = sifive_e_aon_finalize, .class_init = sifive_e_aon_class_init, }; diff --git a/include/hw/misc/sifive_e_aon.h b/include/hw/misc/sifive_e_aon.h index efa2c3023f..e907aa7869 100644 --- a/include/hw/misc/sifive_e_aon.h +++ b/include/hw/misc/sifive_e_aon.h @@ -46,7 +46,7 @@ struct SiFiveEAONState { MemoryRegion mmio; /*< watchdog timer >*/ - QEMUTimer *wdog_timer; + QEMUTimer wdog_timer; qemu_irq wdog_irq; uint64_t wdog_restart_time; uint64_t wdogclk_freq;