qemu/hw/timer/digic-timer.c
Gan Qixin ea492b1245 digic-timer: Use ptimer_free() in the finalize function to avoid memleaks
When running device-introspect-test, a memory leak occurred in the
digic_timer_init function, so use ptimer_free() in the finalize function to
avoid it.

ASAN shows memory leak stack:

Indirect leak of 288 byte(s) in 3 object(s) allocated from:
    #0 0xffffab97e1f0 in __interceptor_calloc (/lib64/libasan.so.5+0xee1f0)
    #1 0xffffab256800 in g_malloc0 (/lib64/libglib-2.0.so.0+0x56800)
    #2 0xaaabf555db78 in ptimer_init /qemu/hw/core/ptimer.c:432
    #3 0xaaabf5b04084 in digic_timer_init /qemu/hw/timer/digic-timer.c:142
    #4 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
    #5 0xaaabf633ca04 in object_initialize_child_with_propsv /qemu/qom/object.c:564
    #6 0xaaabf633cc08 in object_initialize_child_with_props /qemu/qom/object.c:547
    #7 0xaaabf5b40e84 in digic_init /qemu/hw/arm/digic.c:46
    #8 0xaaabf6339f6c in object_initialize_with_type /qemu/qom/object.c:515
    #9 0xaaabf633a1e0 in object_new_with_type /qemu/qom/object.c:729
    #10 0xaaabf6375e40 in qmp_device_list_properties /qemu/qom/qom-qmp-cmds.c:153
    #11 0xaaabf653d8ec in qmp_marshal_device_list_properties /qemu/qapi/qapi-commands-qdev.c:59
    #12 0xaaabf6587d08 in do_qmp_dispatch_bh /qemu/qapi/qmp-dispatch.c:110

Reported-by: Euler Robot <euler.robot@huawei.com>
Signed-off-by: Gan Qixin <ganqixin@huawei.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-01-08 15:13:38 +00:00

187 lines
4.9 KiB
C

/*
* QEMU model of the Canon DIGIC timer block.
*
* Copyright (C) 2013 Antony Pavlov <antonynpavlov@gmail.com>
*
* This model is based on reverse engineering efforts
* made by CHDK (http://chdk.wikia.com) and
* Magic Lantern (http://www.magiclantern.fm) projects
* contributors.
*
* See "Timer/Clock Module" docs here:
* http://magiclantern.wikia.com/wiki/Register_Map
*
* The QEMU model of the OSTimer in PKUnity SoC by Guan Xuetao
* is used as a template.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
*/
#include "qemu/osdep.h"
#include "hw/sysbus.h"
#include "hw/ptimer.h"
#include "qemu/module.h"
#include "qemu/log.h"
#include "hw/timer/digic-timer.h"
#include "migration/vmstate.h"
static const VMStateDescription vmstate_digic_timer = {
.name = "digic.timer",
.version_id = 1,
.minimum_version_id = 1,
.fields = (VMStateField[]) {
VMSTATE_PTIMER(ptimer, DigicTimerState),
VMSTATE_UINT32(control, DigicTimerState),
VMSTATE_UINT32(relvalue, DigicTimerState),
VMSTATE_END_OF_LIST()
}
};
static void digic_timer_reset(DeviceState *dev)
{
DigicTimerState *s = DIGIC_TIMER(dev);
ptimer_transaction_begin(s->ptimer);
ptimer_stop(s->ptimer);
ptimer_transaction_commit(s->ptimer);
s->control = 0;
s->relvalue = 0;
}
static uint64_t digic_timer_read(void *opaque, hwaddr offset, unsigned size)
{
DigicTimerState *s = opaque;
uint64_t ret = 0;
switch (offset) {
case DIGIC_TIMER_CONTROL:
ret = s->control;
break;
case DIGIC_TIMER_RELVALUE:
ret = s->relvalue;
break;
case DIGIC_TIMER_VALUE:
ret = ptimer_get_count(s->ptimer) & 0xffff;
break;
default:
qemu_log_mask(LOG_UNIMP,
"digic-timer: read access to unknown register 0x"
TARGET_FMT_plx "\n", offset);
}
return ret;
}
static void digic_timer_write(void *opaque, hwaddr offset,
uint64_t value, unsigned size)
{
DigicTimerState *s = opaque;
switch (offset) {
case DIGIC_TIMER_CONTROL:
if (value & DIGIC_TIMER_CONTROL_RST) {
digic_timer_reset((DeviceState *)s);
break;
}
ptimer_transaction_begin(s->ptimer);
if (value & DIGIC_TIMER_CONTROL_EN) {
ptimer_run(s->ptimer, 0);
}
s->control = (uint32_t)value;
ptimer_transaction_commit(s->ptimer);
break;
case DIGIC_TIMER_RELVALUE:
s->relvalue = extract32(value, 0, 16);
ptimer_transaction_begin(s->ptimer);
ptimer_set_limit(s->ptimer, s->relvalue, 1);
ptimer_transaction_commit(s->ptimer);
break;
case DIGIC_TIMER_VALUE:
break;
default:
qemu_log_mask(LOG_UNIMP,
"digic-timer: read access to unknown register 0x"
TARGET_FMT_plx "\n", offset);
}
}
static const MemoryRegionOps digic_timer_ops = {
.read = digic_timer_read,
.write = digic_timer_write,
.impl = {
.min_access_size = 4,
.max_access_size = 4,
},
.endianness = DEVICE_NATIVE_ENDIAN,
};
static void digic_timer_tick(void *opaque)
{
/* Nothing to do on timer rollover */
}
static void digic_timer_init(Object *obj)
{
DigicTimerState *s = DIGIC_TIMER(obj);
s->ptimer = ptimer_init(digic_timer_tick, NULL, PTIMER_POLICY_DEFAULT);
/*
* FIXME: there is no documentation on Digic timer
* frequency setup so let it always run at 1 MHz
*/
ptimer_transaction_begin(s->ptimer);
ptimer_set_freq(s->ptimer, 1 * 1000 * 1000);
ptimer_transaction_commit(s->ptimer);
memory_region_init_io(&s->iomem, OBJECT(s), &digic_timer_ops, s,
TYPE_DIGIC_TIMER, 0x100);
sysbus_init_mmio(SYS_BUS_DEVICE(obj), &s->iomem);
}
static void digic_timer_finalize(Object *obj)
{
DigicTimerState *s = DIGIC_TIMER(obj);
ptimer_free(s->ptimer);
}
static void digic_timer_class_init(ObjectClass *klass, void *class_data)
{
DeviceClass *dc = DEVICE_CLASS(klass);
dc->reset = digic_timer_reset;
dc->vmsd = &vmstate_digic_timer;
}
static const TypeInfo digic_timer_info = {
.name = TYPE_DIGIC_TIMER,
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(DigicTimerState),
.instance_init = digic_timer_init,
.instance_finalize = digic_timer_finalize,
.class_init = digic_timer_class_init,
};
static void digic_timer_register_type(void)
{
type_register_static(&digic_timer_info);
}
type_init(digic_timer_register_type)