On Fri, Aug 22, 2025 at 1:42 AM Peter Maydell <[email protected]> wrote: > > In stm32f250_soc_initfn() we mostly use the standard pattern > for child objects of calling object_initialize_child(). However > for s->adc_irqs we call object_new() and then later qdev_realize(), > and we never unref the object on deinit. This causes a leak, > detected by ASAN on the device-introspect-test: > > Indirect leak of 10 byte(s) in 1 object(s) allocated from: > #0 0x5b9fc4789de3 in malloc > (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/qemu-system-arm+0x21f1de3) > (BuildId: 267a2619a026ed91c78a07b1eb2ef15381538efe) > #1 0x740de3f28b09 in g_malloc > (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: > 1eb6131419edb83b2178b682829a6913cf682d75) > #2 0x740de3f3e4d8 in g_strdup > (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x784d8) (BuildId: > 1eb6131419edb83b2178b682829a6913cf682d75) > #3 0x5b9fc70159e1 in g_strdup_inline > /usr/include/glib-2.0/glib/gstrfuncs.h:321:10 > #4 0x5b9fc70159e1 in object_property_try_add > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1276:18 > #5 0x5b9fc7015f94 in object_property_add > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:1294:12 > #6 0x5b9fc701b900 in object_add_link_prop > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2021:10 > #7 0x5b9fc701b3fc in object_property_add_link > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:2037:12 > #8 0x5b9fc4c299fb in qdev_init_gpio_out_named > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:90:9 > #9 0x5b9fc4c29b26 in qdev_init_gpio_out > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/gpio.c:101:5 > #10 0x5b9fc4c0f77a in or_irq_init > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/core/or-irq.c:70:5 > #11 0x5b9fc70257e1 in object_init_with_type > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:428:9 > #12 0x5b9fc700cd4b in object_initialize_with_type > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:570:5 > #13 0x5b9fc700e66d in object_new_with_type > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:774:5 > #14 0x5b9fc700e750 in object_new > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../qom/object.c:789:12 > #15 0x5b9fc68b2162 in stm32f205_soc_initfn > /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/arm-asan/../../hw/arm/stm32f205_soc.c:69:26 > > Switch to using object_initialize_child() like all our > other child objects for this SoC object. > > Cc: [email protected] > Fixes: b63041c8f6b ("STM32F205: Connect the ADC devices") > Signed-off-by: Peter Maydell <[email protected]>
Reviewed-by: Alistair Francis <[email protected]> Alistair > --- > include/hw/arm/stm32f205_soc.h | 2 +- > hw/arm/stm32f205_soc.c | 10 +++++----- > 2 files changed, 6 insertions(+), 6 deletions(-) > > diff --git a/include/hw/arm/stm32f205_soc.h b/include/hw/arm/stm32f205_soc.h > index 4f4c8bbebc1..46eda3403a9 100644 > --- a/include/hw/arm/stm32f205_soc.h > +++ b/include/hw/arm/stm32f205_soc.h > @@ -59,7 +59,7 @@ struct STM32F205State { > STM32F2XXADCState adc[STM_NUM_ADCS]; > STM32F2XXSPIState spi[STM_NUM_SPIS]; > > - OrIRQState *adc_irqs; > + OrIRQState adc_irqs; > > MemoryRegion sram; > MemoryRegion flash; > diff --git a/hw/arm/stm32f205_soc.c b/hw/arm/stm32f205_soc.c > index 229af7fb108..e3c7203c6e7 100644 > --- a/hw/arm/stm32f205_soc.c > +++ b/hw/arm/stm32f205_soc.c > @@ -66,7 +66,7 @@ static void stm32f205_soc_initfn(Object *obj) > TYPE_STM32F2XX_TIMER); > } > > - s->adc_irqs = OR_IRQ(object_new(TYPE_OR_IRQ)); > + object_initialize_child(obj, "adc-irq-orgate", &s->adc_irqs, > TYPE_OR_IRQ); > > for (i = 0; i < STM_NUM_ADCS; i++) { > object_initialize_child(obj, "adc[*]", &s->adc[i], > TYPE_STM32F2XX_ADC); > @@ -171,12 +171,12 @@ static void stm32f205_soc_realize(DeviceState *dev_soc, > Error **errp) > } > > /* ADC 1 to 3 */ > - object_property_set_int(OBJECT(s->adc_irqs), "num-lines", STM_NUM_ADCS, > + object_property_set_int(OBJECT(&s->adc_irqs), "num-lines", STM_NUM_ADCS, > &error_abort); > - if (!qdev_realize(DEVICE(s->adc_irqs), NULL, errp)) { > + if (!qdev_realize(DEVICE(&s->adc_irqs), NULL, errp)) { > return; > } > - qdev_connect_gpio_out(DEVICE(s->adc_irqs), 0, > + qdev_connect_gpio_out(DEVICE(&s->adc_irqs), 0, > qdev_get_gpio_in(armv7m, ADC_IRQ)); > > for (i = 0; i < STM_NUM_ADCS; i++) { > @@ -187,7 +187,7 @@ static void stm32f205_soc_realize(DeviceState *dev_soc, > Error **errp) > busdev = SYS_BUS_DEVICE(dev); > sysbus_mmio_map(busdev, 0, adc_addr[i]); > sysbus_connect_irq(busdev, 0, > - qdev_get_gpio_in(DEVICE(s->adc_irqs), i)); > + qdev_get_gpio_in(DEVICE(&s->adc_irqs), i)); > } > > /* SPI 1 and 2 */ > -- > 2.43.0 > >
