On Thu, Jun 30, 2022 at 11:22:31AM +0800, Jinhao Fan wrote:
> +static int nvme_init_sq_ioeventfd(NvmeSQueue *sq)
> +{
> + NvmeCtrl *n = sq->ctrl;
> + uint16_t offset = sq->sqid << 3;
> + int ret;
> +
> + ret = event_notifier_init(&sq->notifier, 0);
> + if (ret < 0) {
> + return ret;
> + }
> +
> + event_notifier_set_handler(&sq->notifier, nvme_sq_notifier);
> + memory_region_add_eventfd(&n->iomem,
> + 0x1000 + offset, 4, false, 0, &sq->notifier);
> +
> + return 0;
> +}
> +
> static void nvme_free_sq(NvmeSQueue *sq, NvmeCtrl *n)
> {
> n->sq[sq->sqid] = NULL;
> timer_free(sq->timer);
> + event_notifier_cleanup(&sq->notifier);
> g_free(sq->io_req);
> if (sq->sqid) {
> g_free(sq);
I believe there needs to be a corresponding memory_region_del_eventfd() when
deleting the queue before event_notifier_cleanup(), otherwise you'll leak
invalid listeners.
