From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>,
qemu-stable@nongnu.org,
Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Richard Henderson <richard.henderson@linaro.org>,
Eduardo Habkost <eduardo@habkost.net>
Subject: [PULL 18/19] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb()
Date: Thu, 1 Aug 2024 06:37:12 -0400 [thread overview]
Message-ID: <9a45b0761628cc59267b3283a85d15294464ac31.1722508478.git.mst@redhat.com> (raw)
In-Reply-To: <cover.1722508478.git.mst@redhat.com>
From: Peter Maydell <peter.maydell@linaro.org>
In amdvi_update_iotlb() we will only put a new entry in the hash
table if to_cache.perm is not IOMMU_NONE. However we allocate the
memory for the new AMDVIIOTLBEntry and for the hash table key
regardless. This means that in the IOMMU_NONE case we will leak the
memory we alloacted.
Move the allocations into the if() to the point where we know we're
going to add the item to the hash table.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2452
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20240731170019.3590563-1-peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
hw/i386/amd_iommu.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 6d4fde72f9..87643d2891 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -357,12 +357,12 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid,
uint64_t gpa, IOMMUTLBEntry to_cache,
uint16_t domid)
{
- AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);
- uint64_t *key = g_new(uint64_t, 1);
- uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;
-
/* don't cache erroneous translations */
if (to_cache.perm != IOMMU_NONE) {
+ AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);
+ uint64_t *key = g_new(uint64_t, 1);
+ uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;
+
trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid),
PCI_FUNC(devid), gpa, to_cache.translated_addr);
--
MST
next prev parent reply other threads:[~2024-08-01 10:37 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-01 10:35 [PULL 00/19] virtio,pci,pc: fixes Michael S. Tsirkin
2024-08-01 10:35 ` [PULL 01/19] virtio-rng: block max-bytes=0 Michael S. Tsirkin
2024-08-01 10:35 ` [PULL 02/19] Revert "docs: Document composable SR-IOV device" Michael S. Tsirkin
2024-08-01 10:35 ` [PULL 03/19] Revert "virtio-net: Implement SR-IOV VF" Michael S. Tsirkin
2024-08-01 10:35 ` [PULL 04/19] Revert "virtio-pci: Implement SR-IOV PF" Michael S. Tsirkin
2024-08-01 10:35 ` [PULL 05/19] Revert "pcie_sriov: Allow user to create SR-IOV device" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 06/19] Revert "pcie_sriov: Check PCI Express for SR-IOV PF" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 07/19] Revert "pcie_sriov: Ensure PF and VF are mutually exclusive" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 08/19] Revert "hw/pci: Fix SR-IOV VF number calculation" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 09/19] Revert "pcie_sriov: Register VFs after migration" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 10/19] Revert "pcie_sriov: Remove num_vfs from PCIESriovPF" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 11/19] Revert "pcie_sriov: Release VFs failed to realize" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 12/19] Revert "pcie_sriov: Reuse SR-IOV VF device instances" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 13/19] Revert "pcie_sriov: Ensure VF function number does not overflow" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 14/19] Revert "pcie_sriov: Do not manually unrealize" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 15/19] Revert "hw/ppc/spapr_pci: Do not reject VFs created after a PF" Michael S. Tsirkin
2024-08-01 10:36 ` [PULL 16/19] Revert "hw/ppc/spapr_pci: Do not create DT for disabled PCI device" Michael S. Tsirkin
2024-08-01 10:37 ` [PULL 17/19] Revert "hw/pci: Rename has_power to enabled" Michael S. Tsirkin
2024-08-01 10:37 ` Michael S. Tsirkin [this message]
2024-08-01 10:37 ` [PULL 19/19] intel_iommu: Fix for IQA reg read dropped DW field Michael S. Tsirkin
2024-08-01 22:18 ` [PULL 00/19] virtio,pci,pc: fixes Richard Henderson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=9a45b0761628cc59267b3283a85d15294464ac31.1722508478.git.mst@redhat.com \
--to=mst@redhat.com \
--cc=eduardo@habkost.net \
--cc=marcel.apfelbaum@gmail.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
--cc=qemu-stable@nongnu.org \
--cc=richard.henderson@linaro.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).