[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-stable] [PATCH 82/97] exec.c: Don't reallocate IOMMUNotifiers that
|
From: |
Michael Roth |
|
Subject: |
[Qemu-stable] [PATCH 82/97] exec.c: Don't reallocate IOMMUNotifiers that are in use |
|
Date: |
Mon, 1 Apr 2019 15:59:56 -0500 |
From: Peter Maydell <address@hidden>
The tcg_register_iommu_notifier() code has a GArray of
TCGIOMMUNotifier structs which it has registered by passing
memory_region_register_iommu_notifier() a pointer to the embedded
IOMMUNotifier field. Unfortunately, if we need to enlarge the
array via g_array_set_size() this can cause a realloc(), which
invalidates the pointer that memory_region_register_iommu_notifier()
put into the MemoryRegion's iommu_notify list. This can result
in segfaults.
Switch the GArray to holding pointers to the TCGIOMMUNotifier
structs, so that we can individually allocate and free them.
Cc: address@hidden
Fixes: 1f871c5e6b0f30644a60a ("exec.c: Handle IOMMUs in
address_space_translate_for_iotlb()")
Signed-off-by: Peter Maydell <address@hidden>
Reviewed-by: Richard Henderson <address@hidden>
Message-id: address@hidden
(cherry picked from commit 5601be3b01d73e21c09331599e2ce62df016ff94)
Signed-off-by: Michael Roth <address@hidden>
---
exec.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/exec.c b/exec.c
index 4f5df07b6a..9bafcb155a 100644
--- a/exec.c
+++ b/exec.c
@@ -690,7 +690,7 @@ static void tcg_register_iommu_notifier(CPUState *cpu,
int i;
for (i = 0; i < cpu->iommu_notifiers->len; i++) {
- notifier = &g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier, i);
+ notifier = g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i);
if (notifier->mr == mr && notifier->iommu_idx == iommu_idx) {
break;
}
@@ -698,7 +698,8 @@ static void tcg_register_iommu_notifier(CPUState *cpu,
if (i == cpu->iommu_notifiers->len) {
/* Not found, add a new entry at the end of the array */
cpu->iommu_notifiers = g_array_set_size(cpu->iommu_notifiers, i + 1);
- notifier = &g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier, i);
+ notifier = g_new0(TCGIOMMUNotifier, 1);
+ g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i) = notifier;
notifier->mr = mr;
notifier->iommu_idx = iommu_idx;
@@ -730,8 +731,9 @@ static void tcg_iommu_free_notifier_list(CPUState *cpu)
TCGIOMMUNotifier *notifier;
for (i = 0; i < cpu->iommu_notifiers->len; i++) {
- notifier = &g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier, i);
+ notifier = g_array_index(cpu->iommu_notifiers, TCGIOMMUNotifier *, i);
memory_region_unregister_iommu_notifier(notifier->mr, ¬ifier->n);
+ g_free(notifier);
}
g_array_free(cpu->iommu_notifiers, true);
}
@@ -1000,7 +1002,7 @@ void cpu_exec_realizefn(CPUState *cpu, Error **errp)
vmstate_register(NULL, cpu->cpu_index, cc->vmsd, cpu);
}
- cpu->iommu_notifiers = g_array_new(false, true, sizeof(TCGIOMMUNotifier));
+ cpu->iommu_notifiers = g_array_new(false, true, sizeof(TCGIOMMUNotifier
*));
#endif
}
--
2.17.1
- [Qemu-stable] [PATCH 66/97] vfio-helpers: Fix qemu_vfio_open_pci() crash, (continued)
- [Qemu-stable] [PATCH 66/97] vfio-helpers: Fix qemu_vfio_open_pci() crash, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 69/97] nbd/server: Advertise all contexts in response to bare LIST, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 70/97] nbd/client: Make x-dirty-bitmap more reliable, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 71/97] nbd/client: Send NBD_CMD_DISC if open fails after connect, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 73/97] iotests: simple mirror test with kvm on 1G image, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 68/97] i2c: Add a length check to the SMBus write handling, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 76/97] pcie: set link state inactive/active after hot unplug/plug, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 75/97] Changes requirement for "vsubsbs" instruction, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 79/97] linux-user: write(fd, NULL, 0) parity with linux's treatment of same, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 80/97] linux-user: make pwrite64/pread64(fd, NULL, 0, offset) return 0, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 82/97] exec.c: Don't reallocate IOMMUNotifiers that are in use,
Michael Roth <=
- [Qemu-stable] [PATCH 86/97] tpm: Make sure the locality received from backend is valid, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 07/97] target/arm: Fix offset for LD1R instructions, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 85/97] tpm: Make sure new locality passed to tpm_tis_prep_abort() is valid, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 77/97] pc:piix4: Update smbus I/O space after a migration, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 96/97] usb-mtp: outlaw slashes in filenames, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 95/97] 9p: fix QEMU crash when renaming files, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 94/97] nvme: fix out-of-bounds access to the CMB, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 32/97] vhost: fix invalid downcast, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 57/97] migration: Stop postcopy fault thread before notifying, Michael Roth, 2019/04/01
- [Qemu-stable] [PATCH 46/97] rtl8139: fix possible out of bound access, Michael Roth, 2019/04/01