[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH] exec.c: Don't reallocate IOMMUNotifiers that ar
From: |
Richard Henderson |
Subject: |
Re: [Qemu-devel] [PATCH] exec.c: Don't reallocate IOMMUNotifiers that are in use |
Date: |
Tue, 29 Jan 2019 06:41:11 -0800 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.4.0 |
On 1/28/19 9:42 AM, Peter Maydell wrote:
> The tcg_register_iommu_notifier() code has a GArray of
> TCGIOMMUNotifier structs which it has registered by passing
> memory_region_register_iommu_notifier() a pointer to the embedded
> IOMMUNotifier field. Unfortunately, if we need to enlarge the
> array via g_array_set_size() this can cause a realloc(), which
> invalidates the pointer that memory_region_register_iommu_notifier()
> put into the MemoryRegion's iommu_notify list. This can result
> in segfaults.
>
> Switch the GArray to holding pointers to the TCGIOMMUNotifier
> structs, so that we can individually allocate and free them.
>
> Cc: address@hidden
> Fixes: 1f871c5e6b0f30644a60a ("exec.c: Handle IOMMUs in
> address_space_translate_for_iotlb()")
> Signed-off-by: Peter Maydell <address@hidden>
> ---
> I don't know why I've suddenly started running into this; possibly
> it's because of a recent Ubuntu upgrade and so a newer glibc.
> ---
> exec.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
Reviewed-by: Richard Henderson <address@hidden>
It is odd that we have not seen this before...
r~