[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Stable-9.0.3 30/69] hw/i386/amd_iommu: Don't leak memory in amdvi_updat
From: |
Michael Tokarev |
Subject: |
[Stable-9.0.3 30/69] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb() |
Date: |
Fri, 6 Sep 2024 14:12:39 +0300 |
From: Peter Maydell <peter.maydell@linaro.org>
In amdvi_update_iotlb() we will only put a new entry in the hash
table if to_cache.perm is not IOMMU_NONE. However we allocate the
memory for the new AMDVIIOTLBEntry and for the hash table key
regardless. This means that in the IOMMU_NONE case we will leak the
memory we alloacted.
Move the allocations into the if() to the point where we know we're
going to add the item to the hash table.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2452
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20240731170019.3590563-1-peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 9a45b0761628cc59267b3283a85d15294464ac31)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 6d4fde72f9..87643d2891 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -357,12 +357,12 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t
devid,
uint64_t gpa, IOMMUTLBEntry to_cache,
uint16_t domid)
{
- AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);
- uint64_t *key = g_new(uint64_t, 1);
- uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;
-
/* don't cache erroneous translations */
if (to_cache.perm != IOMMU_NONE) {
+ AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);
+ uint64_t *key = g_new(uint64_t, 1);
+ uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;
+
trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid),
PCI_FUNC(devid), gpa, to_cache.translated_addr);
--
2.39.2
- [Stable-9.0.3 19/69] util/async.c: Forbid negative min/max in aio_context_set_thread_pool_params(), (continued)
- [Stable-9.0.3 19/69] util/async.c: Forbid negative min/max in aio_context_set_thread_pool_params(), Michael Tokarev, 2024/09/06
- [Stable-9.0.3 21/69] hw/virtio: Fix the de-initialization of vhost-user devices, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 22/69] target/rx: Use target_ulong for address in LI, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 23/69] hw/char/bcm2835_aux: Fix assert when receive FIFO fills up, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 20/69] Revert "qemu-char: do not operate on sources from finalize callbacks", Michael Tokarev, 2024/09/06
- [Stable-9.0.3 24/69] hw/misc/bcm2835_property: Fix handling of FRAMEBUFFER_SET_PALETTE, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 27/69] target/arm: Avoid shifts by -1 in tszimm_shr() and tszimm_shl(), Michael Tokarev, 2024/09/06
- [Stable-9.0.3 26/69] target/arm: Fix UMOPA/UMOPS of 16-bit values, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 25/69] target/arm: Don't assert for 128-bit tile accesses when SVL is 128, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 31/69] hw/arm/mps2-tz.c: fix RX/TX interrupts order, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 30/69] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb(),
Michael Tokarev <=
- [Stable-9.0.3 28/69] target/arm: Ignore SMCR_EL2.LEN and SVCR_EL2.LEN if EL2 is not enabled, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 29/69] docs/sphinx/depfile.py: Handle env.doc2path() returning a Path not a str, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 34/69] virtio-net: Fix network stall at the host side waiting for kick, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 36/69] migration/multifd: Fix multifd_send_setup cleanup when channel creation fails, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 37/69] linux-user/elfload: Fix pr_pid values in core files, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 38/69] target/i386: Fix VSIB decode, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 32/69] target/arm: Handle denormals correctly for FMOPA (widening), Michael Tokarev, 2024/09/06
- [Stable-9.0.3 33/69] virtio-net: Ensure queue index fits with RSS, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 35/69] net: Reinstate '-net nic, model=help' output as documented in man page, Michael Tokarev, 2024/09/06
- [Stable-9.0.3 41/69] vvfat: Fix bug in writing to middle of file, Michael Tokarev, 2024/09/06