From patchwork Fri Sep 6 06:53:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825925 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp665332wrb; Fri, 6 Sep 2024 00:06:18 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCUwVcTzJOT4eeV850CgHwGTkKiWobzC8isq4eT4BG/ajWKOkhWiulJSBM0BGDaOm7uLO5kjkQ==@linaro.org X-Google-Smtp-Source: AGHT+IFB2hL/+ROe9sbsm3ywPds6vGaz9+lIxk4c8iWOtu0HVPSXTuAJK9Q9+xFqGyvyrV09oOK8 X-Received: by 2002:a05:6902:2745:b0:e0b:a7c1:9dcc with SMTP id 3f1490d57ef6-e1d34882d90mr1624597276.20.1725606378560; Fri, 06 Sep 2024 00:06:18 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725606378; cv=none; d=google.com; s=arc-20240605; b=i+eP2ildRDLHz+nNjuWgOD3oJfQbDdfUeuPIApuyNHpGQ2mlKUyZT0qhL45paJDF8+ 2F8ow0bsABNcK3lBfKoVndta0ar5xAexF8wKVWmIsnrShEbjxjiw78fcIvvy0iKylv2y tKggB9zy43yB4sjU+FOqT6rbgjNysvfyZ3ebcaOg06szLrl9KgAOz6g8j26iAMcNIVaB Lgt11rjQKSZvEYDJ4BQckgX//5/jvqIuPCyIQHO4TRRqZdlGIG5htQBiEx0TJUpUSQWJ rU/X5XZekQBffnhC9ir9ulmC8rYbHWhgtTPUHJBjRAGpD/0uSrDOTUl4MhZj9q9Y0EdN v5Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=262cAKYZoNQjQbu/JzPYBjYAsDiK8/+WzcqtdmUNF6I=; fh=lkSFXoxMdr4qZMbOju3jrj6agwaYXwlSFfKSAqY95WM=; b=X5bGtO2a2FHyEYTwjr+98cW2F8tNmLWrSNw3YfAx0SOo8+3hQJ0wSZS11psX9RjD2x EqqN2Y/dVJjGWqWfQKusDIQ1PUddGZrKU/eVI51xStxXK1iR/hg69gZ6LMLbJmTYeMq5 KxEVDeFofIDyU81L6KHsDft2NbKoEwErNSMWA+NM8dTufdD47bk9QiYeFgMyMis3Ou3E QM6sRYK5Ang/3qz9hj5K8cMN8qsKUKutVWuznX5TnVInIRNkzvDTB9qxua8oTpCx93Xg 6yRUrrc++1U0rm65K6aQcfHjJ5BIxeW71Uua1PGYLSxm8Ti3lxDm7LU9U3S4+FfekeOh GPWA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id 6a1803df08f44-6c52051aafesi36669396d6.459.2024.09.06.00.06.18 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Sep 2024 00:06:18 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smStm-00081h-3z; Fri, 06 Sep 2024 02:56:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smStj-0007Zq-BR; Fri, 06 Sep 2024 02:56:47 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smSth-0003Q5-Iq; Fri, 06 Sep 2024 02:56:47 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 4C5A68C24E; Fri, 6 Sep 2024 09:53:13 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 15D7D133406; Fri, 6 Sep 2024 09:54:31 +0300 (MSK) Received: (nullmailer pid 43510 invoked by uid 1000); Fri, 06 Sep 2024 06:54:30 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , "Michael S . Tsirkin" , Michael Tokarev Subject: [Stable-8.2.7 25/53] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb() Date: Fri, 6 Sep 2024 09:53:55 +0300 Message-Id: <20240906065429.42415-25-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In amdvi_update_iotlb() we will only put a new entry in the hash table if to_cache.perm is not IOMMU_NONE. However we allocate the memory for the new AMDVIIOTLBEntry and for the hash table key regardless. This means that in the IOMMU_NONE case we will leak the memory we alloacted. Move the allocations into the if() to the point where we know we're going to add the item to the hash table. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2452 Signed-off-by: Peter Maydell Message-Id: <20240731170019.3590563-1-peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit 9a45b0761628cc59267b3283a85d15294464ac31) Signed-off-by: Michael Tokarev diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c index 4203144da9..12742b1433 100644 --- a/hw/i386/amd_iommu.c +++ b/hw/i386/amd_iommu.c @@ -346,12 +346,12 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid, uint64_t gpa, IOMMUTLBEntry to_cache, uint16_t domid) { - AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1); - uint64_t *key = g_new(uint64_t, 1); - uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K; - /* don't cache erroneous translations */ if (to_cache.perm != IOMMU_NONE) { + AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1); + uint64_t *key = g_new(uint64_t, 1); + uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K; + trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid), gpa, to_cache.translated_addr);