From patchwork Fri Sep 6 11:12:39 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Michael Tokarev X-Patchwork-Id: 825933 Delivered-To: patch@linaro.org Received: by 2002:adf:a345:0:b0:367:895a:4699 with SMTP id d5csp745679wrb; Fri, 6 Sep 2024 04:18:20 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWLDQzUGe6iOpYY6fhYOHZ2RU9hrmAKwceyLgl6OVRjlnfqLOo3hBn+JEcft+wC9qZpUSWKUA==@linaro.org X-Google-Smtp-Source: AGHT+IHehQcf+c+fRXhPAAZEpdCiOHFQKWBlxSTV1EakXn1suTaTD9td2DBeQfXRMw1ANdUaCB7s X-Received: by 2002:a05:6830:6c84:b0:70f:6eca:d48a with SMTP id 46e09a7af769-70f6ecad923mr23032817a34.10.1725621500417; Fri, 06 Sep 2024 04:18:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1725621500; cv=none; d=google.com; s=arc-20240605; b=Q49ybqxki8X6RCkOpyhce9sZ7jFfMSYQ83Qoh1Ar+oIXFhysp8ur+IVgGw9bJfeoPY UHggPPFTnXUqJTt68wligIEqO0wSDIBLuPmhuNjkTfd1ceq2o45O4nbQk4m+beMdDltC JK88q0phFa5wGp0DzuuZhB2y5B0LonAMLhYLYe2ZwHXKgMa05coQ3t/0X0/hEheU+wnb gO7J8R2tzKdjRgkPtVusqxgtntV5z7VbZ4SZVhsqeNB416VjNs+HCf791pEuvzKRF4YD zvV+AlS62WG6fUn+s9mV0ApgWUQbw5uxetDGfWPOqmmCXgOGQ0t5+9rM1ScmPPlZ8cyr FmZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from; bh=jeOI5JJ7IzF9+6PTzm7Q+MGfwvrRj6Mw8ga8jsxj3yY=; fh=lkSFXoxMdr4qZMbOju3jrj6agwaYXwlSFfKSAqY95WM=; b=DqPVR7I/OTzl+Bl487dCV2pvl5HauEZ4JDaNOWeIEZLZI00cgvUlBPwTVOf8jvmrST TXRHbd+vuBnqU6DIorSXQss+9/+2JDY5zUacCti9//ZDBPnhppRbvsfxRvtxGu495aPP GEU1IZIhW8hOPYf/h4KZy4Q88ENJLMrCEbTIJwdgQeQ59r5w9FUay45ZuvNqm1efXCuQ a7DTkWKkAW6aEGJCENQ+ZTN9xWq7kjRTFeS+m/pBSvZcFfATv5jKXpEU/xESfkFWwteN L0BRhBm7vxecFfxbvsE2F7q34zPGrb4w7FNFZXXlvkSlAAtNXKSSe+bc8MbmZf7sD7Wj uRQw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id d75a77b69052e-45809c4cdf0si25518741cf.100.2024.09.06.04.18.20 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Fri, 06 Sep 2024 04:18:20 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org" Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1smWxG-0006nj-SZ; Fri, 06 Sep 2024 07:16:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smWwg-000485-IG; Fri, 06 Sep 2024 07:16:10 -0400 Received: from isrv.corpit.ru ([86.62.121.231]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1smWwd-00081D-T0; Fri, 06 Sep 2024 07:16:05 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 7D2A48C48E; Fri, 6 Sep 2024 14:12:08 +0300 (MSK) Received: from tls.msk.ru (mjt.wg.tls.msk.ru [192.168.177.130]) by tsrv.corpit.ru (Postfix) with SMTP id 8A1C81336F8; Fri, 6 Sep 2024 14:13:26 +0300 (MSK) Received: (nullmailer pid 353640 invoked by uid 1000); Fri, 06 Sep 2024 11:13:24 -0000 From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , "Michael S . Tsirkin" , Michael Tokarev Subject: [Stable-9.0.3 30/69] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb() Date: Fri, 6 Sep 2024 14:12:39 +0300 Message-Id: <20240906111324.353230-30-mjt@tls.msk.ru> X-Mailer: git-send-email 2.39.2 In-Reply-To: References: MIME-Version: 1.0 Received-SPF: pass client-ip=86.62.121.231; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -68 X-Spam_score: -6.9 X-Spam_bar: ------ X-Spam_report: (-6.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org From: Peter Maydell In amdvi_update_iotlb() we will only put a new entry in the hash table if to_cache.perm is not IOMMU_NONE. However we allocate the memory for the new AMDVIIOTLBEntry and for the hash table key regardless. This means that in the IOMMU_NONE case we will leak the memory we alloacted. Move the allocations into the if() to the point where we know we're going to add the item to the hash table. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2452 Signed-off-by: Peter Maydell Message-Id: <20240731170019.3590563-1-peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit 9a45b0761628cc59267b3283a85d15294464ac31) Signed-off-by: Michael Tokarev diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c index 6d4fde72f9..87643d2891 100644 --- a/hw/i386/amd_iommu.c +++ b/hw/i386/amd_iommu.c @@ -357,12 +357,12 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid, uint64_t gpa, IOMMUTLBEntry to_cache, uint16_t domid) { - AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1); - uint64_t *key = g_new(uint64_t, 1); - uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K; - /* don't cache erroneous translations */ if (to_cache.perm != IOMMU_NONE) { + AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1); + uint64_t *key = g_new(uint64_t, 1); + uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K; + trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid), gpa, to_cache.translated_addr);