From patchwork Thu Aug  1 10:37:12 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Michael S. Tsirkin" <mst@redhat.com>
X-Patchwork-Id: 816036
Delivered-To: patch@linaro.org
Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp1119509wrs;
 Thu, 1 Aug 2024 03:37:31 -0700 (PDT)
X-Forwarded-Encrypted: i=2;
 AJvYcCXSz2xiykyf24E3gIRo0pfyEBSHCItvzlWg8GDww3gJ+vrO+tmzfkmm4GUiSwRfcz4uTESeRejx2gO4hdbtNeXE
X-Google-Smtp-Source: AGHT+IEh8fCOCPNWe2xsv5ZXVxkD7JklB+eoa5jn8A6hV3p9fzR8CeThv4KR9iC5IXXBZwYvhMpn
X-Received: by 2002:a05:6102:32c8:b0:48f:23b4:1d96 with SMTP id
 ada2fe7eead31-4945071c750mr2435267137.16.1722508651471;
 Thu, 01 Aug 2024 03:37:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1722508651; cv=none;
 d=google.com; s=arc-20160816;
 b=jz9vOoC41PmXBCgt5xNVKGx56X9lW+X9u0QXc/EeHmgy+2JYsjjoftdyB4+eQxeOW7
 p1aT0kLxHtdF4rbUXl6V/Adjmfd9IhDadjF0n0hnFByVFQJh9Uz6QrGzILkZq3vRi1rQ
 DmzxGATyO/mxGW1oKgYODfdvKih6I11GqkDbmW6GPjWSk6qPkZ4wHoVrHPJGxhx5Xs5m
 vn7KuDha9Zg+eJCMZ3f3EI6BNLaui79rJQ6FkFXqCzzxI5EE8ZGEzl0FHRg56RTv9WJs
 rwL7F+PVUXwDxnH0QyNph93xO4X0/+plVYZEEwwcuF27WDXtRDoGOepNV3xd5qyDufsi
 EIBw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
 s=arc-20160816;
 h=sender:errors-to:list-subscribe:list-help:list-post:list-archive
 :list-unsubscribe:list-id:precedence:in-reply-to:content-disposition
 :mime-version:references:message-id:subject:cc:to:from:date
 :dkim-signature;
 bh=kOlVB7WwJCX9drLmyP0GySNt0EHrEKT86ZQ33vsIJ0g=;
 fh=K8QoULAApRkR4Bb9cxOs/iYcSYuKSw4FI+umw1zDAJU=;
 b=miuPnZYcmPLv955Ap9iSGFRaIbBhZ+8/lfMv5VmKfc1GutLCphma0D4xcjmdJ2UjY5
 W/ENYHuK2z9rCxUni3j+e3bTmKXNs7CfFTCd5WNAB3K1zIo4MILw8Dh0/vV8SsfC1bC5
 9g9AnTdGDae1dW2CH7HqKrS6ZgrhUfgc1Ml/8g3z+KAzwxRYsFTc0T8Fl6BGasgeTC/P
 F4vf03ecvBoX4yrnjZCAAczX4Qj33L+KqDwDTejKXjniHE0FApUZti2X02Nfpztj32Ti
 ul2sl32TWlf1NoD6SyWB2IFFaeGE6hlkVdCNQlWrj+hiSlx2J0LjnD5tAgrV0l2FPc9X
 EKjA==; dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=E1igy8ug; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <qemu-devel-bounces+patch=linaro.org@nongnu.org>
Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17])
 by mx.google.com with ESMTPS id
 af79cd13be357-7a1ff967870si675084985a.157.2024.08.01.03.37.31
 for <patch@linaro.org>
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Thu, 01 Aug 2024 03:37:31 -0700 (PDT)
Received-SPF: pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender) client-ip=209.51.188.17;
Authentication-Results: mx.google.com;
 dkim=pass header.i=@redhat.com header.s=mimecast20190719
 header.b=E1igy8ug; spf=pass (google.com: domain of
 qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as
 permitted sender)
 smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org";
 dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: from localhost ([::1] helo=lists1p.gnu.org)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <qemu-devel-bounces@nongnu.org>)
 id 1sZTBW-00030z-DC; Thu, 01 Aug 2024 06:37:26 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mst@redhat.com>) id 1sZTBT-0002tp-VU
 for qemu-devel@nongnu.org; Thu, 01 Aug 2024 06:37:23 -0400
Received: from us-smtp-delivery-124.mimecast.com ([170.10.133.124])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <mst@redhat.com>) id 1sZTBS-0001qd-6y
 for qemu-devel@nongnu.org; Thu, 01 Aug 2024 06:37:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
 s=mimecast20190719; t=1722508641;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=kOlVB7WwJCX9drLmyP0GySNt0EHrEKT86ZQ33vsIJ0g=;
 b=E1igy8ugbHygX4jz0tA5aLHhscy/hlNLE/aIAVIC9ATFwdjbPV7VwY2oxZH3SJN6LHHZcr
 GamgIsY0i5NVfcV7+kLPLacAUg9t689vb877ziHjrP1+IT2N7b1/yDUMxdTl49wtTuASv+
 kOSHm6K7xtjtsR7gVOcUMErnysAVT8o=
Received: from mail-ed1-f69.google.com (mail-ed1-f69.google.com
 [209.85.208.69]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id
 us-mta-646-v5c0E_hyMQutuZxE4jXHAg-1; Thu, 01 Aug 2024 06:37:20 -0400
X-MC-Unique: v5c0E_hyMQutuZxE4jXHAg-1
Received: by mail-ed1-f69.google.com with SMTP id
 4fb4d7f45d1cf-5a2ceb035f9so2660664a12.0
 for <qemu-devel@nongnu.org>; Thu, 01 Aug 2024 03:37:20 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1722508638; x=1723113438;
 h=in-reply-to:content-disposition:mime-version:references:message-id
 :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date
 :message-id:reply-to;
 bh=kOlVB7WwJCX9drLmyP0GySNt0EHrEKT86ZQ33vsIJ0g=;
 b=Oxs4vGXGOLiG4O9ovYz4W+BF77ESZSn8iRqHMu6nJnMnAm/4Uybtr8rLvEAjslw4ab
 vqfTNhtDBy33DQsgssL04cW74EyvdNecd8FKOJPFNjZsC81P/nUJF7XZGAu7xGMTZAaW
 E57pv38GtHs+/ucP+yeGjQIUuO3zmkxAAzfojx8nTAoj5idctg4Xbz6QFTRsTmlXlxkK
 oX6WW+3Up/NU5yFIfOVcxCNVQ2yroUiSMBlj0YgD+5CFub9X3iPi77ia5Qgr5fRFPAeO
 yehReZ6HH5/tqIrOhvqW0MN2/f1WKfC2X1ZbrEmTd6QvByYQokIuHw2YlB7HmyhJ4S0u
 fWUA==
X-Gm-Message-State: AOJu0YzD7+CmTVuPTDHtvKIzSOVXX0tKc12d98MH1t+D3qHTkDSyp5Gn
 KRnpeZ8RT7m2Vu6jrg6drj7SClDw3myVJImiV3iQDYLIKMsWyMzkaXc6JTofuuA+Tadd6Ix0tUI
 VODhkkAxsWCL8RZXl2NJ22K/92Y97nvP1WMWrUO0yodMT/T+uaPiWU3LMlmWWBW4XlPdnNPtwTB
 1rpKgcfrz0FTDD217we5iPDsyOPQCtww==
X-Received: by 2002:a05:6402:5253:b0:57d:455:d395 with SMTP id
 4fb4d7f45d1cf-5b77c28ed64mr760776a12.7.1722508638469;
 Thu, 01 Aug 2024 03:37:18 -0700 (PDT)
X-Received: by 2002:a05:6402:5253:b0:57d:455:d395 with SMTP id
 4fb4d7f45d1cf-5b77c28ed64mr760733a12.7.1722508637828;
 Thu, 01 Aug 2024 03:37:17 -0700 (PDT)
Received: from redhat.com ([2.55.44.248]) by smtp.gmail.com with ESMTPSA id
 4fb4d7f45d1cf-5ac63b59cb0sm10049005a12.45.2024.08.01.03.37.13
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 01 Aug 2024 03:37:15 -0700 (PDT)
Date: Thu, 1 Aug 2024 06:37:12 -0400
From: "Michael S. Tsirkin" <mst@redhat.com>
To: qemu-devel@nongnu.org
Cc: Peter Maydell <peter.maydell@linaro.org>, qemu-stable@nongnu.org,
 Marcel Apfelbaum <marcel.apfelbaum@gmail.com>,
 Paolo Bonzini <pbonzini@redhat.com>,
 Richard Henderson <richard.henderson@linaro.org>,
 Eduardo Habkost <eduardo@habkost.net>
Subject: [PULL 18/19] hw/i386/amd_iommu: Don't leak memory in
 amdvi_update_iotlb()
Message-ID: <9a45b0761628cc59267b3283a85d15294464ac31.1722508478.git.mst@redhat.com>
References: <cover.1722508478.git.mst@redhat.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1722508478.git.mst@redhat.com>
X-Mailer: git-send-email 2.27.0.106.g8ac3dc51b1
X-Mutt-Fcc: =sent
Received-SPF: pass client-ip=170.10.133.124; envelope-from=mst@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com
X-Spam_score_int: -21
X-Spam_score: -2.2
X-Spam_bar: --
X-Spam_report: (-2.2 / 5.0 requ) BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.131,
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, 
 RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001,
 SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org
Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org

From: Peter Maydell <peter.maydell@linaro.org>

In amdvi_update_iotlb() we will only put a new entry in the hash
table if to_cache.perm is not IOMMU_NONE.  However we allocate the
memory for the new AMDVIIOTLBEntry and for the hash table key
regardless.  This means that in the IOMMU_NONE case we will leak the
memory we alloacted.

Move the allocations into the if() to the point where we know we're
going to add the item to the hash table.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2452
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20240731170019.3590563-1-peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
---
 hw/i386/amd_iommu.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 6d4fde72f9..87643d2891 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -357,12 +357,12 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid,
                                uint64_t gpa, IOMMUTLBEntry to_cache,
                                uint16_t domid)
 {
-    AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);
-    uint64_t *key = g_new(uint64_t, 1);
-    uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;
-
     /* don't cache erroneous translations */
     if (to_cache.perm != IOMMU_NONE) {
+        AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);
+        uint64_t *key = g_new(uint64_t, 1);
+        uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;
+
         trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid),
                 PCI_FUNC(devid), gpa, to_cache.translated_addr);