From patchwork Wed Jul 31 17:00:19 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Peter Maydell X-Patchwork-Id: 815663 Delivered-To: patch@linaro.org Received: by 2002:a5d:4acf:0:b0:367:895a:4699 with SMTP id y15csp836940wrs; Wed, 31 Jul 2024 10:01:17 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWeC4ohhd7PlinlMcxa/GI8gdNQbx+NKqQ0GVMhxDUMUyZWBKiK56PYmpByyJNzz8Yk5AxoMqXKVFZznCJ0YL4m X-Google-Smtp-Source: AGHT+IGI4NYKSxS8wCxwIG9WnSIXrfYDKUpwMuHN3YuiyIzaAq1oKltwDowWzJItk0PxodafxFza X-Received: by 2002:a05:620a:44c9:b0:79f:523:ac97 with SMTP id af79cd13be357-7a1e524fecemr1879379285a.27.1722445276964; Wed, 31 Jul 2024 10:01:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1722445276; cv=none; d=google.com; s=arc-20160816; b=iwRSdiPIoaJofzJuFPn3MD/Z+ej6F7ioDsNpdUergOnRVBaOBR7EtXglX6cyJp8/L0 ZT9IMuxl3ypq/mQ14Uh+punHvl9R47i0LSA4ECMzjtYzpAfpKI2YNHIkpJc8l7oJs4wU o6TsDc5J8RFuH5bt5vg41C2WsmuX7S6qHt0fwO2R6R84QIONd+etHnz6rZsJrR4XW6nB 1GsBFf5R+c5IBTDAtzbwhR8JwwooN0dAHeFvpqxn8QFHFmtCg3+4ABN//SYjeQd1Tik6 RdntDXHfD0/tTPvZS51aFvNk5K+UzVmUAjGAi3G3wwUyyIRRTWesP496hpHFyZtMhbA1 Ue/w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:content-transfer-encoding :mime-version:message-id:date:subject:cc:to:from:dkim-signature; bh=GVfQXyh9sObTktsvqbAirmP7HyrwY7BxoUCuAv78J14=; fh=E41Q2P+Cu+CvYV24CLTB+qaT7Cyj2ap7SWyOeE+O12c=; b=flivyqGSW4CJGNyOZdbemAxJr9DOxJj1lXWLFhdZu5n6pz34mRCI6O6e1r/97qluBI cWN7XteK4hrpunSjP2tPnNaZ7UEKsV4riXA93wlIv4eT8qFFzypkccV8kR4giS4G9J3L R7IeS+7u9mJ+8djFdUEDCR9u/9Vx1s1LT004oN9Fmpe5s/9SqpRuMhKcHMQ+iFmgJMab QyhaA2pRQ1cBZiQG/lT2gce8VYjgf6FwRDA9jy5IBSpkm8o7OYXc7yNrNyu/HVnwxoPn eAnKrjG+zAEpg9Ygwj7h80rYR3Ed+2DEtKRNNxttLp9LaknB+qZw/MUfrd5og9wzevcS r6ug==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ujv7dLxR; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [209.51.188.17]) by mx.google.com with ESMTPS id af79cd13be357-7a1e5041750si1166386785a.427.2024.07.31.10.01.16 for (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256); Wed, 31 Jul 2024 10:01:16 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=ujv7dLxR; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom="qemu-devel-bounces+patch=linaro.org@nongnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org; dara=neutral header.i=@linaro.org Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sZCgf-0008PC-76; Wed, 31 Jul 2024 13:00:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sZCga-0008OR-DE for qemu-devel@nongnu.org; Wed, 31 Jul 2024 13:00:24 -0400 Received: from mail-wm1-x333.google.com ([2a00:1450:4864:20::333]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sZCgY-0005aa-N7 for qemu-devel@nongnu.org; Wed, 31 Jul 2024 13:00:24 -0400 Received: by mail-wm1-x333.google.com with SMTP id 5b1f17b1804b1-42816ca782dso37738205e9.2 for ; Wed, 31 Jul 2024 10:00:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1722445220; x=1723050020; darn=nongnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=GVfQXyh9sObTktsvqbAirmP7HyrwY7BxoUCuAv78J14=; b=ujv7dLxR1dBgeGoDDzzTZ9hPx1vchtrSDLJClP9epAvM7bjXwpCaCrlIQP/MpLIxMJ KbSEcYSWpLRF/wohlx6JG/wBhuOlYF0kJs59dsP5AkKVfz7Gy7i6053F1ElsE8ssP4Hm 1c+wiDnS8pnSxymvkctTKTqppjQdh5+xlodzDNJGTnAcQ8bGfEMH1as0vZylw3SOjo1w C7ZXK3+xLWvOtKhCJ7Z1yS3RV4ZVtNhQ494Te89muTHOWdeVuYqeJ6r3EWGWPcr/ZEQ8 ONh4PJxQCPWFNIJwUcjbXpGZ4OOktN5Oyrvt62aM8UAJOSw8byLSVqjRQPDnKsCTSXPT om3A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1722445220; x=1723050020; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=GVfQXyh9sObTktsvqbAirmP7HyrwY7BxoUCuAv78J14=; b=B1X967EFvK9fUlhX44CL0N9UEMW4FhAtluK2Lpw265SlpbMu6dnruo6NuSU+kRkYmj Boibv5UKvw337tHBDzlsivsFAEeY3o845Rc1wJIhkr4wEptA8hiNckxvdxgG4rOnqJWI 7OgWyzgFbOvUVRWei13V0JmZBTV3Qpb21Hr+6AeFvxFtoGVkBy/u+v+ImAMBil4T0u1f LbGbXoBKMVgr//q8TfNmhYp28HB+5od/ovR2ZGrNMpz4K9+RSYhBnmPvbJNvg9Zwv+zk lZJxFw45mwQlJMb87Hw1ak4DrGhfrBA5MTrnIM6zAnOalc+40qCP1dD5+wDNKdQaqsat ylfA== X-Gm-Message-State: AOJu0YwqnR7anyC946Qj5VAxLLTGqPBA6de3MAFtVkESPiM0cIeIMbrY 6D1r31lnahVHeg9vvT10NZUg0otSDnOZDnj3PpogSyCsTRvoFnWeYhZMAQ9bNjZZ4/NT5RHbfjC s X-Received: by 2002:a1c:770f:0:b0:426:6667:bbbe with SMTP id 5b1f17b1804b1-428a9bdb988mr517715e9.9.1722445220416; Wed, 31 Jul 2024 10:00:20 -0700 (PDT) Received: from orth.archaic.org.uk (orth.archaic.org.uk. [2001:8b0:1d0::2]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-4282b8a1840sm28186975e9.5.2024.07.31.10.00.19 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 31 Jul 2024 10:00:20 -0700 (PDT) From: Peter Maydell To: qemu-devel@nongnu.org Cc: "Michael S. Tsirkin" , Marcel Apfelbaum Subject: [PATCH] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb() Date: Wed, 31 Jul 2024 18:00:19 +0100 Message-Id: <20240731170019.3590563-1-peter.maydell@linaro.org> X-Mailer: git-send-email 2.34.1 MIME-Version: 1.0 Received-SPF: pass client-ip=2a00:1450:4864:20::333; envelope-from=peter.maydell@linaro.org; helo=mail-wm1-x333.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: qemu-devel-bounces+patch=linaro.org@nongnu.org In amdvi_update_iotlb() we will only put a new entry in the hash table if to_cache.perm is not IOMMU_NONE. However we allocate the memory for the new AMDVIIOTLBEntry and for the hash table key regardless. This means that in the IOMMU_NONE case we will leak the memory we alloacted. Move the allocations into the if() to the point where we know we're going to add the item to the hash table. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2452 Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daudé --- Tested with 'make check' and 'make check-avocado' only, but the bug and fix seem straightforward... --- hw/i386/amd_iommu.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c index 6d4fde72f9b..87643d28917 100644 --- a/hw/i386/amd_iommu.c +++ b/hw/i386/amd_iommu.c @@ -357,12 +357,12 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid, uint64_t gpa, IOMMUTLBEntry to_cache, uint16_t domid) { - AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1); - uint64_t *key = g_new(uint64_t, 1); - uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K; - /* don't cache erroneous translations */ if (to_cache.perm != IOMMU_NONE) { + AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1); + uint64_t *key = g_new(uint64_t, 1); + uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K; + trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid), PCI_FUNC(devid), gpa, to_cache.translated_addr);