qemu/hw-i386-amd_iommu-Don-t-leak-memory-in-amdvi_update_.patch

From 1b0d08faf1daaed39809ed1a3516eaa0f7d61534 Mon Sep 17 00:00:00 2001
From: Peter Maydell <peter.maydell@linaro.org>
Date: Wed, 31 Jul 2024 18:00:19 +0100
Subject: [PATCH] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb()

In amdvi_update_iotlb() we will only put a new entry in the hash
table if to_cache.perm is not IOMMU_NONE.  However we allocate the
memory for the new AMDVIIOTLBEntry and for the hash table key
regardless.  This means that in the IOMMU_NONE case we will leak the
memory we alloacted.

Move the allocations into the if() to the point where we know we're
going to add the item to the hash table.

Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2452
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20240731170019.3590563-1-peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 9a45b0761628cc59267b3283a85d15294464ac31)
Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>
---
 hw/i386/amd_iommu.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c
index 4203144da9..12742b1433 100644
--- a/hw/i386/amd_iommu.c
+++ b/hw/i386/amd_iommu.c
@@ -346,12 +346,12 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid,
                                uint64_t gpa, IOMMUTLBEntry to_cache,
                                uint16_t domid)
 {
-    AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);
-    uint64_t *key = g_new(uint64_t, 1);
-    uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;
-
     /* don't cache erroneous translations */
     if (to_cache.perm != IOMMU_NONE) {
+        AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);
+        uint64_t *key = g_new(uint64_t, 1);
+        uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;
+
         trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid),
                 PCI_FUNC(devid), gpa, to_cache.translated_addr);
 
-- 
2.41.0.windows.1
QEMU update to version 8.2.0-26: - vdpa-dev: Fix initialisation order to restore VDUSE compatibility - tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc() - migration: fix-possible-int-overflow - target/m68k: Map FPU exceptions to FPSR register - qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo - hvf: arm: Fix encodings for ID_AA64PFR1_EL1 and debug System registers - hw/intc/arm_gic: Fix handling of NS view of GICC_APR<n> - qio: Inherit follow_coroutine_ctx across TLS - target/riscv: Fix the element agnostic function problem - accel/tcg: Fix typo causing tb->page_addr[1] to not be recorded - tcg/loongarch64: Fix tcg_out_movi vs some pcrel pointers - migration: Fix file migration with fdset - ui/vnc: don't return an empty SASL mechlist to the client - target/arm: Fix FJCVTZS vs flush-to-zero - hw/ppc/e500: Prefer QOM cast - sphinx/qapidoc: Fix to generate doc for explicit, unboxed arguments - hw/ppc/e500: Remove unused "irqs" parameter - hw/ppc/e500: Add missing device tree properties to i2c controller node - hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb() - hw/arm/mps2-tz.c: fix RX/TX interrupts order - target/i386: csv: Add support to migrate the incoming context for CSV3 guest - target/i386: csv: Add support to migrate the outgoing context for CSV3 guest - target/i386: csv: Add support to migrate the incoming page for CSV3 guest - target/i386: csv: Add support to migrate the outgoing page for CSV3 guest - linux-headers: update kernel headers to include CSV3 migration cmds - vfio: Only map shared region for CSV3 virtual machine - vga: Force full update for CSV3 guest - target/i386: csv: Load initial image to private memory for CSV3 guest - target/i386: csv: Do not register/unregister guest secure memory for CSV3 guest - target/i386: cpu: Populate CPUID 0x8000_001F when CSV3 is active - target/i386: csv: Add command to load vmcb to CSV3 guest memory - target/i386: csv: Add command to load data to CSV3 guest memory - target/i386: csv: Add command to initialize CSV3 context - target/i386: csv: Add CSV3 context - next-kbd: convert to use qemu_input_handler_register() - qemu/bswap: Undefine CPU_CONVERT() once done - exec/memop: Remove unused memop_big_endian() helper - hw/nvme: fix handling of over-committed queues - 9pfs: fix crash on 'Treaddir' request - hw/misc/psp: Pin the hugepage memory specified by mem2 during use for psp - hw/misc: support tkm use mem2 memory - hw/i386: add mem2 option for qemu - kvm: add support for guest physical bits - target/i386: add guest-phys-bits cpu property Signed-off-by: Jiabo Feng <fengjiabo1@huawei.com> (cherry picked from commit f45f35e88509a4ffa9f62332ee9601e9fe1f8d09) 2024-12-12 17:01:35 +08:00			`From 1b0d08faf1daaed39809ed1a3516eaa0f7d61534 Mon Sep 17 00:00:00 2001`
			`From: Peter Maydell <peter.maydell@linaro.org>`
			`Date: Wed, 31 Jul 2024 18:00:19 +0100`
			`Subject: [PATCH] hw/i386/amd_iommu: Don't leak memory in amdvi_update_iotlb()`

			`In amdvi_update_iotlb() we will only put a new entry in the hash`
			`table if to_cache.perm is not IOMMU_NONE. However we allocate the`
			`memory for the new AMDVIIOTLBEntry and for the hash table key`
			`regardless. This means that in the IOMMU_NONE case we will leak the`
			`memory we alloacted.`

			`Move the allocations into the if() to the point where we know we're`
			`going to add the item to the hash table.`

			`Cc: qemu-stable@nongnu.org`
			`Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2452`
			`Signed-off-by: Peter Maydell <peter.maydell@linaro.org>`
			`Message-Id: <20240731170019.3590563-1-peter.maydell@linaro.org>`
			`Reviewed-by: Michael S. Tsirkin <mst@redhat.com>`
			`Signed-off-by: Michael S. Tsirkin <mst@redhat.com>`
			`(cherry picked from commit 9a45b0761628cc59267b3283a85d15294464ac31)`
			`Signed-off-by: zhujun2 <zhujun2_yewu@cmss.chinamobile.com>`
			`---`
			`hw/i386/amd_iommu.c \| 8 ++++----`
			`1 file changed, 4 insertions(+), 4 deletions(-)`

			`diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c`
			`index 4203144da9..12742b1433 100644`
			`--- a/hw/i386/amd_iommu.c`
			`+++ b/hw/i386/amd_iommu.c`
			`@@ -346,12 +346,12 @@ static void amdvi_update_iotlb(AMDVIState *s, uint16_t devid,`
			`uint64_t gpa, IOMMUTLBEntry to_cache,`
			`uint16_t domid)`
			`{`
			`- AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);`
			`- uint64_t *key = g_new(uint64_t, 1);`
			`- uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;`
			`-`
			`/* don't cache erroneous translations */`
			`if (to_cache.perm != IOMMU_NONE) {`
			`+ AMDVIIOTLBEntry *entry = g_new(AMDVIIOTLBEntry, 1);`
			`+ uint64_t *key = g_new(uint64_t, 1);`
			`+ uint64_t gfn = gpa >> AMDVI_PAGE_SHIFT_4K;`
			`+`
			`trace_amdvi_cache_update(domid, PCI_BUS_NUM(devid), PCI_SLOT(devid),`
			`PCI_FUNC(devid), gpa, to_cache.translated_addr);`

			`--`
			`2.41.0.windows.1`