Re: [Qemu-devel] [RFC PATCH 01/13] intel_iommu: allocate new key when creating new address space

Tue, 13 Dec 2016 19:09:23 -0800 

On Mon, Dec 12, 2016 at 04:16:50PM +0800, Liu, Yi L wrote:
> On Tue, Dec 06, 2016 at 06:36:16PM +0800, Peter Xu wrote:
> > From: Jason Wang <jasow...@redhat.com>
> > 
> > We use the pointer to stack for key for new address space, this will
> > break hash table searching, fixing by g_malloc() a new key instead.
> > 
> > Cc: Michael S. Tsirkin <m...@redhat.com>
> > Cc: Paolo Bonzini <pbonz...@redhat.com>
> > Cc: Richard Henderson <r...@twiddle.net>
> > Cc: Eduardo Habkost <ehabk...@redhat.com>
> > Acked-by: Peter Xu <pet...@redhat.com>
> > Signed-off-by: Jason Wang <jasow...@redhat.com>
> > Signed-off-by: Peter Xu <pet...@redhat.com>
> > ---
> >  hw/i386/intel_iommu.c | 5 +++--
> >  1 file changed, 3 insertions(+), 2 deletions(-)
> > 
> > diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c
> > index 708770e..92e4064 100644
> > --- a/hw/i386/intel_iommu.c
> > +++ b/hw/i386/intel_iommu.c
> > @@ -2426,12 +2426,13 @@ VTDAddressSpace *vtd_find_add_as(IntelIOMMUState 
> > *s, PCIBus *bus, int devfn)
> >      VTDAddressSpace *vtd_dev_as;
> >  
> >      if (!vtd_bus) {
> > +        uintptr_t *new_key = g_malloc(sizeof(*new_key));
> > +        *new_key = (uintptr_t)bus;
> >          /* No corresponding free() */
> >          vtd_bus = g_malloc0(sizeof(VTDBus) + sizeof(VTDAddressSpace *) * \
> >                              X86_IOMMU_PCI_DEVFN_MAX);
> >          vtd_bus->bus = bus;
> > -        key = (uintptr_t)bus;
> > -        g_hash_table_insert(s->vtd_as_by_busptr, &key, vtd_bus);
> > +        g_hash_table_insert(s->vtd_as_by_busptr, new_key, vtd_bus);
> Hi Peter,
> Your fix seems to answer an issue I encountered back in Oct. The symptom is: 
> use the same bus value to
> searcha previous inserted entry in s->vtd_as_by_busptr, the result is not 
> found.
> 
> really grt fix. could explain it a bit on why this change would fix the issue?

The old code is doing g_hash_table_insert() with "&key" as the hash
key. However variable "key" is allocated on stack, so it's value might
change after we return from vtd_find_add_as() (stack variables can
only be used inside its functional scope). The patch switched to use
g_malloc0(), that'll use heap memory rather than stack, which is safe.

(Forwarding this thankfulness to Jason who is the real author of this
 fix :-)

Thanks,

-- peterx

Reply via email to