On Sun, Aug 16, 2020 at 04:32:06PM +0800, Li Qiang wrote: > Stefan Hajnoczi <stefa...@redhat.com> 于2020年8月12日周三 下午6:51写道: > > > A number of iov_discard_front/back() operations are made by > > virtio-crypto. The elem->in/out_sg iovec arrays are modified by these > > operations, resulting virtqueue_unmap_sg() calls on different addresses > > than were originally mapped. > > > > This is problematic because dirty memory may not be logged correctly, > > MemoryRegion refcounts may be leaked, and the non-RAM bounce buffer can > > be leaked. > > > > Take a copy of the elem->in/out_sg arrays so that the originals are > > preserved. The iov_discard_undo() API could be used instead (with better > > performance) but requires careful auditing of the code, so do the simple > > thing instead. > > > > Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com> > > > > virtio-net also uses this method.
virtio-net operates on a copy of the iovecs (g_memdup()) so no changes are necessary.
signature.asc
Description: PGP signature
