qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH v4 07/20] dma: Check iov pointer before unmap me

From: Paolo Bonzini
Subject: Re: [Qemu-devel] [PATCH v4 07/20] dma: Check iov pointer before unmap memory
Date: Wed, 03 Sep 2014 13:38:05 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0 
Il 03/09/2014 13:23, Fam Zheng ha scritto:
> Not all the iov elements are always valid.
> 
> Signed-off-by: Fam Zheng <address@hidden>
> ---
>  dma-helpers.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/dma-helpers.c b/dma-helpers.c
> index 499b52b..3655d88 100644
> --- a/dma-helpers.c
> +++ b/dma-helpers.c
> @@ -105,6 +105,9 @@ static void dma_bdrv_unmap(DMAAIOCB *dbs)
>      int i;
>  
>      for (i = 0; i < dbs->iov.niov; ++i) {
> +        if (!(dbs->iov.iov[i].iov_base && dbs->iov.iov[i].iov_len)) {
> +            break;
> +        }
>          dma_memory_unmap(dbs->sg->as, dbs->iov.iov[i].iov_base,
>                           dbs->iov.iov[i].iov_len, dbs->dir,
>                           dbs->iov.iov[i].iov_len);
> 

Why is this needed by this patch series?  Also, the only addition to iov
is here in dma_bdrv_cb:

        mem = dma_memory_map(dbs->sg->as, cur_addr, &cur_len, dbs->dir);
        if (!mem)
            break;
        qemu_iovec_add(&dbs->iov, mem, cur_len);

so iov_base cannot be NULL.

If cur_len is zero after dma_memory_map returns, mem should be NULL too.

If cur_len is zero before dma_memory_map is invoked, address_space_map
(and thus dma_memory_map) will return NULL too.  However, in this case
exiting the loop is wrong.  Perhaps it's better to add an if() in
dma_bdrv_cb that checks for cur_len == 0.

Paolo
reply via email to
[Prev in Thread] Current Thread [Next in Thread]