[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [Qemu-stable] [2.2 PATCH] virtio-net: fix unmap leak
|
From: |
Jason Wang |
|
Subject: |
Re: [Qemu-devel] [Qemu-stable] [2.2 PATCH] virtio-net: fix unmap leak |
|
Date: |
Thu, 27 Nov 2014 17:45:18 +0800 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
On 11/27/2014 05:08 PM, Fam Zheng wrote:
> On Thu, 11/27 13:59, Jason Wang wrote:
>> > virtio_net_handle_ctrl() and other functions that process control vq
>> > request call iov_discard_front() which will shorten the iov. This will
>> > lead unmapping in virtqueue_push() leaks mapping.
>> >
>> > Fixes this by keeping the original iov untouched and using a temp variable
>> > in those functions.
>> >
>> > Cc: Wen Congyang <address@hidden>
>> > Cc: Stefano Stabellini <address@hidden>
>> > Cc: address@hidden
>> > Signed-off-by: Jason Wang <address@hidden>
>> > ---
>> > hw/net/virtio-net.c | 9 +++++++--
>> > 1 file changed, 7 insertions(+), 2 deletions(-)
>> >
>> > diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
>> > index 9b88775..fdb4edd 100644
>> > --- a/hw/net/virtio-net.c
>> > +++ b/hw/net/virtio-net.c
>> > @@ -798,7 +798,7 @@ static void virtio_net_handle_ctrl(VirtIODevice *vdev,
>> > VirtQueue *vq)
>> > virtio_net_ctrl_ack status = VIRTIO_NET_ERR;
>> > VirtQueueElement elem;
>> > size_t s;
>> > - struct iovec *iov;
>> > + struct iovec *iov, *iov2;
>> > unsigned int iov_cnt;
>> >
>> > while (virtqueue_pop(vq, &elem)) {
>> > @@ -808,8 +808,12 @@ static void virtio_net_handle_ctrl(VirtIODevice
>> > *vdev, VirtQueue *vq)
>> > exit(1);
>> > }
>> >
>> > - iov = elem.out_sg;
>> > iov_cnt = elem.out_num;
>> > + s = sizeof(struct iovec) * elem.out_num;
>> > + iov = g_malloc(s);
>> > + memcpy(iov, elem.out_sg, s);
> This could be
>
> iov = g_memdup(elem.out_sg, sizeof(struct iovect) * elem.out_num);
>
> Fam
>
Right, will post V2.
Thanks