• P
    exec.c: Don't reallocate IOMMUNotifiers that are in use · 00d0932e
    Peter Maydell 提交于
    The tcg_register_iommu_notifier() code has a GArray of
    TCGIOMMUNotifier structs which it has registered by passing
    memory_region_register_iommu_notifier() a pointer to the embedded
    IOMMUNotifier field. Unfortunately, if we need to enlarge the
    array via g_array_set_size() this can cause a realloc(), which
    invalidates the pointer that memory_region_register_iommu_notifier()
    put into the MemoryRegion's iommu_notify list. This can result
    in segfaults.
    
    Switch the GArray to holding pointers to the TCGIOMMUNotifier
    structs, so that we can individually allocate and free them.
    
    Cc: qemu-stable@nongnu.org
    Fixes: 1f871c5e ("exec.c: Handle IOMMUs in address_space_translate_for_iotlb()")
    Signed-off-by: NPeter Maydell <peter.maydell@linaro.org>
    Reviewed-by: NRichard Henderson <richard.henderson@linaro.org>
    Message-id: 20190128174241.5860-1-peter.maydell@linaro.org
    (cherry picked from commit 5601be3b)
    Signed-off-by: NMichael Roth <mdroth@linux.vnet.ibm.com>
    00d0932e
exec.c 121.6 KB