diff mbox series

[v4,01/15] util: vfio-helpers: Fix qemu_vfio_close()

Message ID 20200305142945.216465-2-david@redhat.com (mailing list archive)
State New, archived
Headers show
Series Ram blocks with resizeable anonymous allocations under POSIX | expand

Commit Message

David Hildenbrand March 5, 2020, 2:29 p.m. UTC 
qemu_vfio_undo_mapping() will decrement the number of mappings and
reshuffle the array elements to fit into the reduced size.

Iterating over all elements like this does not work as expected, let's make
sure to remove all mappings properly.

Reviewed-by: Peter Xu <peterx@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
---
 util/vfio-helpers.c | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

Comments

Philippe Mathieu-Daudé April 17, 2020, 10:22 a.m. UTC | #1 
On 3/5/20 3:29 PM, David Hildenbrand wrote:
> qemu_vfio_undo_mapping() will decrement the number of mappings and
> reshuffle the array elements to fit into the reduced size.
> 
> Iterating over all elements like this does not work as expected, let's make
> sure to remove all mappings properly.
> 
> Reviewed-by: Peter Xu <peterx@redhat.com>
> Cc: Richard Henderson <rth@twiddle.net>
> Cc: Paolo Bonzini <pbonzini@redhat.com>
> Cc: Eduardo Habkost <ehabkost@redhat.com>
> Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
> Cc: Alex Williamson <alex.williamson@redhat.com>
> Cc: Stefan Hajnoczi <stefanha@redhat.com>
> Signed-off-by: David Hildenbrand <david@redhat.com>
> ---
>   util/vfio-helpers.c | 6 ++----
>   1 file changed, 2 insertions(+), 4 deletions(-)
> 
> diff --git a/util/vfio-helpers.c b/util/vfio-helpers.c
> index 9ec01bfe26..f31aa77ffe 100644
> --- a/util/vfio-helpers.c
> +++ b/util/vfio-helpers.c
> @@ -695,13 +695,11 @@ static void qemu_vfio_reset(QEMUVFIOState *s)
>   /* Close and free the VFIO resources. */
>   void qemu_vfio_close(QEMUVFIOState *s)
>   {
> -    int i;
> -
>       if (!s) {
>           return;
>       }
> -    for (i = 0; i < s->nr_mappings; ++i) {
> -        qemu_vfio_undo_mapping(s, &s->mappings[i], NULL);
> +    while (s->nr_mappings) {
> +        qemu_vfio_undo_mapping(s, &s->mappings[s->nr_mappings - 1], NULL);
>       }
>       ram_block_notifier_remove(&s->ram_notifier);
>       qemu_vfio_reset(s);
> 

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
diff mbox series

Patch

diff --git a/util/vfio-helpers.c b/util/vfio-helpers.c
index 9ec01bfe26..f31aa77ffe 100644
--- a/util/vfio-helpers.c
+++ b/util/vfio-helpers.c
@@ -695,13 +695,11 @@  static void qemu_vfio_reset(QEMUVFIOState *s)
 /* Close and free the VFIO resources. */
 void qemu_vfio_close(QEMUVFIOState *s)
 {
-    int i;
-
     if (!s) {
         return;
     }
-    for (i = 0; i < s->nr_mappings; ++i) {
-        qemu_vfio_undo_mapping(s, &s->mappings[i], NULL);
+    while (s->nr_mappings) {
+        qemu_vfio_undo_mapping(s, &s->mappings[s->nr_mappings - 1], NULL);
     }
     ram_block_notifier_remove(&s->ram_notifier);
     qemu_vfio_reset(s);